Privacy Policy

Privacy Policy

1. We respect your privacy

Cannvalate PTY LTD (we, us, our) respects your right to privacy and is committed to safeguarding the privacy of our customers and website visitors in relation to their personal information.

We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (the Act). The rules that an organisation must follow under the Act are known as the Australian Privacy Principles and cover the collection, use, disclosure, quality and security of personal information. Our organisation is also governed by a number of state-specific privacy laws.

This privacy policy sets out how we collect and treat your personal information (the Privacy Policy).

2. What is your personal information?

‘Personal information’ has the same meaning as it has under the Act. In general, Personal Information is any information we hold which personally identifies you or is reasonably identifiable as being about you. This Privacy Policy covers all people who use our services or otherwise provide their personal information to us.

Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history or the health services you have received).

For the purposes of this Privacy Policy, no distinction has been made between personal information and sensitive information, as defined in the Act. Therefore, all information will be referred to as ‘Personal Information’ throughout this Privacy Policy.

3. Collection of Personal Information

We will, from time to time, receive and store Personal Information you enter onto our website, provided to us directly or given to us in other forms.

This information may include:

basic information such as your name, phone number, address and email address;

– your age or date of birth;

– your Medicare number, Veterans’ Affairs number, Health Care Card number, health fund details or pension number;

– current drugs or treatments used by you;

– information relevant to your medical care, including your previous and current medical history and your family medical history;

– your ethnic background;

– your profession, occupation or job title;

– the name of any health service provider or medical specialist who has treated you or to whom you are referred, copies of any letters of referrals or copies of any reports back; and

– additional information that you may provide to us directly through our representatives, medical or allied health professionals providing services or otherwise.

We may also collect some information that is not Personal Information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.

4. How we collect your Personal Information

We collect Personal Information from you in a variety of ways, including when you interact with us electronically, telephonically or in person, when you access or use our website and when we provide our services to you including during the course of consultations or otherwise.

We also collect Personal Information from third parties, including:

– information provided on your behalf with your consent;

– information from a health service provider who refers you to our medical practitioners or health professionals;

– information from health service providers to whom you are referred;

– information from your employer or prospective employer; or

– information from third parties such as law enforcement agencies and other government entities.

When we collect Personal Information from third parties, we will protect it as set out in this Privacy Policy.

5. What happens if we can’t collect your Personal Information?

You are not obliged to disclose your Personal Information to us. However,if you do not provide us with the Personal Information we request, we may not be able to provide the requested services to you, either to the same standard or at all or your diagnosis and treatment may be inaccurate or incomplete.

6. Use of your Personal Information

We will only collect information that is reasonably necessary for providing our services to you. We collect Personal Information about you so that we can perform our business activities and functions and to provide the best possible quality of service to you.

We collect, hold, use and disclose Personal Information for the following purposes:

– to provide medical services and treatment to you, and to enable you to be attended by our medical professionals;

– to provide you with information and updates about our services;

– for administrative and billing purposes;

– to update our records and keep your contact details up to date;

– to process and respond to any complaint made by you;

– to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in cooperation with any governmental authority in any country;

– for the purposes of data research and analysis (by us or third parties), including conducting clinical trials and for the purpose of sending you direct marketing communications in relation to these;

– for inclusion in a recall register to be advised of follow up visits, medical updates and approval period information;

– to answer enquiries and provide information or advice about existing and new products or services and all matters relevant to the services we provide to you;

– to conduct business processing functions, including providing Personal Information to our related bodies corporate, contractors, service providers or other third parties;

– for the administrative, marketing, direct marketing, planning, product or service development, quality control and research purposes for us, our contractors or service providers;

– to meet obligations of notification to ourinsurers; and

– to make you aware of new and additional products, services and opportunities available to you.

We may also use your personal information for purposes which are directly related to these main purposes, in circumstances where you would reasonably expect us to use your information for these purposes.

We may use your personal information to improve our products and services and better understand your needs. We may contact you by a variety of measures including telephone, email, SMS or mail.

Your Personal Information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy or as permitted under the Act.

7. Disclosure of your personal information

We respect the privacy of your personal information and we will take reasonable steps to keep it confidential and protected.

We will not disclose your personal information to any third parties unless you have consented, or we are otherwise permitted or required to do so by law.

In accordance with the law, we will only disclose your personal information without your consent in circumstances such as where we reasonably believe this is necessary to prevent or lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

We may disclose your personal information to:

– any of our employees, officers, medical professionals or associated medical specialists who provide medical services to you at our clinics, insurers, professional advisers, agents, suppliers, subcontractors or service providers for the purposes of operation of our business, fulfilling requests by you and to otherwise provide products and services to you;

– your medical professionals for the purposes of continuity of care;

– suppliers and other third parties with whom we have commercial relationships for business, marketing and related purposes;

– any organisation or person for any authorised purpose with your express consent;

– to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request; and

– to protect the copyright, trademarks, legal rights, property or safety of Cannvalate PTY LTD, www.Cannvalate.com.au, its customers or third parties.

Information that we collect may from time to time be stored, processed in or transferred between parties located in countries outside of Australia. These may include, but are not limited to the USA, UK, India and Israel.  We may also combine or share any information that we collect from you with information collected by any of our related bodies corporate.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any Personal Information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.

8. Consent

By providing us with Personal Information, you consent to the terms of this Privacy Policy and the types of disclosure covered by this Privacy Policy. Where we disclose your Personal Information to third parties, we will request that the third party follow this Privacy Policy regarding handling your personal information.

We use an overseas cloud based platform to store our customers information including sensitive health information. This data is owned by us and the cloud platform service provider is not allowed to sell or use this data for any purpose other than in the process of providing the services to us. The platform operator is in charge of maintaining security of this data. By using services offered by us, you consent to storing your data in this format.

We cannot guarantee that the overseas cloud based platform service provider will comply with the Australian Privacy Principles, or laws that offer privacy protections that are substantially similar to the laws of Australia, in relation to your Personal Information. If you consent to us storing your Personal Information using an overseas cloud based platform, you acknowledge that we will not be accountable or liable if your Personal Information is mishandled in any way by the cloud based platform service provider.

9. Direct marketing materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. By providing your Personal Information to us you consent to receive direct marketing communications. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with all applicable marketing laws, such as the Spam Act 2003 (Cth).

If, in your dealings with us, you indicate a preference for a method of communication, we will endeavour to use that method wherever practical to do so. In addition, at any time you may opt out of receiving marketing communications from us by contacting us or by using opt out facilities provided in the marketing communications and we will then ensure that your name is removed from our direct marketing list.

10. Security of your Personal Information

We are committed to ensuring that the Personal Information you provide to us is secure. We take reasonable steps to protect your Personal Information from misuse and loss and to prevent unauthorised access, modification or disclosure. Personal Information is destroyed or de-identified when no longer needed.

Our website is linked to the internet and the internet is inherently insecure. All transmissions and exchange of information are carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us online. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the Personal Information that you supply will not be disclosed in a manner that is inconsistent with this Privacy Policy.

We use an overseas cloud based platform to store our customers information including sensitive health information. This data is owned by us and the cloud platform service provider is not allowed to sell or use this data for any purpose other than in the process of providing the services to us. The platform operator is in charge of maintaining security of this data. By using services offered by us you consent to storing your data in this format.

11. Access to and correction of your Personal Information

You may request details of Personal Information that we hold about you in accordance with the provisions of the Act. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). A small administrative fee may be payable for the provision of this information and, if so, the fees will be as advised from time to time. We will not charge you for simply making a request or for making any corrections to your Personal Information.

There may be instances where we cannot grant you access to the Personal Information we hold. However, we will only refuse to provide you with Personal Information that we hold about you in accordance with our rights and obligations under the Act. In that situation, we will provide you with written reasons for any refusal.

If you would like a copy of the Personal Information which we hold about you, or believe that any Personal Information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please send us a written request at info@cannvalate.com.au. If you are seeking an amendment, please also include the basis on which you are requesting the amendment. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the Personal Information stating that you disagree with it.

12. Complaints about a breach of privacy

If you believe your privacy has been breached, or have any complaints about our privacy practices, please feel free to send in details of your complaints to Suite D, 459 Toorak Rd, Toorak, Victoria, 3142.

We take complaints very seriously and we will respond shortly after receiving written notice of your complaint. Privacy complaints are dealt with at first instance by the relevant service provider. If the issue cannot be resolved at this level, it will be escalated to the relevant manager for review and resolution.

If you are not satisfied with the outcome of our investigation, you may wish to contact the Commonwealth Office of the Australian Information Commissioner (OAIC). See www.oaic.gov.au.

13. Changes to Privacy Policy

Please be aware that we may change this Privacy Policy from time to time. All modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy.

This Privacy Policy was last updated on [3 September 2019].

14. Online data collection and use

When you access our website we collect certain anonymous technical information such as browser type, operating system, website visited immediately before coming to our site and pages visited. This information is used in an aggregated manner to analyse how people use our site, so that we can make decisions about maintaining and improving our website and online services.

15. Cookies

We may from time to time use cookies on our website. Cookies are very small text files placed on your computer by a web server when you access a website. These are used to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer and they do not, in themselves, identify the individual user, just the computer used.

Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. However, this may prevent you from gaining access to all the content and facilities of our website.

Our website may from time to time use cookies to analyse website traffic and help us provide a better website visitor experience. In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google Adwords. These ads may appear on this website or other websites you visit.

16. Third Party Sites

Our website may contain links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we make no representations or warranties in relation to the privacy practices of any third party website and is not responsible for the privacy practises of other such websites. We encourage our users to be aware when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.

17. Data breaches

We are required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Act.  The NDB scheme applies when an ‘eligible data breach’ of personal information occurs.

An ‘eligible data breach’ occurs when:

– there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and

– this is likely to result in serious harm to one or more individuals; and

– the organisation has not been able to prevent the likely risk of serious harm with remedial action.

An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.

Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner (Commissioner) about the breach in accordance with the Privacy Act.

[2ndOctober 2019]