top of page
banner.jpg

TERMS

Montu Group Privacy Policy

We care about your privacy

Introduction

 

Last updated: 20 January 2026

Welcome to Montu Group Pty Ltd ABN 35 634 198 360 and its wholly owned subsidiaries Alternaleaf Australia  Pty Ltd, uMeds Australia Pty Ltd, Saged Australia Pty Ltd and Leafio Australia Pty Ltd, as well as its businesses including Montu Medical (Montu, we, us, our). Montu is committed to earning and maintaining your trust by carefully and respectfully managing your personal information.

This Privacy Policy provides important information about how we collect, use, hold, and disclose your personal information. It also outlines how you can:

  • access and correct the personal information we hold about you

  • make a complaint about our handling of your personal information.

Scope of this Privacy Policy

 

This Privacy Policy applies to the Montu Group of companies and businesses in Australia, including:

  • Montu Group Pty Ltd

  • Alternaleaf Australia Pty Ltd

  • uMeds Australia Pty Ltd

  • Leafio Australia Pty Ltd

  • Saged Australia Pty Ltd

  • Montu Medical

We will update this Privacy Policy if our information handling practices change.

Key sections of this Privacy Policy

Privacy Policy in full

Laws which require or authorise us to collect your personal information

Some laws require or authorise us to collect, use and disclose personal information. These include:

  • Privacy Act 1988 (Cth)

  • My Health Records Act 2012 (Cth)

  • Privacy laws in some States and Territories

  • Health privacy laws in some States and Territories

  • Healthcare Identifiers Act 2010 (Cth)

  • Migration Act 1958 (Cth)*

  • Tax Administration Act 1953 (Cth)

  • Superannuation Guarantee (Administration) Act 1992 (Cth)*

*Note: For job candidates only

Types of personal information we collect

The personal information we collect depends on the services we offer you and the circumstances of your interactions with us. The table below lists examples of the types of personal information we collect.

laws-collection
types-of-information

Who we may collect your personal information from

We may collect personal information from:

  • You directly, as a patient, customer, job applicant, witness, service provider, or member of the public

  • Your family members, carers, nominated emergency contact, next of kin, and those whom you have provided authority for us to collect your personal information from

  • Your references, if you are a job applicant

  • Our other service providers, such as pharmacies and delivery partners 

  • Medical professionals and health services, including your community general practitioner or specialist, pharmacy and allied health services 

  • Australian Government organisations and agencies, and their platforms, such as;

    • Australian Digital Health Agency (ADHA), and My Health Record (MHR)

    • Australian Financial Security Authority (AFSA)

    • Australian Health Practitioner Regulation Agency (AHPRA)

    • Department of Home Affairs and their Visa Entitlement Verification Online (VEVO) system

    • Federal and State Law Enforcement

    • State Fair Trading Departments

    • State Healthcare Complaint Commissions 

    • State Health Departments and their Real Time Prescription Monitoring (RPTM) systems

    • State Public Guardian

How we collect your personal information

We collect your personal information in various ways, including:

  • When you contact us, or we contact you, via our call centres, chatbot, email, public forums, social media pages or in telehealth consultations

  • When you interact with any of our platforms, including to make a booking for your consultation, attend a consultation, or when you use the Alternaleaf or uMeds portal, or or any of our websites

  • When you participate in customer satisfaction, marketing, user experience, and clinical research surveys and interviews

  • When you interact with our social media pages through your views, comments, likes, and direct messages, or leave us a review on platforms such as Google

  • When you submit an application for a job position with us, and participate in recorded interviews

  • When you intentionally share your personal experience directly to the public or on public platforms through written submissions, interviews, podcasts, or industry events

  • From Linkedin or other similar platforms if we are interested in your job profile

  • Using APIs provided by online social media and public forums, such as Reddit 

  • From surveillance cameras at our premises

  • Website analytics tools, cookies, and other tracking technologies

Why we collect your personal information

 

We endeavour to limit the collection of your personal information to what is reasonably necessary for our business activities and functions. The table below lists the primary purposes for which we collect your personal information and some examples.​​

who-we-collect-from
how-we-collect
why-we-collect

Why we use and disclose your personal information

While we may use and disclose your personal information for the primary purposes set out in the table above, we may also use personal information for the following secondary purposes.

why-we-use-disclose

Who we may disclose your personal information to, and why

Who we disclose your personal information to will depend on our relationship with you and the purposes for which we collected your personal information. In some circumstances, the entities we share information with may also share your personal information with other entities they do business with. The table below describes who we may share your personal information with and why.

who-we-disclose-to

Information we disclose to overseas recipients

We may use, store and disclose your personal information to our Montu Group entities and other related parties, and contracted service providers for services such as software development, communication networks, and data storage located outside Australia. 

These locations include: 

  • Belgium

  • Canada

  • France

  • Germany

  • Luxembourg

  • New Zealand 

  • Philippines 

  • Poland

  • Republic of Ireland

  • United Kingdom

  • United States of America

We will take all reasonable steps to ensure this information is handled in compliance with the APPs.

Where personal information has been disclosed overseas or stored in Australia by a third party with headquarters overseas, there is a possibility the recipient may be required to disclose personal information under a foreign law. When this occurs, such disclosure is not a breach of the Privacy Act. View the OAIC guidance: Overseas acts or practices required by a foreign law (8.64-8.68) for further information.

How we hold and secure your personal information

 

Holding your information

We hold your personal information in systems which may be on premises or in cloud-based servers, in data warehouses, in data lakes, on devices, and in hard copy files. 

Once we determine that your personal information is no longer needed for any legal record keeping purpose, we take reasonable steps to securely delete or permanently deidentify the information.

security

Securing your information

We take reasonable steps to protect your personal information from misuse, loss, interference and unauthorised access, modification, or disclosure. We may use a combination of organisational and technical safeguards, which may include where appropriate:

  • Deleting personal information when it is no longer required. For example, we delete (some) call recordings once no longer required.

  • Store data in de-identified form where appropriate. For example, transcripts may be split and de-identified so that even if someone does access it, it is not reasonably identifiable

  • Store data in a perturbed form. For example, if you call our whistleblower hotline, your voice will be perturbed so that you are not easily identifiable

  • Restricting and monitoring access to personal information we hold

  • Having stand-by systems and information backups in place to deal with major business interruptions

  • Data loss prevention tools

  • Maintaining information security products such as system firewalls, and encryption tools.

  • Implementing risk management processes to maintain policies, standards and procedures that govern and control the protection of your personal information

  • Reviewing of our information management systems and practices

  • Assessing third-party security measures

  • Providing staff training

  • Putting in place legal contracts with third parties and related Montu entities

Your privacy choices

 

How to request access or correction to your personal information

You can request access to and correction of the personal information we hold about you. You can make this request by using the contact details provided below. We will aim to respond to your request within 30 days. In most cases, there is no charge for this service. 

We may refuse your request in some circumstances, in which case we will provide a written statement of the reasons for refusal. 

You will be required to show that you are authorised to make a request, including if you are acting on behalf of someone else or otherwise have legal authority to request this information.
 

How to make a privacy complaint

If you think we have not handled your personal information correctly or in accordance with the law, you can lodge a complaint with us, or the Office of the Australian Information Commissioner (OAIC) using the contact information provided below. 

We recommend you contact us first so we can try and resolve your complaint effectively and efficiently as generally, the OAIC will refer you back to us if you have not already complained directly to us.
 

How to control who can access your My Health Record (MHR)

Information on how to manage access to your MHR is available using the following link:  Privacy and access - My Health Record

 

How to manage cookies and ads

We use Google Analytics as a website analytics tool to collect data about how you interact with our websites. Google Analytics collects information using cookies. View the Google Analytics Privacy Policy.

You can manage your cookie preferences through your web browser settings. Here are instructions for the main browsers:

We use various advertising platforms for our online advertising. The following links provide information on how to control the ads you see and the information that can be used to personalise them:

 

How to unsubscribe from marketing

You can opt-out of receiving advertising communications from us via the “unsubscribe” function in any SMS or email marketing communications to you, or by contacting us using the contact information provided below.

Contact information

Contact us

privacy-choices
contact-info

Contact details for external resolution bodies

bottom of page