- What is personal information?
The Privacy Act defines “personal information” to mean information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can be reasonably ascertained, from the information or an opinion.
- What is sensitive information?
Sensitive information is a subset of personal information. It means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or health information about an individual.
Given the types of health services we provide, we will collect information necessary to treat you which may include health or medical information. Otherwise, we attempt to limit the collection of sensitive information we collect from you. We do not collect sensitive information from you without your consent.
- Collection of your personal information
3.1 We only collect personal information that is necessary for what we do. The type of information we may collect from you includes (but is not limited to) the following:
- if you contact us or make an enquiry through our website, our team may require any of the following information: your full name (first and last), your email address, your phone number, type of enquiry details (such as medical, careers, partnership, occupational physiotherapy, mobile physiotherapy, in-clinic physiotherapy or complaint) and any other information you offer in the body of your enquiry;
- for our patients (whether booking in person, over the phone, through our website or via our video consultations portal):
- your contact information such as first and last name and email address, preferred phone number, home address, gender, preferred clinic location, treatment request;
- your opinions via surveys and questionnaires concerning our staff or your experience with our Clinic, if applicable, including but not limited to your views on the products and services we offer (noting that we ordinarily do not collect your name, but your identity may be evident from the feedback provided);
- relevant medical information necessary to allow us to treat you (which may include, but are not limited to pre-treatment function or pain surveys);
- if necessary to treat you or contained in your referral to us, information about you from your insurer, employers, principal or doctors;
- any relevant payment or billing information, health fund, Medicare, pensioner or other Government related identifiers (including but not limited to bank account details, credit card details, billing address, payment information and invoice details);
- for video consultations, your IP address, profile and contact details on the selected online portal, and any other personal information that may be collected or incidentally supplied by you by virtue of the video consultation; and
- in certain limited circumstances, we may request you provide us with additional personal information which may indicate whether you have had exposure to an infectious disease;
- where we interact with you via social media and other marketing activities: your activity including “likes”, comments posted, your opinions or feedback and any other information pertaining to your social media activities which concern, or relate, to us.
3.2 As much as possible or unless provided otherwise under this policy, we will collect your information directly from you.
3.3 When you engage in certain activities, such as filling out a survey or sending us feedback, we may ask you to provide certain information. It is completely optional for you to engage in these activities.
3.4 Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data or any other information we require in order for us to provide our services to you, we may be unable to effectively provide our services to you.
- Cookies and IP addresses
4.1 We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
4.2 If you use our website, we may utilise “cookies” which enable us to monitor traffic patterns and to serve you more efficiently if you revisit the site. Cookies are small text files which are downloaded on to your computer or mobile device when you visit a web site or application.
4.3 A cookie does not identify you personally but it does identify your computer, and certain types of cookies can identify you when combined with other personal information we hold about you. Your browser should notify you when you receive a cookie or the first time you visit our website and this will provide you with an opportunity to either accept or reject it.
4.4 There are several types of cookies that our website uses, such as those:
- necessary to operate our website – administrative and operational purposes; and
- that collect statistics/analytics on how you use our website – where you visited our website from, what your interaction was with.
4.5 You may restrict, block or delete cookies from our website (www.bodysmart.com.au), by adjusting the settings of your browser. Each browser is different, so consult the ‘Help’ menu of your particular browser to learn how to change your cookie preferences.
- Credit Information and our Credit Reporting Policy
5.1 The Privacy Act 1988 contains provisions regarding the use and disclosure of credit information, which applies in relation to the provision of both consumer credit and commercial credit.
5.2 As we provide terms of payment of accounts (to insurers and corporate organisations, not individuals) which are greater than 7 days, we are considered a credit provider under the Privacy Act in relation to any credit we may provide you (in relation to the payment of your account with us).
5.3 We use credit related information (company name, email address, phone number, bank or credit details) and other details set out above for a patient for the purposes of:
- verification and debt collection;
- patient service related contact;
- processing payments and refunds; and
- our internal assessment of the insurer or corporate organisations’ credit worthiness.
5.4 We store credit information in accordance with section 10, and may request access to make a complaint our management of such information in accordance with sections 11 and 12.
5.5 Please see our Credit Reporting Policy for further information as to the manner in which we collect, use, store and disclosure credit information.
- How we may use and disclose your personal information
6.1 We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to and/or as set out below.
6.2 You consent to us using and disclosing your personal information to facilitate the purpose for which your personal information was collected, including:
- for enquiries received by us – enabling us to consider and respond to your enquiry;
- For our patients:
- the provision of our health-related services to you (including via video based consultations);
- providing a medical report to your insurer, employer or treating practitioner as required;
- the administration and management of our services, including payment processing, charging, billing, credit card authorisation and verification, health care rebates;
- the improvement of our services (including to contact you about those improvements and asking you to anonymously participate in surveys about the products and services);
- the maintenance and development of our products and services, business systems and infrastructure;
- marketing and promotional activities by us (including by electronic direct mail), such as patient newsletters;
- to provide patient service functions, including handling patient enquiries and complaints (including any complaints to regulatory bodies about the services provided);
- processing refunds; and
- to allow us to take any necessary or reasonable precautions to prevent the spread of an infectious disease;
- If you participate in our social media platforms (including but not limited to Facebook, Instagram or LinkedIn) and you provide us with your personal information, we will use it to send marketing material to you, patient service related contact, respond to social media messages and we may also re-post your post on our page or in our stories;
- as required or authorised by law;
- the sale, and matters in connection with a potential sale, of our business or company to a third party; and
- any other matters reasonably necessary to continue to provide our products and services to you.
6.3 We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:
- when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;
- if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
- if we have reason to suspect that unlawful activity has been, or is being, engaged in; or
- if it is required or authorised by law (including but not limited to regulatory bodies such as the Australian Securities and Investment Commission).
6.4 In the event we propose to use or disclose such personal information other than for reasons in paragraphs 6.1 – 6.3 above, we will first seek your consent prior to such disclosure or use.
6.5 If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us by e-mail at firstname.lastname@example.org or write to us 1/179 St Georges Terrace, Perth WA 6000 and we will ensure the relevant communication ceases. Any other use or disclosure we make of your personal information will only be as required by law or as permitted by the Privacy Act or by this policy or otherwise with your consent.
- The types of organisations to which we may disclose your personal information
7.1 We may disclose your personal information to organisations outside of Bodysmart. Examples of organisations and/or parties that your personal information may be provided to include:
- service providers based here and overseas, including without limitation our IT service providers, consultants, billing providers;
- our contractors, sole traders who work with us and agents;
- law enforcement agencies, as required by law or a court order;
- hospitals, general practitioners (GPs) and other health practitioners; and
- third parties as part of an acquisition of Bodysmart.
7.2 Your personal information is disclosed to these organisations and/or parties only in relation to the products or services we provide to you or for a purpose permitted by this policy.
7.3 We take such steps as are reasonable to ensure that these organisations and/or parties are aware of the provisions of this policy in relation to your personal information.
- Personalised Marketing
8.1 You expressly consent to us using your personal information (other than sensitive information), including any email address you give to us, to provide you with information and to tell you about our products, services or events when you are a patient of ours (or otherwise request to receive such information) (Personalised Marketing Communications) which we consider may be of interest to you.
8.2 Without limitation of paragraph 8.1, if it is within your reasonable expectations that we send you Personalised Marketing Communications given the transaction or communication you have had with us, then we may also use your personal information for the purpose of sending you Personalised Marketing Communications which we consider may be of interest to you.
8.3 If at any time you do not wish to receive any further Direct Marketing Communications from us, you may ask us not to send you any further information about products and services and not to disclose your information to other organisations for that purpose. You may do this at any time by using the “unsubscribe” facility included in the email or by contacting us at email@example.com or write to us 1/179 St Georges Terrace, Perth, WA 6000.
- Remote Storage/Disclosures (including overseas)
9.1 Bodysmart holds some of your personal information on servers located on site at our location, Bodysmart’s Australian based data centre and its service provider’s cloud platforms. As such any personal information provided to Bodysmart may also be transferred to, and stored at, a destination outside Australia, where we may use third party service providers or contractors to assist our Clinics with providing our products and services to you. Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.
9.2 By submitting your personal information to Bodysmart, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information.
9.3 The Privacy Act requires us to take such steps as are reasonable in the circumstances to ensure that any recipients of your personal information outside of Australia do not breach the privacy principles contained within the Privacy Act. By providing your consent, under the Privacy Act, we are not required to take such steps as may be reasonable in the circumstances.
9.4 If you do not agree to the transfer of your personal information outside Australia, please do not supply us with your personal information, or contact us by email at firstname.lastname@example.org or write to us 1/179 St Georges Terrace, Perth, WA 6000
- Data Quality and Security
10.1 We will hold your personal information for the purposes listed above, and we have taken steps to help ensure your personal information we hold is safe. You will appreciate, however, that we cannot guarantee the security of all transmissions or personal information, especially where the Internet is involved.
10.2 Notwithstanding the above, we will take reasonable steps to:
- make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
- protect your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
- destroy or permanently de-identify personal information if it is no longer needed for its purpose of collection.
10.3 However, the accuracy of personal information depends largely on the information you provide to us, so we recommend that you:
- let us know if there are any errors in your personal information; and
- keep us up-to-date with changes to your personal information (such as your name or address).
10.4 We are required to comply with the notifiable data breaches scheme that commenced on 22 February 2018, should an eligible data breach occur in respect of the personal information we hold about you.
- Access to and correction of your personal information
11.1 You are entitled to have access to any personal information relating to you which we possess, except in some exceptional circumstances provided by law. You are entitled to edit or delete such information unless we are required by law to retain it or permitted to retain it in accordance with this policy. However, we may keep track of past transactions for our accounting and audit requirements. Furthermore, it may be impossible to completely delete your information because some information may remain as backups.
11.2 If you would like access, delete, or correct any records of personal information we have about you, you are able to access, update and delete that information (subject to the above) online in your own account, or by contacting our Privacy Officer at email@example.com or write to us 1/179 St Georges Terrace, Perth, WA 6000. We reserve the right to charge a fee for searching for and providing access to your information.
- Complaints and Consent
12.1 If you wish to raise a complaint with us in regard to the way that we have handled your personal information or otherwise have any concerns, please write to us at firstname.lastname@example.org or write to us 1/179 St Georges Terrace, Perth, WA 6000. We will take steps to handle and resolve your complaint, including escalating your complaint to an appropriate person to handle it.
12.2 This is a compliance document prescribed by law, rather than a legal contract. However certain contracts may incorporate all of part of this policy. By using our website or accepting our terms and conditions, you are agreeing to the terms of this policy.
12.3 If you are taken to a third party website from our website, this policy no longer applies to your personal information. Rather, you will need to review the privacy documentation of the third party website.
12.4 We reserve the right to modify our policy as our business needs require. We will notify you of such changes (whether by direct communication or by posting a notice on our website), after which, your continued use of our products, services or website or your continued dealings with us shall be deemed to be your agreement to the modified terms.