Privacy Policy

Privacy Policy
Effective: 1 January 2021
In this Privacy Policy, Southern Neurology, us, we or our means Southern Neurology Pty Ltd (ABN 95 067 742 992), the provider of the platform used by a group of independent practitioners to provide services (Platform). We are committed to respecting your privacy. Our Privacy Policy sets out how we collect, use, store, disclose and otherwise handle your personal information.
By providing personal information to us, including through the Platform, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy. Any changes to our Privacy Policy will be effective immediately upon posting and you agree to the new Privacy Policy by continuing your use of the Platform.
1. What personal information do we collect?
Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, it would include your name, age, gender, postcode and contact details. It may also include financial information, such as your credit card information, or sensitive or health information, such as information about your medical conditions and symptoms.
We may collect the following types of personal information:
• identity information, such as your name, age or date of birth and gender;
• contact details, such as your mailing or street address, email address, telephone number and other contact details;
• financial or payment information, such as your credit card details;
• health information (which constitutes sensitive information), including details of your health and diagnoses, information about your current and historical symptoms and medication history, medication side effects, and your patient identifier (as nominated by your treating healthcare practitioner or practice); and
• information about your treating healthcare practitioner(s) and health insurance membership details;
• for each device you use to access the Platform or our website, your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information. This may include information we collect through 'cookies' on our website and Platform to recognise you across different devices and/or browsing sessions, remember your preferences and secure our Platform. You can disable cookies through your internet browser but our website and the Platform may not work as intended for you if you do so; 
• details of the products and services we and our business partners have provided to you or that you have enquired about, including additional information necessary to deliver those products and services and respond to your enquiries;
• information relating to you that you upload or provide directly or indirectly through our Platform, website or text messages; and
• other personal information that may be required in order to facilitate your dealings with us.
2 How do we collect and hold personal information?
We collect these types of personal information in several ways, including:
• directly from you, when you:
• register and use our Platform or our website;
• communicate with us through correspondence, in person, over the phone, email or SMS, where you complete our online or SMS questionnaires; and
• interact with our Platform, staff, website, services, content and advertising.
• indirectly, where unreasonable or impracticable to obtain directly from you, being:
• if you are a patient, from:
• someone with responsibility for you, such as a nominated carer; 
• your treating healthcare practitioner or practice or medical service provider, where you have consulted or interacted with them in person, over the phone or online, and they provide that information in the Platform; and
• generating additional information and opinions about you and your health or symptoms based on other information maintained on the Platform. This generated information will constitute health information; and
• publicly available records, if relevant.
When you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. 
3	Why do we collect, use and disclose personal information?
We collect, hold, use and disclose your personal information for our business operations and activities, including:
• to enable a group of independent practitioners to provide services;
• provide, operate and improve the Platform, as well as the SMS questionnaires, including to facilitate communication between patients, carers and healthcare practitioners and improve health outcomes of patients;
• to enable you to access and use our Platform, website, services and app and manage our relationship with you (including registering your account), including, to provide you with access to clinical trials;
• to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
• as part of a sale or transfer of assets or other corporate transaction;
• to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties;
• if you are a patient, to provide you, someone with responsibility for you (such as your carer or guardian) and your healthcare practitioner with information that may assist in managing and improving your health; and
• to consider your employment application. 

We may also collect, use and disclose your personal information:
• for the purposes of analytics, including analysing that information (including, in connection with the information of other individuals) and identifying trends or predictions for particular conditions or symptoms; 
• to send you educational, marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting (including in relation to clinical trials); and
• in order to provide your aggregated and de-identified personal information, including health information in reports we provide to third party business partners, such as:
• insurance companies for the purposes of funding your care; 
• third party medical service providers, such as radiology and pathology providers for the purposes of providing care to you; and 
• government agencies for the purposes of funding.  
4	Do we use your personal information for direct marketing?
If you are a patient or carer, we will seek your consent before we send any direct marketing communications to you which use your sensitive information. However, we may use and disclose your health information on a de-identified and aggregated basis to enable us and our third party business partners to send materials about services and products (including clinical trials and recommendations for particular medication and treatments) which we or our partners consider may be relevant for their treatment of patients or patient groups. 
Where you cease to use the Platform, we will not be required to retract personal information which has already been collected, used (eg. been aggregated or de-identified within reports or algorithms) or disclosed to other practice management systems or third parties.
5	To whom do we disclose your personal information?
We may disclose personal information for the purposes described in this Privacy Policy to:
• healthcare practices and practitioners from whom you are receiving, or have previously received treatment; 
• individuals with responsibility for you (such as your parent, carer or guardian), or specific third parties authorised by you to receive your personal information which we hold;
• our employees, contractors and related bodies corporate;
• third party suppliers and service providers, including:
• entities which host or enable us to operate our Platform, apps, websites;
• entities who assist us to provide products and services to you;
• payment systems operators (eg. merchants receiving card payments); and
• our current or potential professional advisers and agents;
• our business partners. Please note: this will only be on a de-identified and aggregated basis.
• anyone to whom our assets or businesses (or any part of them) are transferred; or
• other third parties as required, authorised or permitted by law.
6	Disclosure of personal information outside Australia
We store your data in Australia. While our business partners, to whom we disclose your personal information are located in Australia, some of them may share your personal information with their third party providers or operations overseas, including in the USA, Switzerland, France, Japan, China, Germany, England, Sweden, Denmark, Israel, Ireland, the Netherlands and Italy.  
We will use commercially reasonable efforts to ensure that any overseas recipient of your personal information will deal with such personal information in a way that is consistent with applicable Australian privacy legislation, including the Australian Privacy Principles. 
7	Security
We will take reasonable steps (including using a number of physical, administrative, personnel and technical measures) to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. For example, we will:
• ensure data (including personal information) in our possession is subject to secure login access;
• store data in our possession on servers with enterprise level firewalls (with intrusion detection systems) which are located in physically secure sites in Australia; and
• if we no longer require personal information for a purpose permitted by Australian law, take reasonable steps to securely destroy or de-identify such personal information.
While we will take reasonable steps to protect your personal information, we cannot guarantee the security of your personal information.
8	Links
Our website and the Platform may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage you to read them before using those websites.
9	Accessing or correcting your personal information
You (or your nominee) may request: (i) details of what personal information we hold about you; or (ii) access to, or that corrections be made to, the personal information we hold about you, by contacting us at the details set out in section 11 below. If you do so, please specify your identity and the details and format of the information which you are seeking access to, or correction of (including the element of inaccuracy or incompleteness, and information required to correct your information). We will respond to your request within a reasonable time, which – in respect of health information – will be no longer than 45 days in NSW and Victoria for an access or correction request, and 14 days in the ACT for an access request.
There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request, and informing you of how you can complain about our refusal. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
10	Making a complaint
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out in section 11 below. Please include your name, email address and/or phone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take. 
11	Contact Us
For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below or via the Contact Us section on our website:
Privacy Officer
Suite 2/19 Kensington St, Kogarah NSW 2217
privacy@southern-neurology.com.au