THE SKIN CENTRE MEDI SPA PRIVACY POLICY

At The Skin Centre Medi Spa, we are committed to protecting your personal information. This Privacy Policy explains what kind of personal information we collect, how we use it and whether we disclose it to anyone else.

In this Privacy Policy we, us or our means The Skin Centre Chevron Pty Ltd and their related bodies corporate. The policy applies to personal information provided to us or collected by us, offline or online, including through our website www.skincentremedispa.com (Site).

By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy and the Privacy Act 1988 (Cth).

Personal information

Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable. We usually collect personal information directly from individuals. However, we may also collect personal information about individuals from various third parties (e.g. referring doctors).

The type of personal information we collect and hold depends upon your relationship with us and may include:

  • your name;
  • your contact details, including email address, mailing address, residential address and/or telephone number;
  • your age and/or date of birth;
  • your medical history and health information, including specialist reports, test results, medications, referral letters and information from your ‘My Health Record’;
  • your Medicare number, Individual Healthcare Identifier number, healthcare fund number, veteran’s affairs number;
  • your driver’s licence or some other form of identification;
  • photos and videos of you;
  • additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications and associated social media platforms;
  • details of products and services we have provided to you or that you have enquired about;
  • information about your access and use of our Site, including through the use of internet cookies;
  • any other personal information requested by us and/or provided by you or a third party.

Collection and use of personal information

We may collect, hold, use and disclose personal information for the following purposes:

  • to provide our services to you;
  • to enable our health practitioners and other allied health professionals to:
    • report to referring practitioners and other relevant medical practitioners;
    • input information into your ‘My Health Record’ as required;
  • to contact and communicate with you, including by sending appointment reminders;
  • for internal record keeping, administrative and billing purposes;
  • for inclusion in a recall register to be advised of follow up visits;
  • for the purpose of reporting back to your employer, their authorised representatives and their insurer in the case of a work-related consultation or service;
  • to enable you to access and use our Site, associated applications and associated social media platforms;
  • for analytics, market research and business development, including to operate and improve our services, business, the Site, associated applications and associated social media platforms;
  • for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
  • to process and respond to any complaint made by you;
  • to comply with our legal and regulatory obligations; and
  • in relation to staff, maintain appropriate records of current staff, assess and process applications of prospective employees and carry out general HR functions.

We will only use your personal and health information for the purposes described above, unless one of the following applies:

  • the other purpose is directly related to the purpose for which you have given us the information and you would reasonably expect that we would use or disclose the information for that purpose;
  • you have consented to allowing us to use your information for another purpose;
  • we are required or authorised by law to disclose your information for another purpose (for example, to prevent a threat to the life, health or safety of any individual); or
  • we reasonably believe that the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy or as permitted under the Privacy Act.

Disclosure of personal information to third parties

We will do our best to ensure that your personal information is only used and/or disclosed for the purpose it was collected, or a related purpose that’s within your reasonable expectations.

From time to time we may need to disclose personal information to, or collect information about individuals from various third parties, including:

  • medical and other health practitioners involved in your care;
  • Government agencies, such as the Department of Defence or the Department of Veterans’ Affairs, where an individual is receiving services under arrangements with those agencies;
  • Government departments responsible for health, aged care and disability where we are required to do so;
  • our employees, contractors and/or related entities;
  • other companies within The Skin Centre group of related entities;
  • third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
  • our existing or potential agents or business partners;
  • research institutions with which we collaborate;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia; and
  • third parties to collect and process data, such as Google Analytics. This may include parties that store data outside of Australia.

By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia.

How we treat personal information that is also sensitive information

Sensitive information is a subset of personal information that is given a higher level of protection under the Australian Privacy Principles. Sensitive information includes:

  • health information;
  • an individual’s racial or ethnic origin;
  • religious beliefs or affiliations;
  • political opinions;
  • membership of a political association;
  • professional or trade association or trade union;
  • philosophical beliefs;
  • sexual orientation or practices;
  • criminal record;
  • genetic information;
  • biometric information that is to be used for certain purposes; and
  • biometric templates.

We will generally only collect sensitive information with your consent. We only use, hold and disclose your sensitive information for the purpose for which it was collected by us, unless:

  • there is another purpose (secondary purpose) and that secondary purpose is directly related to the primary purpose, and you would reasonably expect, or we have informed you, that your information will be used for that secondary purpose;
  • you have given your consent for your personal information to be used for a secondary purpose; or
  • we are required or authorised by law to use your personal information for a secondary purpose (including for research and quality improvements within the foundation).

The primary purpose may include to:

  • assist us in providing our services and treatments to you;
  • conduct research;
  • appropriately manage, conduct and oversee our businesses, including:
    • assessing insurance requirements, conducting audits, and undertaking accreditation processes;
    • quality assurance programs, billing, improving its services, implementing appropriate security measures, conducting research and training personnel;
  • where required, effectively communicate with third parties, including Medicare Australia, private health insurers and Department of Veterans’ Affairs.

Your rights and controlling your personal information

Choice and consent: Please read this Privacy Policy carefully. By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to offer you our services or your use of this Site or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Marketing: Every now and again you may be contacted by mail, SMS, telephone, email or online so that we can inform you about new products and services, promotions, offers, newsletters, customer surveys competitions and the like. We may also engage third parties to do this on our behalf. We’ll always give you the opportunity to “opt-out” of direct marketing communications. If you don’t want to be contacted for marketing purposes, simply advise us by calling us on 07 5597 7170 or email reception@skincentre.com.au and we will make every effort to meet your request as soon as practicable.

Restrict: You may choose to restrict the collection or use of your personal information.  If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access: You may request access to the personal information that we hold about you. To request access to personal information we hold about you, please call us on 07 5597 7170 or email reception@skincentre.com.au. In certain circumstances, as set out in the Privacy Act, we may refuse to provide you with personal information that we hold about you.

Correction: We take reasonable steps to ensure the personal information we collect, store and disclose from you is accurate, up-to-date and complete. If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Complaints: If you believe that we have breached the Australian Privacy Principles and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. We will endeavour to respond to your request or complaint within 30 days. If you are still not satisfied, you may take your complaint to the Office of the Australian Information Commissioner.

Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Storage and security

We are committed to ensuring that the personal information we collect is secure. All patient information is handled securely and in accordance with professional duties of confidentiality.

We take reasonable steps to ensure your personal information is protected against unauthorised access, misuse, loss, interference, modification or disclosure. We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information, including maintaining physical security of paper and electronic data stores (such as locks and security systems) and appropriate computer and network security (such as firewalls, user identification policies, encryption, password controls).

We will destroy or permanently de-identify any of your information once it is no longer required for the purpose for which it was collected provided we are not otherwise required by law to retain that information.

We are subject to a range of rules relating to the periods for which we must retain certain health information and records. As the owner of medical records and a provider of health services, we must generally retain health information about an individual:

  • for 7 years from the last occasion on which we provided a health service to the individual – if we collected the information when the individual was 18 years old; or
  • until the individual turns 25 – if we collected the information when the individual was less than 18 years old.

While we do all we can to protect the privacy of your personal information, no data transfer over the internet is 100% secure. When you share your personal information with us via an online process, it is at your own risk. There are ways you can help maintain the privacy of your personal information, including:

  • always close your browser when you have finished your user session;
  • always ensure others cannot access your personal information and emails if you use a public computer; and
  • never disclose your username and password to third parties.

Cookies

We may use cookies on our Site from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do allow third parties, such as Google and Facebook, to cause advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our Site with personal information, this information may be linked to the data stored in the cookie.

Links to other websites

Our Site may contain links to other websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our Site. We recommend you check our Site regularly to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact our Privacy Officer at:

Privacy Officer

The Skin Centre Medi Spa

Email: chevron@skincentre.com.au

Phone: (07) 5551 0888

Post: 3/38 Thomas Drive, Surfers Paradise Qld 4217

 

Last update: 9 September 2020