1stGroup Limited – Policies and Procedures
Privacy and Data Protection
22 April 2020
Any Questions? Contact our Privacy Officer with the below information
Phone: 1300 673 885
This Policy sets out how and why 1stGroup collects, stores, uses and discloses your personal information, what happens when you don’t provide the personal information we have requested , and how to contact us if you have any questions about how we handle your personal information or would like to access the personal information we hold about you.
1stGroup Limited (ACN 138 897 533) ( 1stGroup, we, us, our ) owns, and operates the websites MyHealth1st.com.au , PetYeti.com.au , clinicconnect.com.au and docappointments.com.au . 1stGroup also administers the websites stvincentspriority.com.au , materpriority.com.au , lookdeeper.com.au , telehealthclinics.com.au , Covid19clinics.com.au and coronavirusclinics.com.au which are powered by its platforms.
Together, our platforms offer appointment booking, telehealth consultations and resource management solutions to a variety of practices including medical and healthcare practices, dentists, vet clinics, pharmacies, etc (Practices) .
In the course of providing services to you through our various platforms, 1stGroup collects personal information. We are bound by the Privacy Act 1988 (Cth) ( Privacy Act ) and comply with our obligations under the Australian Privacy Principles ( APPs ).
1stGroup takes your privacy seriously. This Policy lets you know how we treat personal information that we collect and receive about individuals ( you , your ).
If you have any questions about this Policy or about your privacy generally, please contact our Privacy Officer using the contact details below.
What information does 1stGroup collect?
Practitioners – We collect information from Practitioners to facilitate the provision of our services. This includes the collection of personal information including email, first name and last name as well as phone number and practice name and any other information which may be necessary to appropriately conduct, manage and oversee 1stGroups services.
Users - We collect information from users so they can access our services and make a booking online. At registration, we collect email, first name, last name, gender, mobile and date of birth. We may also collect optional information such as your postcode if you voluntarily provide this to us.
We also collect sensitive information. Sensitive information is a subset of personal information which requires a higher standard of protection under the APPs. Information about an individual’s access to healthcare services is considered sensitive information. We keep a record of the appointments you have booked using our platforms, and your attendance at those appointments, which may in certain circumstances be considered sensitive information. When you make a booking with a telehealth provider, we may also collect sensitive information from you which is reasonably required to deliver this service.
Other - We may automatically collect information about your use of 1stGroup platforms or services. This may include through cookies, web beacons, and other technologies: your domain name; your browser type and operating system; web pages you view; links you click; your IP address; a time and date stamp and the length of time you visit our websites and or use our services; the referring URL, or the webpage that led you to our websites and your browser type.
1stGroup may collect your personal information when you communicate with us by on social media, such as Twitter. Please be aware that social networking services also handle your personal information for their own activities and have their own privacy policies, which we recommend that you review.
Without your information, we may not be able to provide you the services you have requested to the requested standard or at all. You may also miss out on receiving valuable information about our services.
What does 1stGroup do with your personal information?
Our main purpose for collecting your personal information is to facilitate the booking between you and a Practice. We only use your personal and sensitive information for the purposes set out in this Policy.
We collect, hold, use and disclose your personal information to:
- Provide you with our booking services, and any other products, information or services you have requested from our platforms;
- Create an account for you if you register with us; \
- Contact you about your use of our platforms, to confirm a booking, or send booking reminders by email or SMS;
- Contact you to request feedback about our services, or your participation in a survey or questionnaire;
- To communicate with you about your use of our services, to respond to your inquiries, to provide technical support and assistance and for other customer service purposes;
- Process payments; and
- Report to Practices about user use of our platforms.
We may also use your information to comply with legislative or regulatory requirements, and to investigate and prevent fraud, crime or other activity that may cause harm in relation to our platform or services.
Who does 1stGroup disclose personal information to?
If you are a health professional who registers with 1stGroup, we will make the information you provide to us publicly available including on the 1stGroup platforms for users to access your services.
Where a Practice requires a prepayment or credit card pre-authorisation, we will provide your credit card details to a secure payment processing provider in order to process the payment.
If you choose to use our booking system for telehealth appointments, we and our service providers may collect medical information from you which is reasonably required to deliver this service.
Our Service Providers
We use a range of service providers (for example, IT service providers, web hosting providers, secure SMS service providers and secure payment gateway providers) to help us deliver our platforms. Where we disclose personal information to our service providers, we will make sure they are required to have in place appropriate controls to protect your personal information, and only use your personal information for authorised purposes.
Our Strategic Partners
MyHealth1st has various strategic relationships with a number of complementary service providers (Partners). Sometimes when we conduct surveys or questionnaires, we ask questions on behalf of our Partners. We disclose your answers to these questions to the relevant strategic partner, but only if we have your permission to do so. Remember, your participation in these surveys or questionnaires is entirely voluntary.
Again, where we disclose personal information to our Partners, we will make sure they are required to have in place appropriate controls to protect your personal information, and only use your personal information for authorised purposes.
We may publish feedback, comments, reviews or testimonials provided by you on our websites or in promotional material in order to promote our services. However, we will not publish any comments which might identify you or disclose your name or contact details for this purpose without your permission.
We may also disclose your personal information if required by law (for example to government bodies and law enforcement agencies).
At present all of our Practices, Partners and service providers are based in Australia and New Zealand and so it is unlikely that we will need to provide your personal information to any persons or organisations located outside of these regions. If this position changes, we will ensure that any overseas recipients of personal information have appropriate security measures in place.
How does 1stGroup keep personal information secure?
We take reasonable steps to ensure that any information which we hold about you is kept secure.
We take appropriate measures to ensure the personal information collected, used and stored by us is kept secure, accurate and kept up to date and only for so long as necessary for the purpose for which it was collected.
Our servers are kept in a secured data centre environment, and PCI vulnerability scans are carried out by us or our Partners and services providers.
All of our online forms and telehealth services are protected by encryption. We also use a secure server and external payment processing providers when you make a payment via our websites or to store credit card details. We do not store complete credit card details on any of our systems.
Please be aware that despite our robust efforts, no data security measures can guarantee 100% security. We recommend that you take steps to protect against unauthorised access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private.
Do you want access to your personal information?
If at any time to know what personal information we hold about you, you can contact our Privacy Officer.
You have a right to request access to any personal information we hold about you, and we will only refuse your request in exceptional circumstances (for example if granting access would infringe another person’s privacy).
If you make a personal information access request, we will require you to provide some form of identification (for example a driver license or passport) so we can verify that you are the person to whom the information relates. In some cases we may charge an administrative fee to cover the costs of granting access.
If you wish to make a personal information access request, please contact our Privacy Officer using the details below.
Is your personal information incorrect or out of date?
If your personal details change, please help us to keep your information up to date by notifying us.
If you believe information we hold about you is incorrect or out of date, please contact our Privacy Officer using the details below.
If you have a complaint about the way we handle your personal information, we want to know about it!
If you would like to make a complaint in relation to how we have handled your personal information or about a breach of the APPs please provide a written summary of the complaint to us on the contact details below.
We will investigate your complaint and will endeavour to provide you a written response within 45 days of receiving your complaint. We take your complaints seriously, and will attempt to resolve the issue quickly and fairly.
If we cannot resolve your complaint to a satisfactory standard, you are entitled to lodge your complaint with the Australian Information Commissioner, or his successor: http://www.oaic.gov.au/privacy/making-a-privacy-complaint
Changes to this Policy
We may change the terms of this Policy to keep it current. If we do so we will post the changes here, so please check from time to time. By continuing to use our websites, you will be taken to have accepted such changes.
Contact our Privacy Officer
If at any time you want to contact us, access your information or make further enquiries about your privacy, please contact our Privacy Officer by email to firstname.lastname@example.org or mail to Suite 4, 17 Bellevue Street, Surry Hills, 2010.