MEDICROSS MEDICAL PTY LTD

PRIVACY POLICY

1. INTRODUCTION

1.1 Medicross Medical (Medicross, we, us and our) is a network of independent medical centres operated and serviced from various locations under the Medicross Medical brand to ensure the provision of comprehensive primary health care, quality medicine and excellent patient services to optimise health outcomes and patient satisfaction.

1.2 Medicross collects stores and uses personal information to conduct its business.

1.3 Medicross respects and upholds your rights to privacy established by the Privacy Act 1988 (Act).

1.4 The Act incorporates the Australian Privacy Principals which regulate how Medicross collects, uses, disclose and stores personal information including health information and how you may access and correct that information.

1.5 This policy describes how Medicross handles your personal information.

2. DEFINITIONS

2.1 In this policy “Personal Information” and “Sensitive Information”, which includes “Health Information”, have the same meaning as under the Act.

3. COLLECTION OF YOUR PERSONAL INFORMATION

3.1 We only collect personal information necessary to be able to provide proper medical treatment and care to our patients.

3.2 The types of information we may collect from you include: (a) your full name; (b) your date of birth; (c) your postal address; (d) your email address; (e) your telephone numbers; (f) your occupation; (g) health fund details; (h) your Medicare number; (i) pension or other concession details; (j) your medical history, test results, diagnoses, prognoses and treatments; (k) names and telephone numbers of people to contact in case of emergencies; (l) banking details to enable the processing of accounts; and (m) proof of identity information and documentation including copies of your driver’s license, passport or birth certificate.

4. HOW WE COLLECT YOUR PERSONAL INFORMATION

4.1 We will collect your personal information from you directly by: (a) asking you questions and writing down the answers on a medical chart; (b) recording the information you provide telephonically or electronically by email or visiting our website;(c) asking you to complete forms and provide documents to us that contain personal information; (d) asking an authorised person such as an attorney or your next of kin; and (e) acquiring it from another health service provider who you have authorised to provide the information.

5. WHAT WE DO WITH YOUR PERSONAL INFORMATION

5.1 We will only use your personal information for the purposes for which we collect it unless: (a) we require it for another purpose directly related to the purpose for which we have collected it and you reasonably expect, or we have told you, that we will use the information for that purpose; (b) you have consented to us using the information for another purpose;(c) we are required or authorized by law to use the information for another purpose; or (d) disclosure was reasonably necessary for the enforcement of the law.

5.2 The following are examples of how we may use and/or disclose your personal information: (a) to properly inform ourselves so you receive the best possible treatment;(b) to inform other health service providers involved in your treatment so they can treat you properly; © to supply details of treatment options to you;(d) to convey information to an attorney, guardian or carer;(e) to convey information to close family members in accordance with accepted custom; (f) to make and complete Medicare and Health Insurance claims; (g) for billing and fee recovery; and (h) to manage and respond to patient complaints and claims including, where necessary briefing insurers and lawyers.

and with your consent:

(a) to communicate promotional offers to you including those of medical practices within our network; (b) for marketing including marketing the services of medical practices within our network; and (c) for planning and to improve the services we offer to our patients.

5.3 By submitting your personal information to us, you expressly consent to the disclosure, transfer, storage or processing of your personal information outside of Australia (e.g. in a cloud). In providing this consent, you understand and acknowledge that countries outside Australia may not have the same privacy protection obligations as Australia in relation to personal information.

5.4 By submitting your personal information to us, you expressly consent to us using your personal information for marketing and to provide you with details of promotional offers, including those offered by medical practices within our network, marketing initiatives and to plan and improve the services we offer our patients.

5.5 If you wish to withdraw your consent, given to us in paragraph 5.4, you should notify us in writing, whereafter we will action your request within 5 business days.

6. DATA SECURITY

6.1 We store personal information: (a) in paper based and other hard copy documents both at our office and at off site secure storage facilities; and (b) in electronic records, in a controlled and secure environment including clouds located offshore.

6.2 Those records are only accessible by those persons who require access to the personal information for the purposes for which you provided it to us.

6.3 We will take all reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure.

6.4 We will destroy or de-identify personal information when our legal obligations to retain the information have expired and the information is no longer needed by us.

7. PSEUDONYMITY OR ANONYMITY

7.1 You have the option of not identifying yourself, or of using a pseudonym, when dealing with us, provided it is lawful and practical to do so.

8. ACCESS TO YOUR PERSONAL INFORMATION

8.1 Except in exceptional cases established by law, you may request access to the personal information we hold about you by writing to our Privacy Compliance Officer at the address below. You do not have to provide a reason for requesting access. If we hold personal information you are entitled to access, we will endeavour to provide you with a suitable range of choices as to how you may access that information (e.g. post or collection). We will respond to your request within 30 days.

8.2 If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, you can ask us to amend it. We will consider your request and: (a) if we agree that the information we hold is inaccurate, we will amend it; or (b) if we do not agree, then we will add a note to the personal information stating that you disagree with its accuracy.

9. YOUR CONSENT

9.1 By agreeing to be treated by us, you are agreeing to our collection, disclosure, use and storage of your personal information in accordance with this policy. We may revise this policy from time to time within our absolute discretion. Your continued use of our services or your continued dealings with us shall be deemed to be your agreement to and acceptance of the terms of this policy.

10. OUR CONTACT DETAILS

10.1 If you do not agree with any part of this policy or if you have any questions about this policy or if you have any complaint regarding the treatment of your privacy by us, please contact us in writing using the following details:

The Privacy Compliance Officer

Attention: C Jewaskiewitz

Medicross Medical

5 Masthead Way, Sanctuary Cove, Qld, 4212

Email: ops@medicross.com.au

10.2 If you are not satisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner by calling 1300 363 992 or through its website at www.oaic.gov.au.