Privacy Policy

Last Updated:
20 September, 2023

Privacy Policy

Nume, a trade name of LYTHIA PTY LTD (ABN 37 665 181 242), is dedicated to providing personalised and managed solutions aimed at the treatment and enhancement of women’s health. At the forefront of our operations lies a stern commitment to the stringent protection of your personal information.

This Privacy Policy ("Policy") outlines how we collect, use, disclose, store, and safeguard the personal information we collect from you. It also explains how you can access and correct your personal information that we hold, and how you can contact us if you have any concerns or complaints regarding your privacy.

We will manage your personal information in strict compliance with the applicable privacy and health records laws, including the Privacy and Data Protection Act 2014 (Vic) (PDP Act) and the federal Privacy Act 1988 (Cth), which encompasses the Australian Privacy Principles (APPs). We adhere strictly to the guidelines set forth by these acts, reflecting our unwavering commitment to upholding your privacy rights and fulfilling our legal obligations. In this endeavor, we also refer to any relevant health privacy guidelines as per Victorian state legislation.

Understanding ‘Personal Information’

This Policy refers to our approach to handling personal information. ‘Personal information’ is data or opinions about an identified individual or someone who can be reasonably identified, whether the details are true or not and whether recorded materially or not.

This category encompasses ‘sensitive information’, a subset of personal information which may include details about your health and medical history, racial or ethnic origin, political affiliations, religious or philosophical beliefs, and sexual preferences or practices.

Why We Collect Personal Information

We collect personal information essential for our functions and services, including the delivery of women’s health services and other services we offer. The specific reasons for collecting your personal information may include:

  • Facilitating the provision of women's health services and other services we provide;
  • Sharing information about our services with you;
  • Scheduling appointments, and managing billing and payment procedures for our services;
  • Obtaining your agreement to the above services and activities.

Please note, you are not obligated to share your personal information with us. However, withholding information might restrict our ability to offer you the appropriate services or treatment, share pertinent details about our services, or fulfill other primary objectives of data collection.

How Do We Collect Your Personal Information?

We prioritise lawful and respectful methods in collecting your personal information, always seeking to avoid undue intrusion into your privacy.

Direct Interactions: Most commonly, we collect information directly from you when you communicate with Nume's staff, fill out a registration or other online forms on the Nume website, sign up for our newsletter, purchase a product or service, or participate in an assessment or quiz.

Third Parties: At times, we might collect personal data from third parties in compliance with the law. Such third parties could include other health professionals involved in your treatment, family members or others who you have authorized to share your details with us, or from institutions like diagnostic centers, pathology laboratories, and insurers.

Technical Data: We might also gather technical data about your interaction with the Nume website, possibly deriving from analytics providers like Google, advertising networks, and search information providers. Such data might encompass your IP address, browser type, time zone setting, location, etc.

Please note that the Nume website is not designed for children, and we do not consciously collect data related to minors.

We commit to notifying you promptly, where practicable, upon collecting your personal information, clarifying the purpose of the collection and any potential sharing of your data with other organizations. This Policy holds further details on how you may access, correct, or raise concerns about your information.

What Types of Personal Information Do We Collect?

We may compile various personal information including, but not limited to:

  • Identifiable details: such as your name, DOB, gender, and contact details.
  • Health and background information: including your medical history, lifestyle, family background, and employment details.
  • Official details: such as Medicare number or concession card details relevant to the services we offer.
  • Financial information: encompassing your payment details, private health fund data, or insurance claim details.
  • Medical records: encompassing notes of your symptoms, diagnoses, treatments, medical reports, and test results.
  • Commercial transactions: records of your purchases, as well as feedback and preferences from surveys and marketing communications.

In addition to clients, we collect data from individuals like service providers and contractors, ensuring smooth transactions and collaborations. This includes information derived from job applications, proposals, and contracts.

By adhering to the guidelines of the Privacy and Data Protection Act 2014 (Vic) (PDP Act) and the Privacy Act 1988 (Cth) encompassing the Australian Privacy Principles (APPs), we safeguard your sensitive information with the utmost diligence.

How Do We Use Your Personal Information?

Our use of your personal information largely depends on your relationship with Nume. If you are a patient, we generally use your personal information for the following primary purposes:

  • Communicating with You: To facilitate discussions about the women’s health services provided to you, and to understand and attend to your health needs and offer appropriate services and advice.
  • Responding to Enquiries or Complaints: We use your data to respond to any enquiries or complaints you may have accurately.
  • Healthcare Communication: To contact you concerning your healthcare, during emergencies, or to acquire your authorization relating to any services.
  • Identity Verification: To validate your identity as a part of our service protocol.
  • Administrative Management: To manage various administrative tasks including payment and billing, as well as coordinating with Medicare, private health funds, and other insurers.
  • Handling Test Results: To acquire, analyze, and discuss pathology laboratory test results pertinent to your healthcare.
  • Prescriptions: To prescribe medications as appropriate.
  • Quality Improvement Activities: To invite you to partake in activities aimed at enhancing the quality of our services, including surveys and research, and to analyze the results of such activities for service betterment.
  • Promotional Communication: Where you have consented, to inform you about our services, events, or promotions that might interest you.
  • Employment and Contractual Obligations: If you are a job applicant, contractor, or service provider, to assess your job application, proposal, or contract, contact referees, undertake necessary screening checks, and to foster our relationship with you.
  • Accreditation and Quality Assurance: To participate in accreditation processes and ensure the quality and safety of our services.
  • De-identification of Data: To de-identify your personal information to create statistical or demographic data for analysis.

Moreover, we may use your personal information for secondary purposes that are directly related to the primary purposes mentioned above and where it is reasonably anticipated by you.

In compliance with applicable privacy laws, we might use your personal information:

  • Service Management and Planning: To facilitate the management, planning, or evaluation of our services, ensuring to de-identify any material utilized.
  • Staff Training: For educational purposes to enhance the knowledge and skill set of our staff, always taking measures to de-identify any material used.

We are committed to not using your personal information for any other purposes unless we have your explicit consent or are mandated or permitted to do so by law, sustaining our adherence to the Privacy and Data Protection Act 2014 (Vic) (PDP Act) and the Privacy Act 1988 (Cth), which includes the Australian Privacy Principles (APPs).

Do We Disclose Your Personal Information to Others?

At Nume, we prioritise the confidentiality of your personal information and commit to taking reasonable steps to ensure its protection.

We will not share your personal information with any third parties except under the following circumstances:

  • With Your Consent: Where you have given your approval for the sharing of your personal data.
  • Legal Obligations and Protections: Where disclosure is allowed or required under law, such as in situations of significant threats to individual or public safety, or for legal claims and dispute resolutions.
  • Healthcare Continuity: To facilitate ongoing care, support, and treatment options, we might share your information with other health service providers.
  • Pharmacists: To coordinate the provision of your prescribed medications, if applicable.
  • Insurance Entities: To liaise with Medicare, your private health insurer, or other insurers concerning the services provided to you.

Will We Transfer Your Personal Information Outside of Victoria or Overseas?

We strictly adhere to the mandates of the Privacy Act 1988 (Cth) and the Privacy and Data Protection Act 2014 (Vic) when transferring personal information out of Victoria or abroad. We only undertake such transfers when:

  • Performance Monitoring: Your personal information may be shared with staff based outside of Australia to aid in your treatment process, facilitating regular check-ins to monitor your progress and overall well-being, and reporting findings to your Nume practitioners.
  • Marketing Communications: According to your communication preferences, we may disclose your information to our marketing team situated outside of Australia. This will be done to the minimum extent necessary for achieving the intended purposes, assuring compliance with APPs and adherence to the guidelines laid out in the Privacy and Data Protection Act 2014 (Vic).

We will always take substantial steps to ensure any recipient of your data adheres to the APPs and complies with relevant Victorian privacy laws, safeguarding against any breach.

By engaging with our services, you consent to these disclosures, which might be essential for facilitating your continuous care and treatment, including referrals to health professionals located in different states or overseas.

It is our dedicated effort to uphold the utmost standards of privacy and data protection, anchored in the legal frameworks provided by the Privacy and Data Protection Act 2014 (Vic) and the Privacy Act 1988 (Cth), thereby reflecting our steadfast commitment to safeguarding your privacy rights.

Direct Marketing

At Nume, we value your privacy preferences in all our communications. If we intend to engage in direct marketing communications, we will do so in accordance with the consents you have previously provided, your communicated preferences, and in compliance with the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth).

  • Opting Out: If at any time you wish to discontinue receiving marketing communications from us, you can utilize the opt-out link or follow the instructions provided in the communication. You can also contact us directly to modify your preferences.
  • Sharing with Third Parties: We will obtain your explicit opt-in consent before sharing your personal data with any third party for marketing purposes. You retain the right to request third parties to cease sending you marketing communications through the opt-out link or instructions provided in their communications.

Revoking Your Consent

You have the right to withdraw your consent to any specific uses or disclosures of your personal information at any point in time. You can execute this right by contacting us at the details provided below or communicating with the Nume staff member servicing you.

How Do We Hold and Protect Your Personal Information?

We prioritise the security of your personal information employing a range of safeguards against unauthorized access, alteration, disclosure, interference, and loss. The measures we undertake include both physical and technological strategies to protect the data we hold.

  • Storage: Your personal information may be stored both electronically and physically. The electronic storage complies with the Privacy Act 1988 (Cth), the Health Records and Information Privacy Act 2002 (NSW), and pertinent electronic transactions legislation.
  • Disposal: Once your personal information is no longer legally mandated to be retained, we will take proactive steps to either securely destroy the data or permanently de-identify it, ensuring adherence to the necessary legal frameworks.

Quality of the Personal Information We Hold

In our commitment to uphold the integrity of your personal information, we:

  • Accuracy: Take reasonable strides to maintain the accuracy, currency, and completeness of your personal data, aligning it with our operational requisites.
  • Your Role: Encourage you to help us keep your personal information accurate by promptly informing us of any changes to your details.

To facilitate this, please use the contact details provided below to update your personal information.

Data Breaches

At Nume, we are steadfast in our commitment to safeguarding your personal information. In alignment with this commitment, we adhere to the Notifiable Data Breach (NDB) scheme outlined under the Privacy Act 1988 (Cth). This scheme necessitates action in the event of an 'eligible data breach'.

An 'eligible data breach' occurs under the following circumstances:

  • Unauthorized access to, unauthorized disclosure of, or loss of personal information held by our organization occurs.
  • The incident is likely to result in serious harm to one or more individuals.
  • Despite efforts, the organization is unable to prevent the likely risk of serious harm through remedial action.

Notably, if remedial steps successfully negate the likelihood of serious harm post a data breach, the incident is not considered an 'eligible data breach'.

Notification Procedure

If we have rational grounds to suspect an eligible data breach has transpired and remedial actions cannot mitigate the risks:

  • Affected Individuals: We will swiftly notify individuals likely to be seriously affected, providing them with the necessary information and guidance.
  • Office of the Australian Information Commissioner (OAIC): We are duty-bound to report the breach promptly to the OAIC, detailing the circumstances and complying with the stipulations of the Privacy Act 1988 (Cth).

We prioritize your digital safety and commit to a transparent process, ensuring you are informed and supported in the unlikely event of a data breach.

The Nume Website and Cookies

At Nume, we leverage cookies and other corresponding technologies on our website,, to enhance your browsing experience and improve our services. Below, we explain how these technologies are used and how they affect your browsing experience:

Understanding Cookies

‘Cookies’ are compact data files saved on your device by your internet browser when you visit our website. It’s important to note that cookies can't access any information stored on your device. We do not utilize cookies to gather your personal identification information.

Why We Use Cookies

Cookies aid us in several ways, such as:

  • Monitoring Website Usage: Understanding which pages are visited helps us tailor our content better.
  • Remembering Your Preferences: To offer a personalized experience by recalling your choices.
  • Differentiating Users: This assists in offering a smooth browsing experience while helping us enhance our site.

Types of Cookies We Use

We employ various kinds of cookies for different purposes:

  • Essential Cookies: Vital for website operations, facilitating secure login to protected areas of our site.
  • Analytical/Performance Cookies: These enable us to gauge the number of visitors and analyze how our website is used, guiding us to make informed improvements.
  • Functionality Cookies: Designed to recognize returning visitors, allowing us to customize our content to suit your preferences.
  • Targeting Cookies: Utilized to record your website navigation details to help us tailor content and ads that resonate with your interests.

Managing Cookies

You have the power to manage cookies through your browser settings, where you can refuse some or all cookies. However, restricting essential cookies might limit your access to certain areas of our website.

Links to Third-Party Websites

Our website might feature links to external third-party websites, plugins, and applications. Engaging with these links could potentially enable third parties to amass or share your data. We hold no sway over these third-party entities and cannot be held accountable for their data handling practices. Thus, we fervently recommend reviewing their privacy and cookie policies when you venture outside our website.

Accessing and Correcting Your Personal Information

Your Right to Access

You have the right to request access to your personal information held by us. To do so, please reach out to us using the contact information provided at the end of this policy.

Circumstances of Refusal

We may refuse your access request under certain lawful circumstances, such as:

  • Impacting another individual's privacy adversely.
  • Posing a serious threat to your life or health.
  • If the provision of access is unlawful.

Requesting Correction

If you find that your personal information held by us needs correction, kindly contact us to initiate the correction process.

De-identified Information

We may use de-identified, aggregated data for various purposes, including service management, planning, and evaluation. This data is treated separately unless it is combined with personal information, in which case it will adhere to this policy.

Privacy Concerns and Complaints

Addressing Your Concerns

Your privacy is our priority. If you have questions or complaints about your privacy or the handling of your personal information, reach out to us through the contact details provided below. We commit to responding within 30 days.

Escalating Concerns

If you're unsatisfied with our response, you have the option to escalate your concerns to:

  • The Commonwealth Office of the Australian Information Commissioner

Contact Us

For any matters concerning your privacy, including access, corrections, complaints, and policy details, connect with us at:

Policy Updates

Keeping You Informed

We may update this policy from time to time to remain compliant with the privacy regulations in Victoria. Keep abreast of any changes through our website, and rest assured that the most current version of the policy will always be made available to you either when you use our services or upon your request.