Privacy Policy

1. About GPEx

GPEx Limited (ACN 608 491 621) (GPEx, we, us, our) is a company limited by guarantee that carries on a business to advance the education and training of primary health care professionals for the benefit of the community, including under our various brand names. This Privacy Policy applies to all of our Australian operations.

2. About this Privacy Policy

This Privacy Policy describes how we handle personal information in accordance with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) which includes the Australian Privacy Principles (APPs). This Privacy Policy is intended to provide a general overview of how we handle personal information. Other policies may apply instead of, or in addition to, this Privacy Policy in certain circumstances. Please note that in some circumstances, there are exemptions or exceptions that may apply, including in relation to the handling of employment related personal information about our employees. Nothing in this Privacy Policy is intended to limit the operation of such exemptions or exceptions or to otherwise restrict us from handling personal information in a manner that would otherwise be permissible by law. By using our websites:,, and (collectively, our Websites), and/or providing personal information to us, you consent to us handling personal information in accordance with this Privacy Policy.

3. What this Privacy Policy covers

This Privacy Policy describes:

  1. the kinds of personal information that we collect and hold;
  2. how and why we collect and hold personal information;
  3. the purposes for which we collect, hold, use and disclose personal information;
  4. when and with whom we share personal information;
  5. how you can access and amend personal information; and
  6. how you can complain about our handling of personal information.

4. What personal information is and what personal information we collect

In this Privacy Policy, personal information is information or an opinion that identifies an individual, or an individual who is reasonably identifiable (whether or not the information is true or not and whether it is recorded in a material form or not). In connection with our services, we collect and hold a range of personal information.  In most cases, this will include:

  1. your name, date of birth and gender;
  2. your residential and work addresses;
  3. your personal and work telephone numbers;
  4. your personal and work email addresses;
  5. your occupation;
  6. your academic and employment history; and
  7. in respect of the programs we deliver, your program progression and assessment outcomes.

This is not an exhaustive list.  From time to time, we may need or request additional information about you.  In some cases, we may also seek your consent to collect certain sensitive information, such as information about your health or whether you are a member of any professional association. Where our Websites contain links to third party websites, we accept no responsibility for the privacy practices of those linked websites. Refer to our Terms of Use for more information on third party links.

5. Information you give to us

We may collect personal information directly from you:

  1. through email;
  2. during face-to-face interviews and discussions;
  3. over the telephone;
  4. when you enquire about, or enrol in, one of our programs or courses; or
  5. during the delivery of your training.

You have no obligation to provide any information to us.  However, failing to do so may impact on our ability to deliver our programs or courses to you and it may limit our ability to otherwise interact with you. If you provide us with personal information about other individuals (for example, an emergency contact’s details), we rely on you to:

  1. do so only with their consent;
  2. tell them that you are providing personal information about them to us and that we will treat this information in accordance with this Privacy Policy; and
  3. tell them how to find and obtain the most recent version of this Privacy Policy.

6. Information we collect from other sources

We may also collect personal information about you:

  1. from third parties where it is unreasonable or impracticable to collect personal information directly from you; or
  2. from publicly available sources of information.

If we collect your personal information from someone other than you, we will take reasonable steps to:

  1. make you aware that we will collect, or have collected, personal information from another source; and
  2. inform you about what we will do with this personal information.

7. How we use personal information

Our business is to provide you with education and training services, as well as related services and products.  In order to do that effectively, we use personal information for a range of different purposes, including:

  1. to verify your identity;
  2. to allow you to access and use our online systems (including our Websites);
  3. to communicate with you;
  4. to provide you with the information, products and/or services that you request from us;
  5. to assist with the delivery of our programs;
  6. to administer and promote our programs;
  7. to personalise your experience on our Websites;
  8. to provide support and updates;
  9. to monitor and assess your performance and training needs;
  10. to assess whether our programs are meeting your needs;
  11. to perform research and analysis (including whether our programs meet the needs of our students broadly);
  12. for the quality improvement of our existing and new products (including programs) and services;
  13. for our internal business purposes; and
  14. subject to your consent, other purposes which we will notify you of from time to time.

We do not sell your personal information to third parties.

8. Organisations we disclose to

Sometimes, we disclose your information to our related entities or individuals or organisations outside of GPEx.  Common situations in which we disclose personal information include:

  1. disclosing personal information to service providers who provide services to us or on our behalf in connection with our training solutions;
  2. disclosing your personal information to the Department of Health and professional colleges (such as the Royal Australian College of General Practitioners and Rural and the Australian College of Rural and Remote Medicine), in connection with your professional training and accreditation;
  3. disclosing personal information with other organisations as directed by you (for example, in connection with employment applications);
  4. disclosing personal information to our contractors and other service providers (for example, in connection with external clinical teaching visits, to data management contractors, and to marketing and promotional contractors);
  5. where we are legally authorised or required to do so (including disclosing information to courts, tribunals, dispute resolution bodies, or law enforcement and national security agencies); or
  6. if we believe the disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

9. Do we send personal information overseas?

In some cases, we may disclose personal information overseas, such as to our providers of cloud services and website hosting services.  These organisations may be based, or have servers, outside Australia.  We will only disclose your personal information in compliance with the Privacy Act and the APPs and we will take reasonable steps to ensure that those organisations protect the personal information they receive from us.

10. Can you request to deal with us without identifying yourself?

In most cases, we need to know who you are in order to process and/or manage your application, enquiry, training or request. You can request to deal with us anonymously or by using a pseudonym in relation to certain matters; for example, when making a complaint, unless we need to know your identity in order to investigate the complaint (such as in relation to a particular service provided by a training service provider). If it is practicable to deal with us anonymously or under a pseudonym, we will take reasonable steps to ensure that the information that you provide to us anonymously or under a pseudonym is not able to be linked with other information that we may hold about you.  If you wish to deal with us anonymously or under a pseudonym, please contact our Privacy Officer using the contact details below.

11.    How to access your personal information

We will provide you with access to personal information about you which is held by us, subject to the exceptions in the Privacy Act (for example, we may refuse to give you access to your personal information if giving access would have an unreasonable impact on the privacy of other people, or if your request for access is frivolous or vexatious). Before giving you access to any information, we will require you to verify your identity in a manner that is reasonable in the circumstances and also to specify the personal information you wish to access. If we refuse to give you access to personal information, we will provide you with reasons for our refusal.  For example, if we are not satisfied as to the identity of the requester. You will not be charged for lodging a request to access personal information. Requests for access to personal information should, in the first instance, be directed to our helpdesk or by calling 1300 473 972 who will refer the request to an appropriate person within our organisation.

12. How to update your personal information

We will take reasonable steps to ensure that personal information about you which is held by us is accurate, up to date, complete and relevant. We encourage you to contact us as soon as possible in order to update any personal information we hold about you. If we update or amend personal information about you that we previously disclosed to another entity, and you request that we notify that entity, we will take reasonable steps to give that notification. If we refuse to update personal information, we will provide you with the reasons for our refusal.

13. How we keep your personal information secure

We use several physical and electronic security measures to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.  For example, we restrict physical access to our offices, and we use a combination of security containers, firewalls, secure databases, computer user identifiers and passwords to protect personal information held by us. Emails you send to us are screened by our email security systems and may be viewed by our authorised information technology personnel and service providers for security purposes. All personal information collected and stored by us is held for a specified period of time, prior to eventual destruction. Time requirements for retention of personal information are at times statutory in nature or, required under contract, or necessary for procedural fairness as determined by us.  We maintain an active Retention and Destruction schedule setting out retention times for personal and other information. We regularly consider and review information collected to ensure that we do not collect excessive or irrelevant personal information. Subject to applicable laws and our internal policies, we take reasonable steps to destroy or de-identify personal information about you when we no longer need it.

14. Automated Information Collection

When you visit our Websites, our server makes a record of that visit and logs the following information:

  1. your server address;
  2. the date and time of the visit to the site;
  3. the pages accessed and documents downloaded;
  4. the previous site visited; and
  5. the type of browser used.

The data listed above is collected to facilitate website and system administration, including:

  1. monitoring;
  2. the prevention of security breaches; and
  3. the enhancement of our Websites to meet users’ needs.

We do not attempt to identify users or their browsing activities except in the unlikely event of a criminal investigation; for example, where a law enforcement agency has issued a warrant to inspect our server logs. We do use cookies when people make general visits to our Websites. Cookies are small text files that may be transferred to your computer’s memory by the servers of some of the websites you visit. Their purpose is to track and store information about a visitor’s usage of a website. The extent and type of information we receive from users of our Websites depends on what the user does when visiting the site.  Most of the information we collect is statistical only and is not used to identify you.

15. How you can make a privacy complaint

If you have a concern about the way in which we handle personal information and wish to make a complaint, please contact our Privacy Officer using the contact details below. We are committed to acknowledging your complaint in a prompt manner and will give you an estimated timeframe for when we will respond to your complaint. It is our intention to resolve your complaint to your satisfaction.  However, if you do not believe that the matter has been resolved satisfactorily, you are entitled to contact the Office of the Australian Information Commissioner on 1300 363 992 (local call charges apply) or by using the other contact details on the Commissioner’s website ( and the online privacy complaints form.  The Commissioner may investigate your complaint further.

16. Further information

To find out more about how we manage personal information, please contact us using the following details: Our Privacy Officer:

For more information on the Privacy Act and the APPs, you may:

  1. visit the website of the Office of the Australian Information Commissioner (; and/or
  2. contact the Privacy Hotline 1300 363 992 (local call charges apply).

We will, from time to time, review and update this Privacy Policy.  We reserve the right to amend this Privacy Policy at any time and any amendments will be notified by posting the updated version on our Websites. All personal information about you which is held by us will be governed by our most recent Privacy Policy. If you are unsure about whether you are reading the most current version of our Privacy Policy, please contact our Privacy Officer. We can provide a copy of the most current version of our Privacy Policy on request.

Last updated: 9 January 2023