PRIVACY POLICY
This policy outlines the way we at Aesthetic MET [ABN 38 580 112 265] collect, hold, use and disclose personal information, how we aim to protect the privacy of your personal information and your rights in relation to your personal information.
WHAT PERSONAL INFORMATION WE COLLECT & HOW AND WHY WE COLLECT IT?
What personal information do we collect?
The personal information we collect generally includes:
- your name and contact details, such as your full name, business or personal addresses, email addresses, phone and fax numbers
- date of birth
- details of your ABN and/or ACN
- financial information including credit card and debit card details
- medical no. registration details and AHPRA details
- membership of professional associations
- if an adverse event has occurred, your initials and photos of the adverse event
However, we may also collect:
- sensitive information from you with your consent; and
- information about how you use our website, via third parties.
How do we collect your personal information?
The main way we collect information is when you give it to us, for example, via our website sign up or other forms, via phone, email, when you submit comments or feedback or via social media.
When you use our website, the following information may be logged for statistical purposes and for the purposes of marketing and advertising to you:
- the date and time of your visit to our website;
- your IP address;
- pages that you accessed and documents downloaded; and
- the type of browser you were using.
We also use cookies on our website which may identify you and track your actions and pages you visit. Cookies are pieces of information that a website transfers to a computer’s hard drive for record keeping purposes. This helps make our website work more securely and efficiently, such as our enhancing security on our contact form, and storing your information so you don’t have to put it afresh when you visit us again. Most web browsers are set to accept cookies and do not personally identify the user
At times personal information may also be gathered from third parties, such as Google Analytics, Instagram Insights, or Facebook Pixel. These third parties may use cookies, web beacons and similar technology to collect or receive information about you from our website and elsewhere on the internet.
Why do we collect your personal information?
We need your personal information to:
- communicate with you in relation to enquiries made via our website;
- conduct our business, and enable your use of our website, products and services, including your membership;
- for accounting, billing and other internal administrative purposes;
- to add you to our mailing list where you have subscribed to receive our newsletter; and
- in some cases, to comply with our legal obligations, such as record keeping.
We also collect personal information to analyse and enhance our business operations and improve your experience with our business. This is used as statistical information to analyse traffic to our website, and to customise content and advertising we provide.
You can opt out of the collection and use of this information by changing your privacy settings in your membership portal or opting out. To opt out you can click unsubscribe on our email newsletter. If you opt out, you will not receive email alerts on updated protocols, guidelines and other information associated with your membership.
WHEN DO WE DISCLOSE PERSONAL INFORMATION & HOW YOU CAN ACCESS IT?
When do we disclose your personal information?
We will take reasonable precautions to protect your personal information, including against loss, unauthorised access, disclosure, misuse or modification. It is kept securely and accessible only to authorised personnel. Information is kept in accordance with our legal record keeping obligations and then destroyed appropriately. We generally will not disclose your personal information unless:
- you consent;
- it is required or authorised by law*; or
- it is reasonably necessary for one of the purposes for which we collect it.
*This can include where we are of the reasonable belief that there is a serious risk to life, health or safety of you or another person. A court order, issued by a judge, may also require the us to release information contained in records.
We will only disclose your sensitive information for the purpose for which you gave it to us or for directly related purposes that you would reasonably expect or if you otherwise agree.
However, we do disclose your personal information where it is necessary to obtain third party services, such as analytics, data storage, payment service providers or marketing and advertising services. To protect your personal information, we endeavour to ensure that our third party service providers also comply with the Australian Privacy Principles. We limit the information provided to third party providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
Disclosure of Personal Information to Overseas Recipients
Whilst we do not presently have any operations in overseas countries, in future, some of the entities that we share Personal Information with may be located in, or have operations in, other countries. This means that your Personal Information may be stored or accessed in overseas countries.
Our contracts with overseas entities with whom we share your Personal Information will require them to maintain the confidentiality of such information.
How can you access or delete your information?
If you want access to your information to correct or have it deleted please email us at clinical@aestheticmet.com. Except where we are permitted or required by law to withhold it, we will help you. If you have a complaint, please email our Privacy Officer, Bronwyn Granata, at clinical@aestheticmet.com.
To obtain access to your Personal Information:
- you will have to provide proof of identity to ensure that Personal Information is provided only to the correct individuals and that the privacy of others is protected;
- you will need to be reasonably specific about the information you require; and
- We may charge you a reasonable administration fee, which reflects the cost to us for providing access in accordance with your request.
If we refuse your request to access or correct your Personal Information, we will provide you with written reasons for the refusal and details of complaint mechanisms.
You will be informed of the outcome of your complaint following completion of the investigation, which will take no more than 30 days.
If you are dissatisfied with the outcome of your complaint, you can make a complaint with the Office of the Australian Information Commissioner phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a- privacy-complaint or post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.
ADDITIONAL PROVISIONS FOR EUROPEAN CITIZENS
If you are a resident of the European Economic Area (“EEA”), Switzerland or United Kingdom (UK), you have certain rights and protections under the General Data Protection Regulation (GDPR) regarding the processing of your personal information. We are a controller under the GDPR as we collect, use and store your personal information to enable us to provide you with our website services and information.
We rely on the following lawful means of collecting and processing your personal information:
- we need it to provide the services to you and fulfil our obligations to you under your Membership Terms. For example, this includes creating and maintaining your account, resolving issues you may experience with the service, obtaining payment for our services and providing you with access to protocols, guidelines and other information;
- it is necessary for our legitimate interests for example, providing a useful and customised service, sending you relevant marketing messages, displaying advertising and tracking its effectiveness, using information we collect about you, or improving our services via research and development. We do not rely on this lawful basis where our legitimate interests are overridden by your rights and interests;
- where you have given us valid express consent to use your personal information we will rely on that consent, and only use the personal or sensitive information for the specific purpose for which you have given consent;
- where we need comply with the law, or act to in an emergency, we will rely on that lawful means of processing your personal information.
Your Rights
If you are an EEA, Switzerland or UK resident, you have various rights including:
- the right to be informed;
- right of access;
- right to rectification;
- right to object;
- right to restriction of processing;
- right to erasure or to be forgotten;
- right to data portability; and
- right not to be subject to automated processing.
If you want to access personal information we hold about you, or ask if that the information be corrected, please contact us at clinical@aestheticmet.com.
In some circumstances, you also have a right to object to or ask that we restrict certain processing activities or delete your personal information. If you would like to limit or request deletion of your personal information or exercise any other rights you can do so by contacting us.
You can withdraw your consent to our collection or processing of your personal information at any time. You can do so by contacting us at clinical@aestheticmet.com or by opting out of email newsletter communications by following the instructions in those emails or by clicking unsubscribe.
If you withdraw your consent to the use of your personal information, you may not have access to our services, and we might not be able to provide you with our services. In some circumstances where we have a legal basis to do so we may continue to process your information after you have withdrawn consent, for example if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our services secure.
Security
All personal information stored on our website platform is treated as confidential. It is stored securely and is accessed by authorised personnel only. Our collection is limited in relation to what is necessary, for the purpose for which the personal information is processed, and kept only for so long as is necessary for the purpose for which the personal information was collected, unless otherwise required by law or in accordance with this Privacy Policy. We implement and maintain appropriate technical, security and organisational measures to protect personal information against unauthorised or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure. We ensure the encryption and pseudonymisation of personal information and we have adequate cyber security measures in place. By providing us with your personal information you consent to us disclosing it to third parties who reside outside the EEA, Switzerland or UK. We will ensure that those third parties are GDPR compliant.
In the event that your personal information is subject to a data breach, we will comply with all mandatory statutory notification requirements.
We may update this policy from time to time to reflect our current practice and ensure compliance with applicable laws.