- Your privacy
- This Privacy Policy is issued by 13 DOCTOR (“13 Doctor”, “we”, “us”, “our”) and sets out how we manage your information in connection with your access to and use of the various platforms, websites, contents, products, and services that we make available to you (“Products”).
- This Privacy Policy sets out how we handle personal information, including health information, in accordance with the requirements of the Privacy Act 1988 (Cth), the Australian Privacy Principles and other laws that protect the privacy of individuals.
- You are a registered user of a 13 DOCTOR Product if you have successfully registered as a user of a 13 DOCTOR Product in accordance with the 13 DOCTOR Terms & Conditions (“Registered User”). References in this Privacy Policy to “you” or “your” refers to the Registered User.
- You acknowledge and agree that we may collect, hold and share sensitive information about you, including information about your health. Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if the information is reasonably necessary for the performance of our functions, as described below.
- The kinds of information we collect and hold
- The types of information we may collect include your:
- name and contact details;
- qualifications and occupation;
- age, sex, nationality, racial or ethnic background;
- sexual preferences and practices;
- health information including images and diagnostic information;
- usernames or passwords used to access our services;
- health identifiers;
- usage information about your visit to our website and how you use our products and services;
- any additional information relating to you collected through our online presence;
- financial information such as credit card or bank account numbers;
- records of your communications and interactions with us;
- location information; and
- health information.
- The types of information we may collect include your:
- How we collect your information
- We may collect your information in a number of ways, including:
- directly from you or someone caring for you (such as where you provide information to us when you access a Product, complete an application form or enter an agreement for one of our services, or you contact us with a query or request or to resolve an issue you might be facing);
- from our corporate customers, such as health insurers or employers, who make the service available to you;
- from your My Health Record;
- from the third-parties we list in the section of this Privacy Policy under the heading “When we disclose your personal information”;
- through recording telephone calls and Consultations;
- through audio-visual-conference recording;
- through customer surveys and questionnaires which may be undertaking to ensure ongoing high quality of service;
- from publicly available sources of information;
- our records of how you use our products and services; and
- via automatic data collection, such as your device location information. Some of our applications collect real-time information about the location of your device.
If you choose not to provide certain information about you, we may not be able to provide you with the services you require.
- We may collect your information in a number of ways, including:
- How we hold your information
- Details of your information may be stored by a Product. We may store your information in hard copy or electronic format, in storage facilities that we own and operate ourselves, or that are owned and operated by our service providers. These facilities are situated in Australia.
- We take privacy and confidentiality very seriously and we take reasonable steps to maintain the security of your information and to protect if from unauthorised use and disclosure and to ensure that a recipient of your information protects it in accordance with the Australian Privacy Principles.
- How we secure your information
Our Products are designed with your security and privacy as our highest priority. 13 Doctor understands that your personal information and health details are private and sensitive information and we aim to ensure it is kept that way.- 5.1. Account and Password Protection
- 5.2. Data Encryption
All data containing any personally identifiable or health information accessed or stored by our Products is always encrypted when in transit.
Our security implementation includes strong cryptographic standards (such as AES256 encryption, and SHA256 hashing). - 5.3. Security Monitoring
Our Products are subject to various ongoing security programs. For some products, this includes penetration testing and security vulnerability testing. - 5.4. Network, infrastructure and hosting
Our network and infrastructure is designed with security in mind and is hosted in Australian based data centres.
Our hosting service is certified by the Australian Signals Directorate – part of the Australian Government’s Department of Defence and meets industry standards (such as ISO27001) for physical security and availability. - 5.5. 13 Doctor website
The 13 Doctor website is registered on your device. Our website does not store any of your information on your mobile phone.
All communication between our website and the 13 Doctor account servers is handled over SSL secure connections. We utilise methods that ensure our website is talking to the 13 Doctor account servers. - 5.6. Your system security
- You should be aware that your own email may not be secure, so care should be taken with images and information being sent from your system.
- You must be very careful to:
- only transmit appropriate images and in accordance with our instructions;
- ensure that, where possible, the images do not identify you, by showing your face, physical marking or tattoo;
- only send images required for your Consultation;
- carefully follow the instructions provided when you use a specific Product when transmitting the image, to avoid the risk of accidentally transferring the images to the wrong place.
- If you send information from a system provided by your workplace, you should also be aware of any policies that allow your employer to view your emails and attached documents and images.
- How we use your information
- We may use your information for a range of different purposes, including:
- to provide and support our services, including medical services and secure communications;
- to enable you to monitor your information;
- to administer and manage the products and services we provide, to charge and bill for them, and to collect any amounts owing;
- where appropriate, to verify your identity or to conduct appropriate checks for creditworthiness or fraud;
- to provide, evaluate and support our products and services, including health records management, secure communications and technology services;
- to help develop complementary or related products or services that you may elect to utilise;
- to provide information about those products and services and provide better customer service;
- to maintain and update our record of your information;
- to assist you with enquiries;
- to work with our service providers;
- to gain an understanding of your needs, to perform research and analysis and to improve or develop our products and services, including by us contacting you 6-12 months after you first use the 13 Doctor account (and periodically thereafter) to obtain your feedback on our Products;
- to monitor network use, quality and performance, and to operate, maintain, develop, test and upgrade our systems and infrastructure;
- to allow you to receive the benefit of services and products offers by third-parties; and
- as authorised or required by law.
- We may use your information for a range of different purposes, including:
- When we disclose personal information
- We may provide the personal information of our customers and prospective customers (excluding health or sensitive information) to other health professionals and also to third parties who provide services to us, including organisations and contractors that assist us with the purposes for which we use that personal information. Those services include:
- customer enquiries;
- information technology and network services;
- mailing operations; and
- billing and debt-recovery functions.
- We may also exchange personal information of our customers and prospective customers where appropriate:
- with our related entities;
- with third-party vendors;
- with law enforcement and national security agencies, and other government and regulatory authorities;
- with third-parties who assist us to manage or development our business and corporate strategies and functions, including our corporate risk functions; or
- for the purposes of facilitating or implementing a transfer/sale of all or part of our
assets or business.
- We may provide information, including sensitive health information, about you to your primary physician or doctor. This will be done subject to your consent.
- Where needed, we may also provide information about you in referrals to other healthcare practitioners, such as medical specialists.
- We may provide the personal information of our customers and prospective customers (excluding health or sensitive information) to other health professionals and also to third parties who provide services to us, including organisations and contractors that assist us with the purposes for which we use that personal information. Those services include:
- Third-party contractors
- From time to time, we engage third-party contractors to provide support services in relation to particular products and services.
- Whenever a third-party contractor requires access to personal information in order to provide a particular service, we contractually oblige them to protect the confidentially of such information.
- We take the privacy and confidentiality of your information very seriously, and have implemented a range of measures to protect that information including, depending on the circumstances:
- strict monitoring and access controls regulating which staff can access particular information; and
- network and premises security.
- Access to third-party services
- In connection with our Products, we may provide you with the opportunity to connect to other third-party services or products. We do not endorse these third-party services or products and you should review their corresponding terms and conditions and privacy policies before using any third-party service or product. We accept no liability in relation to third-party services or products.
- Cookies
- A cookie is a small file of letters and numbers that we may store on your browser, mobile device or the hard drive of your computer. We may use Google Analytics in connection with the Products and Google may set cookies on your browser or read cookies that are already there.
- For more information on how Google uses cookies in relation to the Products, please see “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time).
- Location information
- When you use our location-enabled service, we may collect and process information about your computer’s or mobile device’s GPS location (including the latitude, longitude or altitude of your computer or mobile device). We do not store this data and it is only used at the time we are providing services to you. You can withdraw your consent at any time by disabling the location-services functions on your device, provided your device allows you to do this.
- Our Products may use Google Maps API. For further information on how Google handles your information, please see Google’s privacy policy http://www.google.com.au/policies/privacy.
- Direct marketing
- If you are customer or prospective customer, we may also use your personal information so that we can promote and market our products, and services that we think will be of interest to you on an ongoing basis. This will only be done with your consent.
- This marketing may be carried out in a variety of ways (including by direct marketing by mail, telephone or electronic message or by customising on-line content and display advertising on our websites) and may continue for a period after you cease acquiring any products or services from us.
- You may opt-out of this type of marketing by following the steps in the marketing communication or contacting us using the contact details set out in the “How to contact us” section of this Privacy Policy.
- We do not sell or otherwise provide personal information to unrelated third-parties for their direct marketing purposes.
- Telephone calls and Consultations
- To ensure that we maintain our high standard of clinical care, we record all Consultations and calls to our service and we will comply with relevant legislation.
- Health records
- We will comply with all relevant legislation governing health records.
- How to access or correct your information or make a privacy complaint
- If you wish to access any of your information that we hold, or you would like to correct any errors in that information, please contact us using the contact details set out in the “How to contact us” section of this Privacy Policy, so that we can respond to your request.
- You may also use these contact details to notify us of any privacy complaint you have against us, including if you think that we have failed to comply with the Australian Privacy Principles or any binding Australian Privacy Principle code that has been registered under the Privacy Act 1988 (Cth). While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, you may also be able to lodge a complaint with a relevant regulator such as the Australian Information Commissioner (http://www.oaic.gov.au/ or 1300 363 992).
- About this Privacy Policy
- This Privacy Policy is effective as of 30 June 2019. From time to time, we may need to change this Privacy Policy. If we do so, we will post the updated version on our website (www.13-doctor.com.au) and it will apply to the personal information, including health information, then held by us.
- How to contact us
- If you have any questions in relation to this Privacy Statement or our management of your personal information, including health information, please let us know by contacting us here.