July 2023

Privacy Policy

This Privacy Policy sets out our commitment to protecting the privacy of personal and sensitive information we handle via our in-person and online services, platforms, and applications (collectively, Services). Your privacy is important to us, and we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act), which includes the Australian Privacy Principles (APPs). We are also bound by State and Territory laws such as the Health Records Act 2001 (Vic), Health Records (Privacy and Access) Act 1997 (ACT), the Health Records and Information Privacy Act 2002 (NSW) and any related privacy codes. In this Privacy Policy, we, us, or our means Medinet Australia Pty Ltd ACN 610 094 712 and/or MyPractice App Pty Ltd ACN 645 851 538.

This Privacy Policy outlines how we collect, use, disclose and store your personal information and lets you know how you can access that information. This Privacy Policy applies to our obligations when handling information in Australia.

Personal and sensitive information

‘Personal information’ is defined in the Privacy Act as information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.

‘Sensitive information’ means information relating to your:

racial or ethnic origin;

political opinions;

religion;

trade union or other professional associations or memberships;

philosophical beliefs;

sexual orientation or practices;

criminal records; and

health information or biometric information.

‘Health information’ includes personal information about health or disability, expressed wishes about future provision of health services, and health services provided or to be provided to an individual.

Information which identifies you

You can deal with us by using a pseudonym (a name that does not include your real name, for example an email address or a username that you may use for an email account) or anonymously where it is lawful and practical. However, we may need to provide proof of identity and require the use of your full name in order to deliver the Services to you. If you choose to deal with us in this way, we may still need to collect your personal information.

Types of information we collect.

The types of information we collect about you depends on your dealings with us, and may include:

  • your name;
  • your contact details, including email address, mailing address, street address and/or telephone number;
  • your age and/or date of birth;
  • your demographic information;
  • the organisation you work for;
  • your practitioner number if you are a healthcare service provider;
  • your sensitive information, including health information, such as prescriptions, medical certificates, specialist referrals, pathology referrals and other similar documents (Medical Documents) and information to arrange services related to your medical care, including appointment bookings, telehealth consultations, home pathology collection bookings and collection or delivery of prescription medication (Healthcare Services);
  • invoices relating to services provided by a Practice;
  • your preferences and/or opinions;
  • information you provide to us through customer surveys;
  • details of services we have provided to you and/or that you have enquired about, and our response to you;
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our Services, including through the use of Internet cookies, your communications with our Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  • additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media accounts and/or accounts from which you permit us to collect information;
  • information contained in any communications between you and us; and
  • any other personal information requested by us and/or provided by you or a third party.

We may collect these types of personal information directly from you or from third parties, including your healthcare service providers and/or Practice or the organisation you work for if you are a healthcare service provider.

Sensitive information

We will not collect sensitive information about you without first obtaining your consent.

Your sensitive information may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected, including:

  • to connect you with healthcare service providers or Practices, using our Services;
  • to assist you with your inquiries, including to be connected with a healthcare service provider and/or Practice;
  • to assist a healthcare service provider in determining whether she or he can provide services to you; and/or
  • providing services for a purpose that is directly related to the primary purpose for which the sensitive information was collected.

If you do not agree to this, you should not provide us with your sensitive information. We may disclose your sensitive information to the following third parties:

  • our business or commercial partners, including professional advisers, dealers and agents;
  • your healthcare service providers and/or any Practice that you are a patient of;
  • third parties and contractors who provide services to us;
  • third party payment gateways; and
  • any third parties authorised by you to receive information held by us. We collect, use, store and disclose your health information in accordance with the:
    • Privacy Act and APPs for all individuals;
    • New South Wales Health Records and Information Privacy Act 2002 (NSW) for individuals based in NSW;
    • Victorian Health Records Act 2001 (Vic) for individuals based in Victoria; and
    • Australian Capital Territory’s Health Records (Privacy and Access) Act 1997 (ACT) for individuals based in the ACT or when the contract was made in the ACT.

If we have de-identified your sensitive information, such that you are no longer identifiable from it, we may also use that de-identified sensitive information for the purpose of analysing trends and conducting research/publication, including by disclosing that de-identified sensitive information to third parties.

Collection, use and disclosure of personal information

We collect personal and sensitive information as is reasonably necessary to facilitate your use of our Services, communicate health information to healthcare service providers, or to medical centres you register with as a patient (Practice), in accordance with your directions.

We may collect, hold, use and store your personal and sensitive information when:

  • you, or another person on your behalf (including your healthcare service providers and/or Practice, if you are a patient, or the organisation you work for, if you are a healthcare service provider) provides it to us or enters it into our Services;
  • Medical Documents are made available to you through our Services or sent to a healthcare service provider involved in your care using our Services;
  • our Services are used to arrange Healthcare Services for you; and
  • you provide your personal information or health information through communications with us.

We may collect, hold, use and disclose personal information for the following purposes:

  • to enable you to access and use our Services, applications and associated social media platforms;
  • to enable you to use our Services to find and connect with healthcare service providers and/or Practices available to provide Healthcare Services to you;
  • to contact and communicate with you;
  • to provide you with access to a secure platform to participate in telehealth services provided to you by your doctor;
  • to provide you with access to your Medical Documents;
  • to arrange for Healthcare Services to be provided to you;
  • to contact and communicate with, and send your Medical Documents to third parties as reasonably necessary for your use of our Services;
  • for our internal record keeping and administrative purposes;
  • for analytics, market research and business development, including to operate and improve our Services;
  • to offer additional benefits to you; and
  • to comply with our legal obligations and resolve any disputes that we may have.

We may not always grant you access to your personal information you have requested, such as where :

  • we no longer retain or use the information and have destroyed or de-identified it;
  • providing access would be unlawful;
  • we are required under Privacy Laws to deny access;
  • providing access would compromise the privacy of others; or we have been unable to identify you.

Disclosure of your information overseas

We may send information to third parties that are located overseas. These third parties are located in the United States of America, although this list may change from time to time. Disclosure is made to the extent that it is necessary to perform our functions or activities.

Except as set out in this Privacy Policy, we do not disclose personal information overseas without your consent, unless we are required to do so by law.

When and how we dispose of your information

We retain your personal information for as long as required to provide the Services and to comply with Privacy Laws. When we no longer require your personal information, we may destroy or permanently de-identify the same. Accordingly, if you request access to your old personal information, we may not be able to provide you with your records where they have been destroyed or de-identified.

Storage and security

We are committed to ensuring that the personal and health information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information and protect it from misuse, interference, loss, and unauthorised access, modification, and disclosure in accordance with AWS best-practice compliance standards.

We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Address validation for home delivery services

It is important that we have your correct address when we are arranging Healthcare Services to be provided to your address using some of our Services. If you wish to arrange a home Healthcare Service using our Services, we use Google Maps API or similar tools to validate your address.

The use of these tools are subject to their Terms of Service and Privacy Policy. These documents are updated from time to time.

If your Personal Information is compromised.

If we become aware that the security of your personal information has been compromised (a data breach), we may contact you in order to work with you to mitigate the impact of the data breach. Pursuant to the Notifiable Data Breaches scheme (under Part IIIC of the Privacy Act 1988), we may be required to notify you of a data breach if we consider you are reasonably likely to be at risk of serious harm. We may make a public announcement in relation to a significant data breach, prior to contacting you.

Your rights and controlling your information

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal or sensitive information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us. Where personal information is received from a third party about you, or you are providing personal information about someone else, we may require authorisation from the individual to whom the information relates.

Restrict: You may choose to restrict the collection or use of your personal information in relation to direct marketing. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access: You may request details of the personal information that we hold about you by contacting us using the details below. We will deal with your request within a reasonable amount of time. When you contact us to request access to your personal information, we will need to identify you.

An administrative fee may be payable for the provision of such information. In certain circumstances, as set out in the relevant law, we may refuse to provide you with personal information that we hold about you. In this case we will provide you with written notice which sets out the reasons for the refusal and the relevant Privacy Laws that we rely upon to refuse access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details below.

We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Complaints: If you believe that we have breached the APPs and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. We will try to resolve your complaint within 30 days. When this is not reasonably possible, we will contact you within that time to let you know how long we will take to resolve your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner by phone on 1300 363 992 or online at https://www.oaic.gov.au/about-us/contact-us/.

Direct Marketing: From time to time, and in support of our future development and growth, we may use your personal information to contact you to promote and market our Services. To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Links to other websites

Our Services may contain links to other websites. We do not have any control over those websites, and we are not responsible for the protection and privacy of any personal or health information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

Links to other websites

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website and/or our Services. We recommend you check our website and Services regularly to ensure you are aware of our current Privacy Policy.

Contact us.

For any questions or notices, please contact us at:

Privacy Officer

Medinet Australia Pty Ltd

Email: support@medinet.com.au

Medinet LogoMedinet Logo

Medinet acknowledges the many Traditional Owners of the lands on which we operate throughout Australia, and recognise First Nations Peoples’ continued connection to land, waters and community. We pay our respects to the Gadigal People of the Eora Nation on whose lands our Medinet office stands, and extend this respect to their Elders past, present and emerging.