Privacy Policy

1. INTRODUCTION

We respect your rights to privacy and are very conscious of the provisions of the Privacy Act 1988 (Cth) (Privacy Act). The Privacy Act contains the Australian Privacy Principles (APPs), which cover areas including the collection, use, disclosure, quality and security of personal information. We are also conscious of the relevant health privacy principles under State and Territory legislation.

We, Azure Health Pty Ltd (ABN: 11 689 622 535), own and operate the Azure Health platform (Platform) and websites (Websites).

  1. The Platform facilitates confidential access to digital health services, including:
    • Telehealth and video consultations with registered healthcare providers such as doctors or nurse practitioners (Partner Clinicians); and
    • where clinically appropriate and after a telehealth or video consultation, the ability to fill an online prescription, including delivery of the medication by our pharmacy network (Partner Providers).
  2. This privacy policy explains what information we collect about you, how we may use and disclose it, and the steps we take in relation to security.
  3. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
  4. Special provisions apply to the collection, use and disclosure of personal information which is sensitive information. This includes health information and information about a person's race, ethnic origin, professional or trade associations, religious or philosophical beliefs, and sexual preferences.
  5. In this privacy policy, all references to personal information include sensitive information unless indicated otherwise.
  6. The Websites may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. We are only responsible for the privacy practices and security of our Websites. We recommend that you check the privacy and security policies and procedures of other websites that you visit.
  7. By providing information, you consent to us collecting, using, storing and disclosing your information in accordance with this Policy or as required or permitted by law. If you continue to use our services, we will treat your use as consent to us handling your information in accordance with this policy.

2. WHAT KINDS OF PERSONAL INFORMATION DO WE COLLECT?

We collect personal information about you from our interactions with you, including through our Websites, Platform, telephone conversations with us, e-mails, chat and written and verbal communications.

  1. The types of personal information we may collect and hold vary depending on the nature of our interaction with you and may include:
    • identifying and contact information such as your name, address, contact number and email;
    • health information such as information about your past, present or future health, the provision of telehealth services to you, and the provision of pharmacy scripts, pharmacy items and referrals. This may be information you provide to us via the Platform and, the Websites, or information provided by a Partner Clinician Doctor or Partner Provider through the Platform in the course of delivering services to you, or information provided by an external healthcare provider through the Platform in the course of referring you to us;
    • other types of sensitive information such as your gender at birth and whether you are of Aboriginal or Torres Strait Islander descent; and
    • government identifiers such as Medicare and DVA numbers and individual healthcare identifiers.
    • We may also collect de-identified information via cookies on the Websites. This information includes your browser type, operating systems and other websites visited. This information does not include any of your personal information and will not be used to link back to you individually.
  2. We may collect personal information about a range of individuals, including:
    • patients;
    • your next of kin or carer (Representative);
    • healthcare providers, including Partner Doctors and Partner Providers;
  3. If you are a patient, we primarily collect personal information about you from:
    • you, when you use the Platform and/or the Websites;
    • you, when you contact us (whether by telephone, email, chat or through the Platform or Websites);
    • any person who, on your behalf and with your consent, provides information about you such as your Representative; and
    • any Partner Doctor or Partner Provider from whom you obtain services through the Platform.
  4. If you engage with us as a Partner Doctor or Partner Provider, we may also collect personal information about your skills, qualifications and experience. Further details of this will be outlined in the Contractor Agreement or other agreements we have with you upon registering as a Partner Doctor or Partner Provider with InstantScripts.
  5. We may also collect personal information about you from third parties such as from Google, Facebook and Apple if you use these platforms to login to the Platform.
  6. This information may be collected by medical and non-medical staff.

3. WHY DO WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION?

In general, we collect, hold, use and disclose your personal information for the following purposes:

  • to provide health services to you;
  • to communicate with you in relation to the health service being provided to you;
  • to comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation;
  • to help us manage our accounts and administrative services, including billing, arrangements with health funds, and pursuing unpaid accounts;
  • for consultations with other doctors and allied health professionals involved in your healthcare;
  • for identification and insurance claiming;
  • If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system;
  • Information can also be disclosed through an electronic transfer of prescriptions service;
  • to liaise with your health fund, government and regulatory bodies such as Medicare, the Therapeutic Goods Administration, Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary;
  • for future research purposes, should you provide consent to participate in research through the Platform. Any information used for research purposes will be de-identified information;
  • we will treat your personal information as strictly private and confidential.

4. WHEN, WHY AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

  1. We share your personal information with our related bodies corporate (as defined in the Corporations Act 2001 (Cth)) to enable us to conduct our business and provide the Platform, Websites and our services.
  2. We also share your personal information with third parties, including:
    • persons or organisations engaged by us to assist us in carrying out the above purposes such as data storage providers, IT support providers, payment systems operators, providers of targeted online advertising and delivery partners; and
    • Partner Doctors and Partner Providers who provide services to you through the Platform, to enable them to deliver the products and services that you request from them through the Platform.
    • Healthcare assessment and accreditation providers with your consent, to enable them to assess and certify the services we provide.
    • When it is required or authorised by law (e.g., court subpoenas).
    • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent.
    • To assist in locating a missing person.
    • For the purpose of a confidential dispute resolution process.
    • When there is a statutory requirement to share certain personal information (e.g., some diseases require mandatory notification).
    • During the course of providing medical services, through eTP, My Health Record (e.g., via Shared Health Summary, Event Summary).
  3. We do not share your personal information with other healthcare providers or pharmacists who are unconnected to the Platform, without your explicit consent.
  4. We require Partner Doctors and Partner Providers who provide services through the Platform to take reasonable steps to protect personal information from unauthorised loss or unauthorised access or use. Those Partner Doctors and Partner Providers may be required to take further steps to protect personal information under the professional regulations applicable to them.
  5. You acknowledge and agree that, should we sell, merge or otherwise change control of our business, our company, the Platform or the Websites to a third party, we shall be permitted to disclose your personal information to the third party without giving notice or seeking prior consent from you. We shall also be entitled to assign the benefit of any agreements we have with you to the third party.
  6. We may disclose de-identified information to third parties for the purposes of reviewing the quality of services delivered and conducting clinical research.
  7. If research-focused third parties solicit identifiable information from us, we will only provide identified data if:
  • the primary objective is for medical research purposes;
  • we are satisfied privacy and confidentiality requirements (including any requirements under the Privacy Act 1988 (Cth)) have been satisfied; and
  • the research has been approved by a Human Research Ethics Committee, or you have expressly given your approval for the information to be accessed, used or disclosed for such research purposes.

5. HOW CAN YOU ACCESS AND CORRECT YOUR PERSONAL INFORMATION?

You have a right to seek access to, and correction of the personal information which we hold about you. For details on how to access and correct your health record, please contact our practice as noted below under ‘Contact Details’. We will normally respond to your request within 7 days.

  1. Your rights in relation to the personal information held by us about you include:
    • Access: You can request a copy of your information, and to ask for it in a format that can be easily reused or transferred to another person or trusted healthcare provider.
    • Correct: You can ask us to correct or update your information.
    • Complain: You can express your concerns or complaints to us about your privacy or the way we are handling your personal information. We take your concerns seriously and will consider or investigate your complaint and endeavour to respond to your complaint within 14 days.
    • Closing your account: If you would like to close your Personal Account or Family Account, please access the “My Profile” section of the Platform and select “Delete Account”. You can also email us at support@azurehealth.com.au. If you request that your Personal Account or Family Account be closed, the details you have provided and all information relating to your Personal Account or Family Account will be archived and stored securely for up to 7 years. If you request deletion of your data, our ability to comply with such requests may be limited by local law, in accordance with Health Records Act 2001 (Victoria), Principle 4 Data Security and Data Retention.
  2. We will generally provide you with access to your personal information if practicable, and will take reasonable steps to amend any personal information about you which is inaccurate or out of date. In some circumstances and in accordance with applicable privacy laws, we may not permit you access to your personal information, or may refuse to correct your personal information, in which case we will inform you about the reason for this decision.
  3. If you are not satisfied with the way we handle your query or handle your personal information (including our response to your request to access or correct your personal information), you have a right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by visiting the OAIC website. If your complaint relates to the handling of your health information and you reside in Victoria, New South Wales or the Australian Capital Territory, you can lodge a complaint with the relevant State/Territory health complaints commissioner.

6. HOW DO WE HOLD YOUR PERSONAL INFORMATION?

Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure.

6.1 STORAGE OF PERSONAL INFORMATION

  1. In order to help prevent unauthorised access, use or disclosure, we have put in place reasonable physical, electronic and managerial procedures to help safeguard and secure the personal information we collect.
  2. We store the personal information we collect and use Transport Layer Security (TSL) to provide users with secure and private access.
  3. We take reasonable steps to protect your personal information, including the following:
    • Password protection: You are required to set up a secure password to use the Platform. The Platform does not permit automatic log-ins without that password. If you need to change your password, we use authentication methods to make sure it is you.
    • Secure storage and handling: We use a combination of firewall barriers, encryption techniques, data segregation techniques, backup and authentication procedures to help maintain the security of the Platform and to protect your account and your personal information.
    • Interoperability: We comply with robust interoperability requirements that aim to protect the flow and transfer of your data.

6.2 THIRD PARTY INTEGRATION

To be able to deliver our services, we use third parties (known as sub-processors in the context of the GDPR). A list of these third parties is set out below, and we maintain this list regularly. Some of our service providers are located overseas, including in the United States and New Zealand. When we disclose personal information to these providers, we take reasonable steps to ensure it is handled in accordance with Australian privacy laws.

6.2.1 Sub processors

Entity Corporate Location Activities
Amazon Web Services,Inc (AWS) United States Web hosting
Cin7 United States Inventory Management
Google LLC United States Analytics

6.2.2 Accounting software

Entity Corporate Location Activities
Xero New Zealand Accounting integration

6.2.3 Clinical modules

Entity Corporate Location Activities
Halaxy Australia Clinical Operations
eRx Australia Script Prescription
Heidi Australia Medical Scribe Software

6.2.4 Communication tools

Entity Corporate Location Activities
Mailchimp United States Emails and Email Campaigns
Coviu Australia Online Consultations

6.2.5 Payments

Entity Corporate Location Activities
ZAI Australia Online payments
Halaxy Australia Online payments (Medical Services)

6.3 COOKIES AND TRACKING TECHNOLOGY

  1. In common with many other website operators, we may use a standard technology called ‘cookies’ on our Websites. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive and they are used to record how you navigate the Websites on each visit.
  2. We also use internal tracking technology to record how you navigate the Websites on each visit.
  3. Cookies that are used in any part of our Websites will not be utilised for collecting personally identifiable information and will only be used for internal management purposes.
  4. Most browsers automatically accept cookies, but you can usually change your browser to prevent cookies being stored. Please note, if you do turn cookies off this will limit the service that we are able to provide to you.

7. MARKETING AND PROMOTIONS

  1. When you sign up to use the Platform, and unless you subsequently opt out, you consent to us using your personal information for marketing and promotion purposes.
  2. If you consent to us using your personal information for these purposes, we may, from time to time, send you information in relation to products, services or other offers we think may be of interest to you, including to tell you about the services we offer on the Platform and the products and services offered by third parties. We will contact you via the preferred communication method you nominate through the Platform.
  3. We may use internal tracking technology to send you more relevant information in relation to products, services or other offers.
  4. We use third party vendor remarketing services such as Google’s ‘Analytics and Mailchimp. This means if you have provided us with your contact details, unless you opt out of receiving direct marketing from us, we may upload these to third-party vendors who perform remarketing services on our behalf.
  5. We do not sell or disclose your information to third parties to market their products or services to you.
  6. You can opt out of marketing communications at any time by using the unsubscribe facility in the relevant message or contacting our privacy officer using the contact details set out at the start of this privacy policy.

8. PRIVACY-RELATED QUESTIONS AND COMPLAINTS

If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see below for details). We will normally respond to your request within 30 days. If you are dissatisfied with our response, you may refer the matter to the OAIC.

9. UPDATES TO THIS POLICY

This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the Platform website https://azurehealth.com.au/.

10. CONTACT DETAILS FOR PRIVACY-RELATED ISSUES

If you have any queries or complaints about our Privacy Policy, please contact us at:

  • Phone Number: 1300 020 224
  • Email: support@azurehealth.com.au
  • Online: https://azurehealth.com.au/
  • Postal Address: c/o Azure Health 1/51-57 Merrindale Drive, Croydon South, VIC, 3136