top of page
Coadys Pharmacy - Main Horizontal (Small).png

PRIVACY & YOUR INFORMATION

Privacy Policy

Caringbah North Pharmacy is committed to protecting your privacy. This policy explains how we collect, hold, use and disclose your personal and health information, and how you can access or correct that information. We handle your information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the Health Records and Information Privacy Act 2002 (NSW).

01 - Who we are

This privacy policy applies to Caringbah North Pharmacy (14 457 866 784), located at 90C Cawarra Rd, North Caringbah NSW 2229. In this policy, "we", "us" and "our" refer to Caringbah North Pharmacy, our pharmacists, dispensary staff, and any contractors providing services on our behalf.
 

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), regardless of our business size, because we handle health information. As a NSW-based pharmacy, we also comply with the Health Records and Information Privacy Act 2002 (NSW).

02 - What information we collect

The information we collect varies depending on how you interact with us, but typically includes:

Personal information

  • Your full name, date of birth, and gender

  • Address, phone number and email address

  • Medicare number, concession card details, DVA number, and NDSS registration number where relevant

  • Emergency contact and next-of-kin details where you provide them

  • Payment details (processed securely via our payment provider — we do not store full card details)
     

Health information (sensitive information)

  • Prescriptions, repeat authorisations, and dispensing history

  • Allergies, adverse drug reactions and known medication intolerances

  • Information from your GP, specialist or other prescribers

  • Health conditions relevant to safe medication supply (e.g. pregnancy, breastfeeding, diabetes)

  • Information collected during pharmacist consultations, vaccinations, blood pressure checks, MedsChecks or other clinical services

  • Records of services provided under expanded scope of practice (e.g. UTI treatment, contraception continuation)
     

Health information is classed as "sensitive information" under the Privacy Act and is subject to additional protections.

03 - How we collect it

We collect personal and health information in several ways:
 

  • Directly from you - when you provide a prescription, complete a form, book an appointment, or speak with our pharmacists at the counter

  • From your prescribers - when your GP or specialist sends us an electronic prescription (eScript) or hospital discharge medication list

  • From digital prescription services - including eRx, MediSecure, and the Active Script List (ASL) where you have nominated us as your preferred pharmacy

  • From Services Australia - Medicare, PBS, DVA and the Australian Immunisation Register, where required to dispense medication or record vaccinations

  • From third parties with your consent - for example, a family member, carer or authorised representative collecting your prescription on your behalf

  • Through our website — when you submit a contact form, newsletter signup, or appointment booking


Wherever practicable, we collect information directly from you. If we collect information about you fromsomewhere else, we will take reasonable steps to let you know.

04 - Why we collect it

We collect your information so we can provide safe, appropriate and personalised healthcare. The primary purposes include:
 

  • Dispensing prescriptions accurately and safely, including checking for drug interactions and contraindications

  • Providing pharmacist consultations, vaccinations, MedsChecks, Home Medicines Reviews, and other clinical services

  • Managing your repeat prescriptions and reminding you when refills are due

  • Delivering medications to your home

  • Coordinating with your GP, specialist or other healthcare providers as part of your care

  • Meeting our legal obligations under the National Health Act 1953 (Cth), Pharmacy Regulation 2010 (NSW), Poisons and Therapeutic Goods Act 1966 (NSW), and other applicable laws

  • Processing claims with Medicare, the PBS, DVA, NDSS and private health insurers
     

If you choose not to provide certain information, we may be unable to supply medication or services to you. Some information collection is required by law and cannot be opted out of.

05 - How we use your information

We use your information only for the purposes for which it was collected, or for closely related secondary purposes that you would reasonably expect. Specifically, we may use your information to:
 

  • Dispense and supply your medication

  • Provide health advice, clinical services and continuity of care

  • Contact you about prescriptions ready for collection, repeats due, or follow-up after a service

  • Maintain your dispensing history and medication record

  • Process payments and government claims

  • Comply with reporting requirements (e.g. recording vaccinations on the Australian Immunisation Register)

  • Improve the quality of our services and respond to feedback
     

We will not use your health information for any unrelated purpose without your express consent.

06 - When we disclose information

We may disclose your information to:
 

  • Your treating healthcare providers — including your GP, specialist, hospital or other pharmacist where this supports your care

  • Government agencies Services Australia (Medicare, PBS), Department of Veterans' Affairs, the Australian Immunisation Register, NSW Health, and the Therapeutic Goods Administration where required

  • The NDSS - when supplying diabetes consumables

  • Private health insurers — for claims you have authorised us to process

  • Your nominated representatives - family members, carers or other authorised people, where you have given consent or where legally permitted (e.g. parents of a minor)

  • Service providers we engage - including dispensing software providers (e.g. FRED, LOTS, Minfos), delivery contractors, payment processors, and IT support providers, who are bound by confidentiality and privacy obligations

  • Regulatory and law enforcement bodies - where required by law, court order, or to prevent a serious threat to health or safety
     

We do not sell your personal or health information. Ever.
 

Overseas disclosures

Some of our service providers (for example, cloud-based software and email systems) may store data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure those providers comply with the Australian Privacy Principles or equivalent protections. Likely overseas locations include the United States and the European Union.

07 - eScripts & digital prescriptions

We dispense electronic prescriptions (eScripts) through the national eScripts framework, including via SMS or email tokens and through Active Script Lists.

​

Token-based eScripts
When you forward an eScript token to us (by SMS, email or in person), we use it to retrieve your prescription from your prescriber's eScript provider (typically eRx or MediSecure). The token allows us to dispense once; it does not give us ongoing access to your other prescriptions.
 

Active Script List (ASL)
If you have nominated Caringbah North Pharmacy as a preferred pharmacy on your Active Script List, we will be able to view the list of your current prescriptions when you visit or contact us. You can change or remove this nomination at any time by contacting the ASL provider or asking us to do so on your behalf.
 

Your consent matters here. Before we link to your ASL or access your eScript information, we'll talk you through what's involved and confirm you're happy to proceed. You can withdraw consent at any time, and doing so won't affect our ability to dispense your prescriptions in other ways.

08 - My health record

As a registered healthcare provider, we may access your My Health Record where you have one, with your consent. This can help us:
 

  • See your complete medication history across different prescribers and pharmacies

  • Identify potential drug interactions you may not be aware of

  • Avoid duplicating medicines you've already received elsewhere
     

Information uploaded to or accessed from My Health Record is also governed by the My Health Records Act 2012 (Cth). You can set access controls on your My Health Record at any time via myhealthrecord.gov.au.

09 - How we store & protect information

We take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification or disclosure. These steps include:
 

  • Storing electronic records in password-protected, encrypted dispensing software

  • Restricting access to your records to authorised pharmacy staff who need it to perform their role

  • Training all staff in privacy obligations as part of their induction

  • Securely storing paper prescriptions and records out of public view

  • Ensuring third-party service providers meet our privacy and security standards

  • Disposing of paper records by secure shredding when they are no longer required
     

Despite our efforts, no method of storage is completely secure. If we become aware of a data breach involving your personal information, we will respond in accordance with the section on Data breaches below.

10 - How long we keep information

We retain your information for as long as required by law and as long as it is needed to provide ongoing care. Specifically:
 

  • Prescription records: Retained for at least seven years from the date of last supply, as required by NSW pharmacy regulations

  • Records relating to minors: Retained for at least seven years from the date the patient turns 18

  • Schedule 8 (controlled drug) records: Retained for the period required under NSW Poisons regulations

  • Vaccination records: Retained in line with Australian Immunisation Register requirements

  • Other personal information: Retained only as long as needed for the purpose for which it was collected
     

When information is no longer required and we are not legally obliged to keep it, we destroy or de-identify it.

11 - Accessing & correcting your information

You have the right to request access to the personal information we hold about you, and to ask us to correct anything that is inaccurate, out of date, incomplete or misleading.
 

To make a request, please contact us using the details below. We will respond within a reasonable time (generally within 30 days). In most cases, access will be free. If your request is complex or requires substantial work, we may charge a reasonable cost - we'll let you know in advance.
 

In limited circumstances, we may decline a request for access (for example, where it would unreasonably impact someone else's privacy, or where the information relates to anticipated legal proceedings). If we refuse, we'll explain why in writing and let you know how to escalate the matter.

12 - Accessing & correcting your information

We may occasionally contact you with information we think may be useful — such as seasonal vaccination reminders, health tips relevant to your circumstances, or service updates. We will only do this where:
 

  • You have agreed to receive such communications (for example, by subscribing to our newsletter); or

  • The communication directly relates to a service we are already providing to you (for example, a reminder that your repeat is due)
     

Every marketing communication we send will include a way to opt out. You can unsubscribe at any time by clicking the unsubscribe link in any email, calling us on (02) 9524 7511, or replying to ask us to remove you from the list. We do not sell or rent your contact details to any third party for marketing.

13 - Website & cookies

When you visit our website, we may collect some information automatically:
 

  • Your IP address and approximate location

  • Browser type and device

  • Pages you visit and how you interact with the site

  • Referring website (if any)
     

We use this information to improve the website, understand how it's being used, and identify technical problems. We may use cookies (small files stored on your device) for essential site functionality and for analytics. You can disable cookies in your browser settings, though some features of the site may not work as well.

Our website may link to third-party websites (for example, our online booking provider or social media). We are not responsible for the privacy practices of those sites - please check their privacy policies directly.

14 - Data Breaches

We have a data breach response plan in place. If a data breach occurs that is likely to result in serious harm to anyone whose information we hold, we will:
 

  • Take immediate steps to contain and minimise the breach

  • Notify you as soon as practicable, with information about what occurred, what we are doing about it, and what steps you should take

  • Notify the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme

15 - Complaints

If you believe we have not handled your personal information appropriately, please contact us first. We take privacy complaints seriously and will investigate and respond within a reasonable time, generally within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
 

  • Phone: 1300 363 992

  • Online: oaic.gov.au

  • Post: GPO Box 5288, Sydney NSW 2001
     

You can also contact the NSW Information and Privacy Commission about complaints relating to health records held in NSW: ipc.nsw.gov.au.

15 - Contact Us

Privacy enquiries
 
If you have a question about this policy, would like to access or correct your information, or want to make a complaint, please contact:
 
Caringbah North Pharmacy
Privacy Officer: Jen
90C Cawarra Rd, North Caringbah NSW 2229
Phone: (02) 9524 7511

bottom of page