Protection of your Privacy and Personal Information
‘Individuals’ refers to our clients, prospective clients, patients, prospective patients, customers, prospective customers, stakeholders, collaborators, partners, relevant health service providers, suppliers and other third parties.
‘Business Operations’ refers to our responsibilities relating to clinical and eHealth services, non-clinical services, education and training, marketing and development, or to otherwise carry out our functions including, for example, hiring new employees or dealing with suppliers or contractors.
The ‘Act’ refers to the Privacy Act 1988 (Cth).
‘Personal Information’ is defined by the Act as “…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.” Examples of Personal Information include your full name, your address, your personal and health history, your credit card details etc. As such, an individual’s identity may be apparent or ascertained from such information. The collection, storage, use and disclosure of Personal Information is regulated by the Act.
‘Sensitive Information’ refers to information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices; or criminal record. Sensitive Information is a type of Personal Information that has higher protection.
‘Health Information’ refers to information about an individual’s health or a disability, as well as any other Personal Information collected while receiving a health service, including the symptoms described or the health service provider's observations and opinions of the individual’s health, prescription information, contact and billing details, test results and reports, and Medicare number. Health Information is regarded as Sensitive Information and as such, has higher restrictions on how it is handled compared to other types of Personal Information.
2. Why do we need to collect your Personal Information?
We collect Personal Information that is reasonably necessary to carry out the Business Operations. This Personal Information may include Sensitive Information and in some instances, for example if you receive clinical or eHealth services, may include Health Information. You may provide TCN with Personal Information because you wish to:
attend a TCN clinic or receive services provided by us;
register to use a TCN eHealth service or product;
attend an event or course run by us;
receive communications from us;
connect with us via social media.
collaborate with us;
apply for employment at, or otherwise provide services for, TCN.
While it is possible for you to interact with us under a pseudonym and thus remain anonymous, in certain situations this may be impractical or impossible, for example when you want us to provide a report to a third party. Further, there are certain circumstances where we are required by law or may be directed by a court or tribunal to act in a way that means it will not be possible for you to use a pseudonym or remain anonymous.
We will collect Personal Information only to the reasonable extent needed to carry out the Business Operations with which you are involved or to otherwise deal with you.
3. What Personal Information does TCN collect?
The Personal Information we collect in order to carry out the Business Operations will depend upon the purposes for which you interact with TCN. This may include your:
full name and prefix (e.g. Mr or Mrs);
date of birth;
occupation and employer;
credit card details and other related information that will allow us to process relevant transactions;
other demographic information.
If you are involved with TCN for health-related services, then the Sensitive and Health Information that we collect may include:
you and your partner’s ethnicity;
your relationship status and history;
your medical history;
your family’s medical history.
You do not have to provide us with any Personal Information, however if you do not, we may not be able to carry out the Business Operations with which you are involved.
4. How does TCN collect your Personal Information?
Wherever practicable, we collect your Personal Information from you directly. This may include collecting information from you:
verbally e.g. face-to-face and via telephone;
in writing e.g. forms or questionnaires that you complete;
via our websites and other electronic communication channels e.g. email and SMS.
Sometimes we collect Personal Information through observation, such as when delivering clinical services, and we may record this information as a part of delivering that service.
Sometimes we may obtain your Personal Information indirectly from third parties or other Individuals, such as when your partner, a family member, a referrer or your employer provides information about you. For instance, when individuals are receiving clinical services, we may need to obtain Personal Information from referring doctors to ensure that we are fully informed in relation to the issues that we need to address. Similarly, when individuals are receiving training and education services, we may need to obtain your Personal Information from other individuals and/or entities associated with you, such as your business colleagues or your employer. If this ever happens we will always confirm that information with you as soon as possible.
You must be over 15 years of age to provide TCN with Personal Information. If you are under 15 years of age, your parent or another responsible person will need to provide your Personal Information to us on your behalf.
5. Does TCN collect of non-identifiable information?
6. Why does TCN collect and use Personal Information?
providing information, advice and services;
conducting business processing functions;
communicating with you and your referring/treating doctor;
updating our records to keep your contact details current;
responding to any complaint made by you;
billing for services;
administering our services;
informing you about problems with or changes to our services;
informing you about how your use of our services could be improved;
reviewing and improving our services;
providing you with marketing and promotional material, including by direct marketing, and providing you with information about other services, including services provided by our commercial associates (unless you tell us that you opt-out of the use of your Personal Information for these purposes, as detailed below);
protecting the safety of you or any member of the public, for example, to avoid an imminent threat to a person’s life;
complying with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority.
7. Why and to whom do we disclose your Personal Information?
We only share your Personal Information with third parties where it is necessary in undertaking those activities in which you have agreed to be involved. We may disclose your Personal Information to third parties who work with us in our business including, without limitation, any of our commercial associates, partners, collaborators, contractors, agents, consultants, professional advisers, suppliers or others in order to facilitate the Business Operations. This may include trusted third parties engaged to assist us with services including data processing, data analysis, information technology services and support, website maintenance/development, printing, record archiving, data mining, market research, accounting services, debt collection and courier services. Either TCN or our providers may disclose your Personal Information where it is reasonable to do so or where we are authorised or required to do so by applicable law.
Where you are engaged with TCN for clinical or eHealth services, we may disclose your Personal, Sensitive and Health Information to healthcare professionals directly involved in your treatment. Health Information may also be provided to third parties if we are legally obliged to do so by a court subpoena, statutory authority, search warrant, coronial summons or to defend a legal action. If information is requested by a third party connected to you it must be accompanied by an original written authorisation from you to release that information.
To keep you up to date with our services, publications and other resources, we may place you on a communications list, including mail, telephone and/or email (unless you tell us that you opt-out of the use of your Personal Information for these purposes, as detailed below).
Both Sensitive Information and Health Information will only be disclosed with your consent and in accordance with applicable laws. Your Personal, Sensitive and Health Information will never be disclosed other than as described in this policy.
8. What happens if your Personal Information is incomplete?
If any of the Personal Information you provide is inaccurate or incomplete, or if you choose not to provide us with your Personal Information, it may detrimentally affect the services that we provide you and our ability to carry out the Business Operations. Further, it may also mean that we cannot provide you with our services at all.
9. Is our record keeping secure?
TCN will take all reasonable steps and have a policy to ensure your Personal Information, whether held in hardcopy or softcopy format, is protected from misuse, loss and unauthorised access, modification or disclosure. It includes the directives that:
current and archived hardcopy documents containing Personal Information are:
not left on desks or workstations where they may be visible to unauthorised persons;
covered when being carried;
stored in locked filing cabinets when not in use, these cabinets being located in a secure facility which is security monitored when unattended.
current and archived softcopy documents containing Personal Information are:
stored locally on password protected computers;
backed-up using two-key encryption at a specialised offsite facility within Australia (not offshore) that complies with Australian privacy legislation and relevant associated laws.
computer screens are turned away from the public and have screen savers to reduce the chance of casual observation.
client information is not discussed in public areas where it may be overheard;
current and archived documents are viewed by only those Individuals with a legitimate need to do so.
Personal Information is destroyed or de-identified when no longer needed and when the legislative retention period has expired.
10. Are our IT systems well protected?
TCN has in place various Information Technology (IT) protections including:
our merchant facility being Payment Card Industry (PCI) compliant with security provided by the participating financial institution;
security measures in relation to our technical hardware, software and other related equipment in order that they remain responsive to changing threats and other issues that may impact the security of your Personal Information, e.g. virus protection, firewalls, encrypted backups.
As our websites, email and eHealth services are linked to the internet, and the internet is inherently insecure, we cannot provide any assurances regarding the security of information transmitted to or from TCN via such on-line methods. We also cannot guarantee that the information you supply will not be intercepted while being transmitted. Accordingly, any information which you transmit to us online or via email is transmitted at your own risk.
11. How can you access and correct your Personal Information?
You may request access to any information we hold about you at any time. Where we hold information about you that you are entitled to access, we will provide you with suitable means of accessing it. We will not charge you for making the request. In circumstances where you request a copy there may be a fee to cover our administrative costs and you will be advised of this fee at the time of making the request.
There may be instances where we cannot grant you access to some of the information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of other Individuals. If that is the case, we will provide you with a written explanation of those reasons.
If you believe that the information we hold about you is incorrect, incomplete or inaccurate, then you may request it be amended. We will consider if the information requires amendment and amend it if we conclude amendment is warranted. If we do not agree that there are grounds for amendment then we will notate your request.
12. Do we use your Personal Information for marketing?
We may contact you directly or send you communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, phone and email, in accordance with applicable marketing laws. If you indicate a preference for a method of communication, we will use that method of communication. In addition, at any time you may opt-out of receiving communications from us by contacting us (see the details below) or by using opt-out facilities provided within the communication. We will in turn ensure that your name is removed from our contact list. We will not provide your personal information to other organisations for the purposes of such communications.
13. Do we disclose your Personal Information outside Australia?
We do not typically or routinely disclose Personal Information to overseas recipients. Unless you have given your consent, or an exception under the APPs applies, we will only disclose Personal Information to overseas recipients where reasonable steps have been taken to ensure the overseas recipient does not breach the APPs in relation to your Personal Information.
14. How can you to contact us or make a privacy complaint?
We may change this policy from time to time. Any updated versions will be posted on our websites.