HER. WOMEN’S HEALTH PRIVACY POLICY

1. POLICY PRINCIPLES

1. application and enforceability
   1. This Policy applies to Her. Women’s Health and its Workers, clients and visitors.
   2. This Policy applies to the collection, storage, use and disclosure of personal information by or on behalf of Her. Women’s Health.
   3. By using any of our products or services, visiting our website or giving us your personal information, you agree to your information being collected, stored, used and disclosed as set out in this Policy.
   4. This Policy:

1. 1. 1. is informational in terms of what Her. Women’s Health may do to address the privacy of Workers, clients and visitors in relation to the Her. Women’s Health business. Her. Women’s Health’s core obligations are contained in the Relevant Legislation, not this Policy;
      2. is not contractually enforceable against Her. Women’s Health.

1. PERSONAL INFORMATION

2. WHAT IS PERSONAL/SENSITIVE INFORMATION?

2.1 ‘Personal information’ and ‘sensitive information’ are defined in the Privacy Act. This Policy uses the same definitions.

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.

Sensitive Information means:

1. 1. personal information or an opinion about an individual’s racial or ethnic origin, political opinion, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record; or
   2. personal information that is health information about an individual, genetic information about an individual that is not otherwise health information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification, or biometric templates.

1. COLLECTION OF PERSONAL INFORMATION

3. HOW DOES HER. WOMEN’S HEALTH COLLECT YOUR PERSONAL INFORMATION?

3.1 Primarily Her. Women’s Health will collect your personal information directly from you. However, Her. Women’s Health may collect personal information from a range of sources. Examples of when Her. Women’s Health may collect personal information is when you:

3.1.1 use Her. Women’s Health services via its website;

3.1.2 book an appointment with Her. Women’s Health;

3.1.3 attend an appointment with Her. Women’s Health in person or online;

3.1.4 make an enquiry on Her. Women’s Health’s website or by email; or

3.1.5 give feedback to Her. Women’s Health.

3.2 Normally we collect personal information from you directly. If you provide personal information about someone other than yourself, you agree that you have that person’s consent to provide the information for the purpose for which you provide it to us. You also agree that you have told the person about this Policy and have told them where they can access it.

3.3 We only collect personal information by lawful means. It may be necessary for us to collect such information to enable us to conduct our business and meet our legal and regulatory obligations. If you do not provide your personal information, we may not be able to supply the requested product or service, or otherwise deal with you. Some examples of where we might collect personal information from are:

3.3.1 electronic communications;

3.3.2 forms filled out by people;

3.3.4 our website, including if you use it to contact us.

2. WHAT TYPES OF PERSONAL INFORMATION DOES HER. WOMEN’S HEALTH COLLECT AND HOLD?

4.1 Sensitive information will only be collected if you have consented to us doing so, or where required or permitted by the Relevant Legislation.

4.2 The type of personal information we collect includes, but is not limited to:

4.2.1 names, addresses, e-mail addresses, phone numbers, other contact details, payment details, occupation and other information to assist us in conducting our business, providing and marketing our products and services; and

4.2.2 information about your health.

1. USE AND DISCLOSURE OF PERSONAL INFORMATION

5. USE OF PERSONAL INFORMATION

5.1 We only use your personal information for the purpose for which it was provided to us, for related purposes or as required or permitted by the Relevant Legislation. Such purposes include but are not limited to:

5.1.1 in the ordinary course of conducting our business;

5.1.2 performing general administration, reporting and management functions; and

5.1.3 to send you marketing communications.

6. DIRECT MARKETING

6.1 Her Women’s Health may send you direct marketing communications and information about products, services and events we consider you may be interested in. By agreeing to our privacy policy, you consent to receive direct marketing communications and information from us.

6.2 If you no longer wish to receive direct marketing communications from Her Women’s Health, you can contact us and opt out of receiving these communications. You can also use the opt out facilities in our marketing communications.

7. DISCLOSURE OF PERSONAL INFORMATION

7.1 We may disclose, and you consent to us disclosing, your personal information to third parties. Examples of circumstances where this may happen:

7.1.1 you authorise a third party to receive information from us;

7.1.2 third parties have been engaged by us to provide products or services, or to undertake functions or activities, on our behalf. For example, processing payment information, or hosting our online patient management system;

7.1.3 where disclosure is required by external government agencies; and

7.1.4 as required or permitted by the Relevant Legislation.

8. CROSS BORDER DISCLOSURES

8.1 Information that Her Women’s Health collects is primarily stored and processed in Australia but may be transferred to an overseas recipient. For example, Her Women’s Health may use a server hosted overseas to store data, which may include your personal information. You agree to such cross-border transfers of personal information. Her Women’s Health will take reasonable steps to ensure that any overseas recipient does not breach the Principles in relation to the information.

E. HOW DOES HER. WOMEN’S HEALTH KEEP MY PERSONAL INFORMATION SECURE?

1. SECURITY

9.1 Her. Women’s Health strives to provide an environment which ensures that personal information is stored in a secure and confidential manner. Her. Women’s Health is an online health practice and as such we use digital technology for the storage and management of patient data including but not limited to; contact information and clinical records. We use Cliniko, an online Patient Management System to store and manage your data. We also use email services from Google Inc to communicate with you, as such your contact data (name, email address) shared on this form is stored in the Google Inc GSuite services. Her. Women’s Health has systems in place for the security of both its computer network and business premises.

9.2 Her. Women’s Health will take such steps as are reasonable in the circumstances to protect the personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Personal information will be destroyed appropriately when no longer required.

F. NOTIFIABLE DATA BREACHES

10. ELIGIBLE DATA BREACH

10.1 The Amendment Act defines an “eligible data breach” as unauthorised access or disclosure of information, or loss of information, that a reasonable person would conclude is likely to result in serious harm to any individuals to whom the information relates.

10.2 To determine whether access, disclosure or loss of information would likely result in serious harm to any of the individuals involved, we will consider factors such as:

1. 1. 1. the kind of information;
      2. the sensitivity of the information;
      3. whether the information is protected by one or more security measures;
      4. if the information is protected by one or more security measures – the likelihood it could be overcome;
      5. the kind of persons who could obtain the information;
      6. if a security technology or methodology was used in relation to the information and designed to make the information unintelligible or meaningless to persons who are not authorised to obtain the information;
      7. the likelihood that persons who obtained the information are likely to have the intention of causing harm to any of the individuals to whom the information relates in the form of circumventing the security technology or methodology; and
      8. the nature of the harm.

11 Suspected Eligible Data Breach

11.1. There may be reasonable grounds for us to suspect there has been a data breach and we will take all reasonable steps to carry out an assessment as soon as practicable (and within 30 days after we become aware of the suspected breach) as to whether or not the data breach is an eligible data breach.

12 Notification of Eligible Data Breach

12.1 If there are reasonable grounds for us to believe that there has been an eligible data breach, and no exception under the Amendment Act applies, then we will prepare a written statement including:

1. 1. 1. a description of the eligible data breach;
      2. the kinds of information concerned; and
      3. recommendations about the steps that individuals should take in response to the eligible data breach.

12. 2 If there is an eligible data breach of more than one entity, we will set out the details of those other entities in the manner described above.

12.3 We will provide this statement to the Office of the Australian Information Commissioner (the Commissioner) and (if required by the Amendment Act) we will then notify the contents of the statement to:

1. 1. 1. each of the individuals to whom the relevant information relates; and
      2. individuals who are at significant risk from the eligible data breach.
   2. If it is not practical to contact you in this way, we may publish the statement on our website.

1. Exceptions to an Eligible Data Breach

13.1 There are exceptions under the Amendment Act which may not require us to notify an individual/s of an eligible data breach. Examples include:

1. 1. 1. where we have taken action before any serious harm occurs and, as a result of the action, a reasonable person would conclude the access or disclosure will not be likely to result in any serious harm;
      2. (if information is lost) where we have taken action before any unauthorised access or disclosure; or
      3. where the Commissioner has declared that we are not required to give any notification.

1. DATA QUALITY, ACCESS AND CORRECTION

14. ACCESS TO PERSONAL INFORMATION

14.1 You may request access to the personal information we hold about you by contacting us. Her. Women’s Health must respond to the request and provide access to the information within a reasonable time.

14.2 Where reasonable and practicable, we will provide access to the requested information.

14.3 Despite the above paragraph, Her. Women’s Health is not required to give the individual access to personal information if any of the circumstances detailed in clause 12.3 of Schedule 1 of the Privacy Act exist.

15. CORRECTION OF PERSONAL INFORMATION

15.1 If you consider that the information we hold about you is not accurate, complete or up-to-date, or if your information has changed, please let us know as soon as possible.

15.2 Where Her. Women’s Health is satisfied that the information it holds about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, Her. Women’s Health must take such steps (if any) as are reasonable in the circumstances to correct the information.

15.3 The Her. Women’s Health is entitled to refuse to correct the personal information, provided the Her. Women’s Health gives the individual a written notice containing the reasons for the refusal.

H. CHANGES TO THIS PRIVACY POLICY

16. Her. Women’s Health may review and amend this Policy or any part of it from time to time. Please review this Policy periodically for changes.

17. Your continued use of our website, products or services, requesting our assistance, or the provision of further personal information to us after this Policy has been revised, constitutes your acceptance of the revised Policy.

1. CONTACT DETAILS

Should you have any queries about the Policy, or wish to lodge a complaint about a potential breach of the Principles by the Her. Women’s Health, please contact the Her. Women’s Health Privacy Officer using the contact details listed below

Caitlin Pender

Privacy Officer

Phone: +61 401 329 061

Email: caitlin@herwomenshealth.com

1. DICTIONARY

1. DEFINITIONS

18.1 In this Policy, words defined in the Relevant Legislation have the meaning given by that legislation, a number of which are set out in broad terms below (underlined).  All other words have the following meanings:

1. ‘Her. Women’s Health’ means Caitlin Pender, a sole trader operating through a registered business name, ABN 29412870121
2. ‘Policy’ means this Privacy Policy;
3. the ‘Relevant Legislation’ means the legislation defined in the table at the front of this Policy;
4. The ‘Privacy Act’ means the Privacy Act 1988 (Cth);
5. The ‘Principles’ means the Australian Privacy Principles (‘Principles’);
6. The ‘Amendment Act’ means the Privacy Amendment (Notifiable Data Breaches) Act 2017;

‘Worker’ means a person who carries out work in any capacity for Her. Women’s Health.