PRIVACY POLICY
1. Introduction
Medibase Health Pty Ltd ACN 638 329 932 (“we”, “us”, “our” and “Medibase”) respects and upholds the privacy rights of individuals.
We are sensitive to privacy issues and take seriously the ongoing trust placed in us. We have committed to compliance with the Privacy Act 1988 (Cth) (“Privacy Act”), including the Australian Privacy Principles (“APPs”), which detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.
This document is our Privacy Policy and describes how we handle your personal information.
Personal information is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.
Sensitive information, a sub-set of personal information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.
2. Collection of Personal Information
We only collect personal information that is necessary for the operation of our business activities and associated administration.
The types of personal information we may collect depends on the purpose for which we need the information and may include your contact details, including your full name, street address, billing address, postal address, email address; and telephone number.
We may also collect sensitive information about you where there is a legal requirement to do so, or where we are otherwise permitted by law.
3. How We Collect And Hold Personal Information
We will, where possible, collect your personal information directly from you, unless it is unreasonable or impracticable for us to do so. If we collect your personal information from another person and it is unclear that you have consented to the disclosure of that information to us or that information is otherwise not permitted to be disclosed to us, we will, whenever reasonably possible, make you aware that we have done this and the reasons for doing so. For example, we may collect personal information from you through telephone calls, your emails, website contact forms and other communication.
If you do not provide some or all of the personal information we request, we may be unable to effectively provide our services to you.
4. Website Usage Information & Cookies
Our website uses small data files called cookies on your computer which you can choose to accept or decline.
One of the primary purposes of a cookie is to save you time. A cookie tells the web server that you have returned to a specific webpage. For example, if you personalise the webpages on our website or register with us through our website, the cookie helps the website to recall your specific information on subsequent visits.
This simplifies the process of recording your personal information, such as billing address, postal address and so on. When you return to the same webpage, the information you previously provided can be retrieved so you can easily use the website features that you customised.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but depending on your browser, you can modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website.
There is also information about the hardware and software on your computer that is automatically collected by our website. This information can include your IP address, browser type, domain names, browsing preferences, access times and the addresses of referring websites. This information is used by us to maintain the quality of our website and to provide us with information regarding the use of our website.
We encourage you to review the privacy statements of websites you choose to click through to from our website so that you understand how those websites collect, use and share your information. We have no control over and are not responsible for the manner in which the hosts of other websites use personal information they collect from you.
5. What We Do With Your Personal Information
We use the personal information we hold about you to do the following things:
create a customer profile and account in our system;
provide services to you as directed;
communicate with relevant stakeholders regarding the services provided to you;
respond to feedback from you;
develop and/or test our systems;
for our own internal administrative purposes.
With your consent, we do the following:
communicate with our partners to provide services to you;
plan to improve services we offer.
6. Situations Where We May Disclose Your Personal Information
We will not disclose your personal information to any person except to our related entities, partners, suppliers, distributors and agents used by us in the ordinary course of our business. This may include for the purposes of the provision of our services, referral to our partners for associated services, IT services, data analysis, research, advertising or consultancy services.
In doing so, we will take all steps as are reasonable to ensure that these parties respect and uphold the provisions of this Privacy Policy in relation to your personal information.
We may also need to disclose your personal information where we:
are under a legal duty to comply with any legal obligation or in order to enforce or apply our terms and conditions; or
need to disclose it to protect our rights, property or safety of our customers or others, including the exchange of information with other companies, organisations and/or governmental bodies for the purposes of fraud protection and credit risk reduction.
7. Overseas Disclosure
We do not ordinarily disclose your personal information overseas, however, before any personal information is disclosed to a recipient in a foreign country, the Privacy Act requires us to take such steps as are reasonable in the circumstances to ensure that the recipient does not breach the APPs in relation to the information. If you consent to the disclosure of your personal information to overseas recipients, we are not required to take such steps.
By submitting your personal information to us, you expressly consent to the disclosure, transfer, storage or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that countries outside Australia may not have the same privacy protection obligations as Australia in relation to personal information. If your personal information is mishandled in any jurisdiction, we disclaim responsibility and you will not have a remedy under Australian law.
8. Direct Marketing
By submitting your personal information to us, you expressly consent to us or our partners using your personal information to provide you with information about our products, services or events which we consider may be of interest to you or engage in any other direct marketing activity.
We may also use your personal information for the purpose of providing you with other information, if it is within your reasonable expectations that we would send you such information given the nature of previous communications with you.
You may at any time opt out of receiving any communications from us (other than as required for the provisions of our services) by using the “unsubscribe” facility included in an email you receive from us or by contacting us using the details set out at the bottom of this document.
9. Data Security
We store personal information contained in electronic records, in a controlled and secure environment.
Your personal information is only accessible by those persons who require access to the personal information for the purposes of carrying out their work on our behalf.
When personal information (such as payment information) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
We will take all reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure.
If we suspect that a data breach has occurred, we will follow the requirements of the Data Breach Notification scheme under the Privacy Act. The requirements include notifying affected individuals and the Office of the Australian Information Commissioner in some circumstances.
10. Destruction & De-Identification
We will retain your personal information whilst it is required for any of our business functions, or for any other lawful purpose. We will destroy or de-identify personal information in accordance with our data security and data destruction policies or when our legal obligations to retain the information have expired and the information is no longer needed by us.
11. Amendments To Your Personal Information
You have the ability to amend such information by advising of the same at any time.
12. Your Consent
By engaging us to provide services to you, you agree to our collection, disclosure, use and storage of your personal information in accordance with this policy.
13. General Data Protection Regulation - Processing EU Personal Data
This section entitled “General Data Protection Regulation – Processing EU Personal Data” only applies if you access our products or services in the EU and your personal data (as defined in this section) is processed and/or monitored as a result.
General - When we process your personal information, we will comply with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), any local implementing laws and any successor legislation to the GDPR and the local implementing laws. We are the data controller (as defined in GDPR) of the data you pass to us pursuant to this policy.
Where we refer to “personal information” throughout this policy, it has the meaning set out in the Privacy Act (as explained at the beginning of this policy) and also the meaning given to “personal data” in the GDPR. “Processing” has the meaning set out in GDPR and, in practice, means doing anything with your personal information, including storing it.
Grounds for Processing
We collect most of your personal information on the grounds of our legitimate interests or fulfillment of engagement with you. If we deem it appropriate, we may also rely on legitimate interests to send you marketing communications. If we are unable to rely on legitimate interests or another ground to process your personal information, we will seek consent from you in accordance with the requirements of GDPR.
If we have obtained consent from you to process your data, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us using the contact information set out below. Please bear in mind that if you withdraw your consent it may affect our ability to carry out tasks for your benefit. Withdrawal of your consent will not affect any processing we have carried out in respect of your personal information prior to you withdrawing consent.
In the section entitled “What we do with your personal information”, we have explained that we may need to disclose your personal information to certain third parties. If any of those third parties are located outside of the European Economic Area (EEA) we will ensure that there are appropriate safeguards in place when the data is transferred in accordance with the requirements of GDPR.
Automated decision making – part of our engagement with you may be determined as a result of a process of automated decision making. We carry out this example of automated decision making on the grounds that it is necessary to fulfil the engagement we have with you.
Your rights – there are a number of rights available to you under GDPR. These include:
the right to access your personal information and ask us to provide certain information about the processing we carry out in respect of your personal information;
the right to ask us to rectify any personal information we process that you believe is incorrect or incomplete;
the right to ask us to erase your personal information; the right to ask us to restrict the processing we carry out in respect of your personal information, or to object to the processing we carry out; and
the right to have your data provided to another data controller in a structured, commonly used and machine-readable format (data portability).
Please note that there are some exceptions and caveats to the rights listed above.
Complaints – in addition to your rights set out above in the section entitled “Complaints and Concerns”, you are entitled to complain to the relevant supervisory authority in your jurisdiction.
14. Complaints & Concerns
If you have a problem, complaint or wish to enquire about our Privacy Policy, please contact our Privacy Officer.
We will respond to your complaint in accordance with the relevant provisions of the APPs as soon as practicable. We treat complaints relating to privacy very seriously. If you submit a concern or complaint, we will endeavour to deal with it comprehensively and reach an outcome where all parties are satisfied.
If you are not satisfied with our response to your complaint, or if you would like further information about privacy in Australia, then we suggest you contact the Office of the Australian Information Commissioner at oaic.gov.au.
15. Changes to this Privacy Policy
It may be necessary for us to review and revise our Privacy Policy from time to time. An amended version will be posted on our website.
16. Our Contact Details
If you have any questions about this policy or if you have any complaint regarding the treatment of your privacy by us please contact us.