The Australian Privacy Principles (AAPs) establish requirements for the way entities collect, store and use an individual’s personal information. Our aim is to provide an online environment which will ensure the information you provide to us is handled in a secure, efficient and confidential manner. Details of what we collect and how it is used are contained in this policy. By using any of our services, visiting our website (myhealthtest.com or any sub-domain including for example results.myhealthtest.com) or giving us your personal information, you agree to your information being collected, stored, used and disclosed on the terms set out in this Policy.
MyHealthTest Pty Ltd
Attn: Privacy Officer
(02) 6145 2147
What we collect
- We may collect personal information from you in the course of your use of this website if you input any personal information into the website.
- The types of personal information that we collect include:
(a) your name, date of birth and other personal information such as your gender;
(b) your contact information, such as email addresses, contact and delivery addresses and phone numbers;
(c) your credit card and bank account details;
(d) information that you provide for the purpose of registering with this website and the transactions carried out over this website by you;
(e) your preferences and feedback for the purpose of subscribing to website services and marketing material;
(f) information about your use of this website;
(g) records and content of any communications between us and you; and
(h) any other personal information provided by you to us in the course of you using this website or us providing any goods or services to you.
- We generally collect your personal information directly from you. For example, we may collect personal information about you when you deal with us over this website, or the telephone or when you send us correspondence (whether by letter, fax or email), subscribe electronically to our publications or when you have contact with us in person.
- We may collect personal information from a third party where it is unreasonable or impractical to collect the information directly from you. These third parties may include an organisation with whom you have dealt with or which maintains a public record, or a credit reporting agency.
- Like most websites, we also collect cookies from your computer, which enables us to tell when you use the website and also to help customise your website experience (your likes, dislikes and needs for example). Cookies are pieces of information that a website can transfer to an individual’s computer. A cookie does not and cannot provide us with access to your personal computer or any information about you that you have not provided to us on our website.
- We use traffic log cookies to identify which pages are being used. This helps us improve our website in order to tailor it for your needs. We use this information for statistical analysis purposes and then the data is removed from the system. Your website browser can be set to reject cookies or to prompt you each time a website wishes to add a cookie to your browser.
Why we collect personal information
- We collect and use your personal information so that we can:
(a) establish your identity and assess requests for goods and services;
(b) send to you products and related information that you purchase or are entitled to;
(c) supply to you services that you purchase or are entitled to;
(d) send to you statements and invoices and collect payments from you;
(e) contact you, including sending you marketing communications (including newsletter subscriptions, market research and customer feedback);
(f) conduct and improve our businesses and improve the customer experience;
(g) use it (in a de-identified form) for the purpose of research, or the compilation of statistics, relevant to public health, public safety or workplace testing;
(h) comply with any legal obligations we may have;
(i) use the personal information in relation to any proceedings (whether commenced by you or against you and whether we are also a party to those proceedings); and
we may also collect and use your information in other ways where permitted by law.
- You may decide not to provide your personal information. If you decide not to do this, then we may not be able to provide you with goods and services.
- Providing us with some personal information is optional (we will tell you when such information is optional). However, if you do not provide us with certain types of personal information, you may be unable to enjoy the full functionality of the website, our goods and services.
- We may also need to collect ‘sensitive information’ which is defined in section 6 of the Privacy Act 1988 (Cth). Sensitive information is a type of personal information which can include health information for example:
(a) genetic information;
(b) notes of an individual’s symptoms or diagnosis and the treatment given;
(c) specialist reports and test results; and
(d) an individual’s healthcare identifier.
- We will only collect sensitive information about you if:
(a) you have consented; or
(b) the collection is required by law; or
(c) a permitted general situation exists.
- We may collect health information about you if:
(a) the information is necessary to provide a health service to you;
(b) the information can be de-identified and used in that form for the purpose of research, or the compilation of statistics, relevant to public health, public safety or workplace testing; or
(c) the information is collected as required or authorised by or under law or in accordance with binding rules established by competent health bodies that deal with obligations of professional confidentiality.
- For the purpose of paragraphs 11 and 22, a ‘permitted general situation’ is defined in section 16A of the Privacy Act 1988 (Cth) and includes:
(a) where we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that the collection, use or disclosure is necessary for us to take appropriate action;
(b) we reasonably believe that the collection, use or disclosure is reasonably necessary to assist in locating a person who has been reported missing; or
(c) the collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim.
Collection of third party personal information
- If you provide us with the personal information of a third party (“authorised recipient”) for the purpose of receiving any products or services, test results, communications, or any other information from us (including your own personal information or sensitive information), you warrant and represent that:
(a) you have obtained the authorised recipient’s consent to provide us with their personal information; and
- We have processes in place to ensure the security of your personal information, including encryption of all data when it is transferred to our service providers and limitations on access to personal information within our organisation.
- We will take reasonable steps to protect the personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.
- We will de-identify or destroy personal information collected when we no longer need the information for the purposes outlined above or after a period of 7 years in accordance with the requirements established by relevant government bodies.
Use and Disclosure
- We may use and disclose your personal information for any of the purposes listed above.
- We may use and disclose, and you consent to us using and disclosing, your personal information to third parties:
(a) who are engaged by us to provide goods or services, or to undertake functions or activities on our behalf (for example, processing payment information, marketing, research or managing databases);
(b) who are your authorised recipients (as defined above in clause 14);
(c) that are our business partners, joint venturers, partners or agents; or
(d) as required or permitted by law.
- We will only use or disclose sensitive information about you:
(a) for the purpose for which it was initially collected (or a directly related purpose, including providing it to an authorised recipient as defined above in clause 14 pursuant to your instructions, or the related purpose of enquiring as to whether you would like any follow-up services from us);
(b) if it has been de-identified and can be used in that form for the purpose of research, or the compilation of statistics, relevant to public health or public safety;
(c) as required or permitted by law; or
(d) if you have consented.
- We will not use or disclose any personal information for a purpose (other than those listed above) (‘a secondary purpose’) unless:
(a) we have your consent;
(b) you would reasonably expect us to use or disclose the information for the secondary purpose
(c) the use or disclosure of the information is required or authorised by or under an Australian Law; or
(d) a permitted general situation exists.
Access and Correction
- It is important that you ensure that your personal information is kept up to date at all times. If you require access to your personal information or require the correction of your personal information, please contact us at the details listed at the beginning of this Policy.
- We reserve the right to charge a fee for searching for, and providing access to, your information on a per request basis.
- Despite the above paragraph, we are not required to give you access to personal information if any of the circumstances detailed in clause 12.3 of Schedule 1 of the Privacy Act 1988 (Cth) exist.
- Where you request that we correct the personal information we hold about you, we will take such steps (if any) as are reasonable in the circumstances to correct the information. We are entitled to refuse to correct the personal information, provided we give you written notice containing the reasons for the refusal.
- The website is not hosted in Australia. For that reason, we transfer all data on the website (including all personal information) to our hosting service provider in the United States of America and Singapore. You hereby consent to this transfer. Where we disclose information to an overseas entity, we will take reasonable steps to bind that entity to the APPs.
- Direct marketing occurs where entities use the personal information they collect to market related or other goods and services to the individual who provided the information. A common example is where an organisation emails individuals a subscription newsletter.
- We may use or disclose personal information for the purpose of direct marketing. We will only use or disclose sensitive information for the purpose of direct marketing if you have consented.
- You are entitled to request not to receive direct marketing communications from us by contacting us on the details listed at the beginning of this Policy or by clicking “Unsubscribe” where available. We will give effect to any such request.
Changes to this Policy
- We encourage you to check our Policy from time to time to ensure that you understand and agree with the changes that are made. If you have objections to this Policy then you should not access or use our website, or order our goods or services.
- We reserve the right to make amendments to this Policy from time to time.