1. OUR COMMITMENT TO YOUR PRIVACY
1.1       Key details
- Policy became operational on: To be advised (on Website launch date)
- Last review date: Last updated date
AU MEDICOS is a comprehensive online medical administrative and management servicing
platform that incorporates a multitude of medical related services that encompasses the
provision of an Appointment Booking System (‘Facet 1’), Telehealth (‘Facet 2’) and Medical
Professional Development & Networking (‘Facet 3’) which are digitally synchronised and
synthesised to transpire only essential and relevant data and information via the form of a
website and mobile app that is compliance with the
Australian Privacy Principles
in the Privacy Act 1988 (Cth)
(Privacy Act) and adherence to the
Notifiable Data Breach (NDB)
Scheme set by the Australian Government – Office of the Australian Information Commissioner
For the purpose of this Privacy & Data Management Policy, hereon referred to as this
refer this technologically advanced system overall as the (‘Platform’), that consist of AU MEDICOS Website and Mobile App.
In this Policy, here forward, all references to ‘us’, ‘we’ and ‘our’ are references to AU MEDICOS. All references to ‘you’ and
‘your’ in this Policy are references to:
- Patients of medical practices who use Facet 1 and Facet 2 of our Platform;
- Any other Individuals who use our Platform via our Website and/or Mobile App to connect with a health professional;
- The health professionals, management and employees (permanent, part-time and casual) of medical practices and surgeries who are confirmed and potential Customers of our products (‘MediPro’) and services (‘MediServe’);
- Health professionals who are our Members and use Facet 3 of our Platform;
- Our contractors and suppliers, management and employees; and any other people we have a relationship with or may need to contact in the course of running our business, provision of MediPro and MediServe, and in the performance of our business activities – including any complaints and any legal or government bodies involvement in relation to data management (protection, security regulation and breach).
This Policy also incorporates AU MEDICOS Data Security Guidelines in Section 2.2
of this Policy, which includes outlines of our response actions to any Notifiable
Data Breach in line with our obligations under the Privacy Act.
1.4       We respect your privacy:
rights you have to access or correct any personal data held by us; responding and handling data breach, if any is identified, actioned and notified to you in accordance with our Security Guidelines; and the rights you have to protect your data from the recommended actions you can take in response.
This Policy describes how we will comply with the obligations contained in the Privacy Act 1988 (Cth). Hence, we are committed to protecting your privacy and ensuring that the ways in which we deal with your personal data comply with the APP in the Privacy Act and the NDB scheme from the OAIC; and any other applicable health records legislation – all to comply with the Australian Law.
Should you have any questions about this Policy, please get in touch with us using our contact details provided in the “Contact Us” section in our Website and Mobile App.
1.5       What personal information do we collect and hold?
The term “Personal Information” has the meaning given to that term in the Privacy Act. In AU MEDICOS terms, “personal information” is any information we hold which is identifiable as being about you.
We will from time to time, receive and store personal information you enter onto our Website and/or Mobile App, provided to us directly; given to us in other forms such as E-Forms; or via consent or authorisation requested by us to you.
When you use any Facets of our Platform, you may provide us, where relevant,
personal information such as YOUR name; addressee title; date of birth; contact
numbers; street address; email address; postal address; gender details;
occupation, ethnicity; next of kin details; emergency contact details;
Medicare; Pension, Health Care Card and or Veteran Affairs number and details;
Private Health Insurance fund and membership number; MyHealth Record upload consent; advance health directive; type of appointment requesting; reason you are seeking that appointment type and transaction information to enable us to send information, provide updates and process your appointment or service request. Some of these information may be Sensitive Information – its meaning as set out in the Privacy Act. Sensitive Information will be used by us only for the purpose for which it was obtained; with your consent; or where required or authorised by law.
We may collect additional information at other times or relevant only to a
specific Facet of our Platform, including but not limited to, when you provide
feedback; when you provide information about your personal or medical condition;
change your content or email preference; respond to surveys and/or promotions;
provide financial or credit card information; provide medical registration number,
qualifications and medical skills and experiences (where applicable – Facet 3);
or communicate with our administrative support.
We may also collect any other information you provide while interacting with us
through our Website and Mobile App Live Chat or through IT support team for IT
support where information on technical data such as internet protocol (IP)
address, your login data, browser type and version, time zone setting and
location, browser plug-in types and versions, operating system and platform,
and other technology on the devices you use to access the AU MEDICOS
platform may be required.
Additionally, we may collect information from third parties such as family
members; legal guardian(s) and/or a person you have authorised to provide
your personal information to us; and health professional and their practices
(often via their practice management software systems). This is in relation
to the management of appointments you have made; your requested health
services such as recalls, health assessment, care plans or routine check-up
reminders; and any associated fees.
1.6       How do we collect your personal information?
AU MEDICOS collects personal information from you in a variety of ways, including when you access our Website and Mobile App; when you interact with us electronically, via Live Chat or in person; when we
provide our MediPro and MediServe to you; when you register your details and/or join membership on our Website and/or Mobile App; participate in surveys and/or research; subscribe to our mailing lists; when you enter a promotion or sign up for an event or seminar; submit applications or accept employment with us; when you renew your subscription with us; and when you request to opt out.
If we do collect information from third parties, we will protect your information given as set out in this Policy. Apart from the third parties in Section part 1.5.6, we may also collect personal information from law enforcement agencies and other government entities.
If you do not provide us with or consent when required to provide us with the personal
information as described in this Policy Section 1, some or all of the following may occur –
we may not be able to provide the requested MediPro or MediServe to you, either to the same
standard or at all; we may not be able
to provide you with information about our MediPro and MediServe
1.7       Use of your personal information
The primary purposes AU MEDICOS collects Personal Information are to
enable the functionality of the Platform, provide you with our MediPro and
MediServe, and to support the operation of our business.
We will never sell or exploit your Personal Information or have it for any purposes not to
intended to operating our Platform
For Patients, we will use your for Personal Information, including your health and other sensitive information for:
- The primary purpose for which we collected it for; like to contact you to confirm an appointment booking or to provide
details of your booking to your health professional;
- The secondary purposes if you have given your consent for us to do so or if you might
reasonably expect us to do so; like to deal with a query or complaint you have raised with us; or verification of your
identify if you have forgotten login details for the Platform.
For our Customers like Medical Practices and Surgeries as well as our Health Professional Members,
we will only use your Personal Information (which may include you financial information
if required) for:
- The primary purposes of providing you with our MediPro and MediServe or enabling you use of
the Platform to communicate with patients (about an appointment or patient communication; monitor
your use of the Platform or our MediPro and MediServe; enabling patients to book appointments or
communicate with you; and to perform billing and payment activities); and for the communication
with other Health Care Professionals and Practice Surgeries;
- The secondary purposes for us to communicate with you about your dealings and relationship with us; on our MediPro and MediServe; our marketing and promotions like events and specials; or for registrations (including membership); competitions,
surveys and questionnaires.
AU MEDICOS are obliged to maintain all Personal Information (especially
health and medical information ) in strict confidence, and will only disclose
it to third parties such as Health Professionals, Medical Practices, our
Information Technology Providers, any of the Practice Management Software
Provide used by your health practitioners and our Professional Advisors
(which may and can include legal advisors) where it is reasonably necessary
to enable us to provide you with your use of the Platform and the deliverance of our MediPro and MediServe.
In the case of the above third parties, if we do share or disclose your Personal Information,
we will always first consider whether we can reasonably
de-identify or anonymise the information.
We may from time to time need to disclose personal information to comply with a legal requirement,
such as law, regulation, court order, subpoena, in the course of a legal proceeding or in response
to a law enforcement agency request; or to lessen a serious
threat to the life, health or safety of any individual.
We may also use your personal information to protect the copyright, trademarks, legal rights, property or safety of AU MEDICOS, www.aussiemedicos.com.au, its customers or third parties, including if we have reason to suspect you or another individual are in breach of any of our terms and conditions or have been otherwise engaged in any unlawful activity; or any other purposes which are required or authorised by any laws (including the Privacy Act).
Information that we collect may from time to time be sent to some overseas recipients such as, for example, any of our service providers who are located overseas. Overseas location may change from time to time based on recipients.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.
2. DATA QUALITY, SECURITY & ACCESS
2.1       Data Quality
AU MEDICOS will take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate and up-to-date.
For accuracy, we rely on the personal information as
entered by you or provided to us by third parties.
2.2       Data Security Guidelines
AU MEDICOS in compliance with the APP and OAIC is committed to ensuring that the
information you provide to us is secure. We have put in place suitable physical, electronic
and managerial procedures to safeguard and secure information and protect it from misuse,
interference, loss and
from unauthorised access, modification and disclosure.
AU MEDICOS uses a secure Direct Interface Web Server to collect
and transfer Personal Information with no bypass or bridging.
When storing your Personal Information is required according to terms and
condition set out such as via the completion of an E-Form for booking an
appointment as a new patient or filling in an E-Form for Health Professional
membership registration, prior consent will be prompted for agreement before
Using SSL Security, all Personal Information are transmitted and stored
where required via and on our secure server located in Australia in
encrypted and electronic format. Transmission of data is via a Connector
and we minimise the amount of data transmitted between our server and
your PMS. Data is always transmitted utilising Transport Level Security
(TLS) on an as-need basis. Sensitive data is encrypted at rest, within the database. AU MEDICOS website and mobile application are subject to security reviews , adhering to stringent Australian Digital Health Agency operating standards. We do not transmit or store data from your PMS or any data from approved providers (Eg. Results for bloods and/or scans referred from your doctor) other than sending out reminders for results and recalls.
AU MEDICOS has implemented server monitoring via an automated daily check system that
generates report, and access controls which regulates who can access particular information,
preventing tampering from unapproved providers. There is also no overseas access. An added
security feature for collection of Personal Information is enhanced with compulsory mobile
contact provision by Patients and our Customers – Health Professional members. Booking an
appointment and registration will not be processed without the provision of a mobile contact
that starts with “04”. This allows for protection and monitoring of any data breach associated
with overseas tampering that is part of the daily check system, sending immediate
notification to our Web server controller should a possible data breach be present.
We also limit the best we can any able links of any external services server
sources. This will limit redirection and channeling access to Personal
Information held by us that are prone to unauthorised use by external sites.
In the event of a suspected data breach, AU MEDICOS will endeavor to take all necessary
action steps to verify the data breach. In very rare case, if a breach has in fact occurred,
the Verified Data Breach will be managed swiftly and diligently by our IT Management team as
outlined in our Data Breach Policy, with response steps outlined in our Data Breach Management
Plan, in accordance with OAIC recommendations,
which incorporates the Notifiable Data Breach Scheme.
Upon occurrence of an eligible breach, AU MEDICOS will take immediate action to inform
affected users of our Platform and the Privacy Commissioner. We are allowed to disclose eligible
breaches either to all users; affected users only; and/or we may publish a notification on our Website. We are very serious about data breaches and ensure our
users of stringent Preventative, Remedial and Recovery actions are in place.
We will not disclose any individual’s Personal Information to any entity or person outside Australia, unless that entity or person is in jurisdiction with a similar regime to the APP, or otherwise contractually agrees to safeguard Personal Information as we do in terms of adherence and compliance. We will take all reasonable steps and precautionary measures to ensure the Personal Information remains sufficiently protected.
To determine the appropriate retention period for Personal Information, taking into detailed
consideration the amount, nature and sensitivity of the data collected, transmitted and stored
where needed, we will retain the data for as long as necessary to fulfil the purposes outlined
in this Policy – unless a longer
retention period is required or permitted by law.
2.3       Access to your personal information
You may request access to the details of the personal information that
we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth).
If you are a user of our Platform, you can update your Personal Information
from within your Platform account or profile. If you cannot update or correct
your Personal Information via the Platform, we will take reasonable steps to
correct any errors in the Personal Information we hold about you within 7 days
of receiving written notice from you.
If you would like a copy of the information, which we hold about you or
believe that any information we hold on you is inaccurate, out of date,
incomplete, irrelevant or misleading, please email us at
A small administrative fee may be payable for the provision of information or your request to access or correct the Personal Information we hold about you.
If you cannot update or correct your Personal Information via the Platform, we will take reasonable
steps to correct any errors in the Personal Information we hold about you within 14 days of
receiving written notice from you about those errors, or to provide you with access to the
Personal Information we hold within 30 days of a written request.
We reserve the right to refuse to provide you with information that we
hold about you, in certain circumstances set out in the Privacy Act.
If we are not able to comply with a request that you make in respect of your
Personal Information, such as the retainment of certain information that you
ask us to delete where there is a legal requirement to do so, we will notify
you and provide you with the reasons for this.
If we do agree to your request for the deletion or de-identification of your
Personal Information, compliance with the Privacy Act, we will do so but on
the general assumption that you would prefer us to keep a note of your contact
number on a register of individuals who would prefer not to be contacted to
minimise the chances of you being contacted. If you would prefer us not to do
this, please inform us.
Where we have obtained your consent to handle your Personal Information, or
consent to send you information, you may withdraw
your consent at any time by contacting us via email at email@example.com. We will then action this request within 14 days of written request receipt. If we consider there is am alternative reason to justify our continued handling of your
Personal Information, we will inform you of this.
3.1       Complaints about privacy and data handling
If you have a query or any complaints about our privacy practices,
please get in touch with us in writing using the Contact Us details
provided in Section 4 of this Policy. We take complaints very seriously
and will respond in writing with a reasonable period of 30 days after
receiving written notice of your complaint. We endeavor to resolve your
concerns or the issue with you directly.
If you are not satisfied with our response to your complaint,
you can also lodge a complaint with the Office of the Australian
Information Commissioner (OAIC) by phone on 1300 363 992, or online
4. CONTACT US
4.1       Who and where to contact us
- By Email: firstname.lastname@example.org
Please contact the Privacy Officer by email as a first point of contact.
5. POLICY CHANGES
5.1       Changes to this Privacy & Data Management Policy
Please be aware that AU MEDICOS may make changes this Policy in the
future. We may modify this Policy at any time, in our sole discretion for
any reason, including without limitation in order to comply with any future
amendments to the Privacy Act. Any updated versions of this Privacy & Data
Management Policy will be effective from the date of posting on our Website.
Please check back this Policy from time to time to review any amendments, as any revision will apply to all Personal Information, including health and
other sensitive information that is held by us.
6. OUR WEBSITE
6.1       Website visitation and use
When you come to our Website (www.aussiemedicos.com.au) we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
are very small files which a website uses to identify you when you
come back to the site and to store details about your use of the site.
Cookies are not malicious programs that access or damage your computer.
Most web browsers automatically accept cookies but you can choose to reject
cookies by changing your browser settings. However, this may prevent you
from taking full advantage of our Website. Our Website may from time
better website visitor experience. In addition, cookies may be used to serve
relevant ads to website visitors through third party services such as Google
Adwords. These ads may appear on our Website or other websites you visit.
6.3       Third party sites
Our Website may from time to time have links appear to other websites not owned or controlled by us. Please be aware these links are meant for your convenience only. It is at your discretion to choose or not to choose to access the links. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites by us.
Please be aware that AU MEDICOS is not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our Website, to read the privacy statements of each and every website that collects personal identifiable information.
By using AU MEDICOS Website, you as a user agree to this Privacy & Data
Management Policy and the content within it.