Privacy Policy

 

1 About Dr Deb The Travel Doctor

(1) Dr Deb The Travel Doctor is a medical practice that specialises in travel medicine and provides a wide range of travel health goods and services.

 

2 Objectives of Privacy Policy

(1) The objectives of Dr Deb The Travel Doctor’s Privacy Policy is to: (a) communicate its personal information handling practices;

(b) give its patients, clients and staff a better and more complete understanding of the personal information it holds, and the way in which it deals with this personal information;

(c) detail its collection, storage, access to, use and disclosure of “personal information”, within the meaning of Section 6 of the Privacy Act 1988 (Cth), and how individuals can access and seek correction of this personal information.

 

3 Definitions

3.1 Personal Information

(1) Section 6 of the Privacy Act 1988 (Cth) defines personal information as:

“information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in a material form or not.”

 

3.2 Sensitive Information

(1) Personal information includes “sensitive information”, within the meaning of Section 6 of the Privacy Act 1988 (Cth), which is a particular category of personal information. While Dr Deb The Travel Doctor recognises that maintaining the confidentiality of all personal information is important, sensitive information is often afforded a higher level of protection.

(2) Section 6 of the Privacy Act 1988 (Cth) defines sensitive information as: “(a) information or an opinion about an individual’s:

(i) racial or ethnic origin; or (ii) political opinions; or

(iii) membership of a political association; or (iv) religious beliefs or affiliations; or

(v) philosophical beliefs; or

(vi) membership of a professional or trade association; or (vii) membership of a trade union; or

(viii) sexual orientation or practices; or (ix) criminal record;

that is also personal information; or

(b) health information about an individual; or

(c) genetic information about an individual that is not otherwise health information; or

(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or

(e) biometric templates.”

 

4 Personal Information Handling Practices 4.1 Collection of Personal Information Generally

4.1.1 Guarantee

(1) Dr Deb The Travel Doctor collects personal information in a fair and lawful way and in a manner that is not unreasonably intrusive. This means Dr Deb The Travel Doctor will not use any form of deception or threat when it collects personal information. When Dr Deb The Travel Doctor collects personal information, it takes all reasonable steps to keep any inconvenience or intrusion to a minimum.

 

4.1.2 Sources of Personal Information

(1) Dr Deb The Travel Doctor only collects personal information it requires in order to perform its functions and activities. Dr Deb The Travel Doctor collects personal information from:

(a) individuals directly;

(b) other persons acting on behalf of an individual; (c) third parties; and/or

(d) publicly available sources.

 

4.2 Solicited Personal Information

(1) Unless it is impractical to do so, before or when, or if this is not practical as soon as possible after, Dr Deb The Travel Doctor solicits personal information about an individual, Dr Deb The Travel Doctor will inform this individual, or their lawfully authorised representative:

(a) of the identity and contact details of Dr Deb The Travel Doctor if this personal information is to be, is being, or was collected from a person acting on behalf of this individual or a third party, and the circumstances of this collection;

(b) if the collection of this personal information is or was required or authorised by or under an Australian law or a court/tribunal order, in such a way that includes the name of the Australian law, or details of the court/tribunal order, that requires or authorises the collection;

(c) the purposes for which Dr Deb The Travel Doctor collects or collected this personal information;

(d) the main consequences (if any) if all or some of this personal information is not collected by Dr Deb The Travel Doctor;

(e) of any other entities or individuals, or the types of entities or individuals, to which Dr Deb The Travel Doctor usually discloses this personal information;

(f) that this Privacy Policy contains information about how this individual, or their lawfully authorised representative, may access this personal information held by Dr Deb The Travel Doctor and seek the correction of this personal information;

(g) that this Privacy Policy contains information about how this individual, or their lawfully authorised representative, may complain about a breach of the Australian Privacy Principles (Schedule 1 of the Privacy Act 1988 (Cth)) by Dr Deb The Travel Doctor, and how Dr Deb The Travel Doctor will deal with such a complaint; and

(h) whether Dr Deb The Travel Doctor is likely to disclose this personal information to recipients within foreign countries, and if so in what country or countries such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make this individual, or their lawfully authorised representative, aware of them.

 

4.3 Unsolicited Personal Information

(1) In some circumstances, individuals or entities provide unsolicited personal information to Dr Deb The Travel Doctor. If this personal information could have been acquired via solicited means and there is a need for this information, Dr Deb The Travel Doctor will retain this information and advise the individual, or their lawfully authorised representative, of this in accordance with Section 4.2 of this Privacy Policy. If Dr Deb The Travel Doctor does not require this personal information, it will be de-identified, securely deleted or securely destroyed.

 

4.4 Personal Information Collection Channels

(1) Dr Deb The Travel Doctor collects personal information through a range of different channels including:

(a) face to face meetings and consultations;

(b) telephone, email, and facsimile communications;

(c) paper-based and electronic forms (including online forms);

(d) Dr Deb The Travel Doctor’s websites (including online portals); and (e) social media websites and accounts.

 

4.5 Kinds of Personal Information Collected and Held

(1) Dr Deb The Travel Doctor collects and holds various kinds of personal information including: (a) patient records, reports and results;

(b) correspondence and other documents relating to requests for medical information and/or advice;

(c) requests for access to documents held by Dr Deb The Travel Doctor and related correspondence;

(d) correspondence from individuals and third parties;

(e) correspondence and other documents relating to complaints and other feedback provided to Dr Deb The Travel Doctor;

(f) distribution and mailing lists relating to the dissemination of Dr Deb The Travel Doctor’s publications, reports, newsletters and other information of interest to individuals;

(g) records relating to the performance of Dr Deb The Travel Doctor’s administrative functions and activities;

(h) correspondence, invoices, receipts and other records relating to goods and services supplied to Dr Deb The Travel Doctor;

(i) correspondence, invoices, receipts and other records relating to goods and services provided by Dr Deb The Travel Doctor;

(j) correspondence and other documents relating to contracts, requests for tenders and other procurement processes;

(k) records relating to personnel, payroll matters, recruitment, disciplinary and counselling matters for Dr Deb The Travel Doctor’s staff, contractors and job applicants, including security clearances and police record checks;

(l) records relating to occupational health and safety matters including accident and injury records, compensation and rehabilitation case files;

(m) correspondence, curricula vitae, remuneration and travel records; and

(n) correspondence, reports and other records relating to internal and external audits and compliance investigations.

 

4.6 How Personal Information is Held

(1) Dr Deb The Travel Doctor takes steps to ensure the personal information it has collected and holds is accurate, up-to-date and complete. These steps include updating personal information when Dr Deb The Travel Doctor is informed by the individual to whom the personal information relates, or their lawfully authorised representative, this individual’s personal information has changed, and at other times as necessary.

(2) Dr Deb The Travel Doctor holds personal information it has collected for so long as is necessary, provided it is practical for Dr Deb The Travel Doctor to hold this personal information. Personal information held by Dr Deb The Travel Doctor, that Dr Deb The Travel Doctor has deemed is no longer necessary or practical to hold will be de-identified, securely deleted or securely destroyed.

(3) Dr Deb The Travel Doctor’s staff may not access personal information unless they are doing so: (a) in the course of performing their functions or activities; or

(b) in accordance with the processes of a court or tribunal.

(4) Dr Deb The Travel Doctor take steps to protect the personal information it has collected and holds against loss, unauthorised access, use, modification or disclosure, and other misuse. These steps include password-protecting access to its electronic information technology and communications systems and holding paper files and charts in secure cabinets.

(5) Dr Deb The Travel Doctor may hold personal information electronically and physically with third parties provided these third parties do not use or disclose this personal information unless required by law.

 

4.7 Purposes for Which Personal Information Is Collected, Held, Used and Disclosed

(1) In order to provide travel health goods and services it is necessary that Dr Deb The Travel Doctor collects and holds a wide range of personal information.

(2) The purpose for which Dr Deb The Travel Doctor collects, holds, uses and discloses personal information varies depending upon the function or activity being undertaken. The aforementioned functions and activities include:

(a) providing medical goods and services;

(b) enabling third parties to provide goods and services for or on behalf of Dr Deb The Travel Doctor, including but not limited to other medical practitioners and pathology providers;

(c) managing and responding to correspondence and enquiries from individuals and entities; (d) undertaking health promotion activities and campaigns;

(e) assessing satisfaction with service provision;

(f) researching and evaluating programs and activities;

(g) conducting medical research or analysis relevant to public health or public safety; (h) auditing Dr Deb The Travel Doctor’s programs and activities;

(i) informing the design and development of Dr Deb The Travel Doctor’s policies and programs; (j) undertaking compliance with legal obligations;

(k) performing personnel functions including work health and safety obligations in relation to Dr Deb The Travel Doctor’s staff;

(l) recruiting and engaging staff;

(m) investigating and responding to complaints about service provision; and

(n) lessening or preventing a serious threat to the life, health or safety of an individual, or to public health or safety.

 

4.8 Contact between Individuals and Dr Deb The Travel Doctor 4.8.1 Contact by Individual

(1) Dr Deb The Travel Doctor must be certain of an individual’s identity before it can disclose their personal information to this individual or their lawfully authorised representative. If an individual contacts Dr Deb The Travel Doctor to discuss a matter that requires the disclosure of personal information, this individual must be able to prove their identity. This ensures Dr Deb The Travel Doctor is able to protect an individual’s personal information by only disclosing it to the respective individual or someone who can prove they are lawfully authorised to act on this individual’s behalf.

(a) For example, if an individual telephones Dr Deb The Travel Doctor to discuss a matter that requires the disclosure of their personal information, this individual can prove their identity by providing their:

(i) full name;

(ii) date of birth; and

(iii) address (as notified to Dr Deb The Travel Doctor previously).

Other information can be used as proof of identity, depending upon the circumstances.

(2) If an individual has a general enquiry that does not involve discussing personal information, then this individual does not have to provide identification.

 

4.8.2 Contact by Dr Deb The Travel Doctor

(1) If Dr Deb The Travel Doctor requests that an individual provide personal information to Dr Deb The Travel Doctor this individual has the right to know why Dr Deb The Travel Doctor is requesting this personal information.

(2) Generally, when Dr Deb The Travel Doctor collects personal information about an individual, Dr Deb The Travel Doctor will inform this individual, or their lawfully authorised representative: (a) if the collection of this personal information is required or authorised by or under an

Australian law or a court/tribunal order, in such a way that includes the name of the Australian law, or details of the court/tribunal order, that requires or authorises the collection;

(b) the purposes for which Dr Deb The Travel Doctor collects this personal information;

(c) the main consequences (if any) if all or some of this personal information is not collected by Dr Deb The Travel Doctor;

(d) of any other entities or individuals, or the types of entities or individuals, to which Dr Deb The Travel Doctor usually discloses this personal information;

(e) that this Privacy Policy contains information about how this individual, or their lawfully authorised representative, may access this personal information held by Dr Deb The Travel Doctor and seek the correction of this personal information;

(f) that this Privacy Policy contains information about how this individual, or their lawfully authorised representative, may complain about a breach of the Australian Privacy Principles (Schedule 1 of the Privacy Act 1988 (Cth)) by Dr Deb The Travel Doctor, and how Dr Deb The Travel Doctor will deal with such a complaint; and

(g) whether Dr Deb The Travel Doctor is likely to disclose this personal information to recipients within foreign countries, and if so in what country or countries such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make this individual, or their lawfully authorised representative, aware of them.

 

4.9 Website Browsing Records

(1) When an individual visits Dr Deb The Travel Doctor’s website (www.thetraveldoctor.com.au), Dr Deb The Travel Doctor will collect information from this individual’s website browser relating to:

(a) their server address, operating system and top level domain name; and

(b) the date and time of their visit, the pages they accessed and documents they downloaded, the previous site they visited, and the type of website browser they used.

(2) No attempt is made to identify individuals or their browsing activities except in the event of an investigation where a law enforcement agency may exercise a warrant to inspect Dr Deb The Travel Doctor’s internet web server logs.

 

4.10 How to Seek Access To and Correction Of Personal Information

(1) An individual, or their lawfully authorised representative, has a right under the Privacy Act 1988 (Cth) to access the personal information that Dr Deb The Travel Doctor holds about this individual. This right of access is subject to the ability of Dr Deb The Travel Doctor to refuse access.

(2) An individual, or their lawfully authorised representative, can seek access to the personal information that Dr Deb The Travel Doctor holds about this individual by emailing Dr Deb The Travel Doctor at clinic@thetraveldoctor.com.au. There is no charge for making a request for the provision of an individual’s personal information. For each distinct document to which access is provided there is a charge of $38.50, this charge includes Australian Goods and Services Tax but does not include any additional charges for printing or postage, if applicable. More information about requesting access to personal information is available by telephoning +61 7 3221 9066.

(3) An individual, or their lawfully authorised representative, also has a right under the Privacy Act 1988 (Cth) to request the correction of the personal information that Dr Deb The Travel Doctor holds about this individual. If an individual, or their lawfully authorised representative, seeks to correct their personal information, they should contact Dr Deb The Travel Doctor via the contact details provided in Section 4.10(2) of this Privacy Policy. Dr Deb The Travel Doctor will deal promptly with this request in accordance with the Privacy Act 1988 (Cth).

(4) If an individual, or their lawfully authorised representative, requests access to, or the correction of, the personal information that Dr Deb The Travel Doctor holds about this individual Dr Deb The Travel Doctor will:

(a) respond to the request for access or correction within 30 days; and

(b) allow access or make the requested changes to this personal information unless Dr Deb The Travel Doctor considers there is a sound reason under the Privacy Act 1988 (Cth) to refuse the request for access, amendment or annotation of this personal information.

(5) If Dr Deb The Travel Doctor refuses to provide access, amend or annotate the personal information that Dr Deb The Travel Doctor holds about an individual, the individual to whom the personal information relates, or their lawfully authorised representative, may:

(a) seek a review of Dr Deb The Travel Doctor’s decision; or

(b) make a statement about the requested access, amendment or annotation and Dr Deb The Travel Doctor will attach this to the record.

 

4.11 Disclosure of Personal Information to Recipients in Foreign Countries

(1) Dr Deb The Travel Doctor may disclose personal information to recipients in foreign countries. If Dr Deb The Travel Doctor discloses an individual’s personal information to a recipient in a foreign country Dr Deb The Travel Doctor will:

(a) take all reasonable steps to ensure the recipient does not breach the Australian Privacy Principles (Schedule 1 of the Privacy Act 1988 (Cth)); or

(b) ensure the recipient is subject to a law, or binding scheme, that has the effect of protecting this personal information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles (Schedule 1 of the Privacy Act 1988 (Cth)) protect this

(c) personal information, and there is a mechanism that the individual to whom this personal information relates, or their lawfully authorised representative, can access to take action to enforce the protection of such a law or binding scheme; or inform the individual to whom this personal information relates, or their lawfully authorised representative, that neither Section 4.11(1)(a) or Section 4.11(1)(b) of this Privacy Policy would apply if this individual’s personal information were disclosed to the recipient, and subsequently obtain the consent of this individual, or their lawfully authorised representative, for the disclosure of this personal information to the recipient.

 

5 Complaints

(1) If an individual believes Dr Deb The Travel Doctor has breached the privacy rights of an individual, they may contact Dr Deb The Travel Doctor and complain via the contact details provided in Section 4.10(2) of this Privacy Policy.

(2) Dr Deb The Travel Doctor treats all complaints seriously, endeavours to resolve complaints fairly and quickly, and will work with the complainant to resolve the complaint and keep them informed of its progress. If an individual makes a complaint, we aim to contact this individual within five working days.

(3) If an individual wishes to make a privacy complaint against Dr Deb The Travel Doctor, they also have the option of complaining directly to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner’s details are:

Telephone: 1300 363 992 Email: enquiries@oaic.gov.au

Post: Office of the Australian Information Commissioner GPO Box 5218

Sydney, New South Wales, Australia, 2001