Introduction & Purpose
iDNA Health Pty Ltd and its related entities (iDNA, we, us, our) protect the personal information you supply us in compliance with the Australian Privacy Act 1988 (Cth) and the Australian privacy principles (the Privacy Act and Principles).
The purpose of this policy is to provide information to you on how your personal information (which may include your health information) is collected and used by us in our clinics or through our website and mobile applications (Site), and the circumstances in which we may share it with third parties.
Please read this policy carefully. By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this policy. You do not have to provide personal information to us, however, if you do not, it may affect the products and/or services we offer through our clinics and Sites, and your use of the Site.
What is personal information?
In this policy, ‘personal information’ has the meaning given in the Privacy Act and Principles. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and occupation. This policy does not apply to the information we collect and hold about iDNA employees and former employees in the course of their employment with us.
What personal information do we collect and hold?
The personal information that iDNA collects may include:
- your name, date of birth, addresses and contact details;
- your age, gender, occupation, profession or job title;
- your health information including previous and current medical history, medications or current treatments, allergies, adverse events, immunisations, social history, family history and risk factors;
- your genetic data which includes your raw genetic data, reports of analysed data (which usually includes genotypic and phenotypic information) and any self-reported health data (Genetic Data);
- your saliva (to send to genetic data companies such as 23andme on your behalf. Such information will not be used or stored by iDNA)
- your payment information (e.g. your credit card details);
- your Medicare number (where available), healthcare identifiers and health fund details;
- details of the products and services you have enquired about or purchased from iDNA, together with any additional information needed to respond to your enquiries and deliver those products and services;
- your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
- information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
- additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
- any other personal information requested by us and/or provided by you or a third party.
How do we collect your personal information?
iDNA may collect your personal information in several different ways.
- When you make your first appointment, we collect your personal information via your registration. During the course of providing our services, we may collect further personal information, for example during consultations and follow up appointments.
- We may also collect your personal information when you visit our Site, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly, or because you have authorised us to do so. This may include information from:
- your guardian or responsible person;
- other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services;
- your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary); and
- genetic data companies such as 23andMe.
Wherever lawful and practical, you will have the option of not identifying yourself when dealing with us.
The majority of web browsers accept cookies automatically. You can disable cookies, but it might restrict your ability to access certain areas of our Sites.
Why do we collect, use, hold and share your personal information?
We may collect, hold, use and disclose personal information for the following purposes:]>
- to contact and communicate with you;
- for internal record keeping and administrative purposes;
- to provide you with our products and services, including to analyze your Genetic Date to provide DNA Health Reports that you order from us, and provide personalised treatment plans and recommendations to you;
- for analytics, market research and business development, including to operate and improve our Site, associated applications and associated social media platforms;
- to evaluate, modify and enhance our products and services, including to develop new products and services;
- to enable you to access and use our Site, associated applications and associated social media platforms; and
- to run competitions and/or offer additional benefits to you;
- for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
- to comply with our legal obligations and resolve any disputes that we may have; and
- to consider your employment application; and
- to otherwise operate and administer our organisation.
When, why and with whom do we share your personal information?
We may share your personal information:]>
- with third party service providers to enable them to provide their services, including (without limitation), IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
- our employees, contractors and/or related entities;
- our existing or potential agents or business partners;
- sponsors or promoters of any competition we run;
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
- credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia, including USA.
- third parties to collect and process data, such as Google Analytics. This may include parties that store data outside of Australia.
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety;
- when you are unable to act on your own behalf due to a health condition, we may need to discuss your health information with relatives or emergency contacts, in order that you are provided with appropriate care;
- to assist in locating a missing person;
- when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification);
- with university researchers who work with our clinic to improve genetic knowledge and information and improve healthcare in the community; however, this information will not include data that can identify you.
In order to provide our health services to you, including providing DNA health reports you have ordered, we may, during our consultation with you, collect and send your saliva sample to genetic companies like 23andme on your behalf. We may also download your raw genetic data file directly from such companies once they are available. We will then upload your raw genetic data to third party software providers we use from time to time (like LiveWello) in order to prepare our reports. iDNA will use reasonable endeavours to ensure the confidentiality and security of this information.
By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia and acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.
Communications and marketing
iDNA may use your personal information in order to communicate and market our products and services to you. You may opt out of direct marketing at any time by notifying us in writing or by using the opt-out facilities provided in the communication.
How do we store and protect your personal information?
We are committed to ensuring that the personal information we collect from you is stored safely and securely. As such, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Your personal information may be stored at our clinic in various forms, but principally in a secure electronic health record. We may also store your information in hard copy patient files. We will destroy or de-identify personal information we no longer require except where we have a legal obligation to retain such information, such as your health information. We never permanently store complete credit card details.
Because of the sensitive nature of the information collected by us to provide our services, extra precautions are taken to ensure the security of that information. Our electronic files are password-protected on several levels, and the computer backup is stored in OneDrive, which is also password protected. Patient hard copy files are stored in locked cabinets, within locked rooms with access only available to staff who require access in accordance with this policy.
We require all our employees and contractors to observe obligations of confidentiality in the course of their employment/contract. We require independent contractors to sign a confidentiality undertaking.
Privacy and our website
Please note given our website is linked to the internet, and the internet is inherently insecure, iDNA cannot provide any assurance regarding the secure transmission of information you communicate to us online. Similarly, we cannot guarantee that information you supply will not be intercepted during its transmission over the internet. Because of this, any information you send to us online is at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this policy.
Our Site may contain links to other websites operated by third parties. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this policy.
How can you access and correct your personal information?
You may request details of the personal information that we hold about you. An administrative fee may be payable for the provision of such information. In certain circumstances, as set out in the Privacy Act 1988 (Cth), we may refuse to provide you with personal information that we hold about you.
iDNA will take reasonable steps to correct your personal information where the information is not accurate, complete or up to date. From time to time, we may ask you to verify that your personal information held by us is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to firstname.lastname@example.org
How can you lodge a privacy-related complaint, and how will the complaint be handled at our clinic?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. Any complaints may be sent to CEO Sharon Palmer – email@example.com
You may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Changes to our policy
For more information If you have any questions about the content of this policy, please contact our Privacy Officer at:
iDNA Health Pty Ltd
4/40 Cedric Street, Stirling WA 6021
Last update: September 2018