Last updated 7 Febuary 2019
Healthshare Pty Ltd ACN 147 153 526 (HealthShare, us or we), the operator of www.betterconsult.com (Website), recognises the importance of privacy protection. Accordingly, HealthShare complies with the Privacy Act 1988 (Cth) (the Act).
As we are an Australian company, you are protected by Australian privacy laws. If you would like to know more about data protection generally, there is information available from the Australian Information Commissioner at the following website - www.oaic.gov.au
What types of personal information do we collect?
Personal Information we collect from you will depend on how you use the Website, whether you are a Practitioner, Patient, or just a visitor to the Website. Personal Information we collect from you may include your name, email address, postal address, telephone number/s, credit card number and expiry date, user account passwords and usernames, your medical history, details of Practitioners and healthcare providers from whom you are receiving or have received treatment, information about your health (including symptoms), information required for payment for products and services provided through the Website and information necessary for us to provide the Services to you. We will collect your name and email address if you wish to become a registered user of the Website.
How do we use your personal information?
- to register you to use the Website;
- to provide you with information you request about us or the services we offer through the Website;
- to manage the Website (including your User Account);
- to provide the Services and any other services you request from time to time;
- to transmit data to Practitioners;
- to translate and modify data so that it is in a language and format used by Practitioners;
- in connection with arranging and booking consultations between Patients and Practitioners;
- to process and obtain payment for any services provided to you through the Website;
- to understand your needs and Website usage to help us improve the Website, our marketing or the way we do business;
- if necessary, to verify your identity or age (i.e. over 18);
- to comply with any applicable law, court order, regulation or other legal requirement; and
- to contact you to provide you with information about products, services, and other offers.
From time to time we may also ask you to participate in surveys or questionnaires. These help us to improve our levels of service and to maximise the opportunities and benefits you can enjoy.
How do we collect your personal information?
We collect your Personal Information from information you provide directly to us when you set up a user account and register to use the Website, use the Website, pay for a service provided by the Website, contact us, participate in surveys or questionnaires and from other information you upload to the Website from time to time. We may also receive Personal Information about you from your Practitioners.
What happens if you don't provide us with the information we require?
If you don't provide us with certain information, we may be unable to provide you the information or services you wish to receive.
Personal information security
We will take reasonable steps to ensure your Personal Information is protected from risks such as loss, unauthorised access or use, destruction, modification or disclosure.
The Internet is not a secure method of transmitting information. Accordingly, we cannot accept responsibility for the security of information you send to or receive from us or we send to our data hosting service providers and Practitioners over the Internet or for any unauthorised access, use or modification of that information.
Using 3rd parties to process your information or provide services
We may use third party companies (third party service providers) to manage information that you provide. Aside from the disclosure or transfer of your Personal Information to our data hosting service providers, when we use third party service providers, we seek to keep the amount of Personal Information they hold to a minimum and use reasonable efforts to make sure they are as careful with your information as we are.
Where your information is stored
Personal Information we collect from you is stored securely on servers located in Australia. We engage third party data hosting service providers to store and provide data hosting services in relation to your Personal Information and other information or data you may upload when using the Website. We will disclose Personal Information to our data hosting service providers to the extent necessary for them to provide the storage and data hosting services required for you to use the Website and the Services.
Dealing with Data Breach
We will manage the process of dealing with an actual or suspected Data Breach in accordance with the Notifiable Data Breach (NBD) Scheme pursuant to Part IIIC of the Act.
An NBD will be considered to have occurred when the following three criteria are satisfied:
- suffer a data loss, meaning accidental or inadvertent loss of Personal Information likely to result in unauthorised access or unauthorised disclosure (ie a laptop containing Personal or sensitive information is lost or stolen). If data the subject of the Loss can be deleted remotely or is encrypted it will not constitute an NDB; or
- suffer or are suspected to have suffered an unauthorised disclosure, meaning we release or make visible Personal or sensitive Information in a way not permitted by the Act (ie an email is sent to the wrong address or employee accidentally publishes a confidential data file containing personal information on the internet); or
- suffer or are suspected to have suffered an unauthorised access, meaning Personal Information or sensitive information is accessed by someone who is not permitted to have access (ie a database is hacked by the third party);
The data loss, unauthorised access or unauthorised disclosure is likely to result in serious harm to a person to whom the Personal Information relates; and
- We have not been able to prevent the likely risk of serious harm.
Within 30 days of a suspected data breach occurring, we will assess the breach to determine if it is likely to cause serious harm, using the NDB Scheme list of relevant matters, including:
- The sensitivity of the Personal Information or sensitive information (ie loss of medical records or details of sexual orientation would be more likely to be assess as capable of causing serious harm);
- The type of Personal Information or sensitive information (i.e loss of credit card numbers or drivers licences may be more likely to result in serious harm);
- Whether security matters, such as encryption, protect the Personal Information following the data breach thereby limiting the likelihood of serious harm; or
- The nature of the harm (ie credit card details being released are more likely to harm serious and immediate consequences than other information).
We will take all reasonable steps to ensure an assessment is completed within 30 days and a notification submitted to the Office of the Australian Information Commissioner (OAIC).
As soon as is practicable after a NDB is confirmed, we will provide a statement to each individual whose data was breached or who are at risk, including details of the breach and recommendations of the steps you should take in the circumstances.
Our security measures
We are dedicated to protecting the security of your information and take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your electronic information is stored on secure servers. We also encrypt your personally identifiable information. However, as we cannot guarantee the security of communications over the Internet, we cannot give an absolute assurance that your information will be secure at all times. Transmission of Personal Information over the internet is at your own risk, and we will not be held responsible for events arising from unauthorised access to your Personal Information.
Your rights of access and correction
You have the right to access Personal Information which we have collected from you, within the requirements of the Act.
We may withhold or refuse you access to your Personal Information if we are legally authorised to do so or where its disclosure to you is restricted by law, is the subject of legal action, or may compromise the privacy of another person.
We may charge you a reasonable fee to access your information if permitted by applicable law.
How can you stop receiving marketing information?
Where marketing information is forwarded to you via electronic messages, there will be a functional 'unsubscribe' mechanism contained in the message.
If you no longer wish to be contacted by us or receive such marketing information, you can advise us:
- by emailing us at email@example.com; or
- by clicking the 'unsubscribe function' (where marketing information is sent electronically).
We will keep a record of your request to ensure you do not receive that information in the future.
You cannot refuse to receive information which we are required to provide you by law.
Personal Information means any information or data that you provide us in any form from time to time which relates to a living individual who can be identified from, or whose identity is apparent or can reasonably be ascertained from, that information or data alone or in conjunction with other information already held by the recipient, controller or processor of such information or data and includes any expression of opinion about the individual and any indication of the intentions of the recipient or any other person in respect of that individual; and
Website means the website located at www.betterconsult.com and any other application distribution platform (including mobile applications) through which we provide the Services.
© 2019 HealthShare. All rights reserved.