Aquarius Health and Medispa (Aquarius, us or we) is committed to the protection of private information it gathers from you and respects your rights to privacy established under the National Privacy Principles as outlined in the Privacy Act 1988 (Cth).
This policy describes how we collect, manage, use and store information provided by you.
Should you have any questions or concerns in relation to your private information or this policy, how we use your information or would like to request a copy of this policy, please contact:
1.1 What information do we collect?
The information we may collect and hold about you includes:
- your name;
- your date of birth;
- your personal contact details such as address and telephone numbers;
- your next of kin;
- your occupation;
- details in relation to your general practitioner or other medical providers if relevant;
- your Medicare number and private health fund details if relevant;
- billing details;
- records of correspondence;
- your medical history, current medical condition, symptoms, medications, prescriptions, family medical history, diagnoses, tests results, travel details, and details of current or future medical treatment; and
- various other general or health related information provided to us by you or by others on your behalf.
1.2 How is this information collected?
Where practicable, we will collect information about you from you personally. For example, we may collect information from you during a consultation, telephone conversation or from information that you include in a letter, information form or email query submitted to us via our website.
To the extent possible, we will collect information in a reasonable, non-intrusive manner. [We hold all treatments in private rooms to ensure that information you provide verbally will not be overheard.]
However, there may be circumstances in which we collect information about you from third parties, such as your family or friends, your general practitioner, other health care providers such as hospitals, or your health fund. We will only collect information about you from third parties with your consent, except in the case of an emergency where you are unable to provide consent and where that information is necessary to treat you.
We will not use illegal or unfair means to collect information about you.
2. Use and Disclosure of Information
2.1 Why is information collected?
We will only collect your personal information if it is necessary for its functions or activities, which may include, for example:
- to provide spa therapies and health and fitness services to you;
- to provide information to your general practitioner other medical care provided if such information is necessary for follow up treatment or on-going medical care;
- processing Medicare and other private health fund claims;
- our internal administrative requirements;
- accounting and billing purposes;
- to provide you with Aquarius marketing material from time to time;
- dealings with our insurers, lawyers and other professional advisers;
- management of complaint handling or for use in actual or threatened legal action;
- for quality assurance, training, accreditation, risk management and continual improvement purposes; and
- for any other purpose required by law.
Where possible, we de-identify all information before using it for internal quality assurance or training purposes.
If you are one of our suppliers, we may collect your information to facilitate our business relationship with you, for example, to assess goods or services that you supply or to evaluate an offer that you have put to us.
2.2 Can my information be provided to third parties?
Generally, we will only disclose your personal information for a purpose that is related to the spa therapies or health and fitness services that we are providing you. This may include disclosure to other health service providers involved in providing you with treatment where you have consented to that information being disclosed or if you are unable to provide consent and we are unaware that it is against your wishes when the information is necessary to provide you with care or treatment.
We may disclose your information to entities who require proof of your treatment, such Medicare, private health insurance funds, pharmacies, credit agencies and government bodies.
Other circumstances in which we may disclose your personal information include:
- to contractors we use to outsource functions, such as electronic network administrators. [However, where possible we will use reasonable measures to ensure that our contractors comply with the privacy standards established under the Privacy Act 1988 (Cth);]
- where we believe disclosure is necessary to lessen or prevent a serious or imminent threat to a person’s life, health or safety or a serious threat to public health or public safety;
- to persons or entities involved in accrediting our practice;
- other circumstances where we are expressly permitted to do so under the Privacy Act 1988 (Cth).
We will not provide your contact details to any other person or organisation for the purposes of marketing under any circumstances.
3. Data Quality
We will take reasonable steps to ensure that the personal information that we collect, store and use is accurate, complete and up to date.
4. Data security
We may store your information in hard or soft copy form.
[We will ensure that access to your personal information is restricted to our staff and that reasonable security protocols exist to prevent unauthorised access to or misuse of your information, whether in hardcopy or softcopy.]
[If your personal information is no longer needed for any of the purposes listed in clause 2.1, we will take steps to destroy or de-identify your information.]
5. Access and Correction
You may request access to the personal information we hold about you at any time by sending a written request to our Privacy Officer/Manager, Level 2, 70D Mary Street, Brisbane QLD 4000 or by phone on (07) 3009 5111 or by email to firstname.lastname@example.org
You may inspect your personal information personally, or may prefer to request a photocopy or electronic copy of your personal information. In some circumstances, we may not be able to provide information in the form requested if it is too costly for us to do so, and we reserve the right to charge a reasonable fee for accessing requests.
Once our Privacy Officer/Manager has been provided suitable proof of identity (which may include a driver’s licence or birth certificate), access with be arranged either in the manner requested or some other form within 14 days.
We may not be able to provide you with access to your information in situations permitted under the Privacy Act 1988 (Cth), for example, where:
- providing access to personal or health information would pose a serious or imminent threat to the life or health of any individual;
- providing access would have an unreasonable impact on the privacy of other individuals;
- the information relates to existing or anticipated legal proceedings between you and Aquarius;
- we are required by law to withhold the information; or
- providing access would interfere with or prejudice the enforcement of law or the investigation of criminal or other prohibited conduct.
If you believe that the information held by us about you is incorrect, incomplete or inaccurate, then you may request for it to be amended. If the information relates to your health, we will not delete the information but rather ensure that the amended information is clearly associated with the inaccurate information to ensure that all subsequent users of the information are aware of the amendment.
Where possible, Aquarius will use its own unique, anonymous identifier (such as a client number) to record, store and identify your information.
[Aquarius will not disclose that identifier or the client it refers to, except to Aquarius staff members and in the circumstances outlined in clause 6.]
7. Transborder Data Flows
Aquarius will not transfer your information either within or outside Australia unless required by law or your consent has been obtained prior to the transfer.