1. We respect your privacy
Cannvalate PTY LTD (we, us, our) respects your right to privacy and is committed to safeguarding the privacy of our customers and website visitors in relation to their personal information.
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (the Act). The rules that an organisation must follow under the Act are known as the Australian Privacy Principles and cover the collection, use, disclosure, quality and security of personal information. Our organisation is also governed by a number of state-specific privacy laws.
2. What is your personal information?
Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history or the health services you have received).
3. Collection of Personal Information
We will, from time to time, receive and store Personal Information you enter onto our website, provided to us directly or given to us in other forms.
This information may include:
basic information such as your name, phone number, address and email address;
- your age or date of birth;
- your Medicare number, Veterans’ Affairs number, Health Care Card number, health fund details or pension number;
- current drugs or treatments used by you;
- information relevant to your medical care, including your previous and current medical history and your family medical history;
- your ethnic background;
- your profession, occupation or job title;
- the name of any health service provider or medical specialist who has treated you or to whom you are referred, copies of any letters of referrals or copies of any reports back; and
- additional information that you may provide to us directly through our representatives, medical or allied health professionals providing services or otherwise.
We may also collect some information that is not Personal Information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
4. How we collect your Personal Information
We collect Personal Information from you in a variety of ways, including when you interact with us electronically, telephonically or in person, when you access or use our website and when we provide our services to you including during the course of consultations or otherwise.
We also collect Personal Information from third parties, including:
- information provided on your behalf with your consent;
- information from a health service provider who refers you to our medical practitioners or health professionals;
- information from health service providers to whom you are referred;
- information from your employer or prospective employer; or
- information from third parties such as law enforcement agencies and other government entities.
5. What happens if we can’t collect your Personal Information?
You are not obliged to disclose your Personal Information to us. However,if you do not provide us with the Personal Information we request, we may not be able to provide the requested services to you, either to the same standard or at all or your diagnosis and treatment may be inaccurate or incomplete.
6. Use of your Personal Information
We will only collect information that is reasonably necessary for providing our services to you. We collect Personal Information about you so that we can perform our business activities and functions and to provide the best possible quality of service to you.
We collect, hold, use and disclose Personal Information for the following purposes:
- to provide medical services and treatment to you, and to enable you to be attended by our medical professionals;
- to provide you with information and updates about our services;
- for administrative and billing purposes;
- to update our records and keep your contact details up to date;
- to process and respond to any complaint made by you;
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in cooperation with any governmental authority in any country;
- for the purposes of data research and analysis (by us or third parties), including conducting clinical trials and for the purpose of sending you direct marketing communications in relation to these;
- for inclusion in a recall register to be advised of follow up visits, medical updates and approval period information;
- to answer enquiries and provide information or advice about existing and new products or services and all matters relevant to the services we provide to you;
- to conduct business processing functions, including providing Personal Information to our related bodies corporate, contractors, service providers or other third parties;
- for the administrative, marketing, direct marketing, planning, product or service development, quality control and research purposes for us, our contractors or service providers;
- to meet obligations of notification to ourinsurers; and
- to make you aware of new and additional products, services and opportunities available to you.
We may also use your personal information for purposes which are directly related to these main purposes, in circumstances where you would reasonably expect us to use your information for these purposes.
We may use your personal information to improve our products and services and better understand your needs. We may contact you by a variety of measures including telephone, email, SMS or mail.
7. Disclosure of your personal information
We respect the privacy of your personal information and we will take reasonable steps to keep it confidential and protected.
We will not disclose your personal information to any third parties unless you have consented, or we are otherwise permitted or required to do so by law.
In accordance with the law, we will only disclose your personal information without your consent in circumstances such as where we reasonably believe this is necessary to prevent or lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.
We may disclose your personal information to:
- any of our employees, officers, medical professionals or associated medical specialists who provide medical services to you at our clinics, insurers, professional advisers, agents, suppliers, subcontractors or service providers for the purposes of operation of our business, fulfilling requests by you and to otherwise provide products and services to you;
- your medical professionals for the purposes of continuity of care;
- suppliers and other third parties with whom we have commercial relationships for business, marketing and related purposes;
- any organisation or person for any authorised purpose with your express consent;
- to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request; and
- to protect the copyright, trademarks, legal rights, property or safety of Cannvalate PTY LTD, www.Cannvalate.com.au, its customers or third parties.
Information that we collect may from time to time be stored, processed in or transferred between parties located in countries outside of Australia. These may include, but are not limited to the USA, UK, India and Israel. We may also combine or share any information that we collect from you with information collected by any of our related bodies corporate.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any Personal Information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.
We use an overseas cloud based platform to store our customers information including sensitive health information. This data is owned by us and the cloud platform service provider is not allowed to sell or use this data for any purpose other than in the process of providing the services to us. The platform operator is in charge of maintaining security of this data. By using services offered by us, you consent to storing your data in this format.
We cannot guarantee that the overseas cloud based platform service provider will comply with the Australian Privacy Principles, or laws that offer privacy protections that are substantially similar to the laws of Australia, in relation to your Personal Information. If you consent to us storing your Personal Information using an overseas cloud based platform, you acknowledge that we will not be accountable or liable if your Personal Information is mishandled in any way by the cloud based platform service provider.
9. Direct marketing materials
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. By providing your Personal Information to us you consent to receive direct marketing communications. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with all applicable marketing laws, such as the Spam Act 2003 (Cth).
If, in your dealings with us, you indicate a preference for a method of communication, we will endeavour to use that method wherever practical to do so. In addition, at any time you may opt out of receiving marketing communications from us by contacting us or by using opt out facilities provided in the marketing communications and we will then ensure that your name is removed from our direct marketing list.
10. Security of your Personal Information
We are committed to ensuring that the Personal Information you provide to us is secure. We take reasonable steps to protect your Personal Information from misuse and loss and to prevent unauthorised access, modification or disclosure. Personal Information is destroyed or de-identified when no longer needed.
We use an overseas cloud based platform to store our customers information including sensitive health information. This data is owned by us and the cloud platform service provider is not allowed to sell or use this data for any purpose other than in the process of providing the services to us. The platform operator is in charge of maintaining security of this data. By using services offered by us you consent to storing your data in this format.
11. Access to and correction of your Personal Information
You may request details of Personal Information that we hold about you in accordance with the provisions of the Act. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). A small administrative fee may be payable for the provision of this information and, if so, the fees will be as advised from time to time. We will not charge you for simply making a request or for making any corrections to your Personal Information.
There may be instances where we cannot grant you access to the Personal Information we hold. However, we will only refuse to provide you with Personal Information that we hold about you in accordance with our rights and obligations under the Act. In that situation, we will provide you with written reasons for any refusal.
If you would like a copy of the Personal Information which we hold about you, or believe that any Personal Information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please send us a written request at firstname.lastname@example.org. If you are seeking an amendment, please also include the basis on which you are requesting the amendment. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the Personal Information stating that you disagree with it.
12. Complaints about a breach of privacy
If you believe your privacy has been breached, or have any complaints about our privacy practices, please feel free to send in details of your complaints to Suite D, 459 Toorak Rd, Toorak, Victoria, 3142.
We take complaints very seriously and we will respond shortly after receiving written notice of your complaint. Privacy complaints are dealt with at first instance by the relevant service provider. If the issue cannot be resolved at this level, it will be escalated to the relevant manager for review and resolution.
If you are not satisfied with the outcome of our investigation, you may wish to contact the Commonwealth Office of the Australian Information Commissioner (OAIC). See www.oaic.gov.au.
14. Online data collection and use
When you access our website we collect certain anonymous technical information such as browser type, operating system, website visited immediately before coming to our site and pages visited. This information is used in an aggregated manner to analyse how people use our site, so that we can make decisions about maintaining and improving our website and online services.
Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. However, this may prevent you from gaining access to all the content and facilities of our website.
16. Third Party Sites
Our website may contain links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we make no representations or warranties in relation to the privacy practices of any third party website and is not responsible for the privacy practises of other such websites. We encourage our users to be aware when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
17. Data breaches
We are required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Act. The NDB scheme applies when an ‘eligible data breach’ of personal information occurs.
An ‘eligible data breach’ occurs when:
- there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and
- this is likely to result in serious harm to one or more individuals; and
- the organisation has not been able to prevent the likely risk of serious harm with remedial action.
An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.
Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner (Commissioner) about the breach in accordance with the Privacy Act.