1stGroup Limited – Policies and Procedures
Privacy and Data Protection
29 March 2017
Any Questions? Contact our Privacy Officer with the below information
Phone: 1300 673 885
1stGroup Limited (ACN 138 897 533) (1stGroup, we, us, our) owns and operates the website MyHealth1st.com.au, an online healthcare appointment bookings platform. 1stGroup also owns and operates related platforms PetYeti (petyeti.com.au), Clinic Connect (clinicconnect.com.au) and Doc Appointments (Docappointments.com.au). Together, our platforms offer appointment booking and resource management solutions to a variety of practices including medical and healthcare practices, dentists, vet clinics, pharmacies, etc. (Practices).
In the course of providing services to you through our various platforms, 1stGroup collects personal information. We are bound by the Privacy Act 1988 (Cth) and comply with our obligations under the Australian Privacy Principles.
1stGroup takes your privacy seriously. This policy lets you know how we treat personal information that we collect and receive about you.
If you have any questions about this policy or about your privacy generally, please contact our Privacy Officer using the contact details below.
What does 1stGroup do with your personal information?
Our main purpose for collecting your personal information is to facilitate the booking between you and a Practice. We only use your personal and sensitive information for the purposes set out in this policy.
We collect, hold, use and disclose your personal information to:
- provide you with our bookings service, and any other products, information or services you have requested from our platforms;
- create an account for you if you register with us;
- contact you about your use of our platforms, to confirm a booking, or send booking reminders by email or SMS;
- contact you to request feedback about our services, or your participation in a survey or questionnaire
- process payments;
- report to Practices about patient use of our platforms;
We may also use your information to comply with legislative or regulatory requirements, and to investigate and prevent fraud, crime or other activity that may cause harm in relation to our platforms or services.
We disclose personal information to...
Where a Practice requires a prepayment or credit card pre-authorisation, we will provide your credit card details to a secure payment processing provider in order to process the payment.
Our Service Providers
We use a range of service providers (for example, IT service providers, web hosting providers, secure SMS service providers and secure payment gateway providers) to help us deliver our platforms. Where we disclose personal information to our service providers, we will make sure they are required to have in place appropriate controls to protect your personal information, and only use your personal information for authorised purposes.
Our Strategic Partners
MyHealth1st has various strategic relationships with a number of complementary service providers (Partners). Sometimes when we conduct surveys or questionnaires, we ask questions on behalf of our Partners. We disclose your answers to these questions to the relevant strategic partner, but only if we have your permission to do so. Remember, your participation in these surveys or questionnaires is entirely voluntary.
Again, where we disclose personal information to our Partners, we will make sure they are required to have in place appropriate controls to protect your personal information, and only use your personal information for authorised purposes.
We may publish feedback, comments, reviews or testimonials provided by you on our website or in promotional material in order to promote our Services. However, we will not publish any comments which might identify you or disclose your name or contact details for this purpose without your permission.
We may also disclose your personal information if required by law (for example to government bodies and law enforcement agencies).
At present all of our Practices, Partners and service providers are based in Australia and so it is unlikely that we will need to provide your personal information to any persons or organisations located outside of Australia.
How does 1stGroup keep personal information secure?
We take reasonable steps to ensure that any information which we hold about you is kept secure.
We take appropriate measures to ensure the personal information collected, used and stored by us is kept secure, accurate and kept up to date and only for so long as necessary for the purpose for which it was collected.
Our servers are kept in a secured data center environment, and PCI vulnerability scans are carried out by us or our Partners and services providers.
All of our online forms are protected by encryption. We also use a secure server and external payment processing providers when you make a payment via our website or to store credit card details. We do not store complete credit card details on any of our systems.
Do you want access to your personal information?
If at any time to know what personal information we hold about you, you can contact our Privacy Officer.
You have a right to request access to any personal information we hold about you, and we will only refuse your request in exceptional circumstances (for example if granting access would infringe another person’s privacy).
If you make a personal information access request, we will require you to provide some form of identification (for example a driver license or passport) so we can verify that you are the person to whom the information relates. In some cases we may charge an administrative fee to cover the costs of granting access.
If you wish to make a personal information access request, please contact our Privacy Officer using the details below.
Is your personal information incorrect of out of date?
If your personal details change, please help us to keep your information up to date by notifying us.
If you believe information we hold about you is incorrect or out of date, please contact our Privacy Officer using the details below.
If you have a complaint about the way we handle your personal information, we want to know about it!
If you would like to make a complaint in relation to how we have handled your personal information or about a breach of the Australian Privacy Principles please provide a written summary of the complaint to us on the contact details below.
We will investigate your complaint and will endeavor to provide you a written response within 45 days of receiving your complaint. We take your complaints seriously, and will attempt to resolve the issue quickly and fairly.
If we cannot resolve your complaint to a satisfactory standard, you are entitled to lodge your complaint with the Australian Information Commissioner, or his successor: http://www.oaic.gov.au/privacy/making-a-privacy-complaint
Changes to this Policy
Contact our Privacy Officer
If at any time you want to contact us, access your information or make further enquiries about your privacy, please contact our Privacy Office by email to firstname.lastname@example.org or mail to Level 2, Suite 2C, 2-12 Foveaux Street, Surry Hills, 2010.