Privacy and Security
The information you provide will be collected by or on behalf of us and may be disclosed to third parties, including those that help us deliver our services (including information technology suppliers, communication suppliers and our business partners) or as required by law. If you do not provide this information, we may not be able to provide all our services to you. Your data is stored in Australia, and we may disclose your personal information to recipients that are located outside of Australia, including to Xero (which stores data in the USA) if you integrate your Halaxy and Xero accounts.
Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit/debit card and/or bank account information.
- the Privacy Act 1988 (Cth) (“Privacy Act”) (including the Australian Privacy Principles under that Act);
- health records legislation, including the Health Records Act 2001 (Vic), Health Records and Information Privacy Act 2002 (NSW), Health Records (Privacy and Access) Act 1997 (ACT); and
- marketing legislation, including the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
Collection of personal information - what, how and why
We may collect the following types of personal information:
- your name, address, telephone and email contact details;
- your gender, date of birth or age and marital status;
- your billing details;
- if you are a practitioner, your areas of focus and contact details
- health information recorded in our system either by you or your practitioner including the treatment you have received, including date, service type, description of the service, which practitioner treated you, test results, current and past medical history, data uploaded by any of your connected health devices;
- your bank account or credit/debit card information;
- government related identifiers, including your Medicare number;
- your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
- details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
- any additional information relating to you that you provide to us directly through our website or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys; or
- any other personal information that may be required in order to facilitate your dealings with us.
We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:
- register on our website;
- communicates with us in person, by phone, via mail, through correspondence, chats, email, online, or when you or your practitioner share information with us from other social applications, services or websites, or when we contact you or your practitioner through any means;
- interact with our sites, services, content and advertising or when you or tour practitioner register, log in for and use services offered by us; or
- invest in our business or enquire as to a potential purchase in our business.
- We may also collect your personal information from other persons or entities.
We may collect, hold, use and disclose your personal information for the following purposes:
- to enable you or your practitioner to access and use our website and our services;
- to operate, protect, improve and optimise our website and our services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
- to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
- for medical research purposes, including providing this information to third parties for this purpose;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
- to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
- to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
- to consider your employment application.
We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.
We and/or our carefully selected business partners may send you direct marketing communications and information about our services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg an unsubscribe link).
In order to allow us to provide, manage and administer our products and services to you and to operate an efficient and sustainable business, we may be required to disclose your information to third parties. This may include disclosure in the following circumstances:
- our employees and related bodies corporate;
- hospitals, medical and ancillary service providers (for example, practitioners);
- any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives;
- lawyers, auditors and other advisors appointed by us or acting on our behalf;
- where disclosure is required by law, including compulsory notices from courts of law, tribunals or government agencies;
- third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
- government and regulatory bodies, including, Medicare, the Australian Taxation Office, the Department of Veterans Affairs and the Department of Health and Ageing;
- professional advisers, dealers and agents;
- payment systems operators (eg merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- our sponsors or promoters of any competition that we conduct via our services;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
We can aggregate Your non-personally identifiable data
By using our services, you agree that we can access and aggregate data we have collected from you using reasonable steps to use your personal information in a way it does not personally identify you. We may access, aggregate this data for our own use or for use by third parties:
- to audit, research, measure and analyse the information in order to maintain, administer, enhance and protect our products and services, including analysing usage trends and patterns and measuring the effectiveness of content, advertising, features or services;
- for contextual and cookie-based automated content delivery, such as tailored ads or search results;
- for health and medical research, public health and service activities, healthcare and medical related services; and
- to prepare aggregate reports for current or future advertisers, sponsors or other partners to show trends about the general use of our services. Such reports may include age, gender, geographic, demographic or other general user information, but do not include personal information that personally identifies you.
Disclosure of personal information outside Australia
If we send your information outside of Australia, we will require that the recipient of the information complies with local privacy laws and contractual obligations to maintain the security of the data.
Using our website and cookies
We may collect personal information about you when you use and access our website.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
You are responsible for transfer of your data to third-party applications
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. However, we cannot guarantee the security of your personal information.
Accessing or correcting your personal information
As required under the Australian Privacy Principles, you can access the personal information we hold about you by contacting us at firstname.lastname@example.org. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
Making a complaint
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us at email@example.com. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
Effective: 22 January 2019