Privacy policy.

Last updated 20 May 2021

PRIVACY ACT AUSTRALIA

In compliance with the Privacy Amendment (Private Sector) Act 2000, we have developed a Practice Privacy Policy that governs the handling of your personal information. Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained, from the information or opinion (P57 Guidelines on Privacy in the Private Health Sector, Office of the Federal Privacy Commissioner – October 2001). The Federal Privacy Act incorporates the Australian Privacy Principles (APPs) that set out the rules for the handling of personal information in the private health sector. In the interests of providing quality health care this practice has implemented a privacy policy that complies with the Privacy Act (1988) and the APPs (2014)

COMMUNICATION
We aim to explain clearly how personal information about you and your health is recorded and managed in this practice. Your practitioner will be happy to discuss this with you the ways in which this practice complies with the Australian Privacy Principles are set out below.

COLLECTION
It is necessary for us to collect personal information from clients/patients and sometimes others associated with their health care in order to attend to their health needs and for associated administrative purposes. We ask clients/patients their consent for information collection on our intake form on their first visit.

USE & DISCLOSURE
A client’s/patient’s personal health information is used or disclosed for purposes directly related to their health care and in ways that are consistent with a client’s/patient’s expectations. In the interests of the highest quality and continuity of health care this may include sharing information with other health care providers who comprise a client’s/patient’s health care team from time to time, this includes GP’s, practice nurses, registrars and students, allied health professionals, support staff. The use of this data is determined by what is required for client/patient care. In general, a client’s/patient’s health information will not be used for any other purposes without their consent. There are circumstances when information has to be disclosed without client/patient consent, such as:

  • Emergency situations

  • By law it may be necessary to disclose information about a client/patient to fulfill a medical indemnity insurance obligation – e.g. mandatory reporting of some communicable diseases

  • Provision of information to private health funds if relevant for billing and medical rebate purposes

  • There are also necessary purposes of collection for which information will be used beyond providing health care, such as professional accreditation, quality assessments, clinical auditing, billing, service monitoring activities, improving the administration of the practice and disclosure to a clinical supervisor.

  • The individual’s privacy is protected by federal privacy legislation and State privacy legislation. This practice does not send data / information to locations outside of Australia.

STORAGE
The storage, use, and where necessary, transfer of personal health information will be undertaken in a secure manner that protects client/patient privacy. It is necessary for the practice to keep client/patient information after a client’s/patient’s last attendance for as long as is required by law (7 years or until a minor turns 25 years) or is prudent having regard to administrative requirements. Data will only be accessible to authorized personnel involved in client/patient care or administration of that care. Any data to go to a third party will be discussed with the client/patient involved and the client’s/patient’s consent will be obtained and documented.

ACCESS & CORRECTION
Clients/patients may request access to their personal health information held by this practice or its transfer to another health provider. All requests for access to personal health information will need to be made in writing. The Bing’s Natural Health Director will review and manage the request.
This practice acknowledges the right of children and young people to privacy of their health information. Based on the professional judgment of the practitioner and consistent with the law, it might be necessary at times to restrict access to personal health information by parents or guardians.
Bing’s Natural Health encourages clients/patients to ensure that information held is accurate and up to date and to amend any information that is inaccurate. A charge may be payable where the practice incurs a cost in providing access. This is for administrative costs such as photocopying, etc.
Where access is restricted or denied, the reason for this will be explained to the client/patient by their regular Bing’s Natural Health practitioner.

IDENTIFIERS
These are numbers or symbols that are used to identify clients/patients with or without using a name e.g. Medicare or DVA numbers. The practice will limit the use of identifiers assigned by other agencies to those uses necessary to fulfill our obligations to those agencies e.g. Medicare claims.

ANONYMITY
A client/patient has the right to be dealt with anonymously, provided that this is lawful and practical. However in the health context this is unlikely to be practical and may in some circumstances impact of the quality of care and treatment. All requests of this nature will be referred to the Bing’s Natural Health Directors.

ANY CONCERNS
Bing’s Natural Health recognises the right of client’s/patient’s to raise their concerns about privacy and confidentiality. Clients/patients are asked to contact a Bing’s Natural Health Director if they have any concerns regarding the collection, use or disclosure of the personal health information. The best way to deal effectively with concerns and complaints is to communicate openly and respectfully. We will endeavour to acknowledge your complaint within two working days of receiving it. Where possible, a response to your complaint will be provided to you within 14 days of the date we acknowledge your complaint. Where this is not possible, due to the complexity of your complaint or other factors, we will keep you informed.

Website analytics We may also partner with selected third-party vendors, such as Google Analytics so allow tracking technologies and remarketing services on the Site through the use of first party cookies and third-party cookies, to, among other things, analyze and track users’ use of the Site to determine the popularity of certain content and better understand online activity. By accessing the Site you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors. However, if you do not want any information to be collected and used by tracking technologies, you can visit the third-party vendor 

You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.

We may use third-party advertising companies to serve ads when you visit the Site These companies may use information about your visits to the Site and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.

Financial Data We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor Stripe. Stripe are Payment Card Industry (PCI) audited annually in line with current regulations, and have been given a PCI Service Provider Level 1 certification.

This is the most stringent level of certification available in the payments industry. The system is set up so that when a customer enters their credit card number, our website never actually receives the CC information, instead we receive a token which is used for that unique transaction. Therefore any credit card numbers stolen would require a breach of Stripe’s security levels which are much more stringent than we could achieve with security on our site. There’s more information here https://stripe.com/docs/security/stripe and you are encouraged to review their privacy policy and contact them directly for responses to your questions.

USE OF YOUR INFORMATION Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Site to:

  • Compile anonymous statistical data and analysis for use internally or with third parties.

  • Create and manage your account.

  • Deliver targeted advertising, coupons, newsletters, and other information regarding promotions and the Site to you.

  • Email you regarding your account or order.

  • Enable user-to-user communications.

  • Fulfill and manage purchases, orders, payments, and other transactions related to the Site.

  • Generate a personal profile about you to make future visits to the Site more personalized.

  • Increase the efficiency and operation of the Site

  • Monitor and analyze usage and trends to improve your experience with the Site

  • Offer new products, services and/or recommendations to you.

  • Perform other business activities as needed.

  • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.

  • Process payments and refunds.

  • Resolve disputes and troubleshoot problems.

  • Respond to product and customer service requests.

  • Send you a newsletter.

  • Solicit support for the Site

SECURITY OF YOUR INFORMATION We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.