Privacy Policy

1. About this policy

ScanCheck respects your privacy and is committed to protecting your personal and health information. This Privacy Policy explains how we collect, hold, use, disclose and protect your information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to all visitors to scancheck.com.au and to anyone using ScanCheck's services, including patients, referring clinicians, and international customers.

2. Who we are

ScanCheck is an Australian online radiology second-opinion service operated by ScanCheck Pty Ltd (ACN 634 941 718). Our radiologists are FRANZCR-fellowed and registered to practise in Australia.

Contact for privacy queries:

3. The information we collect

We collect two categories of information:

Personal information, including:

  • Your name, date of birth, and contact details (email, phone, address)
  • Information about your referring clinician (if applicable)
  • Payment information (processed by third-party payment providers; we do not store full credit card details)

Health information (a category of "sensitive information" under the Privacy Act), including:

  • Diagnostic imaging studies (X-ray, ultrasound, CT, MRI, PET, nuclear medicine)
  • Original radiology reports
  • Relevant clinical history you provide
  • Symptoms, prior treatments, and other context relevant to your case
  • Our written second-opinion report

We collect only the information necessary to provide the requested second-opinion service.

4. How we collect your information

We collect information when you:

  • Submit an enquiry through our online form (powered by SnapForms)
  • Complete the consent form to proceed with a review
  • Upload imaging files via a secure cloud file-transfer method we agree on (typically a OneDrive Request Files link, or another secure transfer service if you have specific requirements)
  • Email, phone, or post us
  • Visit our website (anonymous usage data only — see Section 10)

Wherever practicable, we collect information directly from you. In some cases we may collect health information from a third party (e.g. your treating clinician) with your authorisation.

5. Why we collect your information

We collect, hold, use and disclose your personal and health information for the purpose of:

  • Providing radiology second-opinion services you request
  • Communicating with you about your case
  • Issuing quotes and processing payments
  • Maintaining a record of services provided
  • Complying with our legal and professional obligations (including those of our radiologists under AHPRA registration)
  • Quality assurance, internal audits, and peer review (de-identified where possible)
  • Responding to complaints

We do not sell your information, use it for marketing without your consent, or share it with insurers, employers, or third parties for purposes unrelated to your review.

6. Who we share your information with

Your information may be disclosed to:

  • The reviewing ScanCheck radiologist assigned to your case
  • Other ScanCheck staff with a legitimate role in delivering the service (administration, technical support)
  • Your referring clinician, but only with your explicit authorisation
  • Third-party service providers we use to operate our business (see Section 7) — these providers are bound by privacy obligations and contracts
  • Law enforcement, regulatory bodies, or courts where we are legally required to disclose (e.g. court orders, subpoenas, AHPRA notifications)

We do not otherwise disclose your information without your consent.

7. Third-party service providers and overseas data transfer

We use the following third-party services to operate ScanCheck:

  • Microsoft 365 / OneDrive for Business (operated by Microsoft Corporation, USA) for email, office productivity, and storage of patient files. For Australian tenants, data is primarily stored in Microsoft's Australian data centres, though some processing may occur in other regions as part of Microsoft's global service infrastructure.
  • SnapForms (Australia-based) for online enquiry and consent forms.
  • Z-Link (Australia-based) for secure report delivery.

By submitting an enquiry, completing the consent form, or providing imaging, you consent to the transfer of your information to these third-party services and to any countries where they store or process data.

We take reasonable steps to ensure overseas recipients of your information comply with privacy standards consistent with the Australian Privacy Principles, including selecting business-grade services with Australian data residency where available.

International customers should also review the dedicated waiver on our International Customers page.

8. How we hold and protect your information

We store your information on secure systems with the following protections:

  • Encrypted file transfer for imaging and reports
  • Access controls limiting who within ScanCheck can view your case
  • Secure password protection and authentication on all internal systems
  • Business-grade cloud services with vendor security commitments (Microsoft 365 / OneDrive for Business)
  • Regular review of our information security practices
  • Contractual privacy obligations on third-party providers
  • Compliance with the Notifiable Data Breaches scheme under the Privacy Act, including notifying you and the OAIC of any eligible data breach

While no system is 100% secure, we take all reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification or disclosure.

9. How long we keep your information

We retain your personal and health information for at least seven years from the date of your most recent review, in line with the standard medical-record retention period applicable in Australia. For cases involving minors, records are retained until the patient turns 25, or seven years after the review, whichever is later.

After the retention period, information is securely destroyed or permanently de-identified.

10. Cookies and website data

Our website may use cookies and analytics tools to track aggregate, anonymous usage data — page views, browser type, approximate location. This data helps us improve the site and does not identify you personally.

You can disable cookies through your browser settings; some site features may not function correctly if you do.

11. Children's information

Where a parent or legal guardian requests a second opinion on behalf of a child, the parent or guardian provides consent on the child's behalf. We treat children's health information with the same protections as any other patient's, and only the parent or legal guardian has authority to access or correct it until the child reaches an age of capacity to make their own healthcare decisions.

12. Your rights

Under the Australian Privacy Act, you have the right to:

  • Access the personal and health information we hold about you
  • Request correction of inaccurate, out-of-date, incomplete, or misleading information
  • Withdraw consent to future use of your information (where applicable)

To make an access or correction request, contact us at support@scancheck.com.au. We will respond within 30 days. There may be limited circumstances (e.g. legal restrictions, third-party privacy) where we cannot provide access — if so, we will explain why in writing.

13. Complaints

If you believe we have not complied with this Privacy Policy or the Australian Privacy Principles:

  1. Contact us first at support@scancheck.com.au with details of your concern. We will investigate and respond within 30 days.
  2. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC):

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The current version is always available at scancheck.com.au/privacy-policy. We will notify you of significant changes by email or a prominent notice on our website.

This policy was last updated: May 2026