Privacy Policy

BYRON LUXURY HEALTHCARE PTY LTD ACN 621 461 563 TRADING AS THE SANCTUARY BYRON BAY
PRIVACY POLICY
1. INTRODUCTION
1.1 Byron Luxury Healthcare Pty Ltd ACN 621 461 563 trading as the Sanctuary Byron Bay, offers a range of holistic treatment and health related services in Australia.
1.2 In the course of our business in Australia, we collect personal information. This privacy policy has been developed to ensure that such information is handled appropriately.
1.3 We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. Our commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way that personal information must be treated.
Who does the privacy policy apply to?
1.4 This policy applies to any person in relation to whom we currently hold, or may in the future collect, personal information. Broadly, we only collect personal information from patients or a representative on their behalf, prospective and current subcontractors, suppliers, service providers and agents who perform services or provide goods on our behalf and prospective employees.
What information does the privacy policy apply to?
1.5 This policy applies to personal information. In broad terms, 'personal information' is information or opinions relating to a particular individual who can be identified.
1.6 Information is not personal information where the information cannot be linked to an identifiable individual.
2. HOW DO WE MANAGE THE PERSONAL INFORMATION WE COLLECT?
2.1 We manage the personal information we collect in numerous ways, such as by:
(a) implementing procedures for identifying and managing privacy risks;
(b) implementing security systems for protecting personal information from misuse, interference and loss from unauthorised access, modification or disclosure;
(c) providing staff with training on privacy issues;
(d) appropriately supervising staff who regularly handle personal information;
(e) implementing mechanisms to ensure any agents, suppliers, service providers or subcontractors who deal with us comply with the APPs;
(f) implementing procedures for identifying and reporting privacy breaches and for receiving and responding to complaints; and
(g) appointing a privacy officer within the business to monitor privacy compliance.
2.2 We will take reasonable steps to destroy or de-identify personal information if that information is no longer needed for the purposes for which we are authorised to use it.
2.3 If you want to use a pseudonym or remain anonymous when dealing with us, you should notify us and we will try to accommodate your request, subject to our ability to perform the services.
3. WHAT KINDS OF INFORMATION DO WE COLLECT AND HOLD?
3.1 The personal information we may collect differs, depending on whether you are a patient, representative of a current or prospective patient, employee, subcontractor, supplier, servicer provider or agent.
Personal information (current or prospective patient)
3.2 If you are a patient, we may collect and hold personal information about you, which may include:
(a) sensitive information (see below);
(b) your contact details;
(c) financial and credit information;
(d) date and place of birth;
(e) details of your private health insurance and Medicare number;
(f) information in publicly available company records about you; and
(g) any other personal information required to provide goods or services to you.
Personal information (representatives of current or prospective patients)
3.3 If you are a representative of a current or prospective patient, we may collect and hold personal information about you, which may include:
(a) contact information; and
(b) any other personal information required to engage with you as a representative of a patient.
Personal information (current and prospective subcontractors, suppliers, service providers and agents and prospective employees)
3.4 If you are a current or prospective subcontractor, supplier, service provider or agent or prospective employee, we may collect and hold personal information about you, which may include:
(a) sensitive information (see below);
(b) contact information;
(c) date of birth;
(d) employment arrangements and history;
(e) insurance information and claims history;
(f) licence details;
(g) education details;
(h) driving history;
(i) banking details; and
(j) any other personal information required to engage you as our employee, subcontractor, supplier, service provider or agent.
Sensitive information
3.5 ‘Sensitive information’ is a subset of personal information and includes personal information that may have serious ramifications for the individual concerned if used inappropriately.
3.6 We may collect sensitive information from patients and representatives of patients about patients such as:
(a) health information (including but not limited to drug and alcohol testing results);
(b) genetic information;
(c) racial or ethnic origin;
(d) religious beliefs or affiliations;
(e) philosophical beliefs;
(f) sexual orientation or practices; and
(g) criminal history.
3.7 Generally, we will only collect the following types of sensitive information about subcontractors, suppliers, service providers, agents and prospective employees:
(a) health information (including but not limited to drug and alcohol testing results);
(b) criminal history;
(c) membership of professional or trade associations; and
(d) membership of trade unions.
3.8 We will not collect sensitive information without the individual’s or their representatives’ consent to which the information relates unless permitted under the Privacy Act.
4. HOW AND WHEN DO WE COLLECT PERSONAL INFORMATION?
4.1 Our usual approach to collecting personal information is to collect it directly from the individual concerned.
4.2 We may also collect personal information from:
(a) our employees, subcontractors, suppliers, service providers and agents;
(b) your representatives;
(c) your current and previous employers;
(d) entities that conduct drug and alcohol tests on our behalf;
(e) your other healthcare professionals;
(f) trade references; and
(g) insurance providers and brokers.
5. HOW DO WE HOLD PERSONAL INFORMATION?
5.1 Our usual approach to holding personal information includes holding that personal information:
(a) physically, at our premises; and
(b) electronically, on secure servers; and
(c) in a cloud service provider such as Medirecords (Accredited Cloud Based Australian Medical Records Software/System).
5.2 We secure the personal information we hold in numerous ways, including:
(a) using security systems to limit access to premises outside of business hours;
(b) using secure servers to store personal information;
(c) using unique usernames, passwords and other protections on systems that can access personal information; and
(d) holding certain sensitive documents securely.
6.
WHY DO WE COLLECT, HOLD, USE OR DISCLOSE PERSONAL INFORMATION?
6.1 We take reasonable steps to use and disclose personal information for the primary purpose for which we collect it. The primary purpose for which information is collected varies, depending on the particular service being provided or the individual from whom we are collecting the information but is generally as follows:
(a) in the case of patients – to assess suitability for, develop and provide treatment programs;
(b) in the case of representatives, subcontractors, suppliers, service providers and agents – to assist us in providing our patients with treatment programs; and
(c) in the case of potential employees, subcontractors, suppliers, service providers and agents
– to assess your suitability for employment or engagement.
6.2 Personal information may also be used or disclosed by us for secondary purposes that are within an individual’s reasonable expectations and that are related to the primary purpose of collection.
6.3 We may collect, hold use and disclose the personal information of patients and their representatives:
(a) to keep records of transactions to assist in future enquiries and enhance our relationship with patients; and
(b) for payment purposes.
6.4 We may collect and use subcontractors’, suppliers’, service providers’ and agents’ personal information:
(a) to conduct checks to ensure that the subcontractor, supplier, servicer provider or agent can perform and is supplying goods or performing services to our standards; and
(b) for payment purposes.
6.5 We may disclose your personal information to:
(a) our subcontractors, suppliers, service providers and agents;
(b) employers of individuals;
(c) health practitioners and other entities that provide drug and alcohol testing and other medical testing for us;
(d) government bodies (such as WorkCover or the Australian Taxation Office);
(e) other service providers in order to provide services, or to assist our functions or activities (such as our accountants, advisers and consultants);
(f) insurance providers and brokers;
(g) emergency medical professionals;
(h) any third party technology providers we engage from time to time, such as email filter providers.
6.6 Otherwise, we will only disclose personal information to third parties if permitted by the Privacy Act.
7.
WILL WE DISCLOSE PERSONAL INFORMATION OUTSIDE AUSTRALIA?
7.1 We generally do not disclose personal information outside of Australia, unless specifically requested to do so by you.
8.
DIRECT MARKETING MATERIALS
8.1 We may send you a newsletter if you opt-in to receive that marketing communication. These communications may be sent in various forms, including mail and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
8.2 At any time you may opt-out of receiving our newsletter by contacting us (see details below), or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
9.
HOW DO YOU MAKE COMPLAINTS OR ACCESS AND CORRECT YOUR PERSONAL INFORMATION?
9.1 It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.
Access to information and correcting personal information
9.2 You may request access to the personal information held by us or ask us for your personal information to be corrected by using the contact details in this section.
9.3 We will grant you access to your personal information as soon as possible, subject to the request circumstances.
9.4 In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without proof of identity.
9.5 We may deny access to personal information if:
(a) the request is unreasonable;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person; or
(d) there are other legal grounds to deny the request.
9.6 We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed before it is levied.
9.7 If the personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
Complaints
9.8 If you want to complain about an interference with your privacy, you must follow the following process:
(a) The complaint must first be made to us in writing, using the contact details in this section. We will have a reasonable time to respond to the complaint.
(b) If the privacy issue cannot be resolved, you may take your complaint to the Office of the Australian Information Commissioner.
Who to contact
9.9 A person may make a complaint or request to access or correct personal information about them held by us. Such a request must be made in writing to the following address:
Privacy Officer: Dr Robert Walsh
Postal Address: PO Box 34, Byron Bay NSW 2481 Telephone number: (02) 66398888 or international +6126639888 Email address: info@byronluxuryhealthcare.com
10.
CHANGES TO THE POLICY
10.1 We may update, modify or remove this policy at any time without prior notice. Any changes to the privacy policy will be published on our website.
10.2 This policy is effective from June 2019. If you have any comments on the policy, please contact our privacy officer using the contact details in section 9 of this policy.
HEW10213637 3473-7835-2909v3