25 January 2018
2. Our commitment
2.1 Surgical Partners recognises the importance of protecting the privacy of all Personal Information that we may collect or come into possession of as part of our business, particularly given the level of trust that is placed in us as an organisation by our health service professional customers who use and access our Application and Website and related services.
2.2 We respect the rights of all individuals under the Privacy Legislation and we will comply with the requirements of the Privacy Legislation in the collection and handling of all Personal Information.
2.3 This policy explains how we collect and handle Personal Information and describes the kinds of Personal Information we collect, use, disclose and our purposes for doing so.
2.4 Generally, Personal Information is information which may be used to reasonably identify an individual. For example, the name, address, date of birth, gender, email address and telephone number of an individual is generally considered to be Personal Information. Personal Information may also include information we collect about the individual preferences of an individual.
2.6 This policy applies to the use of our Applications and our Website and related services and sets out how and why we collect Personal Information. For the avoidance of doubt, unless stated otherwise, this policy will govern our collection of Personal Information irrespective of the forum.
2.7 This policy is not intended to cover categories of information that are not contemplated by the Privacy Legislation.
3. Client Information
3.1 Due to the nature of the businesses we deal with, and the services we provide, we may from time to time require access to databases that store Personal Information about clients of our health service professional customers, including Sensitive Information and Health Information (Client Information).
3.2 We do not, and our Application and Website does not, record or collect any Client Information, and only access the databases of our customers (where Client Information may be stored) as the agent of our customers, and to the extent necessary to ensure the proper provision to our customers of the Applications, Website and related services.
3.3 Any access to any database a customer maintains will be undertaken in consultation with the customer and under the supervision of the customer where necessary to ensure the integrity of any Client Information in the database.
3.4 To the extent that any Client Information is inadvertently accessed, recorded or collected, we undertake to return or destroy that information, or otherwise deal with such Client Information as the customer directs.
3.5 If a customer does provide us with Personal Information about an individual, they must ensure that they are authorised to disclose that information to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use and disclose such information for the purposes described in this policy.
3.6 This means that our customers must take reasonable steps to ensure that the individual concerned is aware of and/or consents to the various matters detailed in this policy, including the fact that their Personal Information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, and our identity and how to contact us.
4. Why we collect Personal Information about our customers
4.1 We collect Personal Information about our customers so that we can provide our customers with access and use of our Applications, Website and related services. We only collect Personal Information if it is reasonably necessary for us to carry out our functions and activities.
4.2 The purposes for which we collect and hold Personal Information include:
a) to verify the identity of a customer;
b) to administer the Applications, Website and related services;
c) to carry out marketing or training relating to the Applications, Website and related services;
d) to manage our relationship with our customers, evaluate our business performance and build our customer database;
e) to process transactions relating to the Applications, Website and related services;
f) to assist with the resolution of technical support issues or other issues relating to the Applications, Website and related services;
g) to provide our customers with aftermarket services, such as seeking feedback, addressing any further requests relating to the Applications, Website and related services;
h) to conduct research, compile or analyse statistics relevant to the operations of our business;
i) to facilitate our internal business operations, including fulfilment of any legal and regulatory requirements;
j) to create backups of our business records;
k) to maintain a customer database or similar record; and
l) to manage our Applications operated in conjunction with our business, including analysing data collected from our Applications concerning usage and activities of users of our Applications. This helps us run our Applications more efficiently and give our customers a better experience.
4.3 We may also use your Personal Information for other purposes not listed above but this will be made clear to you at the time we collect your Personal Information.
4.4 If you choose not to provide us with Personal Information, we may be unable to assist you..
5. The kinds of Personal Information we collect about our customers
5.1 The kinds of Personal Information we collect will depend on the type of interaction our customers have with us. Generally, the kinds of Personal Information we collect about our customers include:
a) name, address (postal and residential), place of employment, occupation, email address, telephone number(s), date of birth and gender;
b) individual preferences in respect of the services we provide you;
c) details of the device used to access or use our Applications;
d) demographic information;
e) details as to whether a customer has taken up any products or offerings we have made;
f) whether the customer has a connection with others whose personal information we may collect or hold;
g) what, how and when a customer has dealt with us or expressed an interest in buying from us;
h) any stated preferences for our products or services a customer has provided to us; and
i) credit card and direct debit details for a customers’ bank account should the customer elect to pay us via this method.
5.2 In the course providing our customers with professional services, we may also have a need to collect additional Personal Information (for instance, of financial details or credit information).
6. How we disclose Personal Information
6.1 We may disclose Personal Information collected from our customers:
a) to our related entities, third party suppliers, consultants, employees, agents, contractors, sponsors, government agencies or other third parties to satisfy the purposes for which the information was collected for (as outlined in clause Error! Reference source not found.4 of this policy) or for another purpose if that other purpose is closely related to the primary purpose of collection and an individual would reasonably expect us to disclose the information for that secondary purpose;
b) when a customer’s authorised representative, such as an accountant or lawyer, contact us in connection with providing the customer with services;
c) if the disclosure is requested by a government agency or the courts and we are obliged to comply;
d) to any other person, with the customer’s consent (express or implied); and
e) to any person to whom our assets or business (or any part thereof) is transferred to.
6.2 In addition to the above, we will disclose a customer’s Personal Information if we are required to do so under law or if the disclosure is made in connection with either the normal operation of our business in a way that the customer might reasonably expect, for example to process an insurance claim, or if such disclosure is incidental to IT services being provided to our business, or in connection with any insurance or warranty claim or for the resolution of any dispute that arises between us and the customer. This disclosure may involve the customer’s Personal Information being transmitted overseas.
6.3 We may also disclose a customer’s Personal Information if the customer chooses to participate in online or “app” based service offerings whereby the customer’s Personal Information may be disclosed to and stored in software which is operated by a third party intermediary as part of your dealings with us. Personal Information disclosed in this way may be transmitted offshore, including to the United States of America. When a customer provides Personal Information to us, the customer consents to the disclosure of the Personal Information outside of Australia and acknowledges that we are not required to ensure that the overseas recipients treat that personal information in compliance with Privacy Legislation. We will, however, take reasonable steps to ensure any overseas recipient we deal with looks after the customer’s Personal Information in a manner consistent with the Australian Privacy Principles.
6.4 In the event of a restructure or sale of our business (or part of our business), we may disclose Personal Information to the buyer without a customer’s consent subject to compliance with the Privacy Legislation. If we sell the business and the sale is structured as a share sale, our customers acknowledge that this will not constitute the ‘transfer’ of Personal Information.
6.5 We do not sell, rent, or lease our customer’s Personal Information to third parties, and, other than as set out in this clause 6, we will not provide your Personal Information, or any Client Information, to any third party individual, government agency, or company at any time unless compelled to do so by law.
7. How we collect and store data and transmit Personal Information of our customers
7.1 We usually collect and store information when a customer provides us information in person or when the customer communicates with us by telephone, email, web-based form, letter, facsimile or other means, including:
a) when we provide a customer with our services via telephone, email or our website;
b) when we provide a customer with assistance or support for our products or services;
c) when a customer participates in our functions, events, activities or social media pages;
d) when a customer requests that we provide the customer with information concerning our products or services; and
e) if a customer completes any forms requesting information, completes any survey or provides feedback to us concerning our products or services.
7.2 Where practicable we will only collect information from the customer personally.
7.3 Information is collected and stored in paper, physical and/or electronic form. We use our own and third party computer servers including our website hosts, data backups and payment gateway(s), which may be located overseas and as such Personal Information will likely be stored and transmitted overseas as part of the normal operation of our business.
7.4 We will endeavour to take all reasonable steps to keep secure and protect any Personal Information which we hold about a customer, including:
a) securing our physical premises and digital storage media;
b) placing password protection and access control over our information technology systems and databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
c) taking regular back-ups of our electronic systems.
7.5 Notwithstanding that we will take all reasonable steps, data transmission over the internet is never guaranteed to be completely secure. In the circumstances, we do not warrant the security of any information transmitted to us or from any online services.
7.6 We also collect information from a customer’s computer automatically when the customer browses our Website. This information may include:
a) the date and time of the visit;
b) the domain, locality and operating system;
c) the server the customer’s computer is using to access our Website;
d) the customer’s browser and version number;
e) search terms the customer has entered to find our Website or enter on our Website;
f) pages and links the customer has accessed both on our Website and on other websites;
g) the last website the customer visited;
h) the pages of our Website the customer accesses; and
i) the customer’s IP Address.
7.7 Please note that it may be possible for us to identify a customer from information collected automatically from the customer’s visit(s) to our Website. If a customer has registered an account with us, we will able to identify the customer through the customer’s user name and password when the customer logs into our Website or any Applications. Further, if a customer accesses our Website via links in an email we have sent, we will be able to identify the customer.
7.8 We may use statistical analytics software tools such as Google Analytics and software known as cookies which transmit data to third party servers located overseas including in the United States of America. To our knowledge Google Analytics does not identify individual users or associate a customer’s IP Address with any other data held by Google.
8. How we use Personal Information of our customers for direct marketing
8.1 We may contact customers from time to time to inform them about existing and new products and services that we feel they may be interested in.
8.2 We will ensure that any e-mail that a customer is sent by us as direct marketing complies with the Spam Act 2003 (Cth) and contains an ‘unsubscribe’ option so that the customer can remove themselves from any further marketing communications.
8.3 A customer can also call or write to us to request that their details be removed from our direct marketing list. We will endeavour to remove a customer’s details from our direct marketing list within a reasonable time following such a request (ordinarily 5 business days).
8.4 Our direct marketing list may be operated by software and servers located overseas and as such a customer’s Personal Information may be sent overseas as part of our marketing.
9. Inability to deal with customers on an anonymous basis
9.1 Because of the nature of our business, it is impracticable to deal with any of our customers purely on an anonymous basis or using a pseudonym.
9.2 We may be able to provide a customer with limited information in the absence of the customer identifying themselves but generally we will be unable to provide a customer with services unless they have identified themselves.
10. How a customer can access or correct Personal Information or make an enquiry or complaint
10.1 If a customer wishes to access or correct the Personal Information we hold about the customer, or make a complaint, they should contact us in writing at the following address and will try to resolve those concerns as soon as possible:
Ehealthme Pty Ltd
Unit 2, 8 Cooper Street, Double Bay, NSW 2028
or by email to firstname.lastname@example.org
10.2 In order to disclose information to a customer in response to a request for access we may require the customer to provide us with sufficient comfort as to the customer’s identity. There are exceptions under the Privacy Legislation which may affect a customer’s right to access their Personal Information – these exceptions include where (amongst other things):-
a) access would pose a serious threat to the life, health or safety of any individual;
b) access would have an unreasonable impact on the privacy of others;
c) the request for access is frivolous or vexatious;
d) the information relates to existing or anticipated legal proceedings between us and the customer and the information would not otherwise be accessible by the process of discovery;
e) giving access would reveal the intentions of the entity in relation to negotiations with the customer;
f) giving access would be unlawful;
g) denying access is required or authorised by or under an Australia law or a court/tribunal;
h) the information relates to a commercially sensitive decision making process; or
i) giving access would prejudice enforcement related action.
10.3 We may (depending on the request) charge a customer a fee to access Personal Information, which we will inform the customer of at the time. All requests for Personal Information will be handled in a reasonable period of time (within 30 days after the request is made).
10.4 If a customer wishes to have their Personal Information deleted, they should contact us using the address details above and we will take reasonable steps to delete the information (unless we are obliged to keep it for legal or auditing purposes).
10.5 In the event that a customer believes that there has been a breach of the Privacy Legislation, they should contact us as soon as possible using the address details above.
10.6 If a customer is not satisfied with our handling of a complaint or the outcome of a complaint the customer may make an application to the Office of the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.
11. Definitions used in this policy
|Application||(a) the software-based application developed by Surgical Partners known as SP Hub, including all associated upgrades, revisions or error or bug fixes of the application and any associated media, printed materials and electronic documentation; and;
(b) such other software-based application including all associated upgrades, revisions or error or bug fixes of the application and any associated media, printed materials and electronic documentation that Surgical Partners makes available to its customers;
|‘Customer’||and similar terms means, as the context requires:
(a) a person using or accessing our Applications, Website or related services; and/or
(b) a person dealing with us as a customer; and/or
(c) any agent providing Personal Information to us on behalf of another person; and/or
(d) any agent dealing with us on behalf of another person.
|Health Information||has the meaning set out in the Privacy Act.|
|IP Address||means a number automatically assigned to a customer’s computer and which is required when the customer is using the internet and which may be able to be used to identify the customer.|
|Personal Information||has the meaning set out in the Privacy Act.|
|Privacy Act||means the Privacy Act 1988 (Cth) as amended from time to time.|
|Privacy Legislation||means such laws as may place requirements on the handling of Personal Information under the Privacy Act and the Australian Privacy Principles.|
|Sensitive Information||has the meaning set out in the Privacy Act.|
|‘Surgical Partners’, ‘we’, ‘our’, ‘us’||and similar terms means Ehealthme Pty Ltd (ACN 166 979 040).|
|‘Website’||means www.surgicalpartners.com.au and any other website we may operate from time to time.|