Alfa Medlink logo

Privacy Policy

1. Purpose and scope

This Privacy Policy explains how Alfa MedLink collects, uses, discloses and protects personal information when you:
  • visit our website;
  • sign up for trials, pilots or commercial services;
  • use our AI receptionist and associated services provided to clinics; or
  • otherwise interact with us.
This policy is intended to align with the Australian Privacy Act 1988 (APPs) and the New Zealand Privacy Act 2020. It applies to individuals in Australia and New Zealand, including clinic staff, patients and callers whose calls are handled by Alfa MedLink on behalf of clinics.

2. Controller / contact details

  • Controller: Alfa MedLink
  • Postal address: Level 19, 263 William Street, Melbourne VIC 3000, Australia
  • Email: [email protected]
  • Phone: +61 470 545 088

3. Types of personal information we collect

We collect personal information only as needed for service delivery and operations:
a. Information you provide directly
  • contact details (name, email, phone number, job title);
  • organisation and clinic details;
  • messages, enquiries or support requests.
b. Call and clinical-adjacent data (processed on behalf of clinics)
  • caller phone number and call metadata;
  • call audio and derived transcripts where enabled;
  • appointment details supplied by callers;
  • any data the caller supplies during the call (subject to clinic configuration).
c. Automatically collected information
  • IP address, browser/device details, pages visited, cookies and analytics.

4. How we use personal information

We use personal information for:
  • providing, managing and improving the Alfa MedLink service;
  • answering enquiries, provisioning pilot and onboarding clinics;
  • configuring clinic workflows and escalation rules;
  • producing operational reports for clinics (e.g. call outcomes);
  • security, fraud prevention and legal compliance;
  • limited marketing communications if you opt in.
We do not use personal information for unconnected advertising or sell personal data to third parties.

5. Legal basis and responsibility

  • For clinics and clinic data: the clinic acts as the data controller for call data and clinical-adjacent information; Alfa MedLink is a data processor acting under the clinic’s instructions.
  • For direct interactions (website enquiries, sign-ups): Alfa MedLink is the data controller.
  • Where required by law, we process data to comply with legal obligations or to protect life and safety.
You can choose to disable cookies through your browser settings. Please note that some website features may not function properly if cookies are disabled.

6. Voice recordings and caller consent

Where voice recording or transcription features are enabled, clinics must ensure callers are notified and consent is obtained as required by local law. Clinics are responsible for providing any pre-call announcements or notices needed to satisfy consent requirements under the Privacy Act 1988 (Australia) and the Health Information Privacy Code (NZ) where applicable.

7. Disclosure to third parties

We disclose personal information only to:
  • service providers required for operations (cloud hosts, telephony providers, analytics and payment processors);
  • our professional advisers (lawyers, auditors) where necessary;
  • other parties when required by law (e.g. court order) or to protect safety.
We require third parties to maintain appropriate safeguards and to process information only for the purposes we specify.

8. Data Location & Cross-Border Disclosure

Alfa MedLink is designed to support Australian and New Zealand healthcare privacy requirements.
Personal information and call data processed by Alfa MedLink are hosted and stored within Australia or New Zealand, where reasonably practicable, and are intended to remain within these jurisdictions.
Alfa MedLink does not routinely disclose personal information outside Australia or New Zealand.
In limited circumstances where a service provider may process information outside these jurisdictions (for example, for infrastructure support, security monitoring, or incident response), Alfa MedLink will take reasonable steps to ensure that any such disclosure complies with:
  • the Australian Privacy Act 1988 (Cth), including APP 8; and
  • the New Zealand Privacy Act 2020.

Clinics are responsible for determining whether Alfa MedLink’s data location and processing model aligns with their internal governance and regulatory obligations.

9. Data security

We implement reasonable technical and organisational measures, including encryption in transit, access controls, role-based permissions, and audit logging. While we take security seriously, no system is infallible — absolute security cannot be guaranteed.

10. Data retention

We retain personal information only as long as necessary for the purposes it was collected, to meet contractual obligations or as required by law. Clinics can request retention settings for call recordings and transcripts; default retention is set to a reasonable operational period and documented in the clinic’s onboarding.

11. Your rights and how to exercise them

Where applicable under Australian and New Zealand law, you may request to:
  • access personal information we hold about you;
  • request correction of inaccurate information;
  • request deletion where permitted by law;
  • object to certain processing (where applicable);
  • withdraw consent for direct marketing.

Submit requests to: [email protected]. We will respond within applicable statutory timeframes and may require identity verification.

12. Children

Our services are not targeted at children. We do not intentionally collect personal information from children for commercial purposes.

13. Changes to this policy

We may update this policy. Material changes will be published on our website with a revised “Last updated” date. Where required, we will notify affected customers directly.

14. Complaints and regulatory bodies

If you have a privacy complaint, contact us at [email protected]. If you remain dissatisfied, you may contact:
  • Office of the Australian Information Commissioner (OAIC) — Australia; or
  • Office of the Privacy Commissioner — New Zealand.

15. Additional notes for clinics (short)

  • Clinics must ensure lawful bases and any clinical consents are in place for call recording and processing.
  • Clinics are responsible for configuring escalation rules and ensuring those rules meet local clinical governance and occupational health & safety obligations.