At Ocean Informatics, we respect Healthcare Consumer, Healthcare Provider and Healthcare Operator privacy and data governance obligations. We seek to collect and process personal information in an open, secure and transparent way. As a healthcare software provider, we are committed to handling personal information in accordance with our privacy obligations under all applicable data protection laws, such as the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (the “Privacy Act”) and the Health Privacy Principles contained in Schedule 1 to the Health Records and Information Privacy Act 2002 (NSW) (“HRAIPA”) (collectively, “applicable laws”).

As a User of our software, it is your responsibility to comply with your obligations under all applicable laws.

Multiprac

Multiprac is a clinical auditing and surveillance system that can be used to assist in the management of infection control and monitoring.

Multiprac collects personal information, including health information, about Healthcare Consumers, Healthcare Providers and Healthcare Provider Employees from Healthcare Operators and a number of third party systems as described in this Privacy Policy (such as the applicable Healthcare Operator’s existing patient management, pathology, human resource and theatre systems). Any Healthcare Consumer, Healthcare Provider and Healthcare Provider Employee may at any time restrict access to their personal information held in Multiprac by withdrawing their consent for the collection, disclosure and/or use of their personal information and health information via the Healthcare Operator.

Where Multiprac is provided on a software-as-a-service basis, personal information held in Multiprac is stored on computer servers in data centres located in Australia (or in other countries, where agreed by us and our customer). Where Multiprac is provided on an on-premises basis, the data collected by it is held on the computer or server on which the software is configured to store it.

The health information of any person can only be processed via the Software with the consent of the relevant Healthcare Consumer, Healthcare Provider or Healthcare Provider Employee.

Clinical Knowledge Manager (“CKM”)

CKM is a powerful collaboration tool that helps Users identify and define models of clinical content. CKM helps organisations manage, describe and understand clinical data models and how they can be used across applications.

All data entered into CKM is stored on computer servers in data centres located in Germany.

About this Privacy Policy

This Privacy Policy describes how we collect, hold, transfer, disclose and otherwise process personal information and the steps that we take to secure the personal information that we hold. In this Privacy Policy, “we“, “our” and “us” are all references to Ocean Informatics Pty Limited (ABN 14 081 649 470) of Tower 1, Level 2, 495 Victoria Avenue, Chatswood NSW 2067 and “you” and “your” refers to any applicable user of the Software, including general practitioners and allied health professionals (“Healthcare Providers”) and their non-clinical employees (“Healthcare Provider Employees”), the healthcare operators who engage them (“Healthcare Operators”), and their healthcare consumers (“Healthcare Consumers”) (collectively, “Users”).

This Privacy Policy applies to all persons who engage with us or are Users of Multiprac and/or CKM (the “Software”), and applies to all forms of information, physical and digital, whether collected or stored electronically or in hard copy. Our Privacy Policy may change from time to time. If we decide to change this Privacy Policy, we will post the updated version on this webpage and will indicate on this page the policy’s new effective date so that you will always know what personal information we gather, how we might use that information, and whether we will disclose it to anyone. Continued use of our website, the Software or our services implies that you agree to the changes and if you do not agree with the changes, you should discontinue and opt out of your use of the Software and services.

This Privacy Policy does not provide a detailed description of the functionality provided by the Software. For a detailed description, please visit our website.

Key terms – personal information and sensitive information

The Australian Privacy Act defines “personal information” as information or an opinion about an identified individual, or an individual who is reasonably identifiable (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not. Additionally under the Privacy Act, “sensitive information” means (a) information or an opinion about an individual’s racial or ethnic origin; or political opinions; or membership of a political association; or religious beliefs or affiliations; or philosophical beliefs; or membership of a professional or trade association; or membership of a trade union; or sexual orientation or practices; or criminal record; that is also personal information; or (b) health information about an individual; or (c) genetic information about an individual that is not otherwise health information; or (d)  biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or (e)  biometric templates.

Types of personal information that we collect

We collect the following types of personal information:

• Healthcare Operators, Healthcare Providers’ and their Healthcare Provider Employees’ Information: Healthcare Operators, Healthcare Providers and Healthcare Provider Employees provide their names, business names, ABN, Registered Office Address, Service Address, HPI-O and their authorised Healthcare Employees’ names, job positions, email addresses, mobile phone number and any other information they choose to provide either when registering on the Software or using the Software. This information is then stored within our database for login, account settings and e-commerce requirements. All passwords are hashed and stored on a secure server. User contact details and registration information may also be stored in our CRM and Issue Management System for sales purposes and IT support, to log technical support requests etc.

• Healthcare Consumer Registration Information: We collect gender, date of birth, names, email addresses, telephone numbers, emergency contact details, personal preferences, notification and message content through Software messaging features, notification and communication preferences, information contained in comments and feedback, ethnic background and contact details. We will process this personal information in order to answer questions from Healthcare Consumers about the Software and to provide and manage our services, and to otherwise enforce our rights and comply with our obligations.

• Healthcare Consumer Health and Other Sensitive Information: We collect any submitted, uploaded or transmitted content and/or material and/or communications entered into the Software by any User, including information, records and opinions about: (i) the health, including an illness, disease, disability or injury (at any time) of Healthcare Consumers; (ii) health records and medical histories of Healthcare Consumers; (iii) medications, vaccinations and immunisations prescribed, consumed, rejected and considered by Healthcare Consumers; (iv) allergies, clinical referral letters and medical illnesses, diseases and conditions of Healthcare Consumers;  and Healthcare Consumers’ expressed wishes about the future provision of health services to them; (v)  health services provided, or to be provided, to Healthcare Consumers along with any diagnostic or pathology, scans, imaging or prescription results; (vi) care plans, treatment reactions and other personal information collected to provide, or in providing, a health service to Healthcare Consumers; (vii) other personal information collected in connection with the donation, or intended donation, by Healthcare Consumers of body parts, organs or body substances; and (viii) medical or professional opinions about an individual. We will process such personal information as reasonably required for us to operate and administer the Software.

• Transactional and Financial Information: We collect transactional details about payments to and from customers and suppliers (including any cheques or transfers), receipts, business records, invoices, details of our products and services that Healthcare Operators and/or Healthcare Providers licence, purchase, subscribe to or use, and any other financial records that we are required to retain under the Corporations Act 2001 (Cth) or any other applicable law concerning any services that we provide to a User.

• IT Support Services and Technical Information: When providing our technical support services, we may monitor or access our User’s accounts on the Software. In the course of doing so, we may collect and process information about those accounts and any information processed by the Software that is necessary for us to collect and process in order to provide the technical support services. This information includes IP addresses, business registered addresses and email addresses, application names, User access logs, usernames, technical support log tickets and error messages.

• Usage Information: Subject to applicable laws, we may carry out electronic surveillance of our employees and contractors when they use our computer equipment, smartphone devices and networks to monitor compliance with company policies. We also collect information about how employees and contractors use our software, websites and services. This surveillance includes tracking and monitoring, reviewing and logging emails sent and received, websites visited, content viewed and files uploaded/downloaded. It also includes IP addresses, server names, database names, usage patterns, network names, serial numbers of equipment used, WiFi passwords, computer names, application names, browser types, versions, browser plug in types and versions, operating systems and platforms, browser history, user access logs, usernames, passwords, technical support log tickets, bandwidth used, error messages, social media handles, FTP server addresses, usernames and passwords, hostnames, subnet masks, router names, server addresses, and hosting account usernames and passwords.

• Website Analytics Information: We collect and process personal information known as analytics data for analytical purposes, designed to measure and monitor how our websites are being used and to highlight any areas for improvement, optimisation and enhancement of our websites, including user location,  IP addresses, cookie data,  information about devices accessing our websites (IP address, the type of device used to access our websites and the operating system), the amount of time a user spent on our website and in which parts of it, and the path they navigated through it. We will process this personal information in order to monitor and detect unauthorised use of our websites, and to establish how our websites are used and to highlight areas for potential improvement of our websites. We often aggregate this information with other information. However, where the aggregated information is classified as personal information, we treat it in accordance with this Privacy Policy.

• Cookies and Other Tracking Technologies: We use cookies and other tracking technologies (such as traffic analytics) on our websites for website functionality, performance and advertising purposes. We will not place such tracking technologies on your computer, smartphone or electronic device without your consent, unless they are required in order for us to provide the functionality supplied by our websites. If they are not installed, features of our websites may be unavailable and your experience may be impaired as a result. Cookies are pieces of information that a website transfers to a computer’s hard disk for record-keeping purposes. We may use session cookies, which are only stored for a limited amount of time and persistent cookies that remain indefinitely until they are deleted. Such cookies may be installed by us or by our third contractors. Cookies enable us to remember and recognise you to better facilitate your user satisfaction when you visit our websites by helping us tailor and improve the information we present to you. The use of cookies is common in the Internet industry, and many major websites use them to understand your usage of websites, to customise websites for you, for statistical purposes and to provide useful relevant features, products, advertisements and services. A cookie may be used to tell when your computer or device has contacted our websites and extracts information such as your IP address, browsing pattern, content that you have viewed and browser type.

 

Who we collect personal information about

We collect personal information about:

• any person who contacts us with enquiries about our Software or services, whether by email, through contact forms on our website, face to face or by telephone;

• any Healthcare Consumer, Healthcare Providers and Healthcare Provider Employees or other personnel of any HealthCare Operator who utilise the Software;

• our officers, agents, employees and subcontractors;

• other parties to a transaction or dispute that we have entered into or are considering entering into or negotiating, and their representatives;

• our employees, potential employees, subcontractors, potential subcontractors and work experience applicants;

We do not knowingly collect personal information from individuals below the age of 15 and such individuals are not permitted to be Users of our Software.  

How we collect personal information

We collect personal information in the following ways:

• when Users and/or potential Users fill out forms on the Software with their personal information;

• when Users provide personal information and sensitive information about Healthcare Consumers to us by entering the information into the Software;

• when health information is entered into the Software via application programming interfaces (APIs) or other technologies that interface with the Software, when the information is uploaded or migrated into the Software or where the Software is configured to obtain the information from a User or third party systems or databases;

• when we take notes during meetings, interviews, telephone calls, conferences and events;

• through emails, letters and other correspondence and documents that we receive from Users, potential Users and others;

• when we are contacted by or communicate with any person online, through social media, email, communication tools, blogs and the contact forms on our websites;

• when we are provided with completed surveys or questionnaires that we may distribute;

• when we trade business cards with any person;

• when it is sent to us by Users in the course of their use of Software;

• when it is included in contracts that we enter into;

• through websites, public registers and directories such as telephone directories and business name and company searches;

• in the course of operating the Software; and

• where any User and/or third parties and/or third party systems transmit personal information to us via the Software.

 

Purposes for collecting personal information

We use, disclose and hold personal information and/or sensitive information for the following purposes where reasonably necessary for one or more of our businesses’ functions or activities:

• so that the Software can process the information in order to function or so that we may provide our services to authorised Users;

• in order to verify a person’s identity when we are contacted to ensure that we know who we are communicating with;

• to communicate with potential Users, third party systems, other healthcare software providers, employees, third party software, subcontractors, and colleagues, in order for us to operate in the intended manner;

• to provide authorised Users with Software functionality and to administer, maintain and answer questions and troubleshooting about the Software and our services;

• where a permitted health situation exists under the Privacy Act 1988 (Cth) for the purposes permitted by that legislation;

• in order to send newsletters and other communications to our Users concerning our services, events and business opportunities;

• to send marketing materials to Users in our newsletter database who we believe may be interested in the content of our marketing material;

• to enforce our rights and comply with our contractual and other legal obligations;

• to issue invoices to Users and to enforce the payment obligations of Users to pay our fees;

• to handle complaints;

• in order to process an application by a User or potential User to subscribe to Software (or license any software from us);

• in order to process a subscription for our products or services;

• to identify Users when we are contacted with questions or concerns regarding the products and services we provide;

• in order to configure a new product or service for a User;

• when conducting research and development of our products and services;

• in order to conduct checks for credit worthiness; and

• where necessary for our software development, quality assurance and IT support as well as where required to comply with any applicable laws and/or lawful written requests from authorities.

Who we disclose your personal information to

We will only disclose personal information that we collect to third parties as follows:

• To Users and third party systems that are linked to the Software – such as healthcare operators and providers, general practitioners, pharmacies, hospitals, practice nurses, practice managers, primary health networks, allied health providers, specialists, non-government organisations and acute care providers;

• To hosting providers who host our software, websites and content – where necessary or practical to do so for the purposes of providing services to our Users or for the purposes of operating our business, we hold our User’s content on third party computer servers in the data centres of our hosting providers.

• So that we can obtain assistance from our subcontractors and corporate group with the provision of our services – in which case we may disclose your personal information to our subcontractors as well as to members of our corporate group who we may subcontract the provision of all or part of our services to. For example, we may use printing providers who print documents on our behalf which contain personal information, couriers who deliver documents on our behalf which contain personal information, and share computers and computer servers which contain personal information with our related bodies corporate;

• Handling claims, legal disputes and complaints – in which case we may disclose your personal information to our insurers, lawyers, accountants and other professional advisors;

• Sending out a newsletter – in which case we may disclose your personal information to our email and newsletter service providers;

• In order to identify Users – when we are contacted with questions or concerns regarding the products and services that we provide;

• In order to record billing details and process payments from Users – in which case we will provide bank account, cheques and credit card details of Users to our bank and merchant facility providers;

• For professional advice – when providing information to our legal, accounting or financial advisors/representatives or debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;

• If we sell the whole or part of our business or merge with another entity – in which case we will provide to the purchaser or other entity the information that is the subject of the sale or merger;

• Where a person provides written consent to the disclosure of his or her personal information or health information; and

• Where required by law.

We may also provide your personal information to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:

• to obtain or maintain insurance;

• the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;

• to protect or enforce our rights or defend claims;

• enforcement of our claims against you or third parties;

• the enforcement of laws relating to the confiscation of the proceeds of crime;

• the protection of the public revenue;

• the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;

• the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of the court or tribunal; and

• where disclosure is required to protect the safety or vital interests of employees, Users or property.

 

Health Privacy Principles – NSW Health Records and Information Privacy Act (HRAIPA)

	Health Privacy Principles	How we comply with the HRAIPA
1	Lawful An agency or organisation can only collect your health information for a lawful purpose. It must also be directly related to the agency or organisation’s activities and necessary for that purpose.	We only collect health information so that it can be processed by our Software for the benefit of Healthcare Operators, Healthcare Providers and Healthcare Provider Employees who use our Software. Our policy is to minimise the amount of personal information we collect and otherwise process. Accordingly, we only collect personal information that is adequate, relevant and limited to what is necessary for the purpose for which it is to be processed and only where we are entitled by law to collect it. We may also use collected personal information for other related, directly related or compatible lawful purposes (if and where permitted by applicable law). Users must not use our Software to process health information of any person without the person’s express, freely given and unequivocal written consent.
2	Relevant An agency or organisation must ensure that your health information is relevant, accurate, up-to-date and not excessive. The collection should not unreasonably intrude into your personal affairs.	Personal information collected on the Software and linked to other portals may include clinical history and other personal, health and sensitive information. We only collect that information to the extent it is entered into the Software and only so that we (and Users) can operate and administer and operate the Software.
3	Direct An agency or organisation must collect your health information directly from you, unless it is unreasonable or impracticable to do so.	Personal information uploaded onto the Software may be collected directly from Healthcare Consumers and also from other Users and third party databases linked or connected to the Software.
4	Open An agency or organisation must inform you of why your health information is being collected, what will be done with it and who else might access it. You must also be told how you can access and correct your health information, and any consequences if you decide not to provide it.	In this Privacy Policy, we have addressed why your health information is being collected, what will be done with it and who else might access it. In this Privacy Policy, we also describe how you can access and correct their health information, and any consequences if you decide not to provide it.
5	Secure An agency or organisation must store your personal information securely, keep it no longer than necessary and dispose of it appropriately. It should also be protected from unauthorised access, use or disclosure.	Please see the section on “Security” for an overview of the organisational and security measures that we put in place in this Privacy Policy.
6	Transparent An agency or organisation must provide you with details regarding the health information they are storing, why they are storing it, and what rights you have to access it.	Please see “Your rights under applicable law” for more information.
7	Accessible An agency or organisation must allow you to access your health information without unreasonable delay or expense.	All Users can access their health information. Please see “Accessing and correcting your personal information” below.
8	Correct Allow a person to update, correct or amend their personal information where necessary.	All Users can access and change their health information in the Software by contacting our support.
9	Accurate Ensure that the health information is relevant and accurate before being used.	You may access your own health information and correct, delete and add health information either via your Healthcare Operator or by contacting our support team.
10	Limited Use An agency or organisation can only use your health information for the purpose for which it was collected or a directly related purpose that you would expect (unless one of the exemptions in HPP 10 applies). Otherwise separate consent is required.	Once the health information of a User is collected, we will use it to operate and administer the Software. In the course of doing so, we will disclose the personal information and health information to their Healthcare Operator, Healthcare Providers and their Healthcare Provider Employees. In certain circumstances, we may also disclose personal information and health information where required to comply with applicable law, including where a permitted health situation exists under the Privacy Act 1988 (Cth) but only for the purposes permitted by that legislation. Please see “Purposes for collecting personal information” for more information.
11	Limited Disclosure An agency or organisation can only disclose your health information for the purpose for which it was collected or a directly related purpose that you would expect (unless one of the exemptions in HPP 11 applies). Otherwise separate consent is required.	We only disclose User’s health information for the purpose of operating the Software. Please see “Purposes for collecting personal information” for more information. In certain circumstances, we may also disclose personal information and health information where required to comply with applicable law, including where a permitted health situation exists under the Privacy Act 1988 (Cth) but only for the purposes permitted by that legislation. Please see “Purposes for collecting personal information” for more information.
12	Not identified An agency or organisation can only give you an identification number if it is reasonably necessary to carry out their functions efficiently.	We issue identification numbers to identify individual Users of the Software. This identification number is reasonably required by us to operate the Software.
13	Anonymous Give the person the option of receiving services from you anonymously, where this is lawful and practicable.	It is not practicable for Users to operate the Software anonymously.
14	Controlled Only transfer health information outside New South Wales in accordance with HPP 14.	All health information will be stored within Australia. If you are a User of the Software you consent to us storing your health information in any data centre in Australia at which we locate our computer servers.
15	Authorised Only use health records linkage systems if the person has provided or expressed their consent or such use or disclosure is reasonably necessary for research in the public interest.	If you are a User of the Software you must ensure that any person whose health information is processed by the Software consents to us using health record linkage systems – including any applicable patient management, pathology, human resource and theatre systems.

 

Notifiable data breaches

Since 22 February 2018, data breaches that are likely to result in serious harm must be reported to affected individuals and the Office of the Australian Information Commissioner (“OAIC”), except where limited exceptions apply.

 

Third party websites and platforms

Our websites may include links to third party websites and platforms. Our linking to those websites and platforms does not mean that we endorse or recommend them. We do not warrant or represent that any third party website or platform operators comply with applicable data protection laws. You should consider the privacy policies of any relevant third party websites and platforms prior to sending your personal information to them.

 

The Software may access your personal information from third party systems such as a Healthcare Operator’s patient management, pathology, human resource and theatre systems.

 

Security

We take reasonable steps to protect personal information that we hold from unauthorised access, modification and disclosure and implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information transmitted, stored or otherwise processed, as follows: 

• We perform security testing, and maintain other electronic (e-security) measures for the purposes of securing personal information, such as passwords, anti-virus management, and firewalls;

• We maintain physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and alarms;

• We require all of our employees and contractors to comply with privacy and confidentiality terms and conditions in their employment contracts and subcontractor agreements that we enter into with them;

• We carry out security audits of our systems which seek to find and eliminate any potential security risks in our electronic and physical infrastructure as soon as possible;

• We implement passwords and access control procedures into our computer systems;

• We have a Data Breach Response Plan in place;

• We have data backup, archiving and disaster recovery processes in place;

• We have anti-virus and security controls for email and other applicable computer software and systems in place.

We use SSL encryption to store and transfer personal information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each User that provides information to us via the internet does so at their own risk.

 

Spam and direct marketing email

We do not send “junk” or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact Users. These transaction-based e-mails are automatically generated. Anytime a User receives e-mail it does not want from us they can request that we not send further e-mail by using any ‘unsubscribe’ tool contained in any communication we send. Upon receipt of any such request, we will ensure that they cease to receive automated emails from us.

Information transfers to overseas recipients

We may transfer your personal information entered into our websites to our contractors and service providers, who assist us with providing our products and services to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance.

Where Multiprac is provided on a software-as-a-service basis, personal information held in Multiprac is stored on computer servers in data centres located in Australia (or in other countries, where agreed by us and our customer). Where Multiprac is provided on an on-premises basis, the data collected by it is held on the computer or server on which the software is configured to store it.

All CKM data is stored on computer servers in data centres located in Germany.

Retention and de-identification of personal information

It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the information in order to comply with our legal obligations, or to retain the information to protect your or any other person’s vital interests). Where you require personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter, unless applicable law requires us to retain the personal information in which case we will only use such retained information for the purposes of complying with those applicable laws.

Instead of destroying the personal information we may take such steps as are reasonable in the circumstances to de-identify the personal information that we hold about an individual where we no longer need it for any purpose for which it may be used in accordance with this Privacy Policy if the information is not contained in a Commonwealth record and we are not required by Australian law (or a court or tribunal order) to retain it.

 

Your rights under applicable law

If you do not provide us with your personal information, you can only have limited interaction with us. For example, you can browse our websites without providing us with personal information, such as the pages that generally describe the services that we make available, and our Contact Us page. However, if you are a User and you submit a form on our website, or otherwise enter into a business relationship with us, we need to collect personal information from you and your representatives in order to identify who you are, so that we can provide you with services, and for the other purposes described in this Privacy Policy. You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about our services, but not if you wish to actually use the Software (directly or by authorising your Healthcare Operators to process your personal information or health information if you are a Healthcare Consumer). It is not practical for us to provide you with all features of the Software if you refuse to provide us with personal information.

Accessing and correcting your personal information

We strive to ensure that we hold accurate, up to date, complete and relevant information unless that information has been removed or access restricted. If you are a User, we invite you to contact us using the details set out at the end of this Privacy Policy and inform us if any of your personal details we hold change or if any of the personal information held by us is otherwise incorrect or erroneous.

Due to the sensitivity of the personal information that is held on the Software, we and/or your Healthcare Operator will require verification of your identity when handling all such access and correction requests. We and/or your Healthcare Operator will provide such access in accordance with our legal obligations.

Should you require a copy of your personal information, you can request for us to provide you with a copy of the personal information that the Software holds about you. We may charge a reasonable fee when providing you with access to your information. You may also obtain a copy of this Privacy Policy free of charge.

Our contact details – complaints and enquiries

If you wish to contact us for any reason regarding our privacy practices or the personal information that we hold about you or if you suspect any misuse or loss of, or unauthorised access to your personal information, please contact us at the following address:

Privacy Officer

Tower 1, Level 2, 495 Victoria Avenue,

Chatswood NSW 2067 Australia

privacy.officer[at]oceanhealthsystems.com

If you have a complaint about our handling of their personal information, you should address your complaint in writing to the contact details above. We will use our best endeavours to resolve any privacy complaint within ten (10) business days following receipt of your complaint. If there is a dispute regarding personal information, both parties must first attempt to resolve the issue directly between each other. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution.

If you are not satisfied with the outcome of a complaint or you with to make a complaint about a breach of the Australian Privacy Principles or Health Privacy Principles, you make refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted using the following details:

Call: 1300 363 992

Email: enquiries[at]oaic.gov.au

Address: GPO Box 5218, Sydney NSW 2001

Complaints can also be made to the NSW Privacy Commissioner, or other relevant state or territory Privacy Commissioner. Details about the NSW Privacy Commissioner’s complaints process can be accessed at the following link: https://www.ipc.nsw.gov.au/how-do-i-make-complaint