We operate a business that provides a secure platform for telehealth consultations, the generation of pharmaceutical prescriptions by general practitioners and access to various products and treatments via partner pharmacies through an ecommerce solution. These services are accessed and provided via our website youly.com.au.
Collection and Storage of Personal Data and Information
We collect personal information about individuals when using our service. Our usual approach is to collect personal information directly from the individual concerned.
The types of personal information we collect or may collect includes names, dates of birth, email addresses, signatures, mailing addresses, residential addresses, Medicare numbers, health fund details; credit card details, payment and transactional information and some health information such as details of medications already prescribed and/or taken or to be taken by the individual, as well as medical history, together with any information we are required to collect by law. These may be collected in relation to customers wishing to obtain prescriptions, treatments or products, partner pharmacy staff, management and general practitioners.
For example, we collect personal information in circumstances including:
(i) from you, when you use youly.com.au, stagger.com.au, cantro.com.au, hub.health, vidality.health and midnight.health. to request a clinician’s assessment, prescription or partner pharmacy product;
(ii) to confirm your identity when you deal with us;
(iii) for the purposes of providing information to or receiving information from a medical professional to facilitate the issuing of a prescription;
(iv) when paying for goods with credit cards or Paypal;
(v) when you message us via social media, email, phone or visit our website and make an enquiry to which a later response is requested and to do so requires your contact details;
(vi) when recording medical queries, complaints and adverse events;
(vii) when you ask to be included on marketing distribution lists, agree to receive targeted advertising material and communications, or when you interact with us through any social media platforms;
(viii) for other regulatory purposes; and
We may use ‘cookies’ to collect data (typically not personal information) relating to your general internet usage. This data may include IP-addresses, browser versions, number of visits and similar such data relating to your navigation of the internet and our site. A cookie is a small text file that is placed on your computer’s hard drive. Cookies help us to improve our site and to deliver a better and more tailored service, for instance by storing information about your preferences and allowing us to recognise you when you return to our site.
You may refuse to accept cookies by activating settings on your internet browser. However, please note that if you select such settings you may be unable to access certain parts of our site.
Storage and security of your personal information
We hold personal information in our own encrypted and secure databases. We take all reasonable steps to protect your personal information, including internal and external security, restricting access to personal information to those who have a need to know, maintain technological products to prevent unauthorised computer access and regularly review our technology to maintain security.
However, unfortunately, the internet is not always a secure place and we cannot guarantee total security of your personal information in all circumstances.
When you provide personal information to us, you warrant that it is accurate, current and complete and undertake to maintain the accuracy, currency and completeness of the personal information we retain.
We treat website and credit card security seriously and endeavour to provide a secure, safe platform through which to conduct transactions.
We will take reasonable steps to destroy or de-identify personal information if it is no longer needed for any purpose for which it may be used or disclosed in accordance with the Privacy Act.
Disclosure of your personal information
We may disclose your personal information to any of our related group companies. They will only use it for the same purposes that we may under this policy. We may provide personal information to third parties outside our group companies for limited purposes, such as to help us in providing or offering goods and services to customers and patients, where you have provided your consent.
Those persons and businesses may include:
(a) General practitioners for the purpose of issuing prescriptions;
(b) Organisations who carry out credit, fraud and other security checks;
(c) Couriers and delivery businesses (where we arrange to deliver goods to you or persons you have requested us to send deliveries to);
(d) Third party suppliers of goods or services that may be of interest to you (with your consent);
(e) Third parties that carry out market research;
(f) Third party software providers who store details of customer account for us or who provide other IT services; and
(g) Marketing businesses engaged by us to disseminate materials to which recipients have consented (if applicable).
We may also disclose your personal information to third parties outside our group of companies:
(a) Where we have your express permission to do so;
(b) Where it can reasonably be inferred from the circumstances that you consent to the disclosure to the third parties;
(c) If we or substantially all of our assets are acquired by a third party, in which case personal information which we hold about our customers may be one of the transferred assets (subject to the same constraints on use and disclosure as under this policy); and
(d) If we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, or in order to enforce or apply our terms and conditions; or to protect our rights, property, or safety of that of our personnel or customers . This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Except as above, we limit the information we provide to third parties to the information they need to help us and partner pharmacies to provide or facilitate the provision of goods and services to you. We deal with third parties that are required to meet the privacy standards required by law in handling your personal information, and use your personal information only for the purposes that we gave it to them.
Use of your personal information
We may use personal information for the purpose of marketing but only where such use complies with the Privacy Law and the Australian Privacy Principles in particular.
We use the personal information collected from you for the purpose it was provided or collected (as indicated above), including in the following ways:
(a) To assess your requests for assessments, prescriptions and pharmacy treatments and products;
(b) To respond to enquiries received from you;
(c) To process, confirm, fulfil and update you about your orders;
(d) To perform authorised financial transactions with you;
(e) To verify your identity and to assist you if you have forgotten any username or password;
(f) To communicate with you and provide you with information (whether by email, post or other means) about our products or services, where you have requested or consented to receiving this from us or where this provision is otherwise permitted under the Australian Privacy Principles;
(g) To facilitate communication by third parties (whether by email, post or other means) in relation to products or services that may be of interest to you, where you have requested or consented to us providing your personal information to third parties for that purpose;
(h) To enable research and market analysis, where you have consented to same;
(i) To notify you about changes to our goods and services;
(j) To address medical queries, complaints and adverse events and provide adverse reaction reports for the purpose of reporting to regulatory bodies such as the Therapeutic Goods Administration;
(k) To receive and address feedback or complaints from you; and
(l) To protect our legal interests and fulfil our regulatory obligations (if and to the extent necessary).
All customers and others with whom we interact have the option to opt-out of receiving marketing communications from us. If you do not wish to continue to receive electronic marketing communications from us and/or selected third parties you should opt-out by clicking on the “unsubscribe” link in any email communications that we might send you. If you request us not to send other electronic communications, we will also comply with that request to the extent reasonably practical.
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
Overseas Transfers of Personal Information
If in future we do propose to disclose personal information overseas, we will do so in compliance with the requirements of the Privacy Act. We will, where practicable, advise you of the countries in which any overseas recipients are likely to be located.
If you do not want us to disclose your information to overseas recipients, please let us know.
From time to time we may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider. However, by providing us with your personal information, you consent to the storage of such information on overseas servers (such as servers located in the United States of America) and acknowledge that Australian Privacy Principle 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.
How can you lodge a privacy related complaint, and how will the complaint be handled at our practice?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns to the Practice Manager, you may do this by emailing email@example.com. We will then attempt to resolve it in accordance with our resolution procedure. You can expect for your concern to be dealt with within 30 days of lodgement.
If you are still concerned, you may also contact the Office of the Australian Information Commissioner (OAIC). Generally the OAIC will require you to give them time to respond, before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.
Last Updated: 28th July, 2022