HEALTHCONSULT'S DATA PRIVACY POLICY

You have come through to this page from a website which is owned and operated by HealthConsult.

In this policy, "us", "we" or "our" means HealthConsult (ABN  67 118 337 821).

This policy sets out:

  • what is considered personal information;
  • what personal information we collect and hold;
  • how we collect, hold, use or disclose personal information;
  • the purposes for which we collect personal information;
  • what happens if we are not able to collect personal information;
  • how to seek access to and correct your personal information;
  • whether we disclose personal information outside Australia; and
  • how to contact us.

We are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). See https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/.

We may, from time to time, review and update this policy, including taking account of new or amended laws, new technology and/or changes to our operations. All personal information held by us will be governed by the most recently updated policy. Your privacy matters to us, so please take the time to get to know our practices.

WHAT IS PERSONAL INFORMATION

When used in this policy, the term “personal information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include (but is not limited to) your name, age, gender, postcode and contact details (including phone numbers and email addresses). If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

WHAT PERSONAL INFORMATION DO WE COLLECT AND HOLD

We may collect the following types of personal information:

  • name;
  • email address;
  • telephone number;
  • profession, occupation or job title;
  • country in which you are located;
  • information you provide to us through our Project Updates registration, surveys, or submissions you may make during the public consultation process.

COOKIES

In some cases we may also collect your personal information through the use of cookies. When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website, without bothering you with a request to register or log-in. It also helps us keep track of products or services you view, so that we can send you news about those products or services. We also use cookies to measure traffic patterns, to determine which areas of our websites have been visited, and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online products and services. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them. We may also log IP addresses (the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track user movements, and gather broad demographic information.

We may also collect anonymous data (which is not personal information) relating to your activity on our websites (including IP addresses) via cookies, or we may collect information from you in response to a survey. We generally use this information to report statistics, analyse trends, administer our services, diagnose problems and target and improve the quality of our products and services. To the extent this information does not constitute personal information because it does not identify you or anyone else, the Australian Privacy Principles do not apply and we may use this information for any purpose and by any means whatsoever.

HOW WE COLLECT PERSONAL INFORMATION

We collect your personal information directly from you unless it is unreasonable or impractical to do so.

We do this in ways including:

  • through your access and use of our website;
  • through Project Updates registration;
  • surveys; or
  • submissions you may make during the public consultation process.

We may also collect personal information from third parties including:

  • third party companies such as government entities;
  • contractors and business partners.

WHY DO WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION

The primary purpose for which we collect information about you is to enable us to perform our business activities and functions. We collect, hold, use and disclose your personal information for the following purposes:

  • to provide you with updates about the Framework for the Secondary Use of My Health Record data;
  • to communicate with you including by email, mail or telephone;
  • to develop a Secondary Uses of My Health Record Project stakeholder database. This database will be used to manage the consultation process  This database will be continually updated throughout the process (using the registration data);
  • as required or permitted by any law (including the Privacy Act).

Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy. We will not hold your personal information beyond the duration of the Secondary Use of My Health Record data project.  At the conclusion of this project the stakeholder database will be transferred to the Department of Health and all copies held by us will be destroyed.

WHAT HAPPENS IF WE CAN’T COLLECT YOUR PERSONAL INFORMATION

If you do not provide us with the personal information described in this policy, some or all of the following may happen:

  • we may not be able to provide you with information about project updates.

HOW DO WE DISCLOSE YOUR PERSONAL INFORMATION

We may disclose your personal information to:

  • our employees, related bodies corporate, contractors or external service providers for the operation of our websites or our business, fulfilling requests by you, and otherwise provide services to you, including without limitation, web hosting providers, IT systems administrators, mailing houses,  and professional advisers such as accountants, solicitors, business advisors and consultants;
  • The Secondary Uses of My Health Record Project stakeholder database will be supplied to the Australian Government Department of Health (“the Department”) at the end of the project,  should the Department may wish to use the stakeholder database to distribute the Consultation Process Summary ‘Fact Sheet’ and/or final Framework;
  • specific third parties authorised by you to receive information held by us;
  • the police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator, for example, if we have reason to suspect that you have committed a breach of any of our terms and conditions, or have otherwise been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary
  • as required or permitted by any law (including the Privacy Act).

DIRECT COMMUNICATION MATERIALS

We may send you direct communications and information about project updates that we consider may be of interest to you. These communications may be sent in via email, in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth).

In addition, at any time, you may opt-out of receiving marketing communications from us by contacting us (details below) or by using the opt-out facilities provided (e.g. an unsubscribe link). We will then ensure that your name is removed from our mailing list. We do not provide your personal information to other organisations for the purposes of direct communication unless expressly authorised by you.

If you receive communications from us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, please contact us using the details provided below.

ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

You may request access to any personal information we hold about you at any time by contacting us (details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you. We will not charge for simply making a request and will not charge for making any corrections to your personal information. If you make an access request, we will ask you to verify your identity. There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.

HOW YOU CAN COMPLAIN ABOUT A BREACH OF PRIVACY

If you believe your privacy has been breached by us, have any questions or concerns about our Privacy Policy please, contact us using the contact information below and provide details of the incident so that we can investigate it.

We have a formal procedure for investigating and dealing with privacy breaches. Once HealthConsult receives a complaint, whether it is in writing or verbal means, we will commence an investigation. The investigator will endeavour to determine the nature of the breach and how it occurred. We may contact you during the process to seek any further clarification if necessary. If a breach is found, HealthConsult will ensure that the process can be rectified to prevent any further breaches from taking place. We will also contact you to inform you of the outcome of the investigation. We will endeavour to resolve all investigations within a reasonable time.

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

Please contact:

Dr. Lisa Fodero
HealthConsult
Level 3, 86 Liverpool Street
Sydney NSW 2000
E: lisa.fodero@healthconsult.com.au
T: 02 9261 3707

DISCLOSURE OF PERSONAL INFORMATION OUTSIDE AUSTRALIA

We may disclose personal information to our related bodies corporate and external service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

We may disclose your personal information to entities located outside of Australia, including the following:

  • members of the International Expert Advisory Panel active in this project
  • our data hosting and Cloud-based IT service providers.

SECURITY

We will take all reasonable steps to protect the personal information that we hold from misuse, loss, or unauthorised access, including by means of firewalls, password access, and secure servers.

If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.

LINKS

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

CHANGES TO OUR DATA PRIVACY POLICY

We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website. This privacy policy was last updated in July 2016.