Last updated 1 May 2019
Healthshare Pty Ltd ACN 147 153 526 (HealthShare, us or we), the operator of www.betterconsult.com (Website), recognises the importance of privacy protection. Accordingly, HealthShare complies with the Privacy Act 1988 (Cth) (the Act).
As we are an Australian company, you are protected by Australian privacy laws. If you would like to know more about data protection generally, there is information available from the Australian Information Commissioner at the following website - www.oaic.gov.au
What types of personal information do we collect?
Personal Information we collect from you will depend on how you use the Website, whether you are a Practitioner, Patient, or just a visitor to the Website.
If you are a Patient, Personal Information we collect about you may include:
- general information such as your name, date of birth, email address, residential address, postal address, telephone number/s, credit card number and expiry date, user account passwords and usernames, family details, information required for payment for products and services provided through the Website and information necessary for us to provide the Services to you. We will collect your name and email address if you wish to become a registered user of the Website.
- health information such as your medical history, medicare details, details of Practitioners and healthcare providers from whom you are receiving or have received treatment, information about your health (including symptoms), or other information which falls within the meaning of “health information” as defined in the Act or other “sensitive information” as defined in the Act, such as information relating to your racial or ethnic origin, sexual orientation, criminal record or religious beliefs; and
- details of your use of the Website and communications with us, or details of any communications you have with a Practitioner using the Website;
but only if you provide it to us directly or we receive it from your Practitioner’s practice management software.
If you are a Practitioner, Personal Information we collect from you may include:
- general information such as your name, date of birth, email address, residential address, business address, postal address, telephone number/s, credit card number and expiry date, user account passwords and usernames, information required for payment for products and services provided through the Website and information necessary for us to provide the Services to you. We will collect your name and email address if you wish to become a registered user of the Website;
- details of your use of the Website and communications with us, or details of any communications you have with a Practitioner using the Website; and
- your provider number and any professional registration or memberships.
If you are another type of individual we deal with in the course of running our business, such as an employee or potential employee or supplier:
Most Personal Information we collect will be received from you directly, however it may also be collected from third parties such as recruitment agencies or our business partners (such as other contractors, employees, service providers or suppliers) and may include (depending on the circumstances):
- your name and contact details;
- professional qualifications or skills and your employment history;
- financial information such as any of your bank or credit card details used to transact with us; and
- other Personal Information you send or disclose to us, including our records of any communications or interactions we have with you.
How do we use your personal information?
- to provide you with information you request about us or the services we offer through the Website;
- to manage the Website (including your User Account);
- to provide the Services and any other services you request from time to time;
- to transmit data to Practitioners;
- to translate and modify data so that it is in a language and format used by Practitioners;
- in connection with arranging and booking consultations and facilitating communications between Patients and Practitioners;
- to process and obtain payment for any services provided to you through the Website;
- to understand your needs and Website usage to help us improve the Website, our marketing or the way we do business;
- if necessary, to verify your identity or age;
- to comply with any applicable law, court order, regulation or other legal requirement; and
- to contact you to provide you with information about products, services, and other offers.
From time to time we may also ask you to participate in surveys or questionnaires. These help us to improve our levels of service and to maximise the opportunities and benefits you can enjoy.
If you are a Patient:
- we will never use your Personal Information, or share it for any purposes which are unrelated to providing our Services and operating our Website; and
- we will use your Personal Information (including your health and other sensitive information) for the primary purpose for which we collected it (for example, to provide pre-consultation notes to your Practitioner).
If you are a Practitioner:
we will use your Personal Information (including your financial information) for the primary purposes of providing you with our Services or enabling your use of the Website, such as to:
- communicate with you about an appointment or pre-consultation information;
- monitor your use of the Website or our Services;
- verify your identity; and
we may also use your Personal Information (including your financial information) for secondary purposes such as communicating with you about our goods and services; our own marketing and promotions; or competitions, surveys and questionnaires;
We may otherwise disclose your Personal Information where we are authorised or required to do so under relevant laws, such as if the disclosure is reasonably necessary due to law enforcement activities, or to lessen a serious threat to the life, health or safety of any individual
How do we collect your personal information?
We collect your Personal Information from information you provide directly to us when you set up a user account and register to use the Website, use the Website, pay for a service provided by the Website, contact us, participate in surveys or questionnaires and from other information you upload to the Website from time to time. We may also receive Personal Information about you from your Practitioners or carer.
In relation to Practitioners, Personal Information may be received from you directly, your workplace, your Patients or other sources such as public records, mailing lists or our business partners.
What happens if you don't provide us with the information we require?
If you don't provide us with certain information, or if you request that we de-identify Personal Information we hold about you, we may be unable to provide you the information or services you wish to receive, and may terminate your access to some or all of the services, including via the Website
Personal information security
We will take reasonable steps to ensure your Personal Information is protected from risks such as loss, unauthorised access or use, destruction, modification or disclosure.
The Internet is not a secure method of transmitting information. Accordingly, we cannot accept responsibility for the security of information you send to or receive from us or we send to our data hosting service providers and Practitioners over the Internet or for any unauthorised access, use or modification of that information.
Using third parties to process your information or provide services
We may use third party companies (third party service providers) to manage information that you provide where this is reasonably necessary to provide you with your use of the Website or to provide the Services, or as is otherwise required or authorised by any laws (including the Privacy Act);
Aside from the disclosure or transfer of your Personal Information to our data hosting service providers, when we use third party service providers, we seek to keep the amount of Personal Information they hold to a minimum and use reasonable efforts to make sure they are as careful with your information as we are. Where possible, your Personal Information is anonymised or de-identified before being shared.
The third parties that we might disclose your Personal Information to include:
- (for Patients) the Practitioner that you have previously had, or intend to have, a consultation with;
- our service providers who enable us to provide Services and run the Website, such as network, software and data hosting service providers;
- any practice management software providers which the Practitioner uses;
- our external professional advisers (such as legal advisors or accountants);
- (for Practitioners) your patients or potential patients;
- subscription and mailing operations service providers; and
- billing and related financial functions service providers.
Where your information is stored
Personal Information we collect from you is stored securely on servers located in Australia. We engage third party data hosting service providers to store and provide data hosting services in relation to your Personal Information and other information or data you may upload when using the Website. We will disclose Personal Information to our data hosting service providers to the extent necessary for them to provide the storage and data hosting services required for you to use the Website and the Services.
Dealing with Data Breach
We will manage the process of dealing with an actual or suspected Data Breach in accordance with the Notifiable Data Breach (NBD) Scheme pursuant to Part IIIC of the Act.
An NBD will be considered to have occurred when the following three criteria are satisfied:
- suffer a data loss, meaning accidental or inadvertent loss of Personal Information likely to result in unauthorised access or unauthorised disclosure (ie a laptop containing Personal or sensitive information is lost or stolen). If data the subject of the Loss can be deleted remotely or is encrypted it will not constitute an NDB; or
- suffer or are suspected to have suffered an unauthorised disclosure, meaning we release or make visible Personal or sensitive Information in a way not permitted by the Act (ie an email is sent to the wrong address or employee accidently publishes a confidential data file containing personal information on the internet); or
- suffer or are suspected to have suffered an unauthorised access, meaning Personal Information or sensitive information is accessed by someone who is not permitted to have access (ie a database is hacked by the third party);
The data loss, unauthorised access or unauthorised disclosure is likely to result in serious harm to a person to whom the Personal Information relates; and
- We have not been able to prevent the likely risk of serious harm.
Within 30 days of a suspected data breach occurring, we will assess the breach to determine if it is likely to cause serious harm, using the NDB Scheme list of relevant matters, including:
- The sensitivity of the Personal Information or sensitive information (ie loss of medical records or details of sexual orientation would be more likely to be assess as capable of causing serious harm);
- The type of Personal Information or sensitive information (i.e loss of credit card numbers or drivers licences may be more likely to result in serious harm);
- Whether security matters, such as encryption, protect the Personal Information following the data breach thereby limiting the likelihood of serious harm; or
- The nature of the harm (ie credit card details being released are more likely to harm serious and immediate consequences than other information).
We will take all reasonable steps to ensure an assessment is completed within 30 days and a notification submitted to the Office of the Australian Information Commissioner (OAIC).
As soon as is practicable after a NDB is confirmed, we will provide a statement to each individual whose data was breached or who are at risk, including details of the breach and recommendations of the steps you should take in the circumstances.
Our security measures
We are dedicated to protecting the security of your information and take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your electronic information is stored on secure servers. We also encrypt your personally identifiable information. However, as we cannot guarantee the security of communications over the Internet, we cannot give an absolute assurance that your information will be secure at all times. Transmission of Personal Information over the internet is at your own risk, and we will not be held responsible for events arising from unauthorised access to your Personal Information.
Your rights of access and correction
You have the right to request access to, or correction of, Personal Information which we have collected from you, within the requirements of the Act.
We may withhold or refuse you access to your Personal Information if we are legally authorised to do so or where its disclosure to you is restricted by law, is the subject of legal action, or may compromise the privacy of another person.
We may charge you a reasonable fee to access or correct your information if permitted by applicable law.
How can you stop receiving marketing information?
Where marketing information is forwarded to you via electronic messages, there will be a functional 'unsubscribe' mechanism contained in the message.
If you no longer wish to be contacted by us or receive such marketing information, you can advise us:
- by emailing us at firstname.lastname@example.org; or
- by clicking the 'unsubscribe function' (where marketing information is sent electronically).
We will keep a record of your request to ensure you do not receive that information in the future.
You cannot refuse to receive information which we are required to provide you by law.
Personal Information means any information or data that you provide us in any form from time to time which relates to a living individual who can be identified from, or whose identity is apparent or can reasonably be ascertained from, that information or data alone or in conjunction with other information already held by the recipient, controller or processor of such information or data and includes any expression of opinion about the individual and any indication of the intentions of the recipient or any other person in respect of that individual (and which may include health or other sensitive information); and
Website means the website located at www.betterconsult.com and any other application distribution platform (including mobile applications) through which we provide the Services.
© 2019 HealthShare. All rights reserved.