Emerald Clinics (EC) endeavours to deal with personal information in accordance with the Australian Privacy Principles.
Personal information is information or an opinion that identifies or could reasonably identify an individual.
EC Provides clinical services related to the provision of medical cannabis for therapeutic purposes. EC collects and handles personal information in order to carry out its activities including, among other things, patient management and communication and medical research.
Collection of personal information
EC collects personal information from its, employees, directors and relevant committee members, suppliers, service providers and other people connected with its activities.
The types of personal information EC collects include:
- contact details (for example, name, address, professional information, telephone numbers and email)
- demographic information (for example, gender and date of birth)
- professional information (for example, job, education) and
- activity‐related information (attendance at EC clinics and participation in any research).
In conducting its activities, EC may collect health and other sensitive information. For example, EC collects medical history information from patients and may also access data from other sources about them with their written and informed consent.
EC collects personal information directly from individuals in the following ways:
- electronically through clinical documents and online surveys
- from forms and other correspondence (including electronically)
- during telephone calls
- while delivering and administering services and
- face to face contact.
Purpose of Collection and Use
EC collects personal information as required to carry out one or more of its functions or activities, including:
- to provide clinical services and maintain medical records
- to conduct research for diagnosis and development of therapeutics
- to provide continuing professional development, education and training for it’s staff
- to co‐ordinate and convene committee meetings
- to enable planning, policy and service development and to market, advertise or otherwise promote EC activities, including to inform individuals of additional services provided by EC
- to conduct or facilitate surveys; such surveys will be communicated from EC on behalf of a third party in accordance with the EC Survey Policy
- to recruit suitable applicants to vacancies within EC
- to communicate with directors about meetings and EC business
- to communicate with staff about all work related matters
Information may also be used for secondary purposes as required or permitted by law. For example, if an individual consents to inclusion in the EC Clinical Research Platform (EC CRP), EC may use the individual’s contact details for the purposes of promoting other EC research activities.
EC only discloses personal information for the primary purpose for which it was collected, or for a secondary purpose as required or permitted by law.
For example, EC may disclose personal information to third parties it engages to assist it in performing its functions, most often related to enhancing clinical services and for research purposes. Where disclosure takes place, EC aims to include protective provisions regarding the handling of personal information in contracts with third parties.
When conducting a member survey on behalf of a third party, EC does not disclose personal information to that third party.
Storage and Security
EC stores personal information electronically and in hard copy, and has secure record‐ keeping systems. EC takes all reasonable steps to protect personal information from unauthorised use, access, disclosure and alteration.
IT protection systems and internal procedures are also utilised to protect the personal information held by EC. EC may store electronic information on remote servers or in the cloud directly or through contracted agencies (all information is securely stored in Australia with backups securely stored in the United States of America and encrypted before transfer back to Australia).
EC uses Secure Socket Layer (SSL) certificates which is the industry standard for encrypting personal EC information collected via the EC website. EC does not store patient credit or debit card information. EC uses a third party provider, which provides a secure online payment gateway solution for credit card and direct debit processing of EC clinical service payments.
Personal data is maintained under strict security and is only to be accessed internally by the EC staff who require access as part of their role or to complete a task.
Records containing personal information will be held by EC until there is no longer a need or obligation to retain such records, after which time they will be deleted, destroyed or de‐ identified.
A record of each visit to the EC website is logged – this is a small data file known as a cookie. A cookie does not identify individuals personally, but it does identify computers. Browser setting can be adjusted to disable cookies.
The following information from cookies is recorded to compile statistical information about the use of the EC website. It is not used for any other purpose.
- IP address and/or domain name
- Operating system (type of browser and platform)
- The date, time and length of visit to the EC website
- Pages and resources accessed, as well as documents downloaded
Access and Correction
EC takes all reasonable steps to maintain the accuracy of personal information it holds. Individuals are encouraged to contact EC if the personal information held is incorrect or to notify EC if personal information has changed.
EC clients can view and change their personal details via approaching their EC clinic.
An individual may also contact EC by telephone 0400 105 462 or email email@example.com to access or update their personal information. They will be required to provide their request in writing. Access will be provided unless the request is unreasonable or the applicable privacy laws permit or require EC to decline access.
Complaints and concerns
Any concerns about EC’s handling of personal information should be directed to EC by telephone 0400 105 462 or email firstname.lastname@example.org. EC may require complaints to be submitted in writing. After EC receives all the relevant information, it will endeavour to resolve the complaint as soon as reasonably practical.
The website of the Office of the Australian Information Commissioner (OAIC) is an additional source of information www.oaic.gov.au. If an individual is not satisfied with how EC has handled their complaint, they may wish to contact the OAIC.
Privacy Act 1988 (Cth) (Privacy Act)