About this policy
Reuwin Medical Pty Ltd ACN 116 291 411 (herein referred to as ‘Reuwin Medical’ ‘we’, ‘us’ or ‘our’) are committed to protecting the privacy of your personal information in accordance with Australian privacy laws.
When you engage us to provide you with healthcare services, communicate with us through email, by telephone, in writing, or use any of our other services, including our websites, you agree to the use and disclosure of your personal information in the manner described in this policy.
Types of personal information we collect
The kinds of personal information we may collect from you will depend on what type of interaction you have with us. Personal information we may collect from you includes, among other things:
- identity particulars – such as your name, address, date of birth, occupation, telephone numbers and e-mail address;
- medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors;
- healthcare identifiers;
- health fund details;
- your bank, credit or debit account details;
- your records of communication with us; and
- if you visit our website, your website usage information such as your IP address.
The purpose for collecting your personal information
We will generally only collect and use your personal information for the primary purposes of:
- providing healthcare services to you;
- managing your health;
- our general business operations including financial claims and payments, practice audits and accreditation;
- communicating with you;
- responding to your inquires or complaints;
- meeting our legal and regulatory obligations;
- conducting, improving and developing a relationship with you;
- direct marketing (such as providing you with information about our products and promotional notices and offers); and
- improving our websites.
Your personal information is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
- your guardian or responsible person;
- other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services; and
- your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
We will take reasonable steps to ensure that you are aware of:
- the likely use of the information;
- the right of access to the information;
- the identity and contact details of our employee/representative collecting your personal information;
- any law requiring collection of the information; and
- the main consequences of failure to provide your personal information.
How we may use and disclose your personal information
We may use your personal information for:
- the primary purposes for which it was collected, such as those described above;
- administering and responding to your enquiry or feedback;
- conducting, and allowing you to participate in, a promotion, competition, promotional activity, survey, market research or customer behavioural activity;
- promoting and marketing our current and future products and services to you, informing you of special promotions and offers and analysing our services so as to improve our services (but giving you the opportunity to opt out of such direct marketing); and
- improving the operation of our websites.
We may disclose personal information we collect from you:
- to our related companies, accreditation agencies, suppliers, consultants, contractors or agents for the primary proposes for which it was collected or for other purposes directly related to the purpose for which the personal information is collected; with other healthcare providers;
- during the course of providing medical services, through eTP and My Health Record (e.g. via Shared Health Summary, Even Summary;
- de-identified information may be shared with local health networks for population statistics and aggregate analysis;
- for direct marketing by, but giving you the opportunity to opt out of such direct marketing (we will include our contact details in any direct marketing);
- to relevant Federal, State, Territory medical, health and safety authorities (as required);
- where the law requires or authorises us to do so;
- to others that you have been informed of at the time any personal information is collected from you; and
- with your consent (express or implied), to others.
We do not disclose your personal information for any secondary purposes unless your consent has been given or as required by law, and we will not sell or license any personal information that we collect from you.
How your personal information is stored and secured
Your personal information may be stored at our practice in various forms including electronic records, paper records, electronic records, visual records (X-rays, CT scans, videos and photographs) and audio recordings.
We take reasonable steps to protect your personal information from loss, misuse or unauthorised access by appropriate physical and communications security.
If a substantial data breach has or may have occurred (for example, your personal information was shared with unauthorised persons) we will notify you as soon as is practicable.
We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identity your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.
Using our Website and Cookies
As with most websites, when you visit our website or use an application on our website, we may record anonymous information such as IP address, time, date, referring URL, pages accessed and documents downloaded type of browser and operating system.
We also uses “cookies”. A cookie is a small file that stays on your computer until, depending on whether it is a sessional or persistent cookie, you turn your computer off or it expires. Cookies may collect and store your personal information. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use our website, but the website may be limited in the use of some of the features.
Marketing and Opting-Out
We may use your personal information for:
- promoting and marketing of our current and future products and services;
- informing you of upcoming events and special promotions and offers; and
- analysing our products and services so as to improve and develop new products and services.
We may exchange your personal information between our related entities and so they can also assist in the marketing of our products and services to you.
We will only offer you products or services, where we reasonably believe that they could be of interest or benefit to you.
At the point we collect information from you, you may be asked to “opt in” to consent to us using or disclosing your personal information. You will generally be given the opportunity to “opt out” from receiving marketing communications from us. You may “opt out” from receiving these communications by clicking on an unsubscribe link at the end of an email or by contacting us with this request.
Cross border disclosure
Your personal information may also be processed by, or disclosed to employees, representatives, or other third parties operating outside of Australia who work for, or are engaged by us in other countries, including INSERT. For example, we may use a server hosted overseas to store data, which may include your personal information.
We will take reasonable steps, in the circumstances, before your personal information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal information (‘the reasonable steps’).
The reasonable steps may not apply if you consent to the disclosure of your personal information to an overseas recipient and we reasonably believe that the overseas receipt is subject to laws that are suitability similar to privacy laws in Australia.
If you consent to the disclosure of your personal information to an overseas recipient, the overseas recipient may not be accountable under the Privacy Act, and you will not be able to seek redress for breaches under the Privacy Act.
Specific rights of European residents
Reuwin Medical is committed to ensuring its compliance with the European Union General Data Protection Regulation (‘GDPR’).
Under the GDPR, Reuwin Medical is primarily a “controller” of Personal Data, as opposed to being a “processor”. As part of its GDPR compliance, Reuwin Medical provides its services in a way that ensures:
- Personal Data (i.e. Personal Information) is:
- processed fairly, lawfully and in a transparent manner; and
- collected and processed only for specified and lawful purposes.
- Processed Personal Data (i.e. Personal Information that is used, held or disclosed by Reuwin Medical) is:
- adequate, relevant and not excessive;
- accurate and, where necessary, kept up to date;
- kept secure, and not longer than necessary;
- not transferred to countries outside the European Union without adequate protection; and
- treated in accordance with individuals’ legal rights.
Whilst Reuwin Medical strives to provide all individuals with appropriate access and control over their data, individuals covered by the GDPR are also able to:
- prescriptively restrict, limit or otherwise provide instructions to Reuwin Medical regarding how we can use their Personal Data. This includes being able to object to how and why their Personal Data is used (e.g. by the removal of their consent for particular functions);
- request the erasure (i.e. deletion) of their information; and
- request Reuwin Medical provides all Personal Data held about them in a portable format, meaning in a way that is structured, commonly used and machine-readable. Individuals who exercise this right to data portability are also able to direct Reuwin Medical to transmit this data to other entities who they intend to allow to process their Personal Data.
Reuwin Medical will allow and assist individuals that are EU Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).
Accurate and up-to-date information
We take reasonable steps to ensure your personal information is accurate, up-to-date and not misleading by updating its records whenever true and correct changes to the data come to its attention.
If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer. To contact our Privacy Officer please see contact details below in paragraph 18.
We will correct information we hold about you if we discover, or you are able to show to a reasonable standard, the information is incorrect. If you seek correction and we disagree that the information is incorrect, we will provide you with its reasons for taking that view.
We disregard information that seems likely to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.
Access to your personal information
We acknowledge that you have a general right of access to information concerning you, and to have inaccurate information corrected. You are able to access the personal information we hold about you by contacting our Privacy Officer. If access is refused to your personal information for reasons permitted by the Privacy Act, we will give you a notice explaining our decision to the extent practicable and your options.
To contact our Privacy Officer please see contact details below. If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. We may charge a reasonable administration fee to cover the costs of meeting your request. We will reply to your request for access within 30 days of notification by you.
Dealing with unsolicited information
We take all reasonable steps to ensure that all unsolicited information is destroyed or de-identified immediately.
Anonymity when dealing with us
Only where it practicable to do so, we may allow you the option not to identify yourself when dealing with us.
Collecting sensitive information
We use government identifiers (e.g. Medicare numbers) to identify individuals.
Transfer of ownership
Complaints and disputes
We will ensure your compliant is handled by our Privacy Officer in an appropriate and reasonable manner. Were necessary we may consult with our related entities and partners in order to deal with your complaint. A written notice of our decision regarding your complaint will be provided to you. If you are not satisfied with the outcome, then you may contact the Office of the Australian Privacy Commissioner:
Office of the Australian Information Commissioner
Phone: 1300 363 992
Who should you contact for further information?
Our Privacy Officer will consider your question or complaint and respond to you in a reasonable timeframe.
Last Updated 23/05/2022