HealthShare Privacy Policy

Last updated 16 September 2021

At HealthShare, we realise that your health concerns are sensitive, and we understand that you trust us to be very careful with your information. We respect your privacy and we’re committed to protecting your personal information. That’s why we currently abide by the Australian Privacy Principles in the Privacy Act 1988.

We have provided this policy to explain how your information is collected, used, stored and disclosed. By accessing the website http://www.healthshare.com.au or any of the HealthShare websites, or by using our services, you agree to be bound by the terms of this policy. We encourage you to read the policy carefully.

This policy covers the following areas:

  1. Your personal information: what we collect and hold, how we collect and hold it, and why we collect and hold it;
  2. Disclosure to third parties: why we might disclose your personal information and who we might disclose it to (including potential disclosure to overseas recipients);
  3. Access, corrections and complaints: how you might access and correct, if necessary, the personal information we hold about you, and how complaints about any breach by us of the APPs might be made and dealt with;
  4. How we deal with data breaches;
  5. Our security measures;
  6. Future Changes to the Policy; and
  7. Additional Requirements for Health Information.

If you have any questions or concerns about our policy you can email us: team@healthshare.com.au

 

1. Your personal information

The more we know about you the easier it is for us to deliver helpful, relevant information and services. We collect both personal and non-personal information about you. “Personal information” is information which can identify you and includes information you provide when you register on our sites such as your name, email address, password, contact phone number and date of birth. You are given choices when we ask for personal information and, whenever possible, we try to explain why we ask for information. You can always refuse to provide personal information, but this may mean that some site features or services will not function properly as a result.

The personal information we collect from you might also include “sensitive information”, which is information or an opinion about your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, religious beliefs, sexual preferences, criminal record or health information. Sensitive information also includes genetic information and some biometric information and biometric templates. We only hold and collect sensitive information where it is necessary for the purpose for which it is being collected and with your consent unless the collection is required or authorised by law.

We will not collect or monitor any personal information about you without your consent. The only personal information we collect is what you tell us about yourself – through written or verbal communication – and how you use our sites. Any personal information is held securely in our electronic database located on servers in Australia only. We use this personal information to:

a) verify your identity;
b) provide you with the services we provide – including listing information for health care practitioners from our database in a directory (health care practitioner details only will be listed); advertising of health care practitioner services; facilitating communities about health and wellbeing such as discussion forums and questions and answers; sharing content provided by various contributors; a range of general fact sheets regarding health conditions; appointment booking services via www.specialistnow.com.au; promotion of HealthShare’s products and services via www.healthsharedigital.com; and direct marketing and educative services related to various issues and our services;
c) notify you of new or changed services;
d) tailor the content you see on our website; and
e) contact you as required.

By providing us with this information, you are able to use our personalised features, health tools and content, to make appointments, and to join and create groups and take part in discussions, promotions and competitions.

Specific collections and uses of personal information

Health care practitioners

For health care practitioners only, when you register on the HealthShare website, you understand and agree that we may use (and where necessary disclose to third parties) the information you provide us in order to provide our services (including directory listings and advertising of your services), or make enquiries from time to time to assess your compliance with the HealthShare Terms of Service. We may also use the information to provide services to you, for marketing and communications purposes, and to verify your professional identity where necessary. Such information may be disclosed to third parties where reasonably necessary to make these enquiries, including but not limited to enquiries of professional associations or registration bodies and other enquiries arising from your profile which are disclosed during your registration or arise from information you provide in our community forum. Any registration numbers or identifiers will only be used or disclosed if reasonably necessary to verify your identity for the purpose of our activities or functions (including facilitating our services as described in this policy) or if required or authorised by law.

Communities and Tools

If you use our services (including BetterConsult, SpecialistNow and HealthshareDigital), join our health communities and groups and any social media channels such as Facebook and Twitter, make appointments, participate in our promotions and competitions or have other interactions with us, you may contribute additional personal information including personal health information, health interests, health goals and/or sensitive information. You provide this information at your own discretion and voluntarily. Any information you provide or comments you make on blogs, social media channels or other third party sites will be governed under the terms of each site’s privacy policy and terms of use.
We accept no responsibility or liability whatsoever for the content, actions or policies of third party sites: you access and use these sites at your own risk. By participating in our services, health communities and groups, making appointments, taking part in our promotions and competitions and through your interactions with us, you consent to us collecting, using and disclosing the personal and/or sensitive information you provide in accordance with the terms of this policy. If you do not wish to have any information you have posted collected, used or disclosed, or would like it to remain only within the health communities and groups or any of the social media channels such as Facebook and Twitter in which it was originally posted, please contact us.

User feedback

From time to time we may ask you for feedback about our sites. This information allows us to better understand the needs of our users and to gather information about health issues and trends. You provide this information at your own discretion and voluntarily, and we may share this information with third parties.

Competitions and promotional communications

When you enter a competition or take part in a promotion on our sites we may ask you to provide additional information or answer certain questions. Some or all of the information collected from you during a competition may be disclosed publicly. It may also be shared with a co-sponsor(s), participating health services provider(s) or provider(s) of prizes in order to update you of your status. We may contact you in connection with a particular competition or promotion to update you regarding your status, let you know that a competition or promotion has ended and for other competition and promotion -related messages. If data is to be disclosed or shared, we will include a notice at the time of data collection. If you prefer not to receive any promotional information from us, please let us know by clicking on the “unsubscribe” link at the bottom of any of our communications.

Direct Marketing

For direct marketing purposes, your Personal Information will be added to our database. The database may be used for ongoing marketing and educative purposes. The type of marketing and educative activities that we undertake may include:
a) forwarding material to you so that you are kept updated in relation to various issues we think may be of interest to you or in relation to our services;
b) we or a third party partner contacting you about special offers, products or services which we think may be of interest to you (offered by us or in combination with any third party partner);
c) changes to our organisation; or
d) your membership or potential membership.

You may be contacted in various ways, including but not limited to email, SMS, telephone or other forms of electronic communication. If at any time you do not wish to continue receiving this information, we provide an “opt-out” procedure in each communication to you.

Search

When you search on our sites, we store the search terms and the site(s) visited so that we can continue to improve the quality of our search results.

Log information

When you visit our sites, our servers will collect log information. This information may include your page request, Internet Protocol (IP) address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser. Log information helps us to gather information about how our sites are being used such as the pages visitors are viewing.

Personalisation

Information you provide when you create your profile, tools you’ve used and articles you’ve viewed will be used to personalise your experience of the site. In addition, as a HealthShare member, you have the option to receive regular email newsletters and alerts. You can unsubscribe from newsletters by clicking on the “unsubscribe” link at the bottom of any newsletter. You can manage your alerts in your profile.

Cookies

We use cookies to make your use of our websites and services as convenient as possible. Cookies do not personally identify you; they are pieces of information that a website transfers to your computer’s hard disk for record-keeping purposes. Cookies help us to personalise your experience and generate tailored content. We can also use cookies to monitor the amount of people using our sites and how they are using it. From time to time, we may use cookies to track online competition entrants. Importantly, we do not store any identifying information in any cookies on your computer. You can set your browser to refuse cookies but this may mean you cannot log in or take full advantage of our website.

Making enquiries or appointment requests

When you make an enquiry or request an appointment via the HealthShare website or telephone, your personal information is recorded and viewed by HealthShare staff members who are providing the information to the health professional(s) and practice staff with whom you wish to make the enquiry or appointment, for the purpose of making the enquiry or appointment. By making enquiries or appointments through our site or telephone, you consent to your personal information being disclosed to the health professional and practice staff in this way.

Discussions

Any information you post in group discussions and comments you make on blogs and social media channels are open to the public and can appear in search engine results. Your posts will be associated with your profile name and your photo (if you uploaded one). We may use information you provide on blogs, social media channels and other third party sites either to facilitate discussion on those sites or on HealthShare’s own website. If we use information you have provided on third party sites on our own website, then we shall use and handle that information in accordance with this policy and HealthShare’s Terms of Service.
Emails and Forms

Information that you send to us via links, emails, or forms on our sites will be stored by HealthShare.

Invitations

If you share any HealthShare content via our Send to a Friend function, we will send them an email on your behalf.

Third Party Links

We may provide links to various third party sites (for example Facebook and Twitter). Any information you provide to third party sites will be governed under the terms of each site’s privacy policy and terms of use. We accept no responsibility or liability whatsoever for the content, actions or policies of third party sites. The inclusion of links to third party sites on our site in no way constitutes an endorsement of the third party sites’ content, actions or policies: you access them at your own risk.

 

2. Disclosure of Personal Information to Third Party Providers

Any personal information provided to us may be disclosed, if appropriate, to other entities or organisations in order to facilitate the purpose for which the information was collected. Such entities generally include:

  1. third party suppliers for the purpose of enabling them to provide a service such as (but not limited to) payroll, superannuation administration, IT supply, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers; marketing, promotional or advertising providers;
  2. third party ‘partners’ with whom HealthShare has a commercial relationship in order to provide you with the benefit of our services or to make available products or opportunities provided by third party ‘partners’ relevant or likely to be of interest to visitors or users of our Sites;
  3.  
  4. third party health care, health insurance and other health service providers;
  5. any applicable or relevant regulator or third party for the purpose of legislative or contractual compliance and/or reporting;
  6. any of our related entities; or
  7. other entities if you have given your express consent.

For health care practitioners, listings in health care practitioner directories will be available to the general public, visitors and registered users of our Sites.

Other than the above, we will not use or disclose any personal information about you without your consent unless all identifying information about you has first been removed. There may be exceptional circumstances where this may not be possible, such as if disclosure is required by law, is necessary to protect the rights or property of HealthShare or any member of the public, or to lessen a serious threat to a person’s health or safety.

Transfer of personal information overseas

We do not currently transfer personal information to persons outside Australia (Overseas Recipients). We do not intend to do so in the future. If our policy in this regard changes in the future, we would, before disclosing personal information to Overseas Recipients, ensure that contracts with these parties include an obligation for them to comply with Australian privacy law and this Privacy Policy. We would also update this policy, so please check it from time to time.

 

3. Access, corrections and complaints

Access

We take reasonable steps to make sure that the personal information we collect, use and disclose is accurate, complete and up-to-date. You may request access to the information we hold about you.

Your profile

You can change or update your profile information, including your contact details and alerts, at any time. Your profile, along with your photo (if you choose to upload one), may be viewable by anyone on the Internet.

Corrections

We assume that the information we hold about you is accurate, complete and up-to-date. However, if you identify that any of the information is not accurate, complete or up-to-date, please contact us at team@healthshare.com.au so that we can update the information for you.

Complaints

If you wish to complain about how we have handled your personal information, please contact our Privacy Officer:

  1. by telephone 1300 533 433; or
  2. by e-mail team@healthshare.com.au; or
  3. by letter to The Privacy Officer, HealthShare P.O. Box 259, Bondi Junction, N.S.W. 1355

We will endeavour to:
1. provide an initial response to your query or complaint within 5 business days; and
2. resolve your query or complaint within 21 business days.
If you are still not satisfied, you can contact the Australian Privacy Commissioner (see https://www.oaic.gov.au/contact-us or call 1300 363 992).

Cancelling your membership

You can cancel your membership at any time by visiting your profile. After you have cancelled your membership you will not be able to sign into the site to view or access any information you may have saved or created on the site.

 

4. Dealing with Data Breach

We will manage the process of dealing with an actual or suspected Data Breach in accordance with the Notifiable Data Breach (NBD) Scheme pursuant to Part IIIC of the Privacy Act.
An NBD will be considered to have occurred when the following three criteria are satisfied:
1. We:
– suffer a Data Loss, meaning accidental or inadvertent loss of Personal Information likely to result in Unauthorised Access or Unauthorised Disclosure (ie a laptop containing Personal or Sensitive information is lost or stolen). If data the subject of the Loss can be deleted remotely or is encrypted it will not constitute an NDB; or
– suffer or are suspected to have suffered an Unauthorised Disclosure, meaning we release or make visible Personal or Sensitive Information in a way not permitted by the Privacy Act (ie an email is sent to the wrong address or employee accidently publishes a confidential data file containing personal information on the internet); or
– suffer or are suspected to have suffered an Unauthorised Access, meaning Personal or Sensitive Information is accessed by someone who is not permitted to have access (ie a database is hacked by the third party);

  1. The Data Loss, Unauthorised Access or Unauthorised Disclosure is likely to result in serious harm to a person to whom the Personal Information relates; and
  2. We have not been able to prevent the likely risk of serious harm.
    Within 30 days of a suspected Data Breach occurring, we will assess the breach to determine if it is likely to cause serious harm, using the NDB Scheme list of relevant matters, including:
    • The Sensitivity of the Personal Information or Sensitive Information (ie loss of medical records or details of sexual orientation would be more likely to be assess as capable of causing Serious Harm);
    • The type of Personal Information or Sensitive Information (ie loss of credit card numbers or drivers licences may be more likely to result in serious harm);
    • Whether security matters, such as encryption, protect the Personal Information following the Data Breach thereby limiting the likelihood of Serious Harm; or
    • The nature of the harm (ie credit card details being released are more likely to harm serious and immediate consequences than other information).

We will take all reasonable steps to ensure an assessment is completed within 30 days and a notification submitted to the Office of the Australian Information Commissioner (OAIC).
As soon as is practicable after a Notifiable Data Breach is confirmed, we will provide a statement to each individual whose data was breached or who are at risk, including details of the breach and recommendations of the steps you should take in the circumstances.

 

5. Our security measures

We are dedicated to protecting the security of your information and take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your electronic information is stored on secure servers that are protected in controlled facilities. Our employees have limited access to your personal information. However, as we cannot guarantee the security of communications over the Internet, we cannot give an absolute assurance that your information will be secure at all times. Transmission of personal information over the Internet is at your own risk, and HealthShare will not be held responsible for events arising from unauthorised access to your personal information.

 

6. Future Changes

As we evolve and introduce new services and features our policies will be reviewed and may be revised. We reserve the right to change our Privacy Policy at any time and notify you by posting an updated version of the policy on our website. The amended Privacy Policy will apply between us whether or not we have given you specific notice of any change. If you don’t agree with the new policy you always have the option of closing your account.

 

7. Additional Requirements for Health Information

Where we collect and/or hold Heath Information (within the meaning of section 6 of the Health Records and Information Privacy Act 2002 (Cth) as a result of our contractual relationships with Health Provider Organisations (being those organisations that are a health service provider or that collects, holds or uses health information and are required to comply with the Health Records and Information Privacy Act 2002 (Cth)) (Health Provider Organisations) we will treat Health Information in compliance with the Privacy Act and all applicable State and Territory legislation governing privacy of Health Information. We will only use or disclose health information for the purpose for which it was collected or a directly related purpose that is expected.

In the event of a Data Breach or suspected Data Breach, we will provide the Health Provider Organisation within 14 days of the Data Breach of suspected Data Breach:

  • The identity and contact details of the relevant client/s of the Health Provider Organisation (if identifiable by us);
  • A description of the data breach;
  • The kinds of information concerned (if identifiable by us);
  • Recommendations about the steps that those affected should take in response to the data breach; and
  • Steps taken by us to secure our systems against further breach;

Unless otherwise agreed between us and the Health Provider Organisation in writing, we will not identify whether the Data Breach is a NDB in circumstances where we are in possession of Health Information as a result of providing services to a Health Provider Organisation. The Health Provider Organisation will be responsible for making an assessment as to whether the Data Breach constitutes an NDB and to report the NDB in compliance with the NDB Scheme.
We are not otherwise bound by the privacy policies and procedures of Health Provider Organisations unless we have had prior notice of the same and provided written acceptance of those policies and procedures to the Health Provider Organisation.