We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act),and are required to comply with the Australian Privacy Principles in respect of the collection, use, disclosure and handling of personal information. The Act provides additional protection for health information.
If we collect information about you when providing you with a health service, we are required to comply with the additional requirements applicable to health information, even if that information does not relate directly to your health. State and Territory health legislation may also be applicable to the handling by us of your health information.
1. How we collect personal information
- Through a registration form;
- During a consultation;
- In a telephone conversation with you;
- Information you include in a letter or email;
- To process the purchase by you of products or services;
- To provide you with further information about our services, at your request;
- To send correspondence (e.g. mailed brochures) or other communications at your request;
- To provide you with access to protected areas of our website at www.connecthearing.com.au (Website);
- To book an appointment, at your request;
- To process your entry into a competition; and
- In relation to your employment application.
We may also collect information about you from persons or sources other than yourself, as described below.
However, where such information is in connection with the provision of our health services to you, we will only do this with your consent, or, in the case of an emergency involving a serious threat to your health and during which you are unable to provide consent, where it is necessary in order to treat you.
Other sources from which we may collect information about you include your treating specialists, your general practitioner, family members, friends, carers, employers and hospitals in which you have been treated.
Without this information, we may not be able to provide you with services or products that you have requested.
2. What Information do we collect?
- Name and date of birth;
- Mailing or street address;
- e-mail address;
- Information concerning your health and disabilities;
- Your treatment history;
- Your medical history;
- Services and products provided to you;
- Records of communications with you;
- Requests made by you;
- Transaction details associated with a purchase of goods or services from us;
- Credit card and account details (including credit verification check) when processing transactions; and
- Any additional information provided by you to us.
3. Purposes of collection, holding, use and disclosure of personal information
We may collect, hold, use and disclose personal information for purposes including the following:
- To provide you with our services and products and send communications requested by you;
- For internal administration, management, quality control, marketing, planning, product or service development and research; to answer inquiries, and provide information or advice about existing and new products or services;
- To conduct account management and payment processing including billing, external payment and accounting systems;
- To conduct competitions run by us;
- To process employment applications;
- Any purpose made known to you at the time of collection of your personal information
- We will not send you direct marketing communications without your consent. At any time, you may opt-out of receiving marketing communications from us by contacting us (see details below) and we will ensure that your name is removed from our mailing list.
4. International Data Transfers.
We are a global business. Personal information may be transferred to, stored and or processed in any country where we have operations, for example Switzerland or where we engage service providers.
We may disclose personal information to third parties who we believe are necessary to assist us in providing the relevant services and products to our clients or to enable them to offer their products and services to you.
For instance, we disclose personal information to the relevant product provider and their representatives, our agents and contractors and related companies. We generally limit, however, such use and disclosure of any personal information to the specific purpose for which it was supplied. In addition to our affiliates, we may also disclose personal information to third parties such as our contractors, agents and service providers when we outsource certain functions, including market research, direct marketing, claims handling and recruitment. This would also include our third-party storage providers, whom we may use from time to time to store information physically or electronically. We will take reasonable steps to ensure that we have arrangements in place with such parties that prevent them from using or disclosing personal information for any purposes other than our own.
However, by providing personal information to us, you acknowledge that we may not always be able to guarantee that overseas parties are subject to requirements similar to those contained in the Privacy Act and consent to the disclosure on this basis.
5. Disclosure of Information
We may disclose your information in circumstances including the following:
To Medicare and other public agencies that may require evidence of your treatment, private health insurers, pharmacies and government bodies;
To our related companies, contractors or service providers and professional advisers for the purposes of operation of our business, including fulfilling orders by you, hosting our website or information systems, delivering products, and otherwise providing services and products to you;
To third parties to provide you with care or treatment. Other sources to which we may disclose information about you include treating specialists, family members, and carers;
As required or authorised under law or in co-operation with any government authority, or as otherwise permitted under the Privacy Act 1988 and applicable State and Territory health legislation;
Where information is disclosed to third parties, we take all reasonable measures to ensure that such third parties do not use the information for any purpose other than that for which it was provided or disclose the information to any other party.
We do not sell or rent the personal information we collect. We may share general, aggregated information with advertisers, market researchers, sponsors, content providers and other third parties with whom we have commercial arrangements. However, any such information is de-identified so that it does not include personal information.
6. Security of your personal information
We will take reasonable steps to protect personal information from misuse, interference and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed or required to be kept by law.
7. Access and Correction
You may request access to any personal information we hold about you at any time by contacting us (see details below). Where we hold information that you are entitled to access, we will endeavour to provide you with suitable means of accessing it (e.g. by emailing or mailing it to you, or inspecting the record).
If you are not entitled to access information, we will provide you with reasons why. If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request amendment of it. We will consider if the information requires amendment. If we amend information relating to your health, we will mark the original information appropriately but may not delete it, as it may be necessary by law for us to retain a complete record.
If we do not agree that there are grounds for amendment, then we will provide you with reasons why and add a note to the personal information stating that you disagree with it.
8. GDPR for EU Residents only
In respect to the personal information of EU Residents, we will comply with the data handling regime laid out in the General Data Protection Regulation 2016/679 (GDPR) of the European Union (EU).
8.1 Your rights under GDPR
1. You are entitled to request details of the information that we hold about you and how we process it. We will provide this information for no fee;
2. You may also have a right to:
- Request access to the information and have that information rectified or deleted;
- Restrict our processing of that information;
- Stop unauthorised transfers of your data to a third party; and
- In some circumstances, have that information transferred to another organisation;
- Lodge a complaint in relation to our processing of your data with a local supervisory authority.
3. Where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time by contacting us using the contact method below.
4. If you object to the processing of your data, or if you have provided your consent to the processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, please be aware that:
Such objection or withdrawal of consent could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing our services to other customers/clients’ subject to appropriate confidentiality protections; and
Even after you have chosen to withdraw your consent, we may be able to continue to keep and process your data to the extent required or otherwise permitted by law, in particular:
- To pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests; and
- In exercising and defending our legal rights and meeting our legal and regulatory obligations.
8.2 Processing of your data outside EU
Data that we collect about you may be stored or otherwise processed by third party services with data centres based outside the EU, such as Google Analytics, Microsoft Azure, Amazon Web Services, Apple, etc and online relationship management tools. We consider that the collection and such processing of this information is necessary to pursue our legitimate interests in a way that might reasonably be expected (eg, to analyse how our customers/clients use our services, develop our services and grow our business) and which does not materially impact your rights, freedom or interests.
We will require that all third parties that act as “data processors” for us provide sufficient guarantees and implement appropriate technical and organisational measures to secure your data, only process personal data for specified purposes and have committed themselves to confidentiality.
8.3 Duration of retention of your data
We will only keep your data for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements. At the end of any retention period, your data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning). In some circumstances, you can ask us to delete your data.
If you believe your privacy has been breached, you may contact us using the contact details below and provide details.
Following receipt of a privacy complaint, we will investigate the complaint, and notify the individual concerned of the outcome of our investigation within a reasonable time.
10. Contacting Us
Call us on 1800-693-277 or write to us at:
50 Victoria Street
McMahons Point NSW 2060
3473-9607-5531, v. 2