Privacy Policy

Effective as of January 2024

 

Privacy Policy Statement

This Privacy Policy applies to Beyond The Clinic Pty Ltd (Beyond The Clinic) and is accessible to all users.

Beyond The Clinic complies with the Privacy Act 1988, underpinned by the 13 Australian Privacy Principles, along with the New Zealand Privacy Act 2020, and the Health Information Privacy Code 2020 in the collection, use, disclosure, and storage of personal information.

Updates to the Privacy Policy will be published on our website (beyondtheclinic.io).

If you have any questions regarding this Policy or our privacy practices generally, please do not hesitate to contact our Privacy Officer at admin@beyondtheclinic.io

Purpose:

The purpose of this Privacy Policy is to:

  • Give you an understanding of the kinds of personal information that we collect and hold.
  • Communicate how and when your personal information is collected, disclosed, used, held, and otherwise handled by us.
  • Inform you about the purposes for which we collect, hold, use, and disclose personal information.
  • Provide you with information about how you may access your personal information and seek correction of your personal information.
  • Provide you with information about how you may make a complaint, and how we will deal with any such complaint.

What is personal information?

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.  It includes your name, date of birth/age, gender, and contact details, as well as health information (which is also sensitive information). In this privacy policy, a reference to personal information includes sensitive/health information.  When dealing with Beyond The Clinic  this information may include (but is not limited to):

  • Date of birth
  • Gender
  • Postal address
  • Personal email address
  • Home phone number
  • Mobile phone number
  • Emergency contacts
  • Private Health Insurance membership number
  • Medicare number

‘Health information’ is a particular kind of ‘personal information’ and attracts additional privacy protection because of its sensitivity. Health Information includes information about a person’s health, disability, use of health services, or other personal information collected from someone when delivering a health service. The only Health Information collected and recorded byBeyond The Clinic is information for which you have provided your consent.

Health Information that you may choose to provide to Beyond The Clinic may include (but is not limited to):

  • Height, weight
  • Allergies / other sensitivities
  • Diagnosed chronic diseases (eg. type 2 diabetes, cardiovascular disease)
  • Medical procedures (eg. knee replacement)
  • Names of nominated healthcare professionals
  • Laboratory test (eg. ECG, blood tests)
  • Medications
  • Health Status Questionnaires
  • Surgery type & date
  • Current treatments and therapies

We may collect your information from you in a variety of ways including when:

  • we provide services to you (for example, when you use our services);
  • you visit our Website or any of our social media pages;
  • you submit your information in response to Beyond The Clinic marketing events or activities;
  • you contact us by any method, such as face-to-face, over the telephone, through an online form or portal, through a paper form or by email; or you submit information via our Platform
  • referred onto programs by treating medical professionals

We may also collect data from third parties, for example when:

  • you connect any of the following with our Platform:
    • wearables and connected fitness devices and platforms, such as Fitbit and Garmin;
    • consumer health applications; and
    • health data aggregators, such as Apple Health;
  • where you have provided consent, from your private health insurer and/or medical or health practitioner to, for example, coordinate any care requirements you may have; and
  • someone duly authorised to act on your behalf

At times we will collect personal information from a third party or a publicly available source, for example where we have your consent, where we are required by law to do so, or if it is unreasonable or impracticable to collect the personal information directly from you.

You may choose to deal with us anonymously or under a pseudonym. However, in some circumstances, anonymity or the use of a pseudonym may render us unable to provide the relevant service or reasonably conduct our business, and we may request that you identify yourself.

You may also choose not to provide us with your personal information. Depending on the circumstances in which you do so, however, we may be unable to provide you with our services as a result.

Why does Beyond The Clinic collect, use and store your  health information?

We collect, use, and store your personal information to provide you with our services which include:

  • Monitoring and assisting you to improve your health, fitness, and wellbeing (for example, sending you details of programs, tools, and service providers which may assist with your health, fitness, and wellbeing);
  • Employee management including engagement, training, performance management, payroll, superannuation, health and safety, and staff management purposes;
  • Training / Education;
  • Research;
  • Organisational Development (OD);
  • Client and Business Relationship Management.

We may also collect, use, and store your personal information:

  • for marketing purposes, in order to provide you with information about the services we offer;
  • to respond to your questions or suggestions;
  • to improve the quality of our services;
  • prevention of fraud and/or identifying and investigating any suspicious use of our Website or the Beyond The Clinic Services;
  • for our internal business and management processes, for example, accounting or auditing purposes;
  • to improve the quality of your visit to our Website or the Platform;
  • for any other purpose to comply with our obligations under the law; or
  • for any other purpose that would reasonably be expected by you.

You may opt-out of receiving marketing information by notifying us accordingly.   If you opt-out of receiving marketing information, we may still contact you in connection with the services we provide to you, such as for appointment reminders and follow-ups.

Our services, functions, and activities, as well as those of our contracted service providers, may change from time to time.

In the following circumstances, we can provide our services only by use of your health information:

  1. Providing a health-related service
  2. Responding to your enquiry/complain/request regarding such a service
  3. When providing self-assessment reports
  4. In order to adequately coordinate and manage the provision of services with healthcare professionals in specific disease management programs.

When does Beyond The Clinic collect personal information?

Beyond The Clinic may collect personal information (as described above, excluding health information) from you when you:

  1. make contact with us through our website
  2. make a purchase from the Beyond The Clinic Online Store
  3. contact our Customer Service team to make a consumer enquiry or complaint about a particular Beyond The Clinic  product or service
  4. participate in a Beyond The Clinic  product assessment panel
  5. enrol in a Disease Management Program co-ordinated by Beyond The Clinic 
  6. undertake a self-assessment questionnaire hosted by Beyond The Clinic
  7. are referred onto programs by treating medical professionals

Beyond The Clinic will collect Health Information in respect of items 3, 5, and 6 above only if you have provided your consent.  

How will health information be used?

Beyond The Clinic  will only use collected Health Information for the purposes of:

  • providing you with the service(s) that you have enrolled in
  • providing health information that may be relevant to you
  • analysing and reporting on the effectiveness and acceptability of the health services provided by Beyond The Clinic.

Beyond The Clinic  will not use any personally identifiable health data for any purpose unrelated to the purpose for which you provided it.  We may use your personal data where you are NOT identifiable from the data.  An example is your birthdate.  Where your age is relevant to an analysis made by ourselves or a third party, your name, personal address, phone number and similar identifiers will not be visible.  The user will see only that you have a certain gender, a certain age and other health-related characteristics. 

Protecting and storing your personal information

We understand the importance of keeping personal information secure and safe. Some of the ways we do this are:

  • Requiring employees and contractors to enter into confidentiality agreements;
  • Ensuring that employees abide by this Privacy Policy and are kept up-to-date on Beyond The Clinic’s security practices;
  • Implementing security measures for the transmission of personal information to our servers and any access to computer systems to protect that personal information from unauthorised access, modification, or disclosure and loss, misuse, and interference;
  • Ensuring data storage devices such as laptops, tablets, and smartphones are password protected;
  • Ensuring that our servers are located in controlled, secure environments, protected from unauthorised access, use, or alteration;
  • Providing discreet environments for confidential discussions;
  • Implementing security measures for our Website and the Platform.

Personal information may be stored in documentary form but will generally be stored electronically on our software or systems.

Who will we disclose your personal information to?

Like most businesses in Australia and New Zealand, we contract out some of our functions and rely on third-party suppliers or contractors to help us conduct our business, for example to provide specialised services such as employment services, “cloud computing” technology and data storage services, legal advice, insurance broking, security services, business advisors, and financial services. We may disclose personal information to these third parties in connection with their provision of goods or services to us.

We may also disclose your personal information to other related entities within our corporate group for our own business purposes.

We may disclose your personal information to healthcare practitioners, insurers, government agencies, private sector organisations, or other entities where required or permitted by law, which may include the following circumstances:

  • You have consented to such disclosure.
  • We believe that you would reasonably expect, or have been told, that information of that kind is usually passed to those individuals, bodies, or agencies, and it is being disclosed for a purpose related (or directly related, in the case of sensitive information) to the reason we collected the information.
  • We are required or authorised to make such disclosure by law or the requirements of any professional bodies e.g., Australian Psychological Society or other relevant guidelines relating to managing the risk of harm to self or others, and where we are required to do so in accordance with mandatory reporting laws.
  • A permitted general situation or permitted health situation (as these terms are defined in the Privacy Act) exists in relation to the disclosure.
  • We believe it is reasonably necessary for enforcement-related activities conducted by, or on behalf of, an enforcement body (e.g., police, ASIC, Immigration Department).

The persons to whom we disclose personal information are normally located in Australia and New Zealand, although personal information may be disclosed to recipients outside these regions for business operational, support, and continuity purposes. We may also use data hosting and cloud-based service providers whose operations are located overseas. In all instances where this occurs, we will act in accordance with this Privacy Policy, and any requirements we have agreed to under our customer contracts.

Third-party websites

Our Website may contain links to third-party websites. Please be aware that these third-party websites are not subject to this Privacy Policy or our privacy standards and procedures, and we are not responsible for, nor do we endorse.

Complaints or concerns:

If you have any questions, concerns or complaints about your privacy, including alleged Beyond The Clinic breaches of your privacy please contact the Beyond The Clinic:

email:  admin@beyondtheclinic.io

If you are not satisfied with the Beyond The Clinic response to your complaint or concern you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). The process for lodging a complaint can be found at https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complain