About this Policy
Health Media Group Pty Ltd ACN 136 980 544 trading as Healthsite (“us”, “we”, or “our”) recognises the importance of your privacy and respects your right to control how your personal information is collected and used.
“Sensitive Information” is a subset of Personal Information and, for the purposes of Our Services includes your health information. As part of delivering Our Services, we may collect or infer health and other sensitive information about you as defined by the Privacy Act 1988 (Cth) (“Privacy Act”).
Certain health information may be inferred from other information that you give us. Before you can give us health information, you must give your explicit consent to the processing of that health information by us. You can withdraw your consent to us processing your health information at any time. For example, in using Our Services we may collect medical history information about you, or you may provide us with your current health status to assist us in providing you services. In general, we attempt to limit the sensitive information we collect, however this may not always be possible due to the services we provide.
Where we collect sensitive information from you we will only do so if it is considered reasonably necessary for us to collect such information for us to perform our functions or activities and you consent, or collection is required or authorised by law or another exception under the Privacy Act applies. However, we may also collect Sensitive Information without your consent where we it is otherwise permitted by the Privacy Act in order to carry out Our Services. This includes where collection is required to lessen or prevent a serious threat to your life, health or safety or to public health and safety. For more information on health services please contact us.
Our Site and Our Services do not address anyone under the age of 16 (Children). Our Site and Our Services are intended for and directed to adults and we do not knowingly collect personal information from Children without the express consent of a parent or legal guardian.
If you are a parent or guardian and you are aware that your Children have provided us with personal information, please contact us. If we become aware that we have collected personal information from Children without verification of parental consent, we will take steps to remove that information from our servers.
The purpose for which we collect Personal Information is to provide you with the best service experience possible on the Site, whilst you use our Services and for our internal business purposes that form part of normal business practices. Some provision of Personal Information is optional. However, if you do not provide us with certain types of Personal Information, you may be unable to enjoy the full functionality of the Site or Our Services.
As part of Our Services, you can provide further information regarding the reason you wish to use Our Services, such as health information when you use our Booking System Application to book an appointment with a doctor. When you use Our Services and submit your Personal Information, we store that Personal Information and we transfer it to the practice management system of the medical practice you book an appointment with. We do this to be able to assist you with your appointment with the medical practice. We will ask for your explicit consent to allow us to store this type of information before you use this service. Without your consent, we cannot provide you with Our Services.
To provide Our Services to you, we may collect Personal Information. This information may include:
- your name;
- your date of birth;
- your contact details (e.g. address, email address, phone number);
- your gender;
- your marital status;
- credit card information (if you pay for a service);
- cultural background;
- your medications;
- your emergency contact details;
- your next of kin details;
- the type of appointment you are requesting;
- the reason you are seeking that type of appointment;
- information about your private health insurance fund, including your membership number;
- your Medicare, Pension, Health Care Card and Veteran Affairs number and details;
- technical data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Our Services; and
- analytics data which we may collect directly or use third party analytics tools, to help us measure traffic and usage trends for our products and services. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our products and services. We collect and use this analytics information in aggregate form such that it cannot reasonably be manipulated to identify any particular individual user.
We may also collect details of conversations we have had with you or any other information relevant to us. As part of your health assessment, we may send you follow-up emails regarding the advice we provide to you and to assist you by reminding you to seek medical attention when necessary.
We may also collect Sensitive Information about you such as medical reports, referrals, medication, health history and other important health information where you consent and such information is reasonably necessary to provide Our Services to you.
We automatically collect information through our Site and Our Services, that is often not personally identifiable, such as the website from which you came to our Site, your IP address, browser type and other information relating to the device through which you access the Site. We may combine this information with the Personal Information we have collected about you.
Use and Disclosure
Personal Information collected by us will generally only be used and disclosed for the purpose it was collected.
We use your Personal Information to assist you in the best possible way. When you use our booking system for appointments with health professionals, we will disclose your Personal Information to the health professionals that you have selected and their practices for the purpose of arranging such appointments or prescriptions.
When you consent, your Personal Information may be used or disclosed for the following reasons:
- To supply you with Our Services.
- To manage our business and to improve Our Services continuously.
- For our customer service to help you.
- To send you email notifications or SMS messages relating to the appointments you have made using Our Services.
- To send you email notifications or SMS messages relating to pathology results.
- To provide you with our marketing magazine (Thrive Magazine).
- In order to support research, we may use your data (sometimes for reward), pseudonymised (without a direct link to your identity) or anonymised (without us being able to identify you at all). This may include sharing your data with third parties. By using Our Services, you explicitly consent to this use of your Personal Information. As such, your Personal and Sensitive Information may be reviewed by our employees or consultants who work for us and third parties who provide hosting of medical records other information. All employees, consultants and third parties with access to your Personal and Sensitive Information are bound by strict confidentiality.
We may, from time to time, use Personal Information, other than Sensitive Information, for other purposes where it would be reasonably expected by you or if permitted by the Privacy Act, including to effect or enforce a transaction, procuring legal and accounting, auditors advice and advice from other consultants. We may also disclose your Personal Information in circumstances where we are compelled by other Australian laws or a court of law to do so.
We may also disclose your Personal Information to our related bodies corporate for business purposes. In the event that we sell our business, or engage in a transfer, mergers, restructure or change of control or other similar transactions, customer information (containing Personal Information) is generally one of the business assets that forms part of the transaction. Your Personal Information may be subject to such transfer. In the unlikely event of insolvency, Personal Information may be transferred to a trustee or debtor in possession and then to a subsequent purchaser.
Access and Accuracy
You can access and/or correct Personal Information we hold about you at any time by contacting us. We encourage you to contact us to keep your Personal Information up to date.
We will respond to your request for Personal Information within a reasonable time. We reserve the right to charge an administration fee to cover the costs of responding to your request, for example, where Personal Information is held in storage.
If required by law or where the Personal Information may relate to existing or anticipated legal proceedings, we may deny your request for access to your Personal Information. We will respond to your request, setting out the reasons for our refusal in writing.
Storage and Security
We will take reasonable steps to protect your Personal Information from misuse, loss, unauthorised access and modification or disclosure. We use commercially reasonable physical, technical and administrative measures to protect Personal Information that we hold, including, where appropriate, password protection, encryption and SSL to protect our Site. However, we are not responsible for the storage and security of your Personal Information that is held by third-party service providers. These third-parties have their own privacy policies and you should read and satisfy yourself that about their privacy obligations with respect to the storage and security of your Personal Information.
Despite taking appropriate measures to protect Personal Information collected, used and stored by us, no data security measures we implement can guarantee 100% security of your Personal Information at all times. We cannot guarantee the security of any Personal Information transmitted to us via the internet and such transmission is at your risk. This is an inherent risk you assume when you use our services.
If we no longer require the use of your Personal Information, we will take reasonable steps to destroy or permanently de-identify it when we are legally permitted to do so.
Personal Information may be stored electronically through third-party data centres, which may be located overseas, or in physical storage at our premises or third-party secure storage facilities. Wherever possible, we use third parties who provide high standards of data security and storage in compliance with Australian Privacy legislation. However, we are not responsible for the storage and security practices of third parties, or data breaches affecting third party providers we use.
Data Breach Notification Scheme
If we have reason to suspect a data breach has occurred, we will undertake an assessment in accordance with the Notifiable Data Breach Scheme. If we determine there has been an eligible data breach, we will notify you as soon as reasonably practicable.
If the breach relates to the My Health Records Act, we may disclose your Personal Information to the My Health Records System Operator under section 73A of that Act.
An identifier is a unique number assigned to an individual to identify them. Identifiers include Medicare Numbers and Tax File Numbers. We may adopt an identifier given to you by a government agency as our identifier of you, unless we are not permitted by law.
Cookies, Web Beacons and Analytics
We may send you direct marketing emails and information about products and services that we consider may be of interest to you. These communications will only be sent via email and in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth), and only if you consent to receive marketing emails from us. If, at any time, you would like to stop receiving these promotional emails, you may follow the opt-out instructions contained in any such email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails or promotions from us, we still may send you email about your account or any services you have requested or received from us, or for other customer service purposes. We do not provide your Personal Information to other organisations for the purposes of direct marketing.
We may share your contact details with our related entities (as defined by the Corporations Act 2001) for the purposes of our related entities providing you with direct marketing, such as our Thrive Magazine.
Consent to International Transfer
We may transfer your Personal Information to organisations in other countries. Recipients may include our related entities or employees, external service providers such as administration providers or information technology providers such as cloud storage and data processing. We only transfer information where we reasonably believe that the recipient is legally or contractually bound to principles that are substantially similar to the Australian Privacy Principles.
Changes to this Policy
Complaints and Enquiries
Our Privacy Officer via email through our website contact form @ https://www.healthsite.com.au/contact/
If you are not satisfied with our response, you are entitled to contact the Office of the Australian Information Commissioner by calling 1300 363 992 or writing to the Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 1042.