1stGroup Limited – Policies and Procedures

Privacy and Data Protection

Last Updated

22 April 2020


Any Questions? Contact our Privacy Officer with the below information

Email: privacy@1stgrp.com

Phone: 1300 673 885

Privacy Statement

This privacy policy (Policy) applies to users of 1stGroup platforms 'MyHealth1st’ and ‘PetYeti’ and websites supported or powered by these platforms, but does not apply to ‘GoBookings’. 1stGroup is an ASX listed company (ASX:1ST).

This Policy sets out how and why 1stGroup collects, stores, uses and discloses your personal information, what happens when you don’t provide the personal information we have requested , and how to contact us if you have any questions about how we handle your personal information or would like to access the personal information we hold about you.

The Privacy Policy must be freely available on the MyHealth1st website, each 1stGroup website, and to anyone making a reasonable request for it.


1stGroup – Privacy Policy – General

1stGroup Limited (ACN 138 897 533) ( 1stGroup, we, us, our ) owns, and operates the websites MyHealth1st.com.au , PetYeti.com.au , clinicconnect.com.au and docappointments.com.au . 1stGroup also administers the websites stvincentspriority.com.aumaterpriority.com.au , lookdeeper.com.au , telehealthclinics.com.au , Covid19clinics.com.au and coronavirusclinics.com.au which are powered by its platforms.

Together, our platforms offer appointment booking, telehealth consultations and resource management solutions to a variety of practices including medical and healthcare practices, dentists, vet clinics, pharmacies, etc (Practices) .

In the course of providing services to you through our various platforms, 1stGroup collects personal information. We are bound by the Privacy Act 1988 (Cth) ( Privacy Act ) and comply with our obligations under the Australian Privacy Principles ( APPs ).

1stGroup takes your privacy seriously. This Policy lets you know how we treat personal information that we collect and receive about individuals ( you , your ).

If you have any questions about this Policy or about your privacy generally, please contact our Privacy Officer using the contact details below.


What information does 1stGroup collect?

Practitioners – We collect information from Practitioners to facilitate the provision of our services. This includes the collection of personal information including email, first name and last name as well as phone number and practice name and any other information which may be necessary to appropriately conduct, manage and oversee 1stGroups services.

Users - We collect information from users so they can access our services and make a booking online. At registration, we collect email, first name, last name, gender, mobile and date of birth. We may also collect optional information such as your postcode if you voluntarily provide this to us.  

We also collect sensitive information. Sensitive information is a subset of personal information which requires a higher standard of protection under the APPs. Information about an individual’s access to healthcare services is considered sensitive information. We keep a record of the appointments you have booked using our platforms, and your attendance at those appointments, which may in certain circumstances be considered sensitive information. When you make a booking with a telehealth provider, we may also collect sensitive information from you which is reasonably required to deliver this service. 

Other - We may automatically collect information about your use of 1stGroup platforms or services. This may include through cookies, web beacons, and other technologies: your domain name; your browser type and operating system; web pages you view; links you click; your IP address; a time and date stamp and the length of time you visit our websites and or use our services; the referring URL, or the webpage that led you to our websites and your browser type.

We may combine this information with other information that we have collected about you, including, where applicable, your username, name, and other personal information. Please see the section “How does 1stGroup use Cookies” below for more information about our use of cookies and other tracking mechanisms which enable us to optimise your experience of our services.

1stGroup may collect your personal information when you communicate with us by on social media, such as Twitter. Please be aware that social networking services also handle your personal information for their own activities and have their own privacy policies, which we recommend that you review.

Without your information, we may not be able to provide you the services you have requested to the requested standard or at all. You may also miss out on receiving valuable information about our services.


What does 1stGroup do with your personal information?

Our main purpose for collecting your personal information is to facilitate the booking between you and a Practice. We only use your personal and sensitive information for the purposes set out in this Policy.

We collect, hold, use and disclose your personal information to:

  • Provide you with our booking services, and any other products, information or services you have requested from our platforms;

  • Create an account for you if you register with us;
\
  • Contact you about your use of our platforms, to confirm a booking, or send booking reminders by email or SMS;

  • Contact you to request feedback about our services, or your participation in a survey or questionnaire;

  • To communicate with you about your use of our services, to respond to your inquiries, to provide technical support and assistance and for other customer service purposes;

  • Send you marketing material including but not limited to health surveys and health education material to enhance and develop our relationship with you;
  • Process payments; and

  • Report to Practices about user use of our platforms.


We may also use your information to comply with legislative or regulatory requirements, and to investigate and prevent fraud, crime or other activity that may cause harm in relation to our platform or services.


Who does 1stGroup disclose personal information to?

If you are a health professional who registers with 1stGroup, we will make the information you provide to us publicly available including on the 1stGroup platforms for users to access your services.

If you are a user, when you confirm a booking using one of our platforms, your personal information will be transferred to the relevant Practice. The Practice will only receive information that is relevant to your booking. Each Practice has to comply with the law with regard to their use of your personal information, however we have no control over, and are not responsible for how the Practice uses your information. You should read your Practice’s Privacy Policy carefully.

Where a Practice requires a prepayment or credit card pre-authorisation, we will provide your credit card details to a secure payment processing provider in order to process the payment.

If you choose to use our booking system for telehealth appointments, we and our service providers may collect medical information from you which is reasonably required to deliver this service.

Our Service Providers

We use a range of service providers (for example, IT service providers, web hosting providers, secure SMS service providers and secure payment gateway providers) to help us deliver our platforms. Where we disclose personal information to our service providers, we will make sure they are required to have in place appropriate controls to protect your personal information, and only use your personal information for authorised purposes.

Our Strategic Partners

MyHealth1st has various strategic relationships with a number of complementary service providers (Partners). Sometimes when we conduct surveys or questionnaires, we ask questions on behalf of our Partners. We disclose your answers to these questions to the relevant strategic partner, but only if we have your permission to do so. Remember, your participation in these surveys or questionnaires is entirely voluntary.

Again, where we disclose personal information to our Partners, we will make sure they are required to have in place appropriate controls to protect your personal information, and only use your personal information for authorised purposes.

Others…

We may publish feedback, comments, reviews or testimonials provided by you on our websites or in promotional material in order to promote our services. However, we will not publish any comments which might identify you or disclose your name or contact details for this purpose without your permission.

We may also disclose your personal information if required by law (for example to government bodies and law enforcement agencies).

At present all of our Practices, Partners and service providers are based in Australia and New Zealand and so it is unlikely that we will need to provide your personal information to any persons or organisations located outside of these regions. If this position changes, we will ensure that any overseas recipients of personal information have appropriate security measures in place.


How does 1stGroup use Cookies?

We use cookies and similar technologies (such as web beacons and analytics software) on 1stGroup platforms to analyse trends, administer our services, improve the quality of our products and services, track users' movements around 1stGroup platforms, and to gather demographic information about our user base as a whole.

You may refuse to use cookies, web beacons or some of the analytics software features by selecting the appropriate settings on your browser or the settings section of your mobile or tablet device. However, please note that if you do this, you may not be able to use the full functionality of the 1stGroup platforms and we may not be able to provide you the services you request.


How does 1stGroup keep personal information secure?

We take reasonable steps to ensure that any information which we hold about you is kept secure.

We take appropriate measures to ensure the personal information collected, used and stored by us is kept secure, accurate and kept up to date and only for so long as necessary for the purpose for which it was collected.

Our servers are kept in a secured data centre environment, and PCI vulnerability scans are carried out by us or our Partners and services providers.

All of our online forms and telehealth services are protected by encryption. We also use a secure server and external payment processing providers when you make a payment via our websites or to store credit card details. We do not store complete credit card details on any of our systems.

Please be aware that despite our robust efforts, no data security measures can guarantee 100% security.  We recommend that you take steps to protect against unauthorised access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private.


Do you want access to your personal information?

If at any time to know what personal information we hold about you, you can contact our Privacy Officer.

You have a right to request access to any personal information we hold about you, and we will only refuse your request in exceptional circumstances (for example if granting access would infringe another person’s privacy).

If you make a personal information access request, we will require you to provide some form of identification (for example a driver license or passport) so we can verify that you are the person to whom the information relates. In some cases we may charge an administrative fee to cover the costs of granting access.

If you wish to make a personal information access request, please contact our Privacy Officer using the details below.


Is your personal information incorrect or out of date?

If your personal details change, please help us to keep your information up to date by notifying us.

If you believe information we hold about you is incorrect or out of date, please contact our Privacy Officer using the details below.


Any Complaints?

If you have a complaint about the way we handle your personal information, we want to know about it!

If you would like to make a complaint in relation to how we have handled your personal information or about a breach of the APPs please provide a written summary of the complaint to us on the contact details below.

We will investigate your complaint and will endeavour to provide you a written response within 45 days of receiving your complaint. We take your complaints seriously, and will attempt to resolve the issue quickly and fairly.

If we cannot resolve your complaint to a satisfactory standard, you are entitled to lodge your complaint with the Australian Information Commissioner, or his successor: http://www.oaic.gov.au/privacy/making-a-privacy-complaint


Changes to this Policy

We may change the terms of this Policy to keep it current. If we do so we will post the changes here, so please check from time to time. By continuing to use our websites, you will be taken to have accepted such changes.


Contact our Privacy Officer

If at any time you want to contact us, access your information or make further enquiries about your privacy, please contact our Privacy Officer by email to privacy@1stgrp.com or mail to Suite 4, 17 Bellevue Street, Surry Hills, 2010.