```
0
Skip to Content
Oracare Dental & Aesthetics
All Services
Our Team
Contact Us
Book a consultation
Oracare Dental & Aesthetics
All Services
Our Team
Contact Us
Book a consultation
All Services
Our Team
Contact Us
Book a consultation

Oracare Privacy Policy

Version 2.0 — current as of 29 May 2026.


1. About this policy

This Privacy Policy explains how Oracare Dental & Aesthetics (operated by Oracare Dental Pty Ltd, ABN 57 675 893 295) collects, uses, holds, discloses, and protects personal information — including health information — and the rights individuals have over it.

Oracare is bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Where applicable, Oracare also follows the Information Privacy Act 2009 (Qld), the My Health Records Act 2012 (Cth), and the record-keeping standards set by the Dental Board of Australia and the Australian Health Practitioner Regulation Agency.

This policy applies to everyone whose personal information Oracare holds — patients, parents and guardians of patients who are minors, website visitors, and people who contact the practice through its website, phone, or email.

Privacy Officer. Ethan Nguyen, Executive Director. Email: info@oracare.com.au (marked ATTN: Privacy Officer). Phone: (07) 3286 6914. Mail: Privacy Officer, Oracare Dental & Aesthetics, T17 / 251 Panorama Drive, Thornlands QLD 4164.

A printed copy of this policy is available from reception on request.


2. What information Oracare collects

Oracare collects only the information it needs to provide safe dental care and to run the practice that supports that care. This may include:

Personal information. A patient's name, date of birth, residential and postal addresses, phone numbers, email address, and emergency contact details. For patients under 18, the name and contact details of a parent or guardian. Where applicable, the name and contact details of the patient's usual GP, specialist, or referrer.

Sensitive (health) information. A patient's dental history, the treatment and services provided, general medical history (medications, allergies, medical conditions, pregnancy status), and any information a GP, specialist, or other health practitioner provides to support care.

Identification and funding information. Health-fund details, Medicare number, Child Dental Benefits Schedule eligibility, Department of Veterans' Affairs entitlement, National Disability Insurance Scheme participant number, and workers'-compensation or motor-vehicle-accident details where relevant. Oracare may sight (but does not retain a copy of) photo ID at intake to verify identity.

Financial information. The treatments paid for, the amounts paid, the payment method (card type and last four digits, not the full card number), and any outstanding balance. Oracare does not store full credit-card details — payments are processed by its merchant terminal.

Imagery. Clinical photographs of a patient's teeth, mouth, or face taken during care, intra-oral scans, and dental radiographs (x-rays, OPG, CBCT). These form part of the clinical record.

Website information. Information submitted through the website enquiry form, and standard web-server information such as browser type, device type, IP address, and pages visited. Oracare uses cookies and similar technologies to operate its website — see section 12.

A patient may deal with Oracare anonymously or under a pseudonym — for example, when asking a general question by phone. However, where Oracare is providing clinical care, claiming a rebate, or is required by law, it will need to identify the patient.


3. How Oracare collects information

Oracare collects information in the following ways:

  • Directly from the patient — when completing a new-patient intake form, signing the Patient Consent Form, attending an appointment, contacting the practice by phone or email, or submitting the online enquiry form.
  • From the practice team during care — when dentists and staff make clinical notes, take photographs, perform scans, or record radiographs.
  • From other health practitioners — when a GP, specialist, or another dentist refers the patient, or when Oracare refers a patient to a specialist who sends back a report.
  • From a health fund, Medicare, or government scheme — when checking eligibility or submitting a claim.
  • From a parent, guardian, or carer — for a minor, or where another person is acting on the patient's behalf.

Wherever practicable, Oracare collects information directly from the patient. Where it must collect information from someone else (for example, a previous dentist's records), Oracare will tell the patient that it is doing so, what it expects to collect, and why.

When Oracare collects a patient's information for the first time, this policy and the consent statement on the intake form together act as the collection notice required by the Privacy Act.


4. Why Oracare collects and uses information

The primary purpose is to provide safe, appropriate dental care.

Oracare also uses information for directly related secondary purposes, including:

  • Processing claims, rebates, and benefits with health funds and government schemes.
  • Sending appointment reminders, recall notices, treatment plans, written quotes, and receipts — through the channels the patient has opted into on the consent form.
  • Following up after treatment for clinical reasons.
  • Internal practice operations — scheduling, records management, accounting, audit, complaint resolution, quality improvement, and staff training (using de-identified information where possible).
  • Direct marketing — newsletters or information about Oracare's services — only where the patient has explicitly opted in. Consent may be withdrawn at any time, and doing so does not affect the care provided.

If Oracare needs to use information for a purpose not covered in this policy or the consent form, it will ask first — unless an exception under the Privacy Act applies (for example, where the use is required by law).


5. Who Oracare may disclose information to

Oracare shares information only with people and organisations that need it to support care or to meet a legal obligation:

  • Treating clinicians and practice staff involved in the patient's care.
  • Other health practitioners involved in care — such as referring practitioners, specialists, a patient's GP, or pharmacist — when clinically necessary.
  • Dental laboratories — for the fabrication of crowns, bridges, dentures, mouthguards, aligners, and similar lab work.
  • Health funds and government rebate or benefit schemes — for claims, rebates, and benefits.
  • Contracted service providers (see section 6) — which store, process, or transmit information on Oracare's behalf and are required to protect it to at least the standard the Privacy Act requires.
  • Regulators, government agencies, and courts — where Oracare is required or authorised by law to disclose.
  • Insurers, legal advisers, and dispute-resolution bodies — where necessary to establish, exercise, or defend a legal claim.

Oracare will not share information with any other party without consent, except as set out above or as required or authorised by law. Oracare does not sell information, and does not provide it to third parties for their own marketing.


6. Service providers and storage

Oracare uses trusted third-party providers to run its systems and store information securely — for example, its practice-management software (CorePractice) and Microsoft 365 for email, files, and team tools. Oracare chooses these providers carefully, requires them to protect information to at least the standard the Privacy Act requires, and remains responsible for how they handle it on its behalf. Some providers operate overseas — see section 7.

A patient who would like the current list of the providers Oracare uses and where they are based may contact the Privacy Officer (section 1).


7. Overseas disclosure

Some service providers process or store information outside Australia, including in the United States, France, and Denmark. By using Oracare's services and signing the Patient Consent Form, a patient acknowledges that their information may be handled in those countries.

Where information is handled overseas, Oracare relies on the contractual and statutory protections in its agreements with those providers, supplemented by the patient's consent. The privacy protections available in those countries may differ from those available in Australia.

A patient who does not wish their information to be disclosed overseas should discuss this with the Privacy Officer before treatment. In most cases Oracare can provide care without overseas disclosure, though some services (for example, clear-aligner monitoring) cannot be delivered without it; Oracare will explain the alternatives and the implications for care.


8. How we use your data

Your data, including your personal details, dental and health records, and appointment and billing information, may be used for internal purposes.


9. Data security and retention

Security. Oracare takes reasonable steps to protect information from misuse, interference, loss, and unauthorised access, modification, or disclosure — including locked premises, role-based access with per-user logins to the practice-management system, encrypted transmission of sensitive data, confidentiality obligations for staff and contractors, and regular review of who has access.

Retention. Oracare is required to keep dental records for a minimum of:

  • 7 years from the date of last attendance, for adult patients.
  • Until the patient's 25th birthday, for patients who were minors when they attended.

Oracare may keep records longer where there is an active clinical, legal, or compliance reason. When the retention period ends and there is no reason to keep a record, Oracare securely destroys or permanently de-identifies it.


10. Accessing and correcting information

Access. A patient may request a copy of the personal and health information Oracare holds about them. Requests should be made in writing to the Privacy Officer at info@oracare.com.au (marked ATTN: Privacy Officer) or by mail to the address in section 1. Oracare will verify the patient's identity before releasing information, and will respond within 30 days. There is usually no charge; a reasonable cost may apply where producing the copy takes significant time or materials, and Oracare will advise the patient before proceeding.

Correction. Where information Oracare holds is inaccurate, out of date, incomplete, irrelevant, or misleading, a patient may ask for it to be corrected. Oracare will take reasonable steps to correct it promptly. If Oracare disagrees, it will advise the patient in writing, and the patient may ask for a statement of correction to be attached to the record.


11. Complaints and breach notification

Complaints to Oracare. A patient who believes Oracare has handled their personal information in a way that breaches the Privacy Act or this policy should notify the Privacy Officer in writing at info@oracare.com.au or by mail. Oracare will acknowledge the complaint within 5 business days and aim to respond within 30 days.

Escalation to the OAIC. A patient who is not satisfied with Oracare's response may lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au or on 1300 363 992. The OAIC generally expects the matter to be raised with Oracare first.

Data breach notification. Oracare complies with the Notifiable Data Breaches scheme under the Privacy Act. Where Oracare has reasonable grounds to believe an eligible data breach has occurred — one likely to result in serious harm — it will notify the OAIC and affected individuals as soon as practicable, in line with its Data Breach Response Plan (available on request).


12. Website privacy

Oracare's website at oracare.com.au is hosted by Squarespace. When a patient visits the website:

  • Cookies. Oracare uses cookies to make the site work, to remember preferences, and to measure how the site is used. Cookies can be blocked or deleted in the browser — some parts of the site may not work properly if they are.
  • Analytics. Oracare collects aggregate, de-identified information about how the site is used, to improve it.
  • Enquiry forms. Information submitted through the online enquiry form is delivered to info@oracare.com.au and treated as a patient enquiry.
  • Third-party links. The website may link to third-party sites (for example, social media); this policy does not cover those sites, and their own privacy policies apply.

13. Changes to this policy

Oracare reviews this policy at least once a year, and whenever it changes how it handles information.

  • Minor changes (for example, clarifying wording, or replacing one provider with another offering equivalent protection) — Oracare republishes the policy with an updated version date.
  • Material changes (for example, using AI to analyse clinical records, sending identifiable health information to a new AI service, or adding a new overseas provider for a new purpose) — Oracare republishes the policy and seeks consent again at the patient's next visit before relying on the new arrangement for their care.

The current version is always available at oracare.com.au/privacy, and a printed copy is available from reception on request. For more detail about anything in this policy, a patient may contact the Privacy Officer (section 1).


Document control. Version 2.0 — 29 May 2026. Owner: Privacy Officer, Oracare Dental Pty Ltd. Next scheduled review: May 2027 (or sooner on material change). Companion: Oracare Patient Consent Form; Oracare Data Breach Response Plan (on request).

  • Visit

    • Our Team
    • Services
    • FAQ
    • Contact
  • Treatments

    • Routine Care
    • Smile Makeovers
    • Restorative Care
    • Pain & Emergency
    • Function & Sleep
  • Patient info

    • Emergency Dental
    • Children's Dental
    • Payment Options
    • Privacy Policy
Open Mon–Thu until 7pm — Fri & Sat until 4pm Book Online
(07) 3286 6914 — info@oracare.com.au — T17 / 251 Panorama Drive, Thornlands QLD 4164

175+ Google reviews★ — 4.9 out of 5

© 2026 Oracare Dental & Aesthetics ABN 57 675 893 295
  • Privacy
  • Payment