Last updated 7 Febuary 2019

BetterConsult Privacy Policy

Healthshare Pty Ltd ACN 147 153 526 (HealthShare, us or we), the operator of www.betterconsult.com (Website), recognises the importance of privacy protection. Accordingly, HealthShare complies with the Privacy Act 1988 (Cth) (the Act).

Some of the information you provide us as part of your dealings with us is "personal information" under the Act. This Privacy Policy sets out how we collect, handle, use, transmit and disclose your Personal Information (as defined under the Act) and applies to you unless you give us explicit consent to act otherwise. By accessing, browsing, or using the Website, registering a user account with the Website, uploading data or by obtaining Services provided via the Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Website, register a user account, upload data or obtain any Services via the Website.

As we are an Australian company, you are protected by Australian privacy laws. If you would like to know more about data protection generally, there is information available from the Australian Information Commissioner at the following website - www.oaic.gov.au

This Privacy Policy applies to you in particular if you are a Practitioner or Patient as defined in the Website terms of use. If you are a carer of a Patient or using the Website on behalf of a Patient, this Privacy Policy also applies to you and the Patient. Different parts of this Privacy Policy apply to Practitioners and Patients respectively while some parts apply to both. You should read this Privacy Policy accordingly. See the end of this Privacy Policy for the meaning of capitalised terms used.

What types of personal information do we collect?

Personal Information we collect from you will depend on how you use the Website, whether you are a Practitioner, Patient, or just a visitor to the Website. Personal Information we collect from you may include your name, email address, postal address, telephone number/s, credit card number and expiry date, user account passwords and usernames, your medical history, details of Practitioners and healthcare providers from whom you are receiving or have received treatment, information about your health (including symptoms), information required for payment for products and services provided through the Website and information necessary for us to provide the Services to you. We will collect your name and email address if you wish to become a registered user of the Website.

How do we use your personal information?

We will use your Personal Information for the purpose disclosed at the time of collection, or otherwise as set out in this Privacy Policy. Except as specifically set out in this Privacy Policy, we will not sell or disclose your Personal Information to any person located in Australia or overseas or use your Personal Information for any other purpose without your prior consent, unless authorised or required by law. Generally, we will only use and disclose your Personal Information:

From time to time we may also ask you to participate in surveys or questionnaires. These help us to improve our levels of service and to maximise the opportunities and benefits you can enjoy.

How do we collect your personal information?

We collect your Personal Information from information you provide directly to us when you set up a user account and register to use the Website, use the Website, pay for a service provided by the Website, contact us, participate in surveys or questionnaires and from other information you upload to the Website from time to time. We may also receive Personal Information about you from your Practitioners.

What happens if you don't provide us with the information we require?

If you don't provide us with certain information, we may be unable to provide you the information or services you wish to receive.

Personal information security

We will take reasonable steps to ensure your Personal Information is protected from risks such as loss, unauthorised access or use, destruction, modification or disclosure.

The Internet is not a secure method of transmitting information. Accordingly, we cannot accept responsibility for the security of information you send to or receive from us or we send to our data hosting service providers and Practitioners over the Internet or for any unauthorised access, use or modification of that information.

The Website may provide links or references to other 3rd party websites and resources. These websites and resources are not subject to this Privacy Policy. You should review the privacy policy of each 3rd party website and resource accessed via links from our Website and of each Practitioner to which you wish to transmit your data via the Website, and assess whether the policy of each website, resource and Practitioner is satisfactory to you before you use the website or resource or advise us to transmit the data to the Practitioner. You acknowledge and agree that we are not responsible for any Personal Information you choose to disclose to a Practitioner via the Website or 3rd party through a 3rd party website referred to by or linked to our Website and that such Practitioners and 3rd parties may store your Personal Information in any location in accordance with their own security standards.

Using 3rd parties to process your information or provide services

We may use third party companies (third party service providers) to manage information that you provide. Aside from the disclosure or transfer of your Personal Information to our data hosting service providers, when we use third party service providers, we seek to keep the amount of Personal Information they hold to a minimum and use reasonable efforts to make sure they are as careful with your information as we are.

Where your information is stored

Personal Information we collect from you is stored securely on servers located in Australia. We engage third party data hosting service providers to store and provide data hosting services in relation to your Personal Information and other information or data you may upload when using the Website. We will disclose Personal Information to our data hosting service providers to the extent necessary for them to provide the storage and data hosting services required for you to use the Website and the Services.

Dealing with Data Breach

We will manage the process of dealing with an actual or suspected Data Breach in accordance with the Notifiable Data Breach (NBD) Scheme pursuant to Part IIIC of the Act.

An NBD will be considered to have occurred when the following three criteria are satisfied:

  1. We:

    • suffer a data loss, meaning accidental or inadvertent loss of Personal Information likely to result in unauthorised access or unauthorised disclosure (ie a laptop containing Personal or sensitive information is lost or stolen). If data the subject of the Loss can be deleted remotely or is encrypted it will not constitute an NDB; or
    • suffer or are suspected to have suffered an unauthorised disclosure, meaning we release or make visible Personal or sensitive Information in a way not permitted by the Act (ie an email is sent to the wrong address or employee accidentally publishes a confidential data file containing personal information on the internet); or
    • suffer or are suspected to have suffered an unauthorised access, meaning Personal Information or sensitive information is accessed by someone who is not permitted to have access (ie a database is hacked by the third party);
  2. The data loss, unauthorised access or unauthorised disclosure is likely to result in serious harm to a person to whom the Personal Information relates; and

  3. We have not been able to prevent the likely risk of serious harm.

Within 30 days of a suspected data breach occurring, we will assess the breach to determine if it is likely to cause serious harm, using the NDB Scheme list of relevant matters, including:

  1. The sensitivity of the Personal Information or sensitive information (ie loss of medical records or details of sexual orientation would be more likely to be assess as capable of causing serious harm);
  2. The type of Personal Information or sensitive information (i.e loss of credit card numbers or drivers licences may be more likely to result in serious harm);
  3. Whether security matters, such as encryption, protect the Personal Information following the data breach thereby limiting the likelihood of serious harm; or
  4. The nature of the harm (ie credit card details being released are more likely to harm serious and immediate consequences than other information).

We will take all reasonable steps to ensure an assessment is completed within 30 days and a notification submitted to the Office of the Australian Information Commissioner (OAIC).

As soon as is practicable after a NDB is confirmed, we will provide a statement to each individual whose data was breached or who are at risk, including details of the breach and recommendations of the steps you should take in the circumstances.

Our security measures

We are dedicated to protecting the security of your information and take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your electronic information is stored on secure servers. We also encrypt your personally identifiable information. However, as we cannot guarantee the security of communications over the Internet, we cannot give an absolute assurance that your information will be secure at all times. Transmission of Personal Information over the internet is at your own risk, and we will not be held responsible for events arising from unauthorised access to your Personal Information.

Your rights of access and correction

You have the right to access Personal Information which we have collected from you, within the requirements of the Act.

If you wish to access your Personal Information, or believe that any of the Personal Information we hold about you is inaccurate, incomplete or out-of-date, please contact us at the email address shown at the bottom of this Privacy Policy. We will take reasonable steps to correct any inaccurate, incomplete or out-of-date Personal Information if you request us to do so, where required by law.

We may withhold or refuse you access to your Personal Information if we are legally authorised to do so or where its disclosure to you is restricted by law, is the subject of legal action, or may compromise the privacy of another person.

We may charge you a reasonable fee to access your information if permitted by applicable law.

How can you stop receiving marketing information?

Where marketing information is forwarded to you via electronic messages, there will be a functional 'unsubscribe' mechanism contained in the message.

If you no longer wish to be contacted by us or receive such marketing information, you can advise us:

We will keep a record of your request to ensure you do not receive that information in the future.

You cannot refuse to receive information which we are required to provide you by law.

Changes to this Privacy Policy

We may amend this Privacy Policy from time to time by posting the amended version on our Website at www.betterconsult.com. We suggest that you visit our Website regularly to keep up to date with any changes.

Contacting us

If you would like more information about this Privacy Policy or if you have any queries or complaints, please contact us by email at support@betterconsult.com. We will take reasonable steps to try to resolve any complaints with you as quickly as practicable. Complaints may also be made directly to the office of the Australian Information Commissioner though its website located at www.oaic.gov.au/privacy/privacy-complaints.

Definitions

Unless otherwise defined in this Privacy Policy, words beginning with capital letters are defined in the BetterConsult User Terms of Use (Patient and Practitioner) published on the Website as updated from time to time.

For the purposes of this Privacy Policy:

Personal Information means any information or data that you provide us in any form from time to time which relates to a living individual who can be identified from, or whose identity is apparent or can reasonably be ascertained from, that information or data alone or in conjunction with other information already held by the recipient, controller or processor of such information or data and includes any expression of opinion about the individual and any indication of the intentions of the recipient or any other person in respect of that individual; and

Website means the website located at www.betterconsult.com and any other application distribution platform (including mobile applications) through which we provide the Services.

© 2019 HealthShare. All rights reserved.