STATE MEDICAL ASSISTANCE PRIVACY POLICY

This Privacy Policy is maintained by STATE MEDICAL ASSISTANCE PTY LIMITED ACN 164 973 077 (“we”, “us” and “our”) and relates to the collection and use of personal information you may supply to us or we may collect from you through your dealings with us, including via access to any system or facility maintained by us or your conduct on any website maintained by us or through third parties.

We recognise the importance of protecting the privacy of your information, in particular information that is capable of identifying an individual (“personal information”) and we are committed to ensuring that we collect and use this personal information only in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APPs). This Privacy Policy governs the manner in which your personal information will be dealt with including but not limited to collection, access, storage and use and disclosure of personal information which we obtain as part of our business operations. By accessing our website, systems, facilities or databases maintained by us or otherwise transacting with us, you agree to and acknowledge the content of this Privacy Policy. This Privacy Policy is in addition to any other terms and conditions applicable to our dealings with you, including any terms of use of our website.

We reserve the right, at our discretion, to modify, add to or remove portions of this Privacy Policy at any time. We will notify you of any such variations or amendments by publishing the updated Privacy Policy on our website. You should review this Privacy Policy periodically so that you are updated on any changes. We welcome your comments and feedback.

Personal Information

1. Personal information about you is collected only when knowingly and voluntarily submitted and when reasonably required by us to perform one or more of our functions or activities.

2. Personal information is collected by us or on our behalf via the following means: direct requests for information made by us to you either verbally or in writing, online and hard copy consent forms completed by you or on your behalf and service contracts including annexures or attachments thereto.

3. We may also collect personal information indirectly through third parties such as event promoters or your employer. We may also collect your personal information from other publicly available means or through websites (such as Google or social media sites) who disclose to their users that the user’s personal information is provided to businesses such as ours. We may also collect or have access to personal information obtained by related entities to fulfil the purpose for which the personal information was collected, or a related or ancillary purpose or otherwise in accordance with the Privacy Act. We will do this only where you have consented to or would reasonably expect us to obtain this information.

4. It is our intention that this Policy will protect your personal information from being dealt with in any way that is inconsistent with applicable privacy laws in Australia including the APPs. The type of personal information that we may collect and hold includes:

 your name, address, contact details such as telephone numbers and email address;

 your gender and date of birth;

 bank account details; and

 [include any other relevant information regularly collected]

 other information that is necessary in the ordinary course of our business.

5. We may also need to collect sensitive information from or relating to you where this is reasonably necessary for us to perform our services or we are otherwise authorised by law or court order to collect that information. Sensitive information is personal information that is given a higher level of protection under the APPs and may include information about your health (including genetic information) or biometric information, racial or ethnic origin, political opinions and memberships, religious or philosophical beliefs or affiliations, sexual orientation or criminal record.

6. Where it is reasonable and practical to do so we will only collect personal information about you from you. You have no obligation to provide any information requested by us however if you choose to withhold personal information from us it may prevent us from being able to provide you with the goods and/or services that you have requested.

7. We will take reasonable steps to ensure that your personal information is accurate, complete and up-to-date as soon as practicable after receiving your notification of any error or inaccuracy.

Provision of Personal Information about another person

8. You should only provide us with someone else’s personal information if you have that person’s authority or consent to provide us with their personal information. You should also take reasonable steps to inform them of the existence of and the matters set out in this Privacy Policy. If you provide us with someone else’s personal information you promise to us that you have obtained the authority of and notified that person of this Privacy Policy.

Use of Information

9. Personal information collected from you is used for the following purposes:

 to progress an enquiry made by you;

 to provide the services you have requested us to provide;

 to provide service information and improve service delivery;

 to process payments, discounts and refunds where required;

 to manage your accounts with us;

 to communicate with you regarding our products and services and to inform you of other relevant products and services we provide; and

 to develop and expand our operations base and plan for future commitments.

10. Direct marketing

We may also use your personal information for the purpose of marketing our services. If you do not want to receive marketing material from us, you can contact us as detailed below:

• For electronic communications, you can click on the “unsubscribe” function in the communication

• For hard copy communications, you can email us at [insert]

11. Personal information is held in paper archives, by electronic or computer data base and remotely in cloud based storage systems.

Disclosure 

12. We will not disclose your personal information unless you have consented to that disclosure. Your consent to disclosure of information other than sensitive information may be express or implied. Such disclosure may include to your treating medical professionals, insurers, contractors providing services to us such as IT services.

13. We may also disclose your personal information where it is required or authorised by or under an Australian law or a court/tribunal order or where a permitted general or health situation exists under the APPs. Where disclosure is necessary for an enforcement related activity of an enforcement agency, we will provide written notification of that disclosure as is required by the APPs.

14. Disclosure of sensitive information – We will only disclose any sensitive information that we may collect or hold about you for the purposes for which it was collected, or for directly related purposes you would reasonably expect us to use it for or if you have expressly consented to that disclosure or if we are otherwise authorised or compelled by law or a court order to disclosure that sensitive information.

15. We may engage third parties to provide you with goods or services on our behalf. In that circumstance, we may disclose your personal information to those third parties in order to meet your request for goods or services.

16. We do not presently disclose your personal information to recipients outside of Australia. However, in future, disclosure to overseas recipients may be necessary or desirable and we will update this Privacy Policy with details of those overseas recipients as required. You should review this Privacy Policy regularly to keep informed of any updates.

17. As part of provision of the services to you we may store your personal information using online software. The personal information that you provide to us may be transferred to the servers of our software

providers as a function of transmission across the internet. By providing your personal information you are consenting to that personal information being transferred to and stored on the servers as set out in this Privacy Policy. However, as the third parties who host our servers do not control, and are not permitted to access or use your personal information (except for the limited purpose of storing the information), we do not “disclose” personal information to those server hosts, whether or not they are located overseas.

18. Notwithstanding the above, for the purpose of transparency we advise that the servers of our software providers are currently located in [insert location] however this location may change without prior notice to you. Your personal information may be routed through, and stored on, those servers. If the location of those servers changes in the future, we will update this Privacy Policy.

19. We will use reasonable endeavours to ensure that our server hosts do not have access to, and use the necessary level of protection to safeguard, your personal information and otherwise comply with the APPs. If you do not want your personal information to be transferred to a server in the location listed in the previous paragraph or to any other international locations, you should not provide us with your personal information or use our services.

Security

20. We strive to ensure the security, integrity and privacy of personal information collected and held by us, and we review and update our security measures in light of current technologies. Unfortunately, we cannot guarantee that our data storage measures are totally secure.

21. However, we will endeavour to take all reasonable steps to protect the personal information we collect from you from misuse, interference, loss and unauthorised access, modification or disclosure.

22. In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us. However, we will not be held responsible for events arising from unauthorised access to or use of your personal information.

23. Where the personal information is no longer required for the purpose for which it was collected (or a permitted secondary purpose) we will take reasonable steps to destroy or de-identify the information.

IP Addresses

24. If information is gathered by our website/portal or online database, our web servers may gather your IP address to assist with the diagnosis of problems or support issues with our services. This information is gathered in aggregate only and cannot be traced to an individual user.

25. Our website may contain links to third parties’ websites, including sites maintained by related entities. Those other websites are not subject to this Privacy Policy and are not governed, managed or controlled by us. You should familiarise yourself and ensure you are comfortable with any particular privacy policies governing the use of those websites prior to such use.

Cookies and Applets

26. We may use cookies to provide you with a better experience when using our website/portal. These cookies allow us to increase your security by storing your session ID and are a way of monitoring single user access. This aggregate, non-personal information is collated and provided to us to assist in analysing the usage of the site.

Access to Information

27. Depending on which services you are attempting to access, you may be able interact with us anonymously or using a pseudonym. However, this will mean that we may not be able to provide you with any services or the services to which you will have access will be limited.

28. We will endeavour to take all reasonable steps to keep information about you accurate and up to date. If, at any time, you discover that information held about you is incorrect, you may contact us to request the information is corrected. Further, you may request access to any of your personal information we hold. By law we may refuse to allow you access to information in certain circumstances including where giving access may pose serious threat to the health or safety of any person, or where it would have an unreasonable impact on the privacy of others. If we refuse to allow you access to your personal information held by us, we will explain why.

29. If you wish to make a complaint regarding any aspect of the collection, access to, use or storage of personal information by us, please make your complaint in writing to the address below. We will consider your complaint promptly and contact you to seek to resolve the matter. If we have not responded to you within a reasonable time, you are entitled under privacy legislation to make a complaint to the Office of the Australian Information Commissioner.

30. Please direct all requests for access to or correction of personal information or all complaints to: [insert]

How long is it held for?

31. Unless you specify an expiry date, we hold the information at a time of our own discretion.

Questions 

32. For more information about privacy issues in Australia and protecting your privacy or to make a complaint about our handling of your personal information, visit the Office of the Australian Information Commissioner’s web site; http://www.oaic.gov.au/.