(last updated: 18 August 2017)
- Zedmed protects the privacy of personal information Zedmed collects;
- Zedmed may use such information and to whom such information may be disclosed; and
- individuals can access and correct the personal information Zedmed holds, lodge complaints with Zedmed in respect of alleged breaches or privacy or to make any related enquiry.
Zedmed requires that its staff comply with this policy in relation to any personal information they handle. Zedmed also uses its best endeavours to ensure that contractors comply with their obligations with respect to any personal information to which they may have access or which may be disclosed to them.
Zedmed may collect personal information from any individual with whom it may have contact, including job applicants, representatives from current and prospective suppliers and representatives from current and prospective customers.
Types of information Zedmed collects and holds
We may also collect information about you when you access our website. The information we collect from visits to our website is generally anonymous (unless you specifically complete and submit a form to us using a form we make available to you via our website). We generally do not use such information to identify specific individuals.
However, due to the nature of the Internet, such information may contain details which may identify a particular individual (such as the IP address of the computer accessing our website, the internet service provider used by the individual, the web-page directing the individual to our website and the individual’s activity on our website).
How we collect personal information
We only collect personal information using lawful means. We may collect personal information about an individual from a variety of sources using a variety of means, including:
- a form (either physical or online) that is completed and submitted to us;
- a telephone, email or in-person inquiry or discussion about us, the products and/or services that we provide;
- mail correspondence, emails and other electronic means (including by accessing our website and the use of the “contact us” form on our website);
- through publicly available sources of information;
- from job applicants and staff members;
- direct contact in the course of us providing our goods and/or services;
- in the course of conducting market research, including customer satisfaction surveys;
- in the course of providing our goods and/or services to our customers; and
- from current and prospective suppliers of goods and/or services to us.
To the extent reasonably practicable and reasonable for us to do so, we collect personal information about an individual directly from that individual. Additionally, we will only collect personal information when we specifically ask for that information, except in circumstances where personal information is volunteered to us or otherwise supplied to us without us asking for such information.
Dealing with us anonymously and pseudonymously
In accordance with the current law, you do not need to provide us with your personal information and you may interact with us on an anonymous and pseudonymous basis. However, if you choose to interact with us in this fashion, or if you do not provide us with personal information when requested, we may be unable to provide you with all of the goods and/or services that you seek from us.
Further, we reserve the right to verify your identity as part of our response to a request to access and/or correct personal information we hold about you, or as part of our complaints-handling process. If we are unable to verify your identity, or you continue to engage with us in an anonymous or pseudonymous basis, we may be unable to satisfy your request or complete our complaints-handling process.
What personal information does Zedmed collect?
Zedmed may collect personal information such as (but not necessarily limited to) an individual’s name, date and place of birth, street and postal addresses, email address, phone numbers and other contact details.
From time to time, as Zedmed provides its services to its customers, Zedmed may gain access to personal information about an individual held by Zedmed’s customer. For the purposes of its statutory obligations, Zedmed does not collect such information in that Zedmed does not collect the information for inclusion in a record.
We may also collect the following information for marketing purposes and as part of improving the customers’ experience with us:
- When an individual visited our website or contacted us either in-person or over the telephone;
- When an individual visits our website, the pages viewed and the information downloaded;
- When an individual visits our website, the IP address of the computer used to visit our website and the page from where the individual visited our website, the type of browser used and information about websites visited before the individual visited our website; and
- When an individual contacts us over the telephone, we may record the conversation for training purposes and for the purpose of improving our customer experience.
Zedmed may also collect data from its website using various technologies, including ‘cookies’. A ‘cookie’ is a text file our website transmits to an individual’s browser which is stored on the individual’s computer as an anonymous tag identifying the individual’s computer (but not the individual) to us. The browser may be configured to disable cookies, but some parts of our website may not function properly (or at all) if cookies are disabled.
Zedmed may also collect data from its software application automatically, such as error reports (including screenshots), upgrade statistics and performance statistics.
In the course of providing its products and services to its customers, Zedmed may also collect personal information about individuals who are clients or patients of Zedmed’s customers. Zedmed does not hold onto such personal information for longer than reasonably necessary and uses that such personal information in order to provide the services Zedmed is contracted to provide to the relevant Zedmed customer. Such services may include, but not be limited to, data migration services and training services.
Where Zedmed collects personal information on an unsolicited basis, Zedmed will comply with its statutory obligations in relation to such personal information.
How does Zedmed use the personal information it collects?
As a general principle, and in accordance with Zedmed’s statutory obligations, Zedmed only uses personal information for:
- the primary purpose for which the information was collected;
- a secondary purpose that is related to the primary purpose for which you would reasonably expect Zedmed to use the collected information; or
- as otherwise permitted or authorised by law, including the Australian Privacy Principles.
Zedmed may use the personal information it collects about an individual for one or more of the following purposes:
- to provide products and services to the individual or to a third party which may directly or indirectly benefit the individual;
- to install, maintain, support and service products we have supplied to the individual or to a third party which may directly or indirectly benefit the individual;
- processing transactions and administering customer accounts (including by processing of invoices, bills, statements of account and related financial matters necessary to enable us to provide products and/or services under relevant contractual arrangements);
- addressing queries, warranty claims and resolving complaints;
- to send information updates, marketing materials and newsletters to current and prospective customers who have consented (either expressly or impliedly) to receive such information and provided that they have not opted out of receiving such information;
- to seek the participation of current and prospective customers (on a voluntary basis) in advertising campaigns, events, launches, customer testimonials and focus groups;
- to initiate contact with an individual if the individual and/or his/her employer has not purchased products or services from us for an extended period of time, or otherwise has not engaged with us for an extended period of time (unless we are informed that the individual no longer wishes to be contacted by us or by anyone on our behalf);
- to improve our products and services, our website, our other means of communicating with our current and prospective customers;
- carrying on business as the provider of clinical and office management software and related services; and
- to directly market our products and services to current and prospective customers.
To whom may Zedmed disclose personal information?
Zedmed may disclose personal information collected from individuals to third parties but only on an as-needs basis and in order to fulfil one or more of the purposes for which the information was collected, any secondary purpose related to the primary purpose of collection, or otherwise as required or authorised by law.
Zedmed may disclose personal information to the following third parties (without limitation):
- Zedmed’s agents and contractors (including, for example but without limitation, its agents and contractors in order to enable them to provide products or perform services on behalf of Zedmed, or to facilitate Zedmed’s provision of products or services to its customers);
- Zedmed’s professional advisers; and
- related entities of Zedmed.
Zedmed may also disclose personal information about an individual when required by law or court order, or other governmental order or process to disclose, where Zedmed believes in good faith that the law compels us to disclose information, or where Zedmed is required to do so as a result of any obligations owed by Zedmed under a contract.
Zedmed may disclose personal information about an individual to a third party if Zedmed considers it reasonably necessary to do so in order to identify, contact or bring legal action against any third party whom Zedmed suspects or knows is causing harm to, or interference with the products or services Zedmed provides, Zedmed’s information technology systems and equipment, or Zedmed’s property.
Personal information about individuals which Zedmed has collected may be disclosed to third parties in the event its business and/or assets are sold or offered for sale, at or before the time of a merger, acquisition or sale.
When Zedmed engages third parties to provide products and/or services to Zedmed, such third parties may have access to personal information Zedmed holds about individuals. Zedmed does not authorise those third parties to use any personal information disclosed to or accessed by the third party for any purpose other than to facilitate the third party’s completion of its obligations owed to Zedmed.
Without limiting the foregoing, Zedmed may disclose individuals’ personal information to its business partners and advisors (such as auditors, financial services or insurance companies) or to its professional advisers (such as its legal and accounting advisers) for them to complete their obligations owed to Zedmed under agreements that Zedmed has entered into for the purpose of undertaking or furthering its business operations and activities.
Disclosure of personal information overseas
Zedmed may store, process or back-up personal information it holds on servers (including through third party service providers) that are located in a jurisdiction other than Australia.
Where Zedmed enters into a contract with a host provider for the hosting of information for and on behalf of Zedmed, Zedmed will use all reasonable endeavours to ensure that such contract reserves for Zedmed the right to control access to the personal information and to avoid the need for the host provider to access the information it hosts for the benefit of Zedmed.
Zedmed may enter into contracts for the provision of hosting services with host providers located in Europe, the USA and/or other countries as determined by Zedmed from time to time at its discretion.
Zedmed does not otherwise disclose or allow a third party located outside Australia to access the personal information Zedmed holds.
Security and retention of personal information
Zedmed takes the security of all personal information in its possession seriously. Zedmed takes reasonable steps to protect any personal information it holds from misuse, interference and loss. Zedmed also takes reasonable steps to protect the information Zedmed holds from unauthorised access, modification and disclosure.
Zedmed takes reasonable physical security measures, technology security measures and Zedmed staff are required to undertake privacy and data protection training from time to time, as part of their general obligation to respect the confidentiality and privacy of any personal information Zedmed holds.
Zedmed regularly reviews and updates its physical and data security measures in light of current technologies and the requirements of applicable laws.
Zedmed only holds personal information it collects from or about an individual as long as reasonably necessary to fulfil the purpose(s) for which the information was collected, as required by law or in accordance with Zedmed’s document retention policies. When the information is no longer required to be held by Zedmed then Zedmed will take reasonable steps to destroy or de-identify the information.
Links to third party websites
Zedmed’s website may contain links to third parties’ websites, including sites maintained by other parts of the Medical One Group. Those other websites are not subject to Zedmed’s privacy policies and procedures. You will need to review those websites directly to view a copy of their privacy policies.
Zedmed does not endorse, approve or recommend the products or services provided by the operators of the relevant third party website, and the fact that Zedmed includes links to those third party websites should not be construed as an endorsement, approval or recommendation of either the website operator or the products or services so provided.
Accessing the personal information Zedmed holds
An individual is entitled at any time (on request to Zedmed) to access the personal information Zedmed holds about that individual.
Where Zedmed receives a request to access the personal information Zedmed holds about an individual, Zedmed will comply with its statutory obligations and will respond to such an access request within a reasonable period of time.
Unless it is unlawful or impracticable for Zedmed to do so, Zedmed will generally provide access to the requested information in the manner requested.
Please note that Zedmed is entitled under the Australian Privacy Principles to charge a reasonable fee to cover the costs Zedmed incurs in providing access to the personal information held about an individual.
Additionally, Zedmed reserves the right to refuse access to an individual’s personal information Zedmed holds where any of the statutory exceptions to the access right exist in the particular circumstances. Where Zedmed refuses an access request, it will explain the reasons for refusal in writing and provide details in relation to the relevant complaint process.
Zedmed also reserves the right to request information from the individual making the access request in order to verify the identity of the individual making the request, in order to ensure that Zedmed is not inadvertently disclosing personal information to an individual not entitled to access such information.
Further, Zedmed reserves the right to redact the information made available in response to an access request, to protect the privacy of other individuals.
Quality of the personal information Zedmed holds
Zedmed takes reasonable steps to ensure that the personal information it collects, uses and discloses is accurate, complete and up-to-date.
However, the accuracy, completeness and currency of the information Zedmed holds largely depends on the accuracy of the information supplied to Zedmed or which Zedmed collects.
If at any time you discover that any information Zedmed holds about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please contact Zedmed to request correction of the information. Zedmed will handle a correction request in accordance with its statutory obligations. However, as noted above, Zedmed reserves the right to verify your identity before processing a correction request.
Lodging a complaint and how to contact Zedmed
If you wish to make a complaint to Zedmed about how Zedmed handles the personal information collected from or about you, the complaint should be made in writing to Zedmed and addressed to the attention of Zedmed’s privacy officer (details of whom are set out below).
Zedmed will promptly acknowledge receipt and will endeavour to deal with the complaint and provide a response to you within a reasonable time period following receipt (generally within 30 days of receipt).
Where the complaint requires a more detailed investigation, the complaint may take longer to resolve. If this is the case, then Zedmed will endeavour to provide the complainant with progress reports.
Zedmed reserves the right to verify the identity of the individual making the complaint and to seek (where appropriate or reasonable) further information from the complainant about the circumstances of the complaint.
Where required by law, Zedmed will provide its determination on the complaint to the complainant in writing.
Zedmed reserves the right to refuse to investigate or to otherwise deal with a complaint where permitted under law, where such circumstances apply. For example, without limitation, Zedmed may refuse to investigate or to otherwise deal with a complaint if Zedmed considers the complaint to be vexatious or frivolous.
If you are not satisfied with the outcome of the complaint, then you may write to Zedmed seeking an internal review of its decision. Such internal review will be completed by an officer not previously involved in the complaint.
If you still remain dissatisfied following the outcome of the internal review, you may escalate the complaint to the Office of the Australian Information Commissioner.
Zedmed Pty Ltd
GPO Box 2061
Melbourne VIC 3000
Phone: 1300 933 833
Fax: +61 3 9682 8114
ZEDMED PTY LTD COLLECTION STATEMENT
Generally, the collection of personal information is not required or authorised by law or court order, but is requested in order to facilitate the purpose(s) for which the information is collected.
We may disclose personal information we collect from or about you to third parties in order to fulfil the purposes for which we collected the information. We may disclose personal information to third parties including suppliers and contractors we engage to provide certain products and/or services to us (in this case, we will use our best endeavours to limit the disclosure of personal information). We may also disclose personal information to our professional advisers, such as our accountants, tax advisers and legal advisers.
We may disclose information if we are required by law or court order, or other governmental order or process to disclose, where we believe in good faith we are compelled by law to disclose, or where we are required to do so as a result of any obligations we owe under a contract.
We may store, process and/or back-up personal information we hold on servers (including servers provided by third parties) that are located in a jurisdiction other than in Australia. Where we enter into a contract with a host provider, we will use all reasonable endeavours to ensure that such contract reserves for us the right to control access to the personal information and to avoid the need for the host provider to access the information it hosts for our benefit.
Where it is reasonable for us to do so, we will collect your personal information from you directly, but we may also collect information about you from third parties, as permitted or authorised by law.
The primary consequences that may result from a failure to provide personal information to us when we request is that we are unable to fulfil the purposes for which we seek the information. For example, we may be unable to provide goods and/or services to you or to an organisation with whom you are associated in a timely fashion or at all.