1. Your privacy

1.1. Protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and any applicable health privacy principles under state legislation is very important to us. This policy sets out how KnowNow (we, us and our) collect and process your personal information whether you are a customer, patient, service provider, job applicant or any other individual we come into contact with (you). It also sets out your rights in relation to the personal information we hold about you. If you have any questions, concerns or feedback about this Privacy Policy, please contact us by email at support@knownow.com.au.
1.2. We will update this policy from time to time where necessary to reflect changes in applicable laws or in our privacy compliance practices. The latest version of this policy will always be available online through the KnowNow website.
1.3. For the purposes of this policy, personal information means information or an opinion (whether true or not, and whether recorded in a material form or not) about an identified or reasonably identifiable individual including sensitive information meaning information about someone’s racial or ethnic origin, political opinions, religious beliefs or affiliations, health or medical conditions, genetic information, biometric information, sexual orientation, criminal record, trade-union membership and political association membership.

2. Types of personal information we collect

The types of personal information that we collect about you may include:
2.1. Identification data – such as your name, gender, job title and date of birth
2.2. Contact details – such as your home and business address, email address and telephone number
2.3. Patients – to provide you with health care we need to collect additional personal information including government issued card details (including medicare, health care and veteran card numbers and expiry dates), individual healthcare identifier (IHI), private health fund number, marital status, medical history and records, specialist reports and test results, occupational health history, incident claim details, insurance (current & historical), medical prescriptions and other health information or sensitive information about you we consider necessary to provide our services to you;
2.4. Corporate or third party referred patients – in the case of pre-employment screening or workcover or insurance claim management we may require some of the information specified in paragraph 2.3 to make an assessment or determination of your health, an incident in which you were involved, or to provide travel and medical assistance services to you or your employer;
2.5. Recruitment-related information – your qualifications and employment history, skills or competency information, documentary proof of your identification and right to work in Australia and should your application progress we may also collect interview notes, references, results of background checks (including criminal records checks and working with children checks), bank account and superannuation details, tax file number and sensitive information such as your membership in any trade or professional association.
2.6. e-Business and usage information – this includes information required to provide access to our websites or portals (such as login information, IP addresses), and records of your use of those websites or portals including health care appointments made and cancelled, server log information (your IP address, browser type, operating system, browser language, time zone, access times and any referring addresses) and location information.
2.7. Credit details – if you process a payment or other financial transaction, general details of that transaction (including a record), however credit card information will be held by a secure payment provider to ensure it is kept safe. We don’t see your full credit card number, nor do we store it, though we do have the ability to transact on your behalf to enable payment processing only;
2.8. Other information – this includes information about access and attendance to our premises and physical assets (such as security records about times of entry and exit, and information collected through CCTV), details about your use of our assets, communications with you (including complaints or concerns raised by you or any feedback or survey responses that you provide to us) and other information you voluntarily provide to us.

3. How do we collect and hold your personal information

3.1. We will generally collect personal information about you directly from you (for example when you book and attend at an appointment), from a person who is authorised to act on your behalf (such as a legal guardian, a person you appointed as your power of attorney or your relatives or other people in the case of emergency where you are physically unable to give your consent). There may be occasions where your employer or prospective employer refers you to us for a medical assessment or screening or to assess an insurance claim or provide emergency travel assistance services to you or your employer.
3.2. We may also collect your personal information from your doctor and other health professionals or government sources such as Medicare, the My Health Record system, Department of Veterans’ Affairs or the electronic transfer of prescriptions (eTP) services, if we are providing a health service to you.
3.3. We will only collect sensitive information if you provide it to us directly and it is reasonably necessary for one or more of our functions or activities (unless one of the limited exemptions applies under the Privacy Act).
3.4. We hold your personal information in various ways, including in paper and electronic form. We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification and disclosure including through implementation of encrypted, password protected, controlled-access digital storage solutions as well as keeping paper forms in secure, restricted access filing systems.
3.5. We require that our contracted service providers who assist us in supplying services to you, and to which we disclose your personal information, have in place reasonable safeguards for protecting personal information or are subject to the Australian Privacy Principles in the Privacy Act (APPS) .APPs or, if overseas, are subject to laws similar to the APPs.

4. Who we share your personal information with

4.1. We may disclose your personal information to our contractors and service providers to assist us in providing our services to you.
4.2. Patients – we may share your personal information with our contracted healthcare providers and other medical staff we refer you to such as doctors, nurses, specialists or analysts. If you book an appointment with us, your booking information may pass through a third party booking provider which will issue you with appointment reminders, recall and result notifications. The booking provider will not create or maintain patient accounts, they will have a real-time interface which validates and inputs patient data into our practice management software which stores personal information from our patients including name, contact details, gender, date of birth, information concerning your current health (including notes of any symptoms, details of your appointment, your prescriptions, your genetic information and your healthcare identifier including Medicare number and/or private health fund details). For patients enrolled in Medicare, we can submit an electronic claim for you at Services Australia which advises of your appointment, your invoice/receipt and details of the service being claimed.
4.3. Employees – we may share your personal information including full name, tax file number and banking details with our contracted payroll provider and with our insurers, legal and financial advisors and auditors.
4.4. Medical practitioners – we may share your personal information including full name, tax file number and banking details with our contracted MYOB and banking providers, and with our insurers, legal and financial advisors and auditors
4.5. Other – we may also need to share your personal information (which may sometimes include sensitive information) with (a) people you have authorised to interact with us on your behalf (such as (i) disclosing medical assessment results to your employer or prospective employer, Workcover and/or other insurers, (ii) disclosing your personal information to any professional or personal referee you provided in connection with your employment/consulting application, or (iii) disclosing personal information to any other person who referred you to us by signing a privacy collection and consent form to that effect);(b) to any person we are required or authorised by law to disclosure your personal information to; (c) to prospective purchasers of all or part of our business; (d) our professional advisors (such as our lawyers, accountants, auditors); and (e) third parties who provide services we use to run our business (such as external service providers that assist us to perform HR, information technology and other shared services functions), that provide IT services or that provide security for our sites or systems.
4.6. Direct educational briefing or marketing materials – from time to time we may use your personal information to provide you with educational updates on the availability of vaccinations (such as flu shots) and marketing materials in relation to offers, specials, products and services that we have available. We will not collect, use or disclose your sensitive information for the purpose of direct marketing without your written consent. You may opt out of receiving marketing communications from us at any time by following opt out instructions provided in such marketing communications.

5. Storage and protection of your personal information

5.1. We take steps to ensure that your personal information is kept secure and protected against unauthorised access or use. We only keep your personal information for as long as we need it to carry out the purposes described in this policy and comply with our legal obligations.
5.2. Information security – We have put in place procedures and technologies to maintain the security of your personal information from the point of collection to the point of destruction. We also take steps to ensure that all our employees and contractors are aware of, and are properly trained through applicable information security policies and procedures that are designed to keep your personal information secure. We will investigate and take appropriate action if we become aware of any failure to comply with these policies and procedures.
5.3. Storage – We store the personal information that we collect in electronic databases hosted in Australia. We may also use third parties to store and process your personal information. However, we will only do this if the party agrees to comply with our procedures and policies or if they put in place equivalent security measures.
5.4. Information retention – We aim to keep personal information for no longer than is necessary for the purposes described in this policy or as otherwise required by law.

6. Your rights and choices

6.1. You have rights relating to your personal information held by us.
6.2. Accuracy of your personal information – while we will endeavour to ensure that the personal information collected from you is up to date, accurate and complete, we will assume that any personal information provided by you is free from errors and omissions. You may request that we update or vary personal information that we hold about you using the contact details set out below.
6.3. Requesting access to your personal information – you may also request to access any personal information that we hold about you by using the below contact details. Requests must be made in writing. Photo and other forms of identification may be required and we may require you to specify the information you require or to pay an access fee. Upon receipt of such request, we will endeavour to provide you with access to such personal information as soon as reasonably practicable, provided however that there may be occasions when access to personal information we hold about you is denied (including where release of the information would have an unreasonable impact on the privacy of others). We will give you reasons if we deny access.
6.4. Concerns – If you are concerned about how we are dealing with your personal information, then you may have the right to complain to the Office of the Australian Information Commissioner (OAIC). Before raising a complaint with the OAIC, we recommend that you first raise the issue with us so we can address your concerns as quickly as possible. We will make a record of your complaint and will deal with it as quickly as we can while keeping you informed of progress. Even if we are not able to address your concern, we will be able to provide further information about how you can contact the OAIC. For more information, please contact our Privacy Officer.