If you are located in, or are a citizen of the European Union, you may have additional rights under the European Union General Data Protection Regulation (GDPR). If you are located in the United Kingdom, you may have additional rights under the UK Data Protection Act 2018 (UK Data Protection Act). If you are located in another jurisdiction, additional local requirements will comply.
OAIC means the Office of the Australian Information Commissioner;
Personal Information has the meaning given to that term in the Privacy Act;
Platform means our Website, mobile applications and other medium over which we provide our Services to you;
Sensitive Information has the meaning given to that term in the Privacy Act;
Services means the telehealth, health care and other associated services that are facilitated by Doctors on Demand and provided by our service providers and healthcare practitioners from time to time;
we, us or Doctors on Demand means Doctors on Demand Pty Ltd ACN 163 312 570, a proprietary limited company trading under the name Doctors on Demand and its associated entities as appropriate;
Website means https:// https://www.doctorsondemand.com.au/ or any other website from time to time from which the Services are promoted and/or delivered; and
you means you and anyone acting on your behalf or with your implied authority.
COLLECTION OF INFORMATION
What Personal Information do we collect?
We only collect and hold various types of Personal Information that we reasonably require to provide our Services to you. The types of Personal Information which we collect may include:
- personal details, including your name and date of birth;
- contact details, including your email address, mailing address and telephone number;
- financial information, including banking details, billing and payment details;
- Sensitive Information, including health information, medical history, past and current prescriptions, family history and the details and results of tests provided by you in conjunction with the Services;
- Medicare card information and information about any private health insurance that you may have;
- information necessary for or incidental to the provision of our Services via the platform;
- family contact information; and
- any other Personal Information that may be required in order to facilitate your dealings with us.
How do we collect Personal Information?
We may collect Personal Information from you when:
- you register as a user via the Platform and complete and submit documentation;
- you communicate with us via the Platform or through email, telephone, SMS or social media or make an online appointment;
- you interact with our Platform;
- you communicate with our healthcare providers, staff or representatives during the course of our providing Services to you via the Platform; or
- you otherwise deal with us in the course of our business.
We may also collect Personal Information from third parties, including:
- your guardian or responsible person;
- other health care providers such as specialists, allied health professionals, hospitals, community health services, pathologists and diagnostic imaging services;
- your private health insurer;
- credit reporting agencies;
- law enforcement agencies; and
- government agencies (such as Centrelink, Medicare, Department of Social Services, National Disability Insurance Agency, Department of Veterans Affairs, and other government agencies responsible for home care services).
Where we solicit Personal Information, we only collect:
- non-Sensitive Information, if it is reasonably necessary for the services we provide; and
- Sensitive Information, if it is reasonably necessary for or directly related to services we provide, and you have consented to its collection or its collection is permitted or authorised by law.
If we solicit Personal Information, we will generally solicit it directly from you, unless it is unreasonable or impracticable for us to do so. Where we collect Personal Information about you from a third party without your prior consent, we will take reasonable steps to inform you that we have collected Personal Information.
In an effort to keep our service as simple and easy as possible, we create and store profiles for all our users. Your Personal Information, as well as your prescription history are available to you when logged in under “My Profile”.
How we use credit card information on our Platform.
For your security and peace of mind we use PayWay or a similar service provider for our online transaction handling. For more information on PayWay please click here.
Non-Personal Information we collect via technology
When you visit our Website, we record general information about your visit for statistical purposes. These statistics do not contain any Personal Information. Certain information may be passively collected by Cookies, navigational data like Uniform Resource Locators (URLs) and third party tracking services, including:
- Site activity information. We may keep track of some of the actions you take on the Platform, such as the content of searches you perform and the pages you navigate to.
- Access device and browser information. When you access the Platform from a computer or other device, we may collect anonymous information from that device, such as your IP address, browser type, connection speed and access times.
- Cookies. We use “Cookies” to store your preferences, record session information and collect information on how you visit and access our web pages. This helps us deliver and continue to improve our services. Cookies are small pieces of information that a web page transfers to your computer’s hard disk for record-keeping purposes. Cookies make the web more useful by storing information about your preferences on a particular site. Cookies in and of themselves do not personally identify you, only your computer. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies to make the Platform and service easier to use, to make our advertising better, and to protect both you and Doctors on Demand. You can change settings in your browser to stop accepting Cookies or to prompt you before accepting a Cookie from the websites you visit. You can delete cookies from your computer at any time. However, if you do not accept Cookies, you will not be able to stay logged in to the Platform. For more information on Cookies please click here.
- Mobile Services. We may also collect non-Personal Information from your mobile device or computer. Certain features of the Platform use GPS technology to collect real-time information about the location of your device. This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include how you use the application(s) and information about the type of device or computer you use. In addition, in the event our application(s) crashes on your mobile device we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our application(s).
HOW WE STORE AND PROTECT PERSONAL INFORMATION
We prioritise the security of your Personal Information whilst it is in our possession.
We may hold Personal Information in various forms, including but not limited to physical documents, electronic records, visual records (X-rays, CT scans, videos and photos) and audio recordings. Physical files are kept securely inside our access controlled premises. Electronic files are stored securely on protected information systems and are only accessible through our secure network. We maintain physical security over our paper and electronic data stores, and confidentiality agreements form part of the employment contracts for all of our staff members and contractors.
We take reasonable steps to:
- ensure that Personal Information we collect is accurate, up-to-date, complete and relevant, other than where it is only collected to provide advice in respect of a particular point in time, in which case we will seek to ensure it is accurate, complete and relevant as at that particular point in time;
- ensure that Personal Information we use or disclose is accurate, up-to-date, complete and relevant, having regard to the purposes for which Personal Information is used or disclosed;
- protect Personal Information from misuse, interference and loss, and from unauthorised access, modification or disclosure; and
- destroy or de-identify Personal Information which we no longer need for the purposes for which it was collected, except where it is necessary to retain it in order to maintain ongoing records for our clients.
- We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
When you send Personal Information to us over the internet, your data is protected by state of the art Secure Socket Layer (SSL) technology. This is the same technology used to secure Internet Banking transactions. Whilst all reasonable care is taken, we cannot however guarantee the security of information transmitted via the internet. As such, transmission of Personal Information via the internet is at your own risk and we cannot be held responsible for the security of such information.
USE OF PERSONAL INFORMATION
Why do we collect, hold, use and disclose Personal Information?
We may collect, hold, use and disclose your Personal Information for the following purposes:
- for the purpose(s) for which it was disclosed to or collected by us;
- for secondary purposes where it would be reasonable to expect us to do so, and that secondary purpose is related (or directly related in the case of Sensitive Information) to the primary purpose for which it was collected; and
- for any other purposes for which you have consented from time to time.
The above purposes include using and disclosing your Personal Information:
- to supply the Services to you or facilitating other interactions with you in the course of operating our business;
- to send email or SMS appointment reminders;
- to share your Personal Information with employees, contractors or other third party service providers of Doctors on Demand to assist us with providing the Services;
- to third party health care providers;
- to respond to your enquiries and provide you with relevant information;
- to send email notices, invoices and receipts, and process authorised payments;
- to update your Personal Information;
- to improve the quality of our Services through the performance of quality reviews and similar activities;
- from time to time to send you marketing emails related to the Services we provide, unless specifically requested by you not to do so;
- to collect information required for reporting to relevant regulatory bodies;
- as permitted or required by law; and
- for any other uses identified at the time of collecting your Personal Information.
- We may also share your Personal Information:
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent;
- to assist in locating a missing person;
- to establish, exercise or defend an equitable claim;
- for the purpose of confidential dispute resolution process;
- on a confidential basis with a potential purchaser where our business is subject to a sale process;
- when there is a statutory requirement to share certain Personal Information (e.g. some diseases require mandatory notification); and
- during the course of providing medical services, through Electronic Transfer of Prescriptions (eTP), MyHealth Record/PCEHR system.
If we engage third party contractors to perform services for us which involves handling Personal Information, we take reasonable steps to prohibit the contractor from using Personal Information except for the purposes for which it was supplied.
Do we use your Personal Information for communications?
We will only send you direct marketing communications and information via mail, email and social media platforms about our Services with your consent. If you do not provide your consent to receive direct marketing communications, you may opt-out of receiving marketing communications from us by contacting us at the details below or by using opt-out facilities provided in our communications. We do not provide your Personal Information to other organisations for the purposes of their direct marketing.
It is unlikely that we will need to disclose your Personal Information to an overseas recipient or otherwise store your Personal Information overseas.
If we are ever required to do so, we will obtain your informed consent or ensure that the overseas recipients comply with the APPs.
Disclosure of Sensitive Information
We understand that information about your medical history is highly sensitive in nature and it is critical that we can ensure patients who use our services are comfortable with entrusting their information to us. We will not disclose Sensitive Information to third parties unless it is strictly necessary for the purposes of meeting your health care needs, you consent to its use for other purposes, or the law permits its use for other purposes.
THIRD PARTY LINKS
ACCESSING OR CORRECTING YOUR PERSONAL INFORMATION
How to access and correct your Personal Information
We are committed to maintaining accurate, timely, relevant and appropriate information.
When you are logged into the Platform, you have the ability to change and update any of your personal details under “My Profile”. Within your secure account you will also find links that provide a record of your previous consultations and orders.
We will also take reasonable steps to correct Personal Information where we become aware that your Personal Information is not accurate or up to date. From time to time, we may ask you to verify that the Personal Information held by us is correct and up to date. If you do not supply us with certain information about yourself or fail to correct incorrect information, in some circumstances we may be unable to provide the Service that you require.
Where requested, we will provide you with a copy of the Personal Information that we hold which relates to you, provided that the request is made in accordance with the APPs. We will also update any inaccurate information about you if you inform us that the information is inaccurate, out of date, incomplete, irrelevant or misleading.
There are no charges for requesting access to or the correction of your Personal Information, however if the volume of information we hold is excessively large, we reserve our rights to charge you any reasonable administration fees (including fees for photocopying) associated with your request.
How to request the deletion of your Personal Information from our Platform
You may request that your profile be deleted at any time, however you should note that while this will render your information invisible to the general user system, we are required by law to retain an audit trail of certain information. When we delete your Personal Information, it will be deleted from the active database but may remain in our archives. We may also retain anonymous de-identified data about your use of our Platform and services. After we delete Personal Information, we will retain de-identified information and will continue to use this data as permitted.
How to contact us
You can contact our privacy officer regarding access to or correction of your information by any of the following methods:
Post: PO Box 3673 QLD 4101
Phone: 07 3638 9378
We will respond to those requests within 30 days in accordance with our obligations under the Privacy Act. If we refuse a request to access or correct Personal Information, where reasonable, we will provide you with our reasons for doing so and information about your ability to complain about such refusal.
In order to protect the confidentiality of your Personal Information, details of your information will only ever be passed on to you where we are satisfied that the information relates to you. Accordingly, we may request documentation from you which confirms your identity before passing on any Personal Information which relates to you.
GDPR & UK DATA PROTECTION ACT COMPLIANCE
If your Personal Information is governed by the GDPR or the UK Data Protection Act, you may have additional rights as set out below:
- Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios:
- If you want us to establish the information’s accuracy;
- where our use of the information is unlawful but you do not want us to erase it;
- where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims;
- you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Information to you or to a third party. If this obligation applies, we will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you have a concern, please raise it with us first as we may be able to resolve the issue.
Any complaints should be submitted to our privacy officer via the communication channels set out above. We will investigate your complaint and attempt to resolve any breach that might have occurred in relation to the collection, use or destruction of Personal Information held by us about you in accordance with the Privacy Act. If you are not satisfied with the outcome of this process, then you may lodge a formal complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au.
Should you wish to read more information on the Privacy Act, we recommend that you visit the website of the OAIC at www.oaic.gov.au.