Last updated 1 May 2019

BetterConsult Privacy Policy

Healthshare Pty Ltd ACN 147 153 526 (HealthShare, us or we), the operator of www.betterconsult.com (Website), recognises the importance of privacy protection. Accordingly, HealthShare complies with the Privacy Act 1988 (Cth) (the Act).
Some of the information you provide us as part of your dealings with us is "personal information" under the Act. This Privacy Policy sets out how we collect, handle, use, transmit and disclose your Personal Information (as defined under the Act) and applies to you unless you give us explicit consent to act otherwise. By accessing, browsing, or using the Website, registering a user account with the Website, uploading data or by obtaining Services provided via the Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Website, register a user account, upload data or obtain any Services via the Website.

As we are an Australian company, you are protected by Australian privacy laws. If you would like to know more about data protection generally, there is information available from the Australian Information Commissioner at the following website - www.oaic.gov.au

This Privacy Policy applies to you in particular if you are a Practitioner or Patient as defined in the Website terms of use. If you are a carer of a Patient or using the Website on behalf of a Patient, this Privacy Policy also applies to you and the Patient. Different parts of this Privacy Policy apply to Practitioners and Patients respectively while some parts apply to both. You should read this Privacy Policy accordingly. See the end of this Privacy Policy for the meaning of capitalised terms used.

What types of personal information do we collect?

Personal Information we collect from you will depend on how you use the Website, whether you are a Practitioner, Patient, or just a visitor to the Website.

If you are a Patient, Personal Information we collect about you may include:

  1. general information such as your name, date of birth, email address, residential address, postal address, telephone number/s, credit card number and expiry date, user account passwords and usernames, family details, information required for payment for products and services provided through the Website and information necessary for us to provide the Services to you. We will collect your name and email address if you wish to become a registered user of the Website.
  2. health information such as your medical history, medicare details, details of Practitioners and healthcare providers from whom you are receiving or have received treatment, information about your health (including symptoms), or other information which falls within the meaning of “health information” as defined in the Act or other “sensitive information” as defined in the Act, such as information relating to your racial or ethnic origin, sexual orientation, criminal record or religious beliefs; and
  3. details of your use of the Website and communications with us, or details of any communications you have with a Practitioner using the Website;

but only if you provide it to us directly or we receive it from your Practitioner’s practice management software.

If you are a Practitioner, Personal Information we collect from you may include:

  1. general information such as your name, date of birth, email address, residential address, business address, postal address, telephone number/s, credit card number and expiry date, user account passwords and usernames, information required for payment for products and services provided through the Website and information necessary for us to provide the Services to you. We will collect your name and email address if you wish to become a registered user of the Website;
  2. details of your use of the Website and communications with us, or details of any communications you have with a Practitioner using the Website; and
  3. your provider number and any professional registration or memberships.

If you are another type of individual we deal with in the course of running our business, such as an employee or potential employee or supplier:

Most Personal Information we collect will be received from you directly, however it may also be collected from third parties such as recruitment agencies or our business partners (such as other contractors, employees, service providers or suppliers) and may include (depending on the circumstances):

  1. your name and contact details;
  2. professional qualifications or skills and your employment history;
  3. financial information such as any of your bank or credit card details used to transact with us; and
  4. other Personal Information you send or disclose to us, including our records of any communications or interactions we have with you.

How do we use your personal information?

We will use your Personal Information for the purpose disclosed at the time of collection, or otherwise as set out in this Privacy Policy. Except as specifically set out in this Privacy Policy, we will not sell or disclose your Personal Information to any person located in Australia or overseas or use your Personal Information for any other purpose without your prior consent, unless authorised or required by law. Generally, we will only use and disclose your Personal Information to register you to use the Website;

From time to time we may also ask you to participate in surveys or questionnaires. These help us to improve our levels of service and to maximise the opportunities and benefits you can enjoy.
We will retain Personal Information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

If you are a Patient:

  1. we will never use your Personal Information, or share it for any purposes which are unrelated to providing our Services and operating our Website; and
  2. we will use your Personal Information (including your health and other sensitive information) for the primary purpose for which we collected it (for example, to provide pre-consultation notes to your Practitioner).

If you are a Practitioner:

  1. we will use your Personal Information (including your financial information) for the primary purposes of providing you with our Services or enabling your use of the Website, such as to:

    1. communicate with you about an appointment or pre-consultation information;
    2. monitor your use of the Website or our Services;
    3. verify your identity; and
  2. we may also use your Personal Information (including your financial information) for secondary purposes such as communicating with you about our goods and services; our own marketing and promotions; or competitions, surveys and questionnaires;
    We may otherwise disclose your Personal Information where we are authorised or required to do so under relevant laws, such as if the disclosure is reasonably necessary due to law enforcement activities, or to lessen a serious threat to the life, health or safety of any individual

How do we collect your personal information?

We collect your Personal Information from information you provide directly to us when you set up a user account and register to use the Website, use the Website, pay for a service provided by the Website, contact us, participate in surveys or questionnaires and from other information you upload to the Website from time to time. We may also receive Personal Information about you from your Practitioners or carer.

In relation to Practitioners, Personal Information may be received from you directly, your workplace, your Patients or other sources such as public records, mailing lists or our business partners.

What happens if you don't provide us with the information we require?

If you don't provide us with certain information, or if you request that we de-identify Personal Information we hold about you, we may be unable to provide you the information or services you wish to receive, and may terminate your access to some or all of the services, including via the Website

Personal information security
We will take reasonable steps to ensure your Personal Information is protected from risks such as loss, unauthorised access or use, destruction, modification or disclosure.

The Internet is not a secure method of transmitting information. Accordingly, we cannot accept responsibility for the security of information you send to or receive from us or we send to our data hosting service providers and Practitioners over the Internet or for any unauthorised access, use or modification of that information.

The Website may provide links or references to other third party websites and resources. These websites and resources are not subject to this Privacy Policy. You should review the privacy policy of each third party website and resource accessed via links from our Website and of each Practitioner to which you wish to transmit your data via the Website, and assess whether the policy of each website, resource and Practitioner is satisfactory to you before you use the website or resource or advise us to transmit the data to the Practitioner. You acknowledge and agree that we are not responsible for any Personal Information you choose to disclose to a Practitioner via the Website or third party through a third party website referred to by or linked to our Website and that such Practitioners and third parties may store your Personal Information in any location in accordance with their own security standards.

Using third parties to process your information or provide services

We may use third party companies (third party service providers) to manage information that you provide where this is reasonably necessary to provide you with your use of the Website or to provide the Services, or as is otherwise required or authorised by any laws (including the Privacy Act);
Aside from the disclosure or transfer of your Personal Information to our data hosting service providers, when we use third party service providers, we seek to keep the amount of Personal Information they hold to a minimum and use reasonable efforts to make sure they are as careful with your information as we are. Where possible, your Personal Information is anonymised or de-identified before being shared.

The third parties that we might disclose your Personal Information to include:

  1. (for Patients) the Practitioner that you have previously had, or intend to have, a consultation with;
  2. our service providers who enable us to provide Services and run the Website, such as network, software and data hosting service providers;
  3. any practice management software providers which the Practitioner uses;
  4. our external professional advisers (such as legal advisors or accountants);
  5. (for Practitioners) your patients or potential patients;
  6. subscription and mailing operations service providers; and
  7. billing and related financial functions service providers.

Where your information is stored

Personal Information we collect from you is stored securely on servers located in Australia. We engage third party data hosting service providers to store and provide data hosting services in relation to your Personal Information and other information or data you may upload when using the Website. We will disclose Personal Information to our data hosting service providers to the extent necessary for them to provide the storage and data hosting services required for you to use the Website and the Services.

Dealing with Data Breach

We will manage the process of dealing with an actual or suspected Data Breach in accordance with the Notifiable Data Breach (NBD) Scheme pursuant to Part IIIC of the Act.
An NBD will be considered to have occurred when the following three criteria are satisfied:

  1. We:

    1. suffer a data loss, meaning accidental or inadvertent loss of Personal Information likely to result in unauthorised access or unauthorised disclosure (ie a laptop containing Personal or sensitive information is lost or stolen). If data the subject of the Loss can be deleted remotely or is encrypted it will not constitute an NDB; or
    2. suffer or are suspected to have suffered an unauthorised disclosure, meaning we release or make visible Personal or sensitive Information in a way not permitted by the Act (ie an email is sent to the wrong address or employee accidently publishes a confidential data file containing personal information on the internet); or
    3. suffer or are suspected to have suffered an unauthorised access, meaning Personal Information or sensitive information is accessed by someone who is not permitted to have access (ie a database is hacked by the third party);
  2. The data loss, unauthorised access or unauthorised disclosure is likely to result in serious harm to a person to whom the Personal Information relates; and

  3. We have not been able to prevent the likely risk of serious harm.

Within 30 days of a suspected data breach occurring, we will assess the breach to determine if it is likely to cause serious harm, using the NDB Scheme list of relevant matters, including:

  1. The sensitivity of the Personal Information or sensitive information (ie loss of medical records or details of sexual orientation would be more likely to be assessed as capable of causing serious harm);
  2. The type of Personal Information or sensitive information (i.e loss of credit card numbers or drivers licences may be more likely to result in serious harm);
  3. Whether security matters, such as encryption, protect the Personal Information following the data breach thereby limiting the likelihood of serious harm; or
  4. The nature of the harm (ie credit card details being released are more likely to harm serious and immediate consequences than other information).

We will take all reasonable steps to ensure an assessment is completed within 30 days and a notification submitted to the Office of the Australian Information Commissioner (OAIC).
As soon as is practicable after a NDB is confirmed, we will provide a statement to each individual whose data was breached or who are at risk, including details of the breach and recommendations of the steps you should take in the circumstances.

Our security measures

We are dedicated to protecting the security of your information and take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your electronic information is stored on secure servers. We also encrypt your personally identifiable information. However, as we cannot guarantee the security of communications over the Internet, we cannot give an absolute assurance that your information will be secure at all times. Transmission of Personal Information over the internet is at your own risk, and we will not be held responsible for events arising from unauthorised access to your Personal Information.

Your rights of access and correction

You have the right to request access to, or correction of, Personal Information which we have collected from you, within the requirements of the Act.

If you wish to access your Personal Information, or believe that any of the Personal Information we hold about you is inaccurate, incomplete or out-of-date, please contact us at the email address shown at the bottom of this Privacy Policy. We will take reasonable steps to correct any inaccurate, incomplete or out-of-date Personal Information if you request us to do so, where required by law.

We may withhold or refuse you access to your Personal Information if we are legally authorised to do so or where its disclosure to you is restricted by law, is the subject of legal action, or may compromise the privacy of another person.

We may charge you a reasonable fee to access or correct your information if permitted by applicable law.

How can you stop receiving marketing information?

Where marketing information is forwarded to you via electronic messages, there will be a functional 'unsubscribe' mechanism contained in the message.

If you no longer wish to be contacted by us or receive such marketing information, you can advise us:

We will keep a record of your request to ensure you do not receive that information in the future.

You cannot refuse to receive information which we are required to provide you by law.

Changes to this Privacy Policy

We may amend this Privacy Policy from time to time by posting the amended version on our Website at www.betterconsult.com. We suggest that you visit our Website regularly to keep up to date with any changes.

Contacting us

If you would like more information about this Privacy Policy or if you have any queries or complaints, please contact us by email at support@betterconsult.com. We will take reasonable steps to try to resolve any complaints with you as quickly as practicable. Complaints may also be made directly to the office of the Australian Information Commissioner though its website located at www.oaic.gov.au/privacy/privacy-complaints.

Definitions

Unless otherwise defined in this Privacy Policy, words beginning with capital letters are defined in the BetterConsult User Terms of Use (Patient and Practitioner) published on the Website as updated from time to time.

For the purposes of this Privacy Policy:

Personal Information means any information or data that you provide us in any form from time to time which relates to a living individual who can be identified from, or whose identity is apparent or can reasonably be ascertained from, that information or data alone or in conjunction with other information already held by the recipient, controller or processor of such information or data and includes any expression of opinion about the individual and any indication of the intentions of the recipient or any other person in respect of that individual (and which may include health or other sensitive information); and

Website means the website located at www.betterconsult.com and any other application distribution platform (including mobile applications) through which we provide the Services.

© 2019 HealthShare. All rights reserved.