1. Protecting Your Privacy
This Policy outlines the types of Personal Information we usually collect or receive, the purposes for which we collect it, to whom we disclose it, how we hold and keep it secure and your rights in relation to your Personal Information collected and held by us, including how to complain and how we deal with complaints. This Policy should be read together with our respective website Terms and Conditions.
By providing us with your Personal Information or Personal Information about another person when you:
(a) speak to us on the phone,
(b) email us,
(c) complete a form or otherwise use our websites:
- https://www.dahs.com.au/ (the website),
(d) use our services,
(e) or in any other way communicate with us including the delivery of any Personal Information about you or any other person,
you acknowledge and agree to the collection by us of that Personal Information in accordance with this Policy.
If you do not agree with any part of this Policy you must not provide your Personal Information (including health information) to us.
2. Key Terminology
Personal Information (‘PI’) means information or an opinion about a natural person, whether true or not, from which their identity is apparent or can reasonably be ascertained or as otherwise defined by applicable privacy law. This is whether the information is recorded in a material format or not. Personal information may also include information we may collect about a person’s individual preferences. It does not include information that is de-identified (anonymous data).
Health Information means personal information or opinion about –
(a) the physical, mental or psychological health at any time of an individual; or
(b) a disability at any time of an individual; or
(c) an individual’s expressed wishes about the future provision of health services to him or her; or
(d) a health service provided, or to be provided, to an individual; or
(e) other personal information collected to provide, or in providing, a health service; or
(f) other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(g) genetic information about an individual that is or may be predictive of the health at any time of the individual or any of his or her descendants.
Sensitive Information means personal information or an opinion relating to personal information about an individual’s –
(a) racial or ethnic origin; or
(b) political opinions; or
(c) membership of a political association; or
(d) religious beliefs or affiliations; or
(e) philosophical beliefs; or
(f) membership of a professional or trade association (except where it relates to employee information); or
(g) membership of a trade union (except where it relates to employee information); or
(h) sexual preferences or practices; or
(i) criminal record; and
Health Information about an individual.
3. Who are we?
E&H Enterprises Pty Ltd is comprised of a team of diabetes educators, dietitians, exercise physiologists, nutritionists and other health professionals who specialise in Diabetes as well as reception and administrative staff. Information may be shared between our staff to assist in the provision of services to you.
We provide allied health services to primary healthcare services and the general public.
You may recognise us by one of our trading names such as:
- Diabetes And Health Solutions
To allow us to offer our services effectively and efficiently, we utilise centralised information technology (IT) systems in which the Personal Information we collect from you is accessed and stored. If you provide your Personal Information to one of the individuals or entities associated with us, your Personal Information will be available on the centralised IT systems.
4. What Personal Information Do We Collect?
We only collect personal information that is reasonably necessary for us to provide you with the services you have requested. We collect personal information, health information and sensitive information (collectively, Personal Information) as defined by the Privacy Act 1988.
The type of personal information we may collect from you includes, but is not limited to, your contact information such as your full name, email address, current postal address, and telephone and fax numbers. We may also collect health and sensitive information from you including your medical history, family medical history, current lifestyle information and ethnic background.
When providing your Information to us, some information may be identified as mandatory or voluntary. If you do not provide the mandatory data, we may not be able to effectively provide our services to you.
5. How is Your Personal Information Collected?
In most cases we will collect your Personal Information directly from you. This may take place face-to-face, through the completion of documents such as administrative forms or electronic forms, by way of emails, telephone calls, surveys, through the websites, or through the use of apps on mobile devices.
We may also collect your Personal Information from your treating health practitioners, primary healthcare clinics, hospitals, and government agencies.
The collection of this information is required to enable us to provide the services to you and to ensure the highest quality of service provision. Individuals and organisations do not have to supply Diabetes And Health Solutions with their Information, however, if the individual or organisation chooses not to do so Diabetes And Health Solutions may be unable to provide the services required or sought.
We also collect this information from publicly available websites, directories and databases including, but not limited to Google, Facebook, Twitter and other social media.
Collection through our websites
We use Google Analytics and www.dahs.com.au to collect data about your interaction with our website.
The sole purpose of collecting your data in this way is to improve your experience when using our site. The types of data we collect with these tools include:
- your device’s IP address (collected and stored in an anonymized format)
- device screen size
- device type, operating system and browser information
- geographic location (city)
- referring domain and out link if applicable
- search terms and pages visited on our website
- date and time when pages were accessed on our website
Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website.
If you reject cookies, you may still have access to our website, but your ability to use some areas of our website, such as contests or surveys, may be limited.
6. How Do We Store and Protect Your Personal Information?
We store your Personal Information in any combination of data storage facilities, cloud computing facilities and/or paper-based files which may be operated or held by us or by third party service providers under a contractual agreement.
We take all reasonable endeavours to maintain the security of your Personal Information from unauthorised access, modification or disclosure.
We will also securely destroy or de-identify Personal Information held by us that is no longer needed for any purpose.
Whilst we take every reasonable precaution to ensure your Personal Information is collected, stored and used in a secure manner, we note that there are inherent risks with transmitting Personal Information across web-based applications. Please contact us immediately if you become aware or have reason to believe there has been any unauthorised use of your Personal Information.
Diabetes And Health Solutions uses a limited number of hand-picked and trusted third party providers (sub-processors) to access and store Personal Information.
The storage of Personal Information through these providers is subject to the Privacy Policies of these entities.
Digital Pacific is a carbon-neutral Australian provider of quality web hosting solutions.
Digital Pacific operates services in Equinix Sydney, with primary services hosted in Sydney and redundant infrastructure services in Melbourne.
Virtual Private Servers including storage of Patient Health Records
Habitat3 uses DataCentres located in Australia only to store VPS data. At no time does Habitat3 send VPS data outside of Australia.
VPS and all associated data and primary backups are stored by Habitat3’s infrastructure partner – Rackspace in specialist HVAC operator Digital Realty’s Sydney DataCentre which maintains both ISMS ISO 27001:2013 and EMS ISO 14001:2015 accreditation.
Cloud Based Email, File Storage and Office Applications
Microsoft365 is configured to store data only in Australian Data Centres.
Managed IT Services
Realised Technologies Pty Ltd ACN 159 167 941 (Realised Technologies, We, Our, Us and other similar terms) takes all reasonable steps to implement processes and procedures for the safe management of Personal Information. Realised Technologies endeavours to comply with the Australian Privacy Principles (APP’s) as contained in the Privacy Act 1988 (Cth) (Act) (Law).
(a) Where we can We prioritise the use of service providers who store data inside Australia. Our Websites and service provider for Our hosting service is located in Australia.
(b) Personal Information We collect may be accessed by employees, contractors or service providers who We engaged to provide services to Realised Technologies from outside of Australia. Personal Information contained in a record may be transferred and held in countries including, but not limited to the United States where some of our cloud service providers are located.
(c) We do not transfer Sensitive Information outside of Australia.
(d) We take reasonable steps to ensure parties that provide Us with necessary services for website hosting and database administration services act in accordance with the Australian Privacy Principles.
(e) We engage only recognised service providers who use enterprise level software with up to date SSL Encryption.
Credit Card Processor
Tyro discloses personal information to overseas third parties located in the United States of America, Singapore and China for the purposes of providing our products, marketing and lead generation activities and obtaining product analytics to allow it to improve its products and services In addition, personal information may need to be transferred to service providers located in other overseas countries from time to time in order for Tyro to perform its functions or activities.
Some of the overseas third parties to whom we may disclose personal information may not have equivalent privacy and data protection laws to the country in which you reside and may not, in the case of individuals located in the EU, be subject to an adequacy decision of the European Commission that the third country ensures an adequate level of protection. Tyro will use reasonable endeavours to ensure that personal information will receive protection similar to that which it would have if the information were in Australia by implementing standard data protection obligations in its contractual agreements with these overseas service providers. For more information, please contact the Privacy Officer.
Cloud based accounting services
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
Data Centre Location:
7. How do we use and disclose your Personal Information?
We will use and disclose your Personal Information in order to provide you with the services requested by you. To the extent permitted by law, Diabetes And Health Solutions may:
- Use your Personal Information to perform administrative functions and activities in relation to our services and the websites;
- Disclosing your Personal Information to My Health Record if you have registered and provided standing consent;
- Disclosing your Personal Information to other health professionals involved in your care if it is necessary to be able to provide you with the service or information that you requested, you have agreed to us providing it to other health professionals involved in your care or it is already publicly available information;
- Disclosing the Personal Information Diabetes And Health Solutions collects to third parties we engage to perform functions or provide products and services on our behalf such as processing credit card information, cloud-based server hosting and remote administrative functions;
- For billing purposes, sharing relevant aspects of your Personal Information with third parties such as your other health care providers, Medicare, your private health insurance fund and, if necessary, external collection agencies;
- Contacting you to ask you to provide feedback about the services provided;
- Using your Personal Information to improve our services or the Website and to develop new products or services which may involve performing analytics on information that we collect automatically;
- Using your Personal Information to respond to enquiries you make regarding the services and / or the Website;
- Using your Personal Information to comply with any applicable laws or if disclosure will prevent or lessen a serious or imminent threat to your life or health or the life of someone else; and
- Disclosing your Personal Information, with your consent, to another person including any person you have authorised disclosure to or a person exercising an enduring power of attorney which has been provided to Diabetes And Health Solutions.
All patients are provided with an opportunity to decline or to indicate what types of information or services they are interested in receiving further information about.
We will not send you direct marketing material.
If at any time you have a concern about the material you have received from us, or you wish to change your preferences in relation to receipt of future material, please contact us by emailing email@example.com and we will endeavour to remove or amend your details from our database within 5 business days.
8. How can you access, amend or delete your Personal Information?
We will use all reasonable endeavours to keep your Personal Information accurate, complete, up-to-date, relevant and not misleading. Please contact us to examine your Personal Information if required and we will provide a complete list of your Personal Information within 5 business days of receipt of your request.
However, we reserve the right to refuse access to your Personal Information in extreme circumstances. Such extreme circumstances may occur, for example, where we reasonably believe:
- your access could pose a threat to others’ health and safety;
- your access could unreasonably impact somebody else’s privacy;
- your access would prejudice negotiations between you and Diabetes And Health Solutions;
- providing access would be unlawful;
- the request for access is frivolous or vexatious; or the Personal Information related to anticipated or existing legal proceedings between Diabetes And Health Solutions and you.
You will be notified of the relevant avenues available to make a complaint, and you also have the ability to request a statement of the inaccuracy of the Personal Information to appear alongside our records of the Personal Information.
Diabetes And Health Solutions may charge a small fee for collating and providing you with access and we may require identification to be provided before releasing copies of Personal Information.
You may contact us on +61 478 742 689 or at firstname.lastname@example.org to amend any of your personal information that is inaccurate, incomplete or out-of-date or request that your Personal Information be deleted. We will amend your records as requested within a reasonable period of time, at no cost.
If you request that we delete your Personal Information we will consider your request having regard to our legal obligations. We may refuse to delete your Personal Information however, in such circumstances, we will amend your Personal Information to include reference to the fact that you have asked for the specific Personal Information to be deleted.
You may seek to remain anonymous or use a pseudonym when you deal with us. However, there may be circumstances where we are required or authorised by law to only deal with you if you have identified yourself or where it is impracticable for us to deal with you without you identifying yourself.
11. Cross Border Disclosures
Your Personal Information and payments may be disclosed overseas via the use of our trusted third party vendors as detailed in Section 6: How Do We Store and Protect Your Personal Information?.
Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries.
When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your Personal Information overseas.
12. Mandatory Data Breach Notifications
From February 2018, pursuant to the Privacy Act 1988, we will be required to notify you and the Information Commissioner if we suspect that a data breach (relating to your Personal Information) has occurred and there is real risk of serious harm to you as a result of the breach.
13. Applicable Law
14. Contact Us
Please do not hesitate to contact us in relation to your Personal Information by way of one of the following:
+61 478 742 689
+61 7 4045 0271
17 Upward Street, Cairns, Queensland, 4870
We will endeavour to address your enquiry within 5 business days of receipt of your enquiry.
15. Making a Complaint
If you have any concerns about how we manage your Personal Information, you may write to our Privacy Officer at email@example.com. We will reasonably endeavour to provide a response within 5 business days of receipt of your complaint.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by writing to the OAIC at GPO Box 5218, Sydney NSW 2001 or by completing the online complaint form. For further information about the OAIC, please visit www.oaic.gov.au.
Last Updated: 29th October 2020
Diabetes And Health Solutions
17 Upward Street
Cairns, QLD, 4870
Phone: 0478 742 689
Fax: 07 4045 0271