privacy-policy

PRIVACY POLICY
1. We respect your privacy
2. What is your personal information?
3. Collection of Personal Information
4. How we collect your Personal Information
5. What happens if we can’t collect your Personal Information?
6. Use of your Personal Information
7. Disclosure of your personal information
8. Consent
9. Direct marketing materials
10. Security of your Personal Information
11. Access to and correction of your Personal Information
12. Complaints about a breach of privacy
13. Changes to Privacy Policy
14. Online data collection and use
15. Cookies
16. Third-Party Sites
17. Data breaches

PRIVACY POLICY
1. We respect your privacy
Lifespot Health Ltd (ACN 611 845 820) (we, us, our) respects your right to privacy and is committed to safeguarding the privacy of our customers and Mobile App & Website visitors in relation to their personal information.
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (the Act). The rules that an organisation must follow under the Act are known as the Australian Privacy Principles and cover the collection, use, disclosure, quality and security of personal information. Our organisation is also governed by a number of state-specific privacy laws.
This privacy policy sets out how we collect and treat your personal information (the Privacy Policy).
2. What is your personal information?
‘Personal information’ has the same meaning as it has under the Act. In general, Personal Information is any information we hold which personally identifies you or is reasonably identifiable as being about you. This Privacy Policy covers all people who use our services or otherwise provide their personal information to us.
Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history or the health services you have received).
For the purposes of this Privacy Policy, no distinction has been made between personal information and sensitive information, as defined in the Act. Therefore, all information will be referred to as ‘Personal Information’ throughout this Privacy Policy.
3. Collection of Personal Information
We will, from time to time, receive and store Personal Information you enter onto our Mobile App & Website, provided to us directly or given to us in other forms.
This information may include:
– basic information such as your name, phone number, address and email address;
– your age or date of birth;
– information relevant to your medical care, including your previous and current medical history and your family medical history;
– your ethnic background;
– your profession, occupation or job title;
– the name of any health service provider or medical specialist who has treated you or to whom you are referred, copies of any letters of referrals or copies of any reports back; and
– additional information that you may provide to us directly through our representatives, medical or allied health professionals providing services or otherwise.
We may also collect some information that is not Personal Information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our Mobile App & Website.
4. How we collect your Personal Information
We collect Personal Information from you in a variety of ways, including when you interact with us electronically, telephonically or in person, when you access or use our Mobile App & Website and when we provide our services to you including during the course of consultations or otherwise.
We also collect Personal Information from third parties, including:
– information provided on your behalf with your consent;
– information from a health service provider who refers you to our medical practitioners or health professionals;
– information from health service providers to whom you are referred;
– information from your employer or prospective employer; or
– information from third parties such as law enforcement agencies and other government entities.
When we collect Personal Information from third parties, we will protect it as set out in this Privacy Policy.
5. What happens if we can’t collect your Personal Information?
You are not obliged to disclose your Personal Information to us. However, if you do not provide us with the Personal Information we request, we may not be able to provide the requested services to you, either to the same standard or at all or your diagnosis and treatment may be inaccurate or incomplete.
6. Use of your Personal Information
We will only collect information that is reasonably necessary for providing our services to you. We collect Personal Information about you so that we can perform our business activities and functions and to provide the best possible quality of service to you.
We collect, hold, use and disclose Personal Information for the following purposes:
– to provide medical services and treatment to you, and to enable you to be attended by our medical professionals;
– to provide you with information and updates about our services;
– for administrative and billing purposes;
– to update our records and keep your contact details up to date;
– to process and respond to any complaint made by you;
– to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in cooperation with any governmental authority in any country;
– for the purposes of data research and analysis (by us or third parties), including conducting clinical trials and for the purpose of sending you direct marketing communications in relation to these;
– for inclusion in a recall register to be advised of follow up visits, medical updates and approval period information;
– to answer enquiries and provide information or advice about existing and new products or services and all matters relevant to the services we provide to you;
– to conduct business processing functions, including providing Personal Information to our related bodies corporate, contractors, service providers or other third parties;
– for the administrative, marketing, direct marketing, planning, product or service development, quality control and research purposes for us, our contractors or service providers;
– to meet obligations of notification to our insurers; and
– to make you aware of new and additional products, services and opportunities available to you.
We may also use your personal information for purposes which are directly related to these main purposes, in circumstances where you would reasonably expect us to use your information for these purposes.
We may use your personal information to improve our products and services and better understand your needs. We may contact you by a variety of measures including telephone, email, SMS or mail.
Your Personal Information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy or as permitted under the Act.
7. Disclosure of your personal information
We respect the privacy of your personal information and we will take reasonable steps to keep it confidential and protected.
We will not disclose your personal information to any third parties unless you have consented, or we are otherwise permitted or required to do so by law.
In accordance with the law, we will only disclose your personal information without your consent in circumstances such as where we reasonably believe this is necessary to prevent or lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.
We may disclose your personal information to:
– any of our employees, officers, medical professionals or associated medical specialists who provide medical services to you at our clinics, insurers, professional advisers, agents, suppliers, subcontractors or service providers for the purposes of the operation of our business, fulfilling requests by you and to otherwise provide products and services to you;
– your medical professionals for the purposes of continuity of care;
– suppliers and other third parties with whom we have commercial relationships for business, marketing and related purposes;
– any organisation or person for any authorised purpose with your express consent;
– to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request; and
– to protect the copyright, trademarks, legal rights, property or safety of LIFESPOT HEALTH LTD, www.Lifespot-health.com, its customers or third parties.
Information that we collect may from time to time be stored, processed in or transferred between parties located in countries outside of Australia. These may include, but are not limited to the USA, UK, India and Israel. We may also combine or share any information that we collect from you with information collected by any of our related bodies corporate.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any Personal Information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.

8. Consent
By providing us with Personal Information, you consent to the terms of this Privacy Policy and the types of disclosure covered by this Privacy Policy. Where we disclose your Personal Information to third parties, we will request that the third party follow this Privacy Policy regarding handling your personal information.
We use an overseas cloud-based platform to store our customer’s information including sensitive health information. This data is owned by us and the cloud platform service provider is not allowed to sell or use this data for any purpose other than in the process of providing the services to us. The platform operator is in charge of maintaining the security of this data. By using services offered by us, you consent to store your data in this format.
We cannot guarantee that the overseas cloud-based platform service provider will comply with the Australian Privacy Principles or laws that offer privacy protections that are substantially similar to the laws of Australia, in relation to your Personal Information. If you consent to us storing your Personal Information using an overseas cloud-based platform, you acknowledge that we will not be accountable or liable if your Personal Information is mishandled in any way by the cloud-based platform service provider.
9. Direct marketing materials
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. By providing your Personal Information to us you consent to receive direct marketing communications. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with all applicable marketing laws, such as the Spam Act 2003 (Cth).
If in your dealings with us, you indicate a preference for a method of communication, we will endeavour to use that method wherever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our direct marketing list.
10. Security of your Personal Information
We are committed to ensuring that the Personal Information you provide to us is secure. We take reasonable steps to protect your Personal Information from misuse and loss and to prevent unauthorised access, modification or disclosure. Personal Information is destroyed or de-identified when no longer needed.
Our Mobile App & Website is linked to the internet and the internet is inherently insecure. All transmissions and exchange of information are carried out at your own risk. We cannot guarantee the security of any information that you transmit to us or receive from us online. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the Personal Information that you supply will not be disclosed in a manner that is inconsistent with this Privacy Policy.
We use an Australian cloud-based platform to store our customer’s information including sensitive health information. This data is owned by us and the cloud platform service provider is not allowed to sell or use this data for any purpose other than in the process of providing the services to us. The platform operator is in charge of maintaining the security of this data. By using services offered by us you consent to store your data in this format.
11. Access to and correction of your Personal Information
You may request details of Personal Information that we hold about you in accordance with the provisions of the Act. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). A small administrative fee may be payable for the provision of this information and, if so, the fees will be as advised from time to time. We will not charge you for simply making a request or for making any corrections to your Personal Information.
There may be instances where we cannot grant you access to the Personal Information we hold. However, we will only refuse to provide you with Personal Information that we hold about you in accordance with our rights and obligations under the Act. In that situation, we will provide you with written reasons for any refusal.
If you would like a copy of the Personal Information which we hold about you, or believe that any Personal Information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please send us a written request at info@lifespot-health.com. If you are seeking an amendment, please also include the basis on which you are requesting the amendment. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the Personal Information stating that you disagree with it.
12. Complaints about a breach of privacy
If you believe your privacy has been breached, or have any complaints about our privacy practices, please feel free to send in details of your complaints to Suite 103, Level 1, 2 Queen St, Melbourne, VIC 3000.
We take complaints very seriously and we will respond shortly after receiving written notice of your complaint. Privacy complaints are dealt with at first instance by the relevant service provider. If the issue cannot be resolved at this level, it will be escalated to the relevant manager for review and resolution.
If you are not satisfied with the outcome of our investigation, you may wish to contact the Commonwealth Office of the Australian Information Commissioner (OAIC). See www.oaic.gov.au.
13. Changes to Privacy Policy
Please be aware that we may change this Privacy Policy from time to time. All modifications will be effective immediately upon our posting of the modifications on our Mobile App & Website or notice board. Please check back from time to time to review our Privacy Policy.
This Privacy Policy was last updated on 16 June 2020.
14. Online data collection and use
When you access our Mobile App & Website we collect certain anonymous technical information such as browser type, operating system, Mobile App & Website visited immediately before coming to our site and pages visited. This information is used in an aggregated manner to analyse how people use our Mobile App & Website so that we can make decisions about maintaining and improving our Mobile App & Website and online services. 
15. Cookies
We may from time to time use cookies on our Mobile App & Website. Cookies are very small text files placed on your computer by a web server when you access a Mobile App & Website. These are used to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer and they do not, in themselves, identify the individual user, just the computer used.
Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. However, this may prevent you from gaining access to all the content and facilities of our Mobile App & Website.
Our Mobile App & Website may from time to time use cookies to analyse Mobile App & Website traffic and help us provide a better Mobile App & Website visitor experience. In addition, cookies may be used to serve relevant ads to Mobile App & Website visitors through third party services such as Google Adwords. These ads may appear on this Mobile App & Website or other Mobile App & Websites you visit.
16. Third-Party Sites
Our Mobile App & Website may contain links to other Mobile App & Websites not owned or controlled by us. These links are meant for your convenience only. Links to third party Mobile App & Websites do not constitute sponsorship or endorsement or approval of these Mobile App & Websites. Please be aware that we make no representations or warranties in relation to the privacy practices of any third party Mobile App & Website and is not responsible for the privacy practises of other such Mobile App & Websites. We encourage our users to be aware when they leave our Mobile App & Website, to read the privacy statements of each and every Mobile App & Website that collects personally identifiable information.

17. Data breaches
We are required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Act. The NDB scheme applies when an ‘eligible data breach’ of personal information occurs.
An ‘eligible data breach’ occurs when:
• there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and
• this is likely to result in serious harm to one or more individuals; and
• the organisation has not been able to prevent the likely risk of serious harm with remedial action.
An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.
Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner (Commissioner) about the breach in accordance with the Privacy Act.