Effective 22 November 2019
Emerald Clinics (“Emerald”, “we”, “us” or “our”) is committed to dealing with personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. These principles guide the way in which we collect, use, store and share your personal information.
Personal information is any information, or an opinion, that identifies or could reasonably identify an individual.
Emerald is a healthcare technology and services company staffed by medical, research and business experts. We collect and handle personal information in order to carry out our regular work activities including, among other things, patient management, communication and medical research.
Collection of personal information
Emerald collects personal information from its employees, directors and relevant committee members, suppliers, service providers and other people connected with its activities. We also collect personal health information and other sensitive information about our patients, as is expected when attending a medical clinic.
Personal information collected by Emerald may include:
- contact details (for example, name, address, telephone numbers and email)
- demographic information (for example, gender and date of birth)
- professional information (for example, job, education)
- details of your interactions with us (for example, attendance at our clinics, participation in research and written correspondence from or about you)
We may collect personal information in the following ways:
- directly from you (for example over the phone, in person, by email, through our website, through social media or via responses to questionnaires, surveys or forms)
- from other health care sources (for example from your referring doctor or other health care providers, from paper or electronic health records, from other hospitals or clinics)
- through your participation in research (for example if you consent to participate in additional research projects, collaborations or registries)
- from publicly available sources of information
- from our own records, obtained while delivering and administering services
Purpose of Collection and Use
We collect personal information as required to carry out one or more of our functions or activities, including:
- to provide clinical services and maintain medical records
- to conduct research for diagnosis and development of therapeutics
- to provide continuing professional development, education and training for staff
- to co‐ordinate and convene committee meetings
- to enable planning, policy and service development and to market, advertise or otherwise promote Emerald activities, including to inform individuals of additional services provided by us
- to conduct or facilitate surveys; such surveys will be communicated from us and may be done on behalf of a third party
- to recruit suitable applicants to vacancies within our company
- to communicate with directors about meetings and Emerald business
- to communicate with staff about all work-related matters
Information may also be used for secondary purposes as required or permitted by law. Any other use of your personal information will require your informed consent.
We will only use and disclose personal information for the primary purpose for which it was collected, or for a reasonable secondary purpose, unless you agree otherwise, or unless allowed or required by law.
It is possible that a third party may have access to your personal information if they are engaged by Emerald Clinics to assist us in performing usual work functions, such as to enhance or audit clinical services or research. Where this kind of disclosure takes place, our policy is to include protective provisions regarding the handling of confidential personal information in the written contracts or statements of work.
When conducting a member survey on behalf of a third party, Emerald does not disclose personal information to that third party. We will never share personal information with a third party for marketing purposes.
Storage and Security
We store personal information in electronic and/or hard copy and we have secure record‐ keeping systems. We take all reasonable steps to protect personal information from unauthorised use, access, disclosure and alteration.
IT protection systems and internal procedures are also utilised to protect the personal information held by us. We may store electronic information on remote servers or in the cloud directly or through contracted agencies (all information is securely stored in Australia with backups securely stored in the United States of America and encrypted before transfer back to Australia).
Emerald uses Secure Socket Layer (SSL) certificates which is the industry standard for encrypting personal information collected via our website. We do not store patient credit or debit card information. We use a third party provider for payment transactions, which provides a secure online payment gateway solution for credit card and direct debit processing of Emerald’s clinical service payments.
Personal data is maintained under strict security and is only to be accessed internally by Emerald staff who require access as part of their role or to complete a task, or by contractors who have signed a confidentiality agreement and who are working for an on behalf of Emerald Clinics and who require access to personal information in order to carry out their duties.
Records containing personal information will be held by Emerald until there is no longer a need or obligation to retain such records, after which time they will be securely deleted, destroyed or de‐identified.
A record of each visit to the Emerald website is logged – this is a small data file known as a cookie. A cookie does not identify individuals personally, but it does identify computers. Browser setting can be adjusted to disable cookies.
The following information from cookies is recorded for the sole purpose of compiling statistical information about the use of our website:
- IP address and/or domain name
- Operating system (type of browser and platform)
- The date, time and length of visit to our website
- Pages and resources accessed, as well as documents downloaded
Access and Correction
Emerald takes all reasonable steps to maintain the accuracy of personal information it holds. If you believe that your personal information may be incorrect or outdated, you are encouraged to notify us of any changes required.
We can be contacted by phone at 1300 436 363 or email (firstname.lastname@example.org).
You may also wish to contact us to request access to your personal information. Any requests for access will need to be provided in writing. Only reasonable requests for access to personal information will be granted, unless the applicable privacy laws permit or require Emerald to decline access.
Complaints and concerns
The website of the Office of the Australian Information Commissioner (OAIC) is an additional source of information www.oaic.gov.au. If an individual is not satisfied with how Emerald has handled their complaint, they may wish to contact the OAIC.