[Version 1.1 – Last updated April 2020]
Bio Balance Health Ltd is a not-for-profit registered charity dedicated to promoting effective techniques of biomedical treatment for mental and behavioural disorders.
We believe privacy is important and have created this policy to let you know how we handle the personal information we receive and hold about you, who we share it with, how we keep it secure and what your rights are. If you have any questions or concerns about our handling of your personal information, please use the contact details below to contact us. This policy covers how we handle personal information arising from our main website, any related websites, social media platforms or other interactions you have with us.
Under the Australian Privacy Act 1988 (Cth), personal information is information about a living person which can be used (by itself or together with other information) to reasonably identify that person. As we are involved in the Health Sector, we take additional precautions with privacy and are governed by the Australian Privacy Principles.
Schedule 1 – Our details if you need to contact us.
Bio Balance Health Ltd ABN 55 050 417 058
PO Box 7795 Gold Coast Mail Centre QLD 4217
When we talk about ‘us’ or ‘our’, we mean our business/entity as identified in the above schedule 1.
When we talk about ‘you’, ‘user’ or ‘your’ in our terms and conditions, we mean you, the user of our services or visitor to our website or related websites or platforms.
‘Personal information’ is information that directly identifies you, such as your name and email address, or data that could be used, on its own or in combination with other data, to identify you. It has the meaning given to it in the Act. Sensitive information is personal information requiring special protection and includes information about your health. For the purposes of this policy, we are including sensitive information within personal information.
In general, we only use your personal information for the delivery of our services, to provide education (only where you have consented to this) and to send you information about our services. We never sell or giveaway your personal information.
1. Staying Anonymous
You can browse our online website anonymously (although cookies may identify your IP address). However, if you use, request or sign up for or purchase any of our services, register on our site or donate money to our organisation via our website, you will need to identify yourself and at that point we will start collecting your personal information. If you do not give personal information to us, it will affect our ability to provide you with requested information or to deliver our products or services.
2. My Health Record
3. Collecting personal information
At all times we try to only collect the minimum information we need to provide our services (as requested by you), deliver our education and training programs and to keep our records up to date.
The main way we collect personal information about you is when you give it to us, for example:
- when you contact us
- when you submit information to our website or in person (eg question sheet)
- when you talk with us in person
- when you ask for access to information we hold about you
- when you provide your information by consent for our use in a case study
- when you complete patient registration details
4. Collecting information from third parties
We may also collect personal information that is given to us or available to us by a third party (for example, information that a doctor or health practitioner gives to us at your direction). If someone calls on your behalf or provides us with information about you, we may collect the caller’s name and contact details as well.
We may collect information from your employer or prospective employer (only if this is relevant, for example if you were applying for a job with us).
When you use our website, we may receive data from third parties such as analytics providers and advertising networks like Google and Facebook.
This information forms part of the personal information described in this policy.
We will not intentionally collect personal information that is unintentionally disclosed.
5. What do we collect
To enable us to safely deliver our services, it is necessary for us to collect and store basic and health information about you. It is important that we keep your records up to date and we have processes in place to help with this. For example, we may periodically ask you if your details have changed or may confirm details with you to ensure we are speaking with the correct person.
If you book in for a consultation at any of our Doctor Training Events, we will collect (as appropriate to your circumstances) the following types of information (some of this information may have already been collected in the patient registration process or from your prior interactions with us):
- Your name, address, telephone, email
- You date of birth
- Your Medicare card details as well as any related card numbers (Health Care Card, Veterans, Private Health fund etc)
- Information relevant to your health (current and historical) including medications as required by the consultation process. These records will be transferred direct to the consultant managing your assessment and your personal doctor. These records will not be shared with any other person or entity and the consultant will delete all materials immediately post your consultation
- Family medical history
- Your ethnic background (if relevant and only with your consent)
- Your work history and/or current position
- Medical reports, referral letters, test results etc
- Information provided to us from compounding pharmacies
- Any other information you provide or we receive from third parties
We keep your records in our system while your data is still relevant for the use it was provided for or as long as required under relevant health regulations. We may also store historical data for up to 25 years.
When we collect personal information about you, we will take steps to appropriately protect the information we receive. For example, our paper copy forms are stored in a locked filing system and our local electronic stored data is password protected. When we send your data to international doctors for review, we require them to comply with this policy. The records will only be shared between your doctor and the appropriate consultation for your case.
6. How do we use your personal information and who do we share it with?
We collect and use your personal information to provide our services.
Additionally, we use or share your information as follows:
- We use it for administrative and billing purposes (if applicable).
- Where you have provided your consent to do so, we will share your personal information including health information with experts, practitioners and participants involved in our education program. This may be live (with you present) or may happen without your knowledge. We may record live events and the recorded information may then be further shared.
- We will share your health information with authorised persons, health practitioners and researchers within our organisation.
- We will share your health information when we are required to do so by law.
- We may share your information with compounding pharmacies or testing laboratories.
- If we refer you to a third party, we will share your information with the third party with your consent.
- We will also disclose your health information if there is an emergency which we feel warrants disclosing your health or other information. For example, if you were suddenly unwell at our premises or a conference organised by us and we call the paramedics, we will tell the paramedics all health information we hold about you as well as your name, date of birth etc.
- With your permission, through a signed consent form, your deidentified health information may be shared during discussions within our members area.
- To provide you with mailouts detailing upcoming events or with treatment information
We will also share your personal information (eg. contact details) for business purposes including:
- Payment third parties if there is a dispute over a payment. For example, if our third-party payment provider contacts us regarding a dispute over a payment, we will provide them with requested information and billing details on our system etc to allow the payment dispute to be resolved.
- Professional advisers including accountants, lawyers, bankers, auditors and insurers for the compliant operation of our business.
- Government bodies that require us to report processing activities.
- Third parties where we are required to in accordance with the law. We reserve the right to fully co-operate with any law enforcement authorities or court order requiring or requesting us to disclose the identity or other usage details of any user of our online services, or in accordance with a properly executed court order, or as otherwise required to do so by law.
7. Trained Doctors
Where you have completed relevant training, by completing an application to have your details displayed, you consent to our use of your name, address and contact phone number to be used on our website under the ‘find a doctor’ tab which is a searchable directory available to the public.
8. Direct Marketing
We may send you direct marketing about our products or services. You may always opt out of receiving this marketing by letting us know. For example, if we send you an email there will be an opt-out option at the bottom of the email. Opting out of marketing will have your details removed from our marketing list but will not change the way we use other personal information we hold about you.
9. Testimonials, Service ratings and public comment
Under national health regulations we are prohibited from publishing testimonials from our clients.
You may provide us with a star rating on our website or Facebook page, but cannot include any written explanation of why you gave us that star rating. You may talk about our services on websites or social media platforms that are not under our control.
Be aware that if you provide any public rating or comment about your use of our services, you will be making your status as a user of our services part of public record.
10. Social media platforms and messaging systems
We may have a social media presence. Be aware that if you connect with us on social media, you will be making your status as our client, or someone related to a client, part of public record.
We may use your personal information on social media to let you know about our services or upcoming offers or events.
We will not discuss or collect your health information via social media or messaging services.
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Some website features may not function properly without cookies.
The kind of information that can be collected includes:
- device specific information such as mobile network information
- server logs including your IP address, the times you use our services and system activity
- location information including IP address, GPS, and Wi-Fi access points
- local storage availability
We use the information to help to track your use of our online services to improve your user experience and the quality of our services.
To find out how to opt out of tailored advertising please check the options available here – http://www.networkadvertising.org/choices/.
12. Third Party Links
Our website may contain links to other websites who will have their own privacy policies. Once you leave our website, we are no longer responsible for your personal information and you should ensure you are familiar with the privacy policies of third party sites you visit.
13. Security and overseas recipients
We use safe practices and appropriate password protection for our systems and aim to ensure our third-party providers use similar care with your personal data. No security measures are 100% safe however and your data is stored with us at your own risk. We take reasonable steps to protect all personal information within our direct control from misuse, interference, loss, unauthorised access, unlawful or accidental destruction, modification or disclosure. To prevent unauthorised access or disclosure we use respected hosting services, firewall and other electronic security procedures and managerial procedures to safeguard and secure the information we collect from you. We use secure Drop Box access to give an authorised consultant access to your information.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
We rely on third party providers to store the information you have provided to us securely and your data will cross international borders. For example, Drop Box, Register Now, One Drive and Mail Chimp all have international cloud storage. Where possible we nominate Australia as the storage country however your information is still likely to be sent internationally. Not all countries have the same level of privacy protection as Australia and you acknowledge and agree to our transferring of your personal data across international borders in this way. We will do our best to ensure your data is protected to a similar standard as set out in this policy by using third party providers with similar privacy protections.
All hard copy files are stored in Australia until they are no longer required and then they are securely destroyed. Only authorised personnel have access to hard copies.
14. Accessing and correcting your personal information – Your legal rights
You have the right to know what information we hold about you and to ensure the information is accurate and up to date.
If you wish to exercise any of the rights, please contact us using our contact details in schedule 1.
You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may also refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. For record keeping purposes, we will record and store all information exchanged during an exercise of your rights under this clause.
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you have any concerns about our use of your personal information, please let us know what the problem is in writing to the email address shown in the schedule at the top of this policy. We will do our best to help and will respond to your concerns within 30 days.
If, after lodging a complaint with us, you are not happy with how we managed your concerns, you can contact the Australian Privacy Commission, available at http://www.oaic.gov.au.