1. Purpose of our policy
1.1 HotDoc Online Pty Ltd ABN 84 159 662 558 (‘HotDoc’) provides the HotDoc online medical appointment booking and management services and associated technologies (‘Platform’).
(a) the general practitioners and employees of medical clinics who are customers, or potential customers, of our products and services (‘Clinic Representatives’);
(b) the patients of the medical clinics who use our Platform, and any other individuals who use our Platform or website to connect with a general practitioner (‘Patients’); and
(c) our contractors and suppliers, potential employees, and any other individuals we might deal with in the course of running our business or providing our services.
1.4 We are committed to protecting your privacy, and ensuring that the ways in which we deal with your personal information comply with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (‘Privacy Act’) and any other applicable health records legislation.
2. The types of personal information we collect
2.1 To provide our services and run our business, we need to collect personal information, being information or an opinion about an individual which is reasonably capable of identifying that individual (and which might also include their health or other sensitive information) (‘Personal Information’).
2.2 We may collect and hold your Personal Information for a range of reasons, such as to allow us to identify who an individual is before they access or use the Platform, to facilitate communications between Patients and their medical clinics, or to communicate or transact with individuals in the ordinary course of business.
2.3 If you are a Patient:
(a) most Personal Information we collect about you will be received from you directly (or your primary carer) or, to optimise the functionality of the Platform or enable us to provide services to your medical clinic, from the medical clinic which you are a patient of or have booked an appointment with; and
(b) the types of Personal Information we may collect, depending on the circumstances, include:
(c) general information such as your name, location, date of birth, Medicare details, family details including marital status, contact information (including your email address, telephone and fax number, residential, business and postal addresses), your user name for the Platform, and details of your use of, or access to, the Platform;
(d) health information such as information which might relate to your health, the health services which have been or are to be provided to you, or other information which falls within the scope of ‘health information’ as that term is defined in the Privacy Act;
(e) other ‘sensitive information’ as that term is defined in the Privacy Act (excluding health information, which is addressed above), such as information which might relate to, among other things, your racial or ethnic origin, sexual orientation or practices, criminal record or religious or philosophical beliefs. We will only collect this type of information if you provide it to us directly;
(f) details of any communications or interactions you have with a medical clinic using the Platform – for example, details of an appointment you have made, confirmed or cancelled;
(g) if you use or access our website or Platform, aggregated statistical information such as information about your online preferences and movements, location information, and other information which is typically obtained from cookies (although you can adjust your browser’s settings to accept or reject cookies). This statistical information will be collected on an anonymised basis only; and
(h) any other Personal Information you send or disclose to us, including our records of any communications or interactions we have with you.
2.4 If you are a Clinic Representative:
(a) most Personal Information we collect about you will be received from you directly, your patients or potential patients, or the medical clinic which employs or otherwise engages you. However, and depending on the nature of your relationship (or potential relationship) with us, we may also collect your Personal Information from other sources such as advertising, public records, mailing lists, contractors, our staff and our business partners; and
(b) the types of Personal Information we may collect about you include:
(i) general information such as your name, location, date of birth, contact information (including your email address, telephone and fax number, residential, business and postal addresses), your log-in details for the Platform, and details of your use of, or access to, the Platform;
(ii) financial information such as any of your bank or credit card details used to transact with us, or other financial information that allows us to transact with you or provide you with our services;
(iii) details of any communications or interactions you have with a Patient using the Platform – for example, details of an appointment that is managed using the Platform (and any related communications);
(iv) as relevant to your relationship with us, information about your online preferences and movements, location information, trends, decisions and other information which is typically obtained from cookies (although you can adjust your browser’s settings to accept or reject cookies), and other information about your preferences and purchases in relation to our products;
(v) information about your professional registration, associations or memberships; and
(vi) any other Personal Information you send or disclose to us, including our records of any communications or interactions we have with you.
2.5 If you are a contractor or supplier, potential employee, or another individual we deal with in the course of running our business:
(a) most Personal Information we collect will be received from you directly, however may also be collected from third parties such as recruitment agencies or our business partners (such as other contractors, employees, service providers or suppliers); and
(b) the types of Personal Information we might collect about you will ultimately differ based on the circumstances, but might include:
(i) your name and contact details;
(ii) your professional qualifications or skills;
(iii) details of your employment history (including details of any personal or professional references provided to us by third parties);
(iv) financial information such as any of your bank or credit card details used to transact with us; and
(v) other Personal Information you send or disclose to us, including our records of any communications or interactions we have with you.
2.6 In addition to the above, if you use or access our website or Platform, or receive subscription email communications from us, we may collect statistical information using cookies or analytical services (although you can adjust your browser’s setting to accept or reject cookies), or by using pixel tags, which enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
3. How personal information is used and disclosed
3.1 The primary purposes for which we collect Personal Information are to enable the functionality of the Platform, provide you with our services, and to support the operation of our business.
3.2 If you are a Patient:
(a) we will never sell or exploit your Personal Information, or share it for any purposes which are unrelated to providing and operating our Platform;
(b) we will use your Personal Information (including your health and other sensitive information) for the primary purpose for which we collected it (for example, to contact you to confirm an appointment booking, or to provide details of that booking to your medical practitioner);
(c) we will only use your Personal Information for secondary purposes if you have provided your consent for us to do so, or if you might reasonably expect us to do so (for example, to investigate or respond to a complaint that you have raised with us, or to verify your identity if you have forgotten your user details for the Platform);
(d) we maintain all Personal Information (especially health information) in strict confidence, and will only disclose it to third parties where:
(e) it is reasonably necessary to enable us to provide you with your use of the Platform, or to enable your medical practitioners to keep up to date records and communicate with you; or
(i) we are otherwise authorised or required to do so under relevant laws, such as if the disclosure is reasonably necessary due to law enforcement activities, or to lessen a serious threat to the life, health or safety of any individual.
(f) the types of third parties that we might disclose your Personal Information to include:
(i) the medical clinic that you have previously had, or intend to book, an appointment with; and
(ii) our service providers who support and enable us to provide our services and run our business, such as:
A. our information technology, network, software and cloud storage providers;
B. any practice management software providers which your medical practitioner uses; and
C. our external professional advisers (such as legal advisors); and
(g) if we do share or disclose your Personal Information as described above, we will always first consider whether we can reasonably de-identify or anonymise that information.
3.3 If you are a Clinic Representative:
(a) we will use your Personal Information (including your financial information) for the primary purposes of providing you with our services or enabling your use of the Platform to communicate with your patients, such as to:
(i) communicate with you about an appointment or patient communication;
(ii) monitor your use of the Platform or our services;
(iii) enable patients to book appointments or communicate with you;
(iv) verify your identity; and
(v) perform billing and payment activities;
(b) we may also use your Personal Information (including your financial information) for secondary purposes such as:
(i) communicating with you about:
A. your relationship with us;
B. our goods and services;
C. our own marketing and promotions; or
D. competitions, surveys and questionnaires;
(ii) investigating any issues or complaints about, or made by, you or another individual, or if we have reason to suspect that you or another individual are in breach of any of our terms and conditions or have been otherwise engaged in any unlawful activity; or
(iii) any other purposes which are required or authorised by any laws (including the Privacy Act);
(c) we will only disclose your Personal Information to third parties where this is reasonably necessary to enable us to operate our business or provide you with our services and the use of the Platform, or as is otherwise required or authorised by any laws (including the Privacy Act);
(d) the types of third parties we may disclose your Personal Information to include:
(i) your patients or potential patients;
(ii) any individuals or entities who access your details which are published via the Platform;
(iii) the medical clinic which employs or engages you;
(iv) our service providers such as those which provide us with:
A. our information technology, network, software and cloud storage providers;
B. the practice management software provider used by the medical clinic which employs or engages you;
C. subscription and mailing operations;
D. billing and related financial functions; and
E. our external professional advisers, such as legal advisors or accountants.
3.4 If you are a contractor or supplier, potential employee, or another individual we deal with in the course of running our business, we will only use or disclose any Personal Information that we collect for the purpose for which it was collected, or for any secondary purposes which you might reasonably expect and which are related to the primary purpose. The primary purpose of our collection can generally be determined by the circumstances in which the information was collected or submitted. For example, if you are a potential employee and provide us with your CV, we will use it for the purposes of assessing your application for employment.
3.5 The types of disclosures described in this section might also involve your Personal Information being sent to some overseas recipients (for example, to any of our service providers who are located overseas). This might currently include third parties which are located in the United States of America, though this may change from time to time.
4. Opting out
4.1 An individual may opt not to have us collect their Personal Information, or for us to de-identify any Personal Information we hold about them. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services, including via the Platform. To opt out, please contact us by email to:
(a) for Patients: firstname.lastname@example.org
(b) for Clinic Representatives: email@example.com
4.2 If an individual believes that they have received information from us that they did not wish to receive, they should also contact us on the details above.
5. Keeping your personal information secure
5.1 We will take all reasonable precautions to protect your Personal Information from unauthorised access or disclosure, or misuse or loss. This includes appropriately securing our physical facilities and electronic networks.
5.2 HotDoc uses standard industry encryption methods when storing and transferring Personal Information, and has implemented monitoring and access controls which regulate who can access particular information.
5.3 Your personal information will be stored in secure, encrypted electronic format and it will be stored in Australia.
5.4 We will not disclose an individual’s Personal Information to any entity or person outside of Australia, unless that entity or person is in a jurisdiction with a similar regime to the Australian Privacy Principles, or otherwise contractually agrees to safeguard Personal Information as we do. For example, in specific circumstances, personal information such as name and contact details may be shared with our software providers located in the United States of America. We will take all reasonable steps to ensure this personal information remains sufficiently protected.
6. How to access, correct or update your personal information
6.1 Under the Australian Privacy Principles, you have the right to request access to, or correction of, the Personal Information that we hold about you.
6.2 If you would like to make a request to access, or correct, your Personal Information which is held by us, you can:
(a) if you are a user of the Platform, update some of your Personal Information from within your Platform account or profile; or
6.3 If you cannot update or correct your Personal Information via the Platform, we will take reasonable steps to correct any errors in the Personal Information we hold about you within 7 days of receiving written notice from you about those errors, or to provide you with access to the Personal Information we hold within 28 days of a written request.
6.4 We may charge you a reasonable fee for our costs incurred in meeting any of your requests to access or correct the Personal Information we hold about you.
6.5 If we deny you access to, or we refuse your request to correct, your Personal Information, we will provide you with our reasons for this.
7. Complaints and disputes
7.1 If you have a query or complaint about our handling of your Personal Information, please contact us in writing using the details provided in section 8 below. We will aim to resolve the issue with you directly.
7.2 If you are not satisfied with our response to your complaint, you can also lodge a complaint with the Office of the Australian Information Commissioner:
(a) by phone: 1300 363 992; or
(b) online at: www.oaic.gov.au.
8. Contacting us
(a) by email: firstname.lastname@example.org; or
(b) by post:
The Privacy Officer
HotDoc Online Pty Ltd
Level 9, 525 Flinders Street
MELBOURNE VIC 3000
8.2 You may contact the Privacy Officer by email in the first instance.
9. Addition to this policy