PRIVACY & SECURITY POLICY
A reference in this policy to:
- “we”, “our”, or “us” is a reference to Medlab;
- “you” or “your” is a reference to the individual whose personal information is collected by us;
- “personal information” includes health information and other sensitive information as well as personal information generally (these terms are defined in the Privacy Act 1988 (Cth)); and
- “website”/“digital portal(s)” refer collectively to our websites and digital portals accessible at https://www.medlab.co, https://clinic.medlab.co/ and https://shop.medlab.co including any third party add-on applications, platforms and/or other software programs incorporated into or which work or communicate with any of our websites and digital portals for the purposes of Medlab’s provision of information, products and/or services to you (“third party add-ons).
At Medlab, we respect your privacy and we are committed to protecting your personal information, which is why we handle personal information in accordance with the Australian Privacy Principles as set out in the Privacy Act 1988 (Cth), as well as in accordance with the Spam Act 2003 (Cth). In addition, we handle personal information in accordance with State and Territory privacy laws in circumstances where there is a contractual requirement for us to do so, and in accordance with State or Territory health records laws where applicable.
We encourage you to read the policy carefully and we hope it will help you to make informed decisions about sharing your information with us.
This policy covers a number of areas, including:
- Our use of your information
- Third party disclosure
- Your choices
- Our security measures
If you have any questions or concerns about our policy you can email us: firstname.lastname@example.org
Privacy and Personal Information
The personal information which we collect depends upon the nature of our dealings with you and the products and/or services which we provide to you. It may include your name, gender, contact information, date of birth, Medicare number, health information and other sensitive information about you, particulars of a health service we provide to you, or which is contemplated, payment methods, technical information (such as your IP address) and any other ad hoc information which you choose to supply to us and which is of an obvious personal nature.
The protection of your personal information is important to Medlab.
You agree that Medlab may collect and use your personal information for the purposes for which you give it to us and for any other purposes directly connected with the reason(s) for us collecting your personal information and for related purposes which you would reasonably expect us to use your personal information for. This may include, for example, for the purposes of a providing a health service to you in connection with a consultation provided by a Medlab medical or health professional and for related purposes (such as use within Medlab in relation to discussing or disclosing such information and/or in connection with referring you to another external third party medical or health professional for the purpose of managing, monitoring or assisting with your treatment on an ongoing basis and/or for the purpose of completing and sending a script, note or record to a pharmacy for one or more products that our medical or health professional(s) considers may be appropriate for you), for our own internal purposes (including administrative purposes, billing purposes, either directly or through an insurer or compensation agency), and for the purpose of communicating with you, including by sending you information about matters we consider you might be interested in, including information about upcoming studies, product information or services provided to you via the website or otherwise by us.
You agree that we may aggregate personal information obtained from multiple individuals for research purposes. We only do so, however, after de-identification and in accordance with (and to the extent permitted by) de-identification guidelines issued by the Office of the Australian Information Commissioner and research guidelines approved under section 95A of the Privacy Act 1988 (Cth).
You agree that we may at any time transfer your personal information and health information to a related body corporate within Medlab which, in accordance our normal company operations, requires access to such data.
By using our website and/or receiving products or services from us (including, for example, by participating in a consultation), you consent to Medlab collecting and using your personal information for the purposes described in this policy.
(1) Our use of your information
The more we know about you, the easier it is for us to deliver helpful, relevant information and services. We collect personal and non-personal information to tailor the future content which you see and to contact you. We collect personal information and health information about you which you provide to us and otherwise in connection with your use of our website and/or products and services provided to you, including as set out below.
Registration (other than for Telehealth consultations):
When you register on our website, we collect personal information about you such as your name, email address, other contact details, and date of birth. Registration allows you to potentially participate in future studies and receive monthly deals and promotions.
Medlab medical and health professionals, including naturopaths, provide “Telehealth” consultations to customers via telephone or video conferencing facilities, including over the internet. If you wish to participate in one or more Telehealth consultations, you must book an appointment using our scheduling system, which is accessible via our website. We will collect personal information about you in connection with your booking and any consultation which you attend. After you book a consultation, we will send you a new patient pack of materials, which will include a patient questionnaire for you to complete and send back to us before your first consultation, which we will review before your first consultation.
The personal and health information we may collect from you will include the information referred to in this Policy as well as personal information about your medical history and condition(s), the reason for your participation in the consultation and your interest in Medlab products and services, and any recommendations, treatment or advice which our medical and health professionals provide to you in connection with or during such a consultation.
We will also collect personal and health information about you from publically available sources of information, including social media (such as your publically available Facebook and Instagram profiles), and other sources of information about you which you refer us to or which we identify.
If our medical or health professional determines that it appropriate to refer you to another medical or health professional either within or outside Medlab, and you consent to that referral, we will also collect information about that referral, including the nature of the referral and the identity of the professional to whom you are referred. We will also collect any information about any treatment or advice provided to you by any such professional if we receive such information from the professional or a related person or entity.
From time to time we may ask for your feedback about our website, products and/or services. This information allows us to better understand the needs of our customers and to gather information about health issues and trends that may be important to them. If you provide any such feedback to us which comprises any personal information, or if you otherwise provide us with any personal information about these issues, then we will also collect that personal information for the purposes outlined in this policy.
When you visit our website, our servers will collect log information. This information may include your page request, Internet Protocol (IP) address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser. Log information helps us gather information about often our website is being viewed; such as the product pages customers are viewing.
We will only retain your personal information for as long as is necessary to meet the purpose for which it was originally collected, unless and to the extent we are required by law to retain the information for a longer period. When your personal information is no longer required, we will take commercially reasonable and technically appropriate steps to delete or de-identify that information.
You are entitled to view the personal information which we hold about you except in circumstances where applicable privacy and data protection laws authorise us to deny access. You may be charged an administrative fee for this service.
We will take reasonable steps to ensure that your personal information remains current, complete and accurate. If, upon gaining access to your personal information, you identify an inaccuracy in your personal information, we will correct it if we agree that it is in fact inaccurate or, if we disagree, we will include a notation to the effect that you disagree.
(2) Third party disclosure
To the extent that a third party add-on is involved or used by us or our website including in the course of or in connection with managing Telehealth consultations, one or more third parties may receive or have access to your personal or health information which we collect.
Except as set out in this policy, we will not use or disclose any personal information about you to any third parties without your consent. There may be exceptional circumstances where this may not be possible, such as if disclosure is required by law or is necessary to protect the rights or property of Medlab, or any member of the public, or to lessen a serious threat to a person's health or safety.
We will not disclose any personal information about you overseas without your consent.
(3) Your choices
You are given choices when we ask for personal information and, whenever possible, we try to explain why we ask for information. You can always refuse to provide personal information.
Information you provide on our website when you complete the registration, tools you have used as well as articles you have viewed, will be used to personalise your experience of our website.
Information you provide to Medlab or Medlab medical and health professionals in connection with or during the course of a consultation, including personal information and health information, will be used by Medlab for the purposes outlined above in this policy, including for the purposes of the consultation, providing any treatment advice to you or, if you consent, for the purpose of referring you to another medical or health professional.
Email communications that you send to us via links on our website may be shared with one or more employees at Medlab. If you provide personal health information in your email, it will be used only for the purposes of answering your email.
As a Medlab customer, you have the option to receive regular email newsletters and alerts of monthly deals and promotions. You can unsubscribe from newsletters by clicking on the "unsubscribe" link at the bottom of any newsletter. You can manage your alerts or unsubscribe from alerts in your personal profile.
If you would otherwise prefer not to receive marketing or other material from Medlab, please let us know and we will respect your request by emailing email@example.com.
(4) Our Security Measures
We are dedicated to protecting the security and privacy of your information. We have implemented security arrangements to protect your personal information against loss, theft, unauthorised access and unauthorised disclosure. Your electronic information is stored on secure servers that are protected in controlled facilities. Medlab use SSL certificates to establish secure connections when presenting data in a digital format and encrypting data between our secure servers and our digital portals. Medlab employ authentication and authorisation protocols when providing access to your personal data. Our employees have limited access to your personal information. However, as we cannot guarantee the security of our communications with you over the Internet, you acknowledge that we cannot give you an absolute assurance that your personal information will be secure at all times. Medlab will not be held responsible for events arising from unauthorised use or access to your personal information unless the unauthorised use or access arises due to Medlab’s failure to comply with its obligations under the Privacy Act 1988 (Cth) or any applicable State or Territory privacy legislation. Our security measures are routinely reviewed and account is taken of the Guide to Securing Personal Information issued by the Office of Australian Information Commissioner
As we evolve and introduce new services and features on our website and in our business, our policies will be reviewed and may be revised. We reserve the right to change this policy at any time and will notify you by posting an updated version of the policy on our website. If you do not agree with the new policy, you always have the option of closing your account and not acquiring or receiving products and/or services from us.
Contact: Ian Curtinsmith
(02) 8188 0311
If you make such a complaint we will review within 48 hours and establish in consultation with you a reasonable process, including time frames, for seeking to resolve your complaint.
Updated and effective as at 2nd March, 2020.