Privacy Policy

Last updated: March 2026

This policy explains how Cervin Limited collects, uses, discloses, and protects your personal
information when you use our medical directory and referral services.

You may know our medical directory and referral service or platform as AusHealthpages or
SR Specialists + Referrals, but the legal entity behind AusHealthpages and SR Specialists + Referrals is Cervin Limited. In this policy, when we say ‘we’, ‘us’ or ‘our’, we mean Cervin Limited (ABN 80 793 136 352), which is responsible for collecting and storing your information. Our registered address is Level 2, 239 Ponsonby Road, Freemans Bay, Auckland 1011 New Zealand.

‘You’ and ‘your’ means the patient, customer, medical professional, or other person whose personal information we collect and handle under this policy. If you give us information about another person, please make sure that you have their permission first. For children, consent must come from a parent or guardian.

1. WHAT WE MEAN IN THIS POLICY

To make this policy easy to follow, here’s what we mean when we use certain words:

personal information has the meaning given in the Privacy Act. In simple terms, it means any information that can identify you, or could be used to identify you. This includes things like your name, contact details, medical information, and other information about you;

health information is a type of personal information and includes information about your health or disability. It can include your medical history, genetic information, any conditions or disabilities, details of the health services you receive, test results, or information you give in connection with treatment or donation (like blood or tissue). It also covers information collected before or while you are receiving health services;

patient means any person whose personal information is included in a referral created or managed through our platform by a provider;

platform means our integrated software platform called SR Referrals;

provider means a person or an organisation, such as a medical referrer, a health and wellbeing service provider, a health organisation or other referrer, who uses our platform or our services to create, send, receive or track patient referrals;

Privacy Act means the Privacy Act 1988 (Cth), including the Australian Privacy Principles; and

Services means our directory and referral services, including the services provided by
AusHealthpages and SR Specialists + Referrals.

2. CHANGE TO POLICY

  • The most recent version of our privacy policy will always be available on our website.
  • We may update this policy if our services change or if the law requires us to. When we make
    changes, we will post a clear notice on our website with the updated policy. We will usually give at least 14 day’s notice before changes take effect. If urgent changes are needed to protect your information or to comply with the law, we may update the policy first and notify you straight afterwards.   

3. WHEN WE USE YOUR INFORMATION

  • We follow Australian law, including the Privacy Act, the My Health Records Act 2012 (Cth), and any other health laws that apply to us. We may use your personal information when:
    1. you agree to it, for example, when you give us your details to use our referral service;
    2. we need it to provide our services, for example, to manage and send referrals between health professionals;
    3. we improve our services, for example, to understand how our platform is used so we can make it bette
    4. we have to by law, for example, keeping health records for the required time under health regulations.

4. INFORMATION WE COLLECT

  • We will only collect personal information that is reasonably necessary for our business and operations, including in connection with the provision of our services and our platform.
  • For anyone we collect personal information about, that information usually includes your name, address, telephone numbers, email address, date of birth and information about your use of our services.
  • If you are a patient, the personal information we collect may also include health information, including your Individual Healthcare Identifier (IHI), your medical history and referral notes. A referral may also include other personal information that is not health information, such as insurance details, information about your lifestyle or habits, and details about your personal relationships or family connections. If we need to verify our identity, we may also collect details from your driver’s licence or passport. By using this referral service, we may have access to this information.
  • If you are a provider, the personal information we collect may also include information transmitted to us from your practice management system (PMS), such as your provider number, practice details, and appointment or referral data; log and activity records of individuals who interact with SR Specialists + Referrals on your behalf, including usernames and usage history; and contact details drawn from your PMS, or personal contact details such as a personal email address or phone number where these are shared with us by you, your staff, or a colleague or agent acting on your behalf.
  • You may choose to not provide us with your personal information or not to consent to your provider accessing or using our platform or our services in respect of your personal information but not doing so may affect our ability to provide you or your provider with our platform or our services.

5. HOW WE COLLECT YOUR INFORMATION

  •   We will collect your personal information directly from you when you:
    1. sign up to use our platform or services;
    2. use or access our platform or services; or
    3. contact us by email, telephone, social media or in any other way.

Please let us know if your details change so we can keep our records up to date.

  • Sometimes we collect information from others, for example:
    1. if you are a patient, from your provider, or from another provider they refer you to;
    2. if you are a provider, we may receive information from:
      1. other providers you send or receive referrals to/from (like your referral history, clinical details relevant to a referral, or contact information for purposes such as ensuring referrals are sent, received and tracked correctly);
      2. credit reference or fraud prevention agencies (like your credit rating, payment history, or alerts about suspected fraud to help us verify your identity and manage credit or fraud risks);
      3. emergency services, law enforcement agencies, medical and legal practices (like information needed for safety, identity verification, or compliance with legal obligations to ensure we meet our legal and security requirements);
      4. publicly available sources, such as government websites, directories or social media (like your publicly listed contact details, qualifications, or professional roles to help us keep your provider profile accurate and up to date);
      5. professional registers, such as the Medical Council Registers (like your registration status, qualifications, or practising certificate details to confirm your eligibility to use our services and maintain accurate provider records); or
      6. professional associations (like membership status, contact details, or practice information to support accurate provider records and directory listings).

6. INFORMATION THAT DOESN’T IDENTIFY YOU

  • We never sell anonymised or aggregated information.
  • We may also collect information that does not identify you personally. This may include anonymised or aggregated data about how our platform and services are used.
  • We use this kind of information to improve our services, understand usage trends, check how our platform is performing, and (for providers) to give related reports.

7. COOKIES, ANALYTICS AND WEBSITE USAGE

  • Our website uses server logs and web analytic tools (such as “cookies”). Cookies are small text files that are downloaded to your device by websites that you visit. They collect information such as your browser type, operating system, IP address, search terms, location, and the pages you view. We use cookies to keep sessions secure, check how our systems are performing, and make our website easier to use.
  • You can set your browser to block cookies or to tell you when a cookie is being placed. If you block cookies, some parts of our platform or services may not work properly.
  • We use analytics tools, such as Google Analytics, to collect information about how people use our websites. This information is combined and summarised and does not identify you personally. Information collected through Google Analytics may be processed and stored on servers outside Australia, including in the United States. We may also collect approximate location information based on your IP address. This helps us understand how our website is used and to improve the relevance of our content and services.

8. HOW WE USE YOUR INFORMATION

  • We never sell personal information.
  • If you are a patient, we use your information to manage referrals between providers and to let you access your own referrals.
  • If you are a provider, we may use your information to:
    1. confirm your identity and keep your account is secure;
    2. provide our platform or our services to you including managing referrals with other providers;
    3. communicate with you, including direct marketing;
    4. manage our relationship with you, including invoicing and payments;
    5. run our business, such as maintaining your account, planning, training, product/services improvement and development, research and analysis;
    6. include in our print and web directories (if you agree);
    7. enforce our agreement with you;
    8. meet our legal requirements (for example, disclosure to law enforcement agencies or the courts);
    9. do things that are directly connected to the above purposes.
  • We may use any information that we collect from you that is not personal information for our business purposes, including:
    1. understanding how our services are used;
    2. improving our services; and
    3. marketing and promotions.

9. ADDITIONAL REQUIREMENTS

  • You may request that we take additional measures in relation to your personal information from time to time by emailing us at enquiries@cervin.com.au or calling us on 1800 147 047.
  • For example, you may request that we do not disclose or publish your personal information in certain circumstances or places, such as regarding business changes that are not yet public. If we agree to your request, you are required to keep us informed about any changes to such requirements.

10. MARKETING

  • If you are a provider, and if you have provided your consent or might otherwise reasonably expect us to do so, we may use your information to offer you services that we think may suit your needs. You can ask us to change your contact details or opt out of receiving this type of marketing at any time by following the steps outlined in our communications, or by emailing us at enquiries@cervin.com.au or calling us on 1800 147 047. We will act promptly on any such request.

11. WHO WE SHARE YOUR INFORMATION WITH

  • We may share your information to the following:
    1. if you are a patient, with your provider, and with any provider they refer you to (or receive referrals from);
    2. if you are a provider, with:
      1. other health service providers (for example, medical practices or medical specialists);
      2. our staff, contractors, and our related companies;
      3. service providers who support us (such as data storage, IT and software management providers);
      4. people managing your financial affairs (such as liquidators or administrators);
      5. debt collectors or credit reporting agencies; or
      6. agents of the above
  • We share information with law enforcement agencies, government or regulatory bodies when the law requires us to. For example, the Police when someone commits an offence.
  • If we need to share your information with someone outside of Australia, we will only do so in accordance with the Privacy Act and the Australian Privacy Principles.
  • We may share your personal information (including your health information) outside Australia to some of the types of recipients and for the purposes noted above, including to:
    1. our contractors and service providers operating overseas, which are likely to be located in Australia; and
    2. our related companies located in New Zealand, to help us provide our services and platform.

12. PROTECTING YOUR INFORMATION

  • We take reasonable steps, in line with the Privacy Act, to keep your personal information secure and confidential. This will, or may (where we decide it is appropriate), include the following:
    1. encrypting all patient data when it is stored or sent;
      1. Data in transit: Movement of data between the webserver and browser is secured with the latest HTTPS technology using RSA encrypted TLS (Transport Layer Security); and
      2. Data storage: All patient data is stored on secure servers. These servers conform to the ISO27001 standard ensuring data remains backed up and safe at all times;
    2. our staff and those who perform services on our behalf, have role-based access controls;
    3. training our staff to handle information safely and in line with the law and this privacy policy;
    4. access, use, modification and disclosure of information is secured by the use of firewalls and restricted access to databases; and
    5. annual independent penetration testing to ensure vulnerabilities and threats are detected and addressed promptly.
  • We don’t keep your personal information longer than we need to, unless the law requires it or you’ve agreed we can.

13. ADVERTISING AND THIRD PARTY LINKS

  • Our website may contain links to a variety of advertising and third party website sources. Some of these links may request or record information from users or use cookies or other methods to collect information from you. We have no control over the content or privacy policy practices of those sites and encourage you to review the privacy policies of those sites before using them.

14. ACCESS TO AND CORRECTION OF YOUR INFORMATION

  • You may request access to and correction of the personal information we hold about you. This right is subject to some exceptions, for example if we cannot confirm your identify, or if we believe your request for access will have an unreasonable impact on another person’s privacy.
  • You may also request corrections to be made to published personal information (updated within a reasonable timeframe on the website or in the next edition of a printed publication).
  • You can request access to or correction of any of the personal information about you that we hold or have published by emailing us at enquiries@cervin.com.au or calling us on 1800 147 047. We may charge a reasonable fee for providing access, but we do not charge for updating basic provider details that we publish for free, or for making a correction to your personal information. We may ask for payment in advance if a fee applies.
  • Patient personal information that we collect and store is encrypted and largely contained in the referrals and other correspondence between providers. If you request access to or correction ofthis information, we may need to transfer the request to the relevant provider, in accordance with he Privacy Act and My Health Records Act 2012 (Cth).

15. IF YOU THINK WE HAVE MADE AND ERROR

  • We are committed to protecting your privacy and our policies, processes and systems have been developed with this in mind. However, if you think we have made an error, please email us at enquiries@cervin.com.au or calling us on 1800 147 047 to let us know. Where we have made an error, we will endeavour to correct the error as soon as reasonably practicable.

16. QUESTIONS AND COMPLAINTS

  • If you have a question or complaint about the way we have dealt with your personal information, please contact us by email or in writing at the addresses above. We will endeavour to respond to your question or complaint within a reasonable period (and generally within 30 days). If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or on 1300 363 992.