Privacy Policy

  1. We comply with the Privacy Act
  2. Notification of collection
  3. Why we handle personal information
  4. What personal information we collect and hold
  5. How we collect and hold personal information
  6. Use and disclosure of personal information
  7. Who we disclose personal information to
  8. Direct marketing
  9. Overseas recipients
  10. Legal requirements for collection
  11. Consequences of failure to collect personal information
  12. Sensitive information
  13. Storage and security
  14. Access to and correction of personal information
  15. Online privacy
  16. Data breach
  17. Complaints
  18. Changes to our Privacy Policy
  19. Contact details

1 We comply with the Privacy Act

Devtil Pty Ltd (ABN 73 610 284 047) (we, us or our) is an organisation and "APP Entity" for the purposes of the Privacy Act 1988 (Act), and is bound by the Australian Privacy Principles contained in the Act.

We appreciate the importance of good privacy practice and are committed to safeguarding personal information about individuals that we handle.  This Privacy Policy describes generally how we manage this personal information and protect privacy, including how we comply with the Act and the Australian Privacy Principles.

This Privacy Policy is intended to provide a general overview of our policies in respect of the handling of your personal information.  "Personal information" is essentially information or an opinion about an identified or reasonably identifiable individual.

This Privacy Policy is intended to cover most personal information we handle but is not exhaustive.  Other policies may override or supplement this Privacy Policy in certain circumstances.  For example, when we collect personal information from you, we may advise a specific purpose for collecting that personal information, in which case we will handle your personal information in accordance with that purpose.  If you have any queries about our handling of your personal information, please contact us (see section ‎19 below) for further information.

2 Notification of collection

When we collect your personal information, we take reasonable steps to ensure you are aware of certain details.  This Privacy Policy provides those details as they typically apply in many situations.  Specifically:

  • the purposes for which we collect personal information are described in section ‎3;
  • the organisations to which we would usually disclose it are described in section ‎6;
  • whether we are likely to disclose it to overseas recipients, and where practicable the countries in which they are located, are described in section ‎9;
  • whether there are laws or court/tribunal orders which require or authorise us to collect it is described in section ‎10; and
  • the main consequences for you if you fail to provide it are described in section ‎11.

However, depending on our specific interaction with you, different details may apply.  If we do not notify you of such other details, the details in this Privacy Policy apply.

3 Why we handle personal information

Generally speaking, we collect, hold, use and disclose personal information so that we may provide our products and services, and effectively communicate and interact with you.
The purposes for which we handle personal information depend on your dealings with us, but generally they may include enabling us to:

  • provide products and services to our patients and customers;
  • establish a diagnosis and develop an appropriate management plan to treat patients;
  • communicate with our patients, customers, suppliers and other contacts (including providing information you request, responding to your enquiries, managing complaints or otherwise facilitating the purpose for which you have contacted us);
  • handle payments;
  • manage and account for our products and services;
  • verify your identity if required;
  • inform our patients, customers and other contacts about product and industry developments, or provide marketing and promotional material regarding our products or services (including newsletters or other materials);
  • market our products and services;
  • manage our employees and contractors;
  • seek feedback from you and perform market research, so that we can gauge your satisfaction with our products or services;
  • conduct quality assurance, accreditation and audit activities;
  • conduct research and develop activities to improve our products or services;
  • train artificial intelligence systems we use for various purposes (which may include assisting clients to interact with our systems, or to assist in diagnosis or management);
  • generally carry on our business (including maintaining our business records and ensuring compliance with our legal and insurance obligations); and
  • engage in other activities where required or permitted by law or where you have given your consent.

4 What personal information we collect and hold

The kinds of personal information we may collect and hold about you depend on your dealings with us, but generally it may include:

  • your name and address, email address, telephone number, date of birth, Medicare card number and information about any private health insurance that you may have;
  • information about your health and diagnoses, including medical history, past and current prescriptions, family history and the details and results of tests;
  • information regarding your preferred pharmacies and laboratories;
  • personally-identifiable imagery of you (such as photographs or video collected during telehealth consultations);
  • information about your occupation, employer or business;
  • information about your relationships with others, such as our contacts or customers;
  • credit card and payment details if you purchase products and services from us;
  • details of products or services you purchase; and
  • other personal information that we require or that you volunteer to us (such as details of your qualifications, skills, education provider, work history, resume and residency status if you apply for employment with us).

We aim to limit personal information we collect to that which is reasonably necessary for our functions or activities.

5 How we collect and hold personal information

We may collect personal information from various sources, including patients, our customers, suppliers, contacts and prospective employees.

The ways in which we collect and hold personal information depend on your dealings with us, but generally it may include if you:

  • complete the patient forms we provide;
  • meet with us, including if you attend an appointment via telephone or videoconferencing (when you might inform us of your personal details);
  • otherwise communicate with us (for example if you submit an enquiry), including by letter, telephone or email);
  • order products and services from us or register your interest in our products and services;
  • subscribe to our publications;
  • engage with our online marketing; or
  • submit information through our websites, blogs or other social media accounts (for example, LinkedIn).

In some circumstances, we may collect personal information about you from third parties such as (as applicable):

  • your referring General Practitioner and other health care representatives (for example, nurses or allied health professionals);
  • your private health insurer;
  • government agencies (such as Centrelink, Medicare, Department of Social Services, National Disability Insurance Agency, Department of Veterans Affairs or other government agencies responsible for home care services);
  • our customers, potential customers and their contacts;
  • your employees, representatives or personal referees;
  • your employer; or
  • publicly-available resources.

We receive all personal information that you provide to us about third parties on the understanding that you have obtained the relevant individual’s consent for us to collect and handle that personal information in accordance with this Privacy Policy.

We may hold personal information in electronic or hard-copy formats.  More information about how we store personal information is set out in section ‎13.

6 Use and disclosure of personal information

We will generally only use or disclose your personal information for the purpose for which we collected it, and for related purposes we consider would be within your reasonable expectations. 

Where we propose to use or disclose your personal information for a purpose other than as described in this Privacy Policy, we will seek your permission (unless we are required or permitted by law to use or disclose personal information without obtaining consent).\

By providing us with your personal information, you consent to us using and disclosing your personal information as described in this Privacy Policy.

7 Who we disclose personal information to

We generally disclose personal information to (as applicable in the circumstances):

  • other General Practitioners or health practitioners (for example, when referring a patient for a certain service or specialisation);
  • online systems and databases (for example, Electronic Transfer of Prescriptions so that you can receive your medical prescription digitally, and My Health Records if you have not opted out);
  • certain suppliers who provide services to or for us (for example, third-party suppliers or operators of platforms that conduct surveys or collect feedback or reviews from patients, suppliers who develop and maintain our technology platforms, electronic records, websites and social media accounts, or provide payment processing services or other services);
  • other persons in connection with the provision of our products and services (such as our customers, suppliers and their contractors and other contacts);
  • our auditors, insurers and legal and other professional advisers;
  • professional registers or bodies (for example, the Australian Health Practitioner Regulation Agency);
  • members of our corporate group;
  • any person to whom you authorise us to disclose the information; or
  • any person where we are required to or authorised to do so by law.

We endeavour to ensure third parties only receive the personal information necessary to undertake their work for us, and that they are bound by appropriate confidentiality obligations to ensure the information we disclose is only used for the limited purposes for which we provide it.

We generally ensure such organisations are contractually required to ensure that information we disclose is used only for the limited purposes for which we provide it.

8 Direct marketing

We may send you marketing or promotional communications by post or by electronic means (such as email or SMS).  You may ask not to receive such material from us by contacting us (see section ‎19 below) or by using the opt-out function included in those communications.

There are no consequences of opting-out of receiving our marketing and promotional communications except that you will no longer receive them, and you may elect to re-join our marketing list at a later time if you wish.

9 Overseas recipients

We are not usually likely to disclose the personal information to overseas recipients, however we may do so in some circumstances.  Examples may be where we disclose personal information to our overseas service providers, contractors and/or consultants where necessary to provide specific products or services to customers (limiting the disclosure to the extent required for such purposes).  The countries in which such recipients are likely to be located include the United States of America.

Personal information may be stored or processed on servers located overseas, however generally we retain effective control over such data.

10 Legal requirements for collection

There will not usually be Australian laws or court/tribunal orders which require or authorise us to collect your personal information.

11 Consequences of failure to collect personal information

If you fail to provide personal information requested by us, or if the personal information you supply is incorrect or incomplete, there may be a range of consequences, for example we may be unable to process or respond to your request or provide products or services to you.

You have the option of not identifying yourself, or of using a pseudonym, when dealing with us, unless it is legally necessary or impracticable for us to deal with individuals who are not identified.  If we request your personal information but would prefer to remain anonymous, please let us know.  We will notify you if we require you to be correctly identified for a particular interaction.

12 Sensitive information

We may collect sensitive information.  Sensitive information includes health information, which we may routinely collect as part of providing services to our customers and patients.

Sensitive information also includes, for example, information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, political or professional association or trade union membership, sexual orientation, criminal record, genetic information and information about any illness, injury or disability.

We only collect sensitive information with consent and where it is reasonably necessary for one of our functions or activities.  We will assume you have consented to us collecting, using and disclosing (in accordance with this Privacy Policy) all information that you provide to us, including any sensitive information, unless you tell us otherwise at the time of collection.  If we request your sensitive information but you have any concerns providing it to us, please let us know.

13 Storage and security

We take reasonable steps to protect your personal information we hold from misuse, interference and loss as well as unauthorised access, modification or disclosure.

For example, information stored on our information technology systems is protected by security features and procedures.  We undertake regular monitoring of our practices and systems to ensure the effectiveness our security policies and identify and implement improvements where appropriate

However, we cannot and do not guarantee that personal information we hold will be protected against unauthorised access or misuse.  Unfortunately, no system or methodology for holding personal information can be guaranteed as entirely secure.

Generally, we will take reasonable steps to destroy or permanently de-identify your personal information as soon as it is no longer required or permitted to be used by us.  We may retain your personal information where we are required or permitted to do so by law, such as for insurance, legal or corporate governance purposes or for the prevention of fraud.  Your personal information may also be retained in our archival records.

14 Access to and correction of personal information

You may contact us to request access to or correction of the personal information we hold about you.

We may refuse to allow access or to amend your personal information if we are legally required or permitted to do so.  In that case, we will (unless it is unreasonable to do so) provide you with written reasons for the refusal together with information about the options available to complain about the refusal.

We will respond to your request for access within a reasonable period after the request is made and we will give access to the information in the manner requested if it is reasonable and practicable to do so.  We may require you to comply with certain procedures before we allow access to or amendment of your personal information (eg, providing satisfactory identification), in order to ensure the integrity and security of information that we hold.  Please understand that our requirements to identify individuals requesting access to personal information are designed to protect you and other individuals from unauthorised access.

We may require you to pay certain costs in order to access your personal information held by us.  We will advise the amount payable (if any) once we have assessed your application for access.  We will not however charge a fee for you to lodge a request for access to or correction of your personal information.

We will take reasonable steps to ensure that the personal information we collect is accurate, up-to-date and complete, and the personal information we use and disclose is accurate, up-to-date, complete and relevant.  If we are satisfied that any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly.

Please let us know if your personal information changes, so that we may ensure our records are current.

15 Online privacy

This section of our Privacy Policy describes how we handle your personal information in connection with online services we provide (which includes services provided by us via the Internet such as our website, email and social media accounts).  This section applies to personal information handled in connection with online services in addition to the remainder of the Privacy Policy.

15.1 Automatic server logs

Our servers automatically collect various details when you use our website, including:

  • your IP (Internet Protocol) address (generally, an identifier assigned to your device when it is connected to the Internet);
  • the operating system and Internet browser software you are currently using; and
  • the data you access (such as web pages or other document files or software), and the time that you access it.

We do not attempt to identify individuals using this information, and only use it for statistical analysis, system administration, and similar related purposes.  This information is not disclosed to any other party.

15.2 Cookies

Our website uses "cookies", which identify your device to our servers when you visit our website.  Our website may request to store cookies on your device in order to improve and customise your future visits.  Through the use of cookies our site can deliver customised content to you.  If you do not want information collected through the use of cookies, you may be able to configure your Internet browser to disable them.

We do not attempt to specifically identify and track individuals using cookies.

15.3 Google Analytics

Our website also uses Google Analytics services.  These services make use of cookies and similar technologies, analytics and other identifiers to collect data about website traffic. For more information about Google Analytics and how it collects and processes data, see www.google.com/policies/privacy/partners/.

Users can usually block cookies, or remove cookies, by editing the privacy and security settings of their web browser or mobile device.  Some features on our website may require cookies to function properly.  If cookies are disabled or deleted, then depending on the particular cookie that is deleted or disabled, users may not be able to use such features of our website, or previous opt-outs may be undone.

15.4 Email and messages

We may collect personal information from you (such as your name and email address, and any other personal information you volunteer) if you send us email.  We will use this to contact you to respond to your message, to send you information that you request, and for other related purposes we consider are within your reasonable expectations.

15.5 Storage and transmission of personal information online

If you provide any personal information to us via our online services (including email) or if we provide such information to you by such means, the privacy, security and integrity of this information cannot be guaranteed during its transmission unless we have indicated beforehand that a particular transaction or transmission of information will be protected (for example, by encryption).

15.6 Other online services

If any of our online services (including any email messages we send to you) contain links to other online services that are not maintained by us, or if other services link to our online services, we are not responsible for the privacy practices of the organisations that operate those other services, and by providing such links we do not endorse or approve the other services.  This Privacy Policy applies only in respect of our online services.

15.7 No data extraction

You are not permitted to extract, harvest or "scrape" personal information or other data from our website using any automated or non-automated process (whether directly or indirectly).

16 Data breach

If we suspect or there is unauthorised access to or disclosure of, or loss of, personal information we hold, we will undertake a prompt investigation, which will include an assessment of whether the incident is likely to result in serious harm to an individual.  If that is the case, we will comply with the requirements of the Act which may require notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals.

Please contact us if you have reason to believe or suspect that a data breach may have occurred, so that we may investigate and, if necessary, undertake appropriate containment, risk mitigation and notification activities as required.

17 Complaints

If you have a complaint about our handling of your personal information, or you believe that a breach of your privacy has occurred, please contact us using the details below.

Your complaint will be considered and dealt with by our nominated representative, who may escalate the complaint internally within our organisation if the matter is serious or if necessary to resolve it.

Please allow us a reasonable time to respond to a compliant.  If you are not satisfied with our response, you may make a complaint to the OAIC (whose contact details can be found at: http://www.oaic.gov.au/).

18 Changes to our Privacy Policy

We may amend this Privacy Policy at any time.  We publish our current Privacy Policy on our website, and you may obtain a copy of our Privacy Policy from our website or by contacting us.

19 Contact details

Please contact us at the email address reception@darwindermatology.com.au if you have an enquiry about our privacy practices or handling of your personal information.