1stGroup Limited – Policies and Procedures
AVL Privacy and Data protection
1stGroup Limited (ACN 138 897 533) (1stGroup, we, us, our) owns and operates the website MyHealth1st.com.au, an online healthcare appointment bookings platform.1stGroup also owns and operates related platforms PetYeti (petyeti.com.au), Clinic Connect (clinicconnect.com.au) and Doc Appointments (Docappointments.com.au). Together, our platforms offer appointment booking and resource management solutions to a variety of practices including medical and healthcare practices, dentists, vet clinics, pharmacies, etc. (Practices).
In the course of providing services to you through our various platforms, 1stGroup collects personal information. We are bound by the Privacy Act 1988 (Cth) and comply with our obligations under the Australian Privacy Principles.
1stGroup takes your privacy seriously. This policy lets you know how we treat personal information that we collect and receive about you.
If you have any questions about this policy or about your privacy generally, please contact our Privacy Officer using the contact details below.
What information does 1stGroup collect, and how do we collect it?
We collect personal information about you to enable you to make a booking with a Practice. Some of the information we collect may be considered sensitive, where it relates to your access to healthcare services.
As far as possible, we collect personal information directly from you.
Personal information is any information about you, from which you can be identified. Examples of personal information might include your name, address or phone number, or even an opinion about you.
As far as possible,1stGroup collects personal information directly from you when you sign up to use one of our platforms, make a booking via one of our platforms, or otherwise provide us with information.
The personal information we collect from you usually includes your full name, date of birth, gender, email, phone number, and postcode. We also collect any personal information that you volunteer when you provide us with notes or details about a specific booking, feedback about our services, or when you respond to a customer survey or questionnaire.
If you attend an appointment at a Practice which you booked using one of our platforms, we may receive information about you from the Practice, such as your on-time attendance at the appointment, or your cancellation record.
If your Practice accepts payment via our platform, we may collect your credit card details so you can make payment at the time of booking.
Sensitive Information is a subset of personal information which requires a higher standard of protection under the Australian Privacy Principles. Information about an individual’s access to healthcare services is considered sensitive information. We keep a record of the appointments you have booked using our platforms, and your attendance at those appointments, which may in certain circumstances be considered sensitive information.
We also collect information about individual Practitioners when their Practice registers to use our services. This information is provided to us by the Practice, and usually includes the Practitioner’s name, photograph, and appointment availability which we publish on the relevant platform. We may also collect practitioner information from third parties, for instance when we receive feedback from a patient about their booking experience.
What about information collected from 1stGroup websites and applications?
We collect information from your devices when you visit our website or use our platform to make a booking using our platforms. However, this information will not be used to identify you.
We collect general information about your access to and use of our platforms for example, web browsing information, IP address information, devices used to make a booking and GPS location. Unless you are registered with our platform, this information is aggregated and anonymous (except for security reasons, or for the purpose of investigating and preventing fraud). Where you have a registered MyHealth1st account, we collect information on your access and use of our platform.
What does 1stGroup do with your personal information?
Our main purpose for collecting your personal information is to facilitate the booking between you and a Practice. We only use your personal and sensitive information for the purposes set out in this policy.
We collect, hold, use and disclose your personal information to:
- provide you with our bookings service, and any other products, information or services you have requested from our platforms;
- create an account for you if you register with us;
- contact you about your use of our platforms, to confirm a booking, or send booking reminders by email or SMS;
- contact you to request feedback about our services, or your participation in a survey or questionnaire
- process payments;
- report to Practices about patient use of our platforms;
- communicate with you about our products and promotional offers, or those of third parties that we think may be of interest to you, including by direct mail;
- administer our platforms;
- evaluate and improve our service to you; and
- compile anonymised, statistical demographic information on the use of our platforms and the use of healthcare and related services in Australia.
We may also use your information to comply with legislative or regulatory requirements, and to investigate and prevent fraud, crime or other activity that may cause harm in relation to our platforms or services.
Does 1stGroup share personal information with third parties?
We share your personal information with the Practice with whom you have requested a booking, to facilitate that booking. We also disclose personal information to our service providers and strategic partners, but only in the manner described in this policy. We will not otherwise disclose your personal information unless we have your permission.
We disclose personal information to….
Where a Practice requires a prepayment or credit card pre-authorisation, we will provide your credit card details to a secure payment processing provider in order to process the payment.
Our Service Providers
We use a range of service providers (for example, IT service providers, web hosting providers, secure SMS service providers and secure payment gateway providers) to help us deliver our platforms. Where we disclose personal information to our service providers, we will make sure they are required to have in place appropriate controls to protect your personal information, and only use your personal information for authorised purposes.
Our Strategic Partners
MyHealth1st has various strategic relationships with a number of complementary service providers (Partners). Sometimes when we conduct surveys or questionnaires, we ask questions on behalf of our Partners. We disclose your answers to these questions to the relevant strategic partner, but only if we have your permission to do so. Remember, your participation in these surveys or questionnaires is entirely voluntary.
Again, where we disclose personal information to our Partners, we will make sure they are required to have in place appropriate controls to protect your personal information, and only use your personal information for authorised purposes.
We may publish feedback, comments, reviews or testimonials provided by you on our website or in promotional material in order to promote our Services. However, we will not publish any comments which might identify you or disclose your name or contact details for this purpose without your permission.
We may also disclose your personal information if required by law (for example to government bodies and law enforcement agencies).
At present all of our Practices, Partners and service providers are based in Australia and so it is unlikely that we will need to provide your personal information to any persons or organisations located outside of Australia.
What about direct marketing?
1stGroup will occasionally contact you by email to let you know about our products and special offers, including those of our Partners which we think might interest you. If you don’t want to receive these communications, you can always opt out.
Each email marketing message we send you will include an unsubscribe link. You can opt out at any time from receiving e-mail marketing messages from us by clicking on the unsubscribe link in the e-mail message.
How does 1stGroup keep personal information secure?
We take reasonable steps to ensure that any information which we hold about you is kept secure.
We take appropriate measures to ensure the personal information collected, used and stored by us is kept secure, accurate and kept up to date and only for so long as necessary for the purpose for which it was collected.
Our servers are kept in a secured data center environment, and PCI vulnerability scans are carried out by us or our Partners and services providers.
All of our online forms are protected by encryption. We also use a secure server and external payment processing providers when you make a payment via our website or to store credit card details. We do not store complete credit card details on any of our systems.
Do you want access to your personal information?
If at any time to know what personal information we hold about you, you can contact our Privacy Officer.
You have a right to request access to any personal information we hold about you, and we will only refuse your request in exceptional circumstances (for example if granting access would infringe another person’s privacy).
If you make a personal information access request, we will require you to provide some form of identification (for example a driver license or passport) so we can verify that you are the person to whom the information relates. In some cases we may charge an administrative fee to cover the costs of granting access.
If you wish to make a personal information access request, please contact our Privacy Officer using the details below.
Is your personal information incorrect of out of date?
If your personal details change, please help us to keep your information up to date by notifying us.
If you believe information we hold about you is incorrect or out of date, please contact our Privacy Officer using the details below.
If you have a complaint about the way we handle your personal information, we want to know about it!
If you would like to make a complaint in relation to how we have handled your personal information or about a breach of the Australian Privacy Principles please provide a written summary of the complaint to us on the contact details below.
We will investigate your complaint and will endeavor to provide you a written response within 45 days of receiving your complaint. We take your complaints seriously, and will attempt to resolve the issue quickly and fairly.
If we cannot resolve your complaint to a satisfactory standard, you are entitled to lodge your complaint with the Australian Information Commissioner, or his successor: http://www.oaic.gov.au/privacy/making-a-privacy-complaint
Changes to this Policy
Contact our Privacy Officer
If at any time you want to contact us, access your information or make further enquiries about your privacy, please contact our Privacy Office by email to privacy@MyHealth1st.com.au or mail to Level 2, Suite 2C, 2-12 Foveaux Street, Surry Hills, 2010.
Last Updated 29 March 17