(a) providing the system and services that Cyber Clinic offers, including our website;
(b) the conduct of Consultations by Practitioners using the Cyber Clinic platform; and
(c) the normal day-to-day operations of our business
2.4 If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that:
(a) With respect to Personal Information about a child, they are that child’s “responsible person” as defined in the Privacy Act (namely a parent or guardian); and/or
(b) They have that person’s consent to provide such information for the purpose specified.
3.1 In the course of business, and when you attend a Consultation on the Cyber Clinic Platform it is necessary for us to collect Personal Information. This information allows us to identify who an individual is for the purposes of our business, share Personal Information when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
(a) Personal Information. We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other information defined as “Personal Information” in the Privacy Act that allows us to identify who the individual is;
(b) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
(c) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
(d) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and
(e) Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities.
(f) Health Information. We may collect information about the health, disability, health services, medical histories, psychometric data, prescriptions, allergies and other information about an individual defined as “health information” in the Privacy Act;
3.3 We may also collect non-Personal Information about an individual such as information regarding their computer, network and browser. This may include their IP address. Where non-Personal Information is collected the Australian Privacy Principles do not apply.
4.1 Most information will be collected in accordance with our Data Collection Statement and in association with an individual’s use of Cyber Clinic, an enquiry about Cyber Clinic or generally dealing with us. However we may also receive Personal Information from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows
(a) Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;
(b) Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
(c) Consultations. When an individual attends a Consultation with a Practitioner using Cyber Clinic and verbally provides Personal Information, an audio or visual record of such Personal Information may be created. Such records are anonymised, so that they do not constitute Personal Information.
(d) Other Practitioner contact. When an individual provides Personal Information to a Practitioner using the Cyber Clinic platform in any way other than verbally during a Consultation.
(e) Supply. When an individual supplies us with goods or services;
(f) Contact. When an individual contacts us in any way;
(g) Access. When an individual accesses us physically we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
(h) Pixel Tags. Pixel tags enable us to send email messages in a format clients can read and they tell us whether mail has been opened.
4.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.
4.3 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information, in accordance with the Australian Privacy Principles.
The primary purpose for which we collect your Personal Information is to provide you with information about us, and to enhance the products and services we provide. We may also use or disclose your Personal Information for the following related secondary purposes (without limitation):
(a) for internal purposes including management reporting, data analysis and servicing of Cyber Clinic users generally;
(b) to assist us with research and product development to improve your experience; and
(c) to provide third parties with certain non-Personal Information (including Personal Information which has been anonymised or de-identified) for data analysis or storage.
6.1 The primary reason Personal Information is used or disclosed is to provide services to an individual or organisation. All Health Information in the strictest confidence. De-identified data, including anonymised Health Information, may be used for education and research purposes, or for the collection of health statistics.
6.2 In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected other than with the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted
6.5 If it is necessary for us to disclose an individual’s Personal Information to third parties in a manner compliant with the Australian Privacy Principles in the course of our business, we will inform you that we intend to do so, or have done so, as soon as practical.
6.6 We will not disclose or sell an individual’s Personal Information to unrelated third parties under any circumstances.
6.7 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
(a) The provision of goods and services between an individual and us;
(b) Verifying an individual’s identity;
(c) Communicating with an individual about:
(d) Their relationship with us;
(e) Our goods and services;
(f) Our own marketing and promotions to clients and prospects;
(g) Questionnaires, Psychometric tests, competitions and surveys;
(h) Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
(i) As required or permitted by any law (including the Privacy Act).
6.8 There are some circumstances in which we must disclose an individual’s information:
(a) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
(b) As required by any law (including the Privacy Act); and/or
(c) In order to sell our business (in that we may need to transfer Personal Information to a new owner).
6.9 We may disclose your Personal Information to overseas recipients (such as our service providers) for things such as data processing and hosting services. The most likely destinations for such activities are the United States, the United Kingdom, China and India, although countries where such recipients are located may vary. In some cases, we may send data consisting of Personal Information to overseas recipients for various purposes, including to anonymise the data. By providing us with your Personal Information, you are providing express consent for us to disclose your Personal Information overseas. You are aware that by providing such consent, we will cease to be accountable for the overseas recipient's handling of your Personal Information under applicable privacy laws (including the Privacy Act and GDPR) and that you will not be able to seek redress from us under applicable privacy laws (including the Privacy Act and GDPR) in relation to that use of your Personal Information overseas. We will take reasonable steps to ensure that any disclosure to an entity outside of Australia will not be made until that entity has agreed in writing with us to safeguard Personal Information as we do.
6.10 We may utilise third-party service providers (such as Twilio, Stripe, Gmail from Google etc.) to communicate with or provide services to an individual.
7.1 An individual may opt to not have us collect their Personal Information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
(a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
(b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
7.2 If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us on the details below.
7.3 The main consequence if you do not provide us or our agents with your Personal Information is that we will not be able to provide you with information about us, the products and services we provide, and may mean you are not able to access the Cyber Clinic platform (or parts of it).
8.2 We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
8.3 Cyber Clinic uses end-to-end SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
8.4 We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws in order to deliver a service). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
8.5 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
8.6 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
9.1 Users of Cyber Clinic can update their Personal Information from within their Cyber Clinic account or profile.
9.2 Subject to the Australian Privacy Principles, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information within 28 days of receiving their written request.
9.3 If an individual cannot update its own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.
9.4 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
9.5 We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.
10.1 If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.
10.2 If we have a dispute regarding an individual’s Personal Information, we both must first attempt to resolve the issue directly between us.
10.3 If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportuni/ty once we have established what was accessed and how it was accessed.
11.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
12.1 All correspondence with regards to privacy should be addressed to:
Cyber Clinic Pty Ltd
Level 2, 488 Bourke Street
You may contact the Officer by email in the first instance.
If your Personal Information is governed by the General Data Protection Regulation (GDPR) or the UK Data Protection Act, you may have additional rights as set out below:
(a) Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(b) Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
(c) Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios:
(i) if you want us to establish the information’s accuracy;
(ii) where our use of the information is unlawful but you do not want us to erase it;
(iii) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; and
(iv) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it;
(d) Request the transfer of your Personal Information to you or to a third party. If this obligation applies, we will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
(e) Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.