Australian Wellness & Cosmetic Institute is committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant
State and Territory privacy legislation (referred to as privacy legislation).
We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, health information, family history, email address, clinical photographs, credit card and direct debit details and contact details. This information may be stored on our computer medical records system and/or in handwritten medical records.
Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals, other health care providers, and the Myhealth record system.
We collect information in various ways, such as over the phone, or in writing e.g. consent forms, in person in our Australian Wellness & Cosmetic Institute Practice or over the internet/social media if you transact with us online. This information may be collected by medical and non-medical staff.
In emergency situations, we may also need to collect information from your relatives or friends.
We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services.
In addition to the above information, we may take before and after photographs of you, write file notes about your skin, your treatment, medical conditions and your leisure activities.
Use and Disclosure
We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment.
There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, debt collection agents, the electronic transfer of prescriptions service or to the Myhealth record system. We may also from time to time provide statistical data to third parties for research purposes.
We may disclose information about you to outside contractors to carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.
Why do we collect personal information?
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable. We collect personal information so that we can:
- Understand your requirements and provide you with the appropriate product or service which includes assessing, diagnosing and treating a patient’s presenting issue or concern;
- Monitor the progress of our services to you and tailor the services to suit your needs;
- Set up, administer and manage our products and services;
- Gather and aggregate information for statistical, reporting and research purposes;
- Perform tasks in connection with purchasing products provided to customers;
- Manage, train and develop our employees and representatives;
- Assessing a person’s application for employment with us;
- Delivering service and company updates and newsletters to you, to inform you about new services or information about us;
- For administrative, marketing (including direct marketing), promotional, planning and quality control purposes;
- Compiling and maintaining mailing lists derived from our website, from our clinics or from other entities within the Group and communicating with persons on those lists;
- Manage complaints and disputes and report to dispute resolution bodes;
- Responding to inquiries;
- As required or permitted by any law, including the Privacy Act 1988 (Cth);
- Get a better understanding or you, your needs, your behaviours and how you interact with us, so we can engage in product and service research, development and manage the delivery of our services and products via the way we communicate with you; and
You can choose not to provide certain information, but then you may not be able to take advantage of some or all of the features of our products and services. It may also not enable us to personalise your products and services to suit your individual needs. For potential franchisees, if you decide not to provide all information, you may not be able to take part in available investment opportunities.
How we handle your personal information?
We collect your personal information directly from you and, in some cases, from other people or organisations.
We also provide your personal information to other entities in the Group and they may disclose or use your personal information for the purposes described in “Why do we collect personal information?” in relation to products and services that they may provide to you.
We will use and disclose your personal information for the purposes we collected it as well as for related purposes, where you would reasonably expect us to. We may disclose your personal information to and/or collect your personal information from:
- Any of our group joint ventures where authorised or required;
- Any entity where disclosure to, or collection from, such entity is required or authorised by law;
- Customer, product, business or strategic research and development organisations;
- Data warehouse, strategic learning organisations and data partners;
- Social media and other virtual communities and networks where people create, share or exchange information;
- Publicly available sources of information;
- Member loyalty or rewards programs and other industry relevant organisations;
- A third party that we’ve contracted to provide business, administration or consultancy services – for example: information technology providers, consultancy firms, auditors and business management consultants, sales agents, marketing agencies and other marketing service providers and print/mail/digital service/imaging/document management providers;
- Your and our advisers, agents, representatives or consultants;
- Government, statutory or regulatory bodies and enforcement bodies;
- Any external dispute resolution body;
- Investors, advisers, trustees or any other organisation that performs tasks in connection with the franchising of this business;
- Any organisation that assists us to gather or aggregate information for statistical, reporting or research purposes;
- Any organisation or person in connection with the sale of a clinic, its assets or any part or whole of the Group;
- Any other organisation or person, where you’ve asked them to provide your personal information to us or asked us to obtain personal information from them; or
- As required or permitted by any law (including the Privacy Act 1988 (Cth).
Data Quality and Security
We will take reasonable steps to ensure that your personal information is accurate, compete, up to date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.
Personal information that we hold is protected by:
- securing our premises;
- placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
- providing locked cabinets and rooms for the storage of physical records.
If you believe that the information we have about you is not accurate, complete or up to date, we ask that you contact us in writing (see details below).
You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.
There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.