Privacy

Last updated: 17 November 2021

At Heyday Rx Pty Ltd (Heyday) we respect your right to privacy and are committed to protecting your personal information. We are required to handle your personal information in accordance with the Australian Privacy Principles (APPs) contained within the Privacy Act 1988 (Cth) (Act) and other applicable privacy and health records laws (for example, Health Records Act 2001 (Vic)). 

This Privacy Policy applies to personal information (as defined by the Act). It describes how Heyday will collect, use, disclose and store your personal information. This Privacy Policy may be amended from time to time. Any updated versions of this Privacy Policy will be posted on our website. We ask that you visit our website periodically to remain up to date with such changes.

If you decide to make an appointment with our Heyday Clinic, another privacy statement will be provided to you as you complete your patient registration form. Information provided by you and clinical notes made by our doctors and nurses on your patient ID will be stored in a cloud based software tool called CorePlus. CorePlus’ stores all data in Australia and you can read more about CorePlus security and privacy here: https://help.coreplus.com.au/en/articles/1142132-security-and-privacy

What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not andwhether the information or opinion is recorded in a material form or not.  Examples include your name, address, telephone number, email address and profession or occupation. 

Some personal information is also deemed “sensitive information”. A person’s health information is considered sensitive information.

Unless otherwise specified, a reference to “personal information” in this policy means both personal information and sensitive information.

What personal information do we collect?

We only collect your personal information if it is reasonably necessary to conduct our business, provide you with a requested service or understand our audiences. Depending on the nature of your interactions with us, we may collect the following types of personal information:
• your name, email, address and telephone number
• your age or date of birth
• your gender
• If you are a healthcare provider, we may collect your name, contact details and AHPRA number.
• Your health and medical information (including medical history, symptoms and side effects of current treatment, health and lifestyle goals, past and current use of plant medicines and other substances, family history of certain medical conditions)

How do we collect personal information?

We will try to collect your personal information directly from you, unless it is unreasonable or impracticable to do so.  We will only collect sensitive information (including health information) with your consent.  
We collect personal information through:

• our Get in Touch form;
• email or phone contact;
• your access and use of our websites and social media channels; and
• surveys, questionnaires or other trials or testing activities.
• Your guardian, doctor or specialist or family members
• Heyday partners, including our pharmacy partners
• Third parties including (but not limited to) your health fund, hospitals or other community health services and any relevant government agencies

Use of cookies and other analytics tools

We may collect information when you interact with us online. This could be via our website or through emails or other forms of online communication. We may collect your information using web server logs, IP addresses, cookies and web beacons.
We may collect web server logs and IP addresses (the unique address of your device) to conduct system administration and report aggregate information to affiliates, business partners and/or vendors to conduct site analysis and website performance reviews.

Cookies

A cookie is a piece of information that is placed on your computer when you access certain websites. The cookie uniquely identifies your browser to the server. Cookies allow us to store information on the server to help make the web experience better for you and to conduct website analysis and web site performance review. Most web browsers are set up to accept cookies. You can choose whether to allow cookies through your browser settings. Some parts of our websites may not work properly if you refuse cookies.

Web beacons

Some of our webpages or emails may use a web beacon (also known as an action tag or clear GIF technology). Web beacons help analyse the effectiveness of websites by measuring, for example, the number of visitors to a site or how many visitors clicked on key elements of a site.We may also collect information from your browser or device when you visit our websites, includingdevice ID and type; your browser type and language; access times;your mobile device’s geographic location; andreferring website address (if any).

External sites

Our website may contain links to other websites operated by third parties. We are not responsible for the privacy policies or the content of third-party websites.

How do we use your personal information?

We will primarily use your information to respond to your questions or requests, provide tailored information and education to you, or provide you with our services and functions.

We may use your personal information for the following other purposes:
• administrative purposes;
• to update your contact details;
• to meet our legal and regulatory requirements and respond to requests for information from those bodies; 
• for direct marketing;
• for data research and analysis and service improvement;
• to assess your suitability for a position if you have applied for a position with Heyday (and we may retain your personal information provided for future positions and for our records)
• to respond to any of your complaints.

When do we disclose your personal information?

We will only disclose your personal information to third parties where absolutely necessary and where related to one of the uses specified above.  Where we disclose personal information to third parties, including contractors, we endeavour to require that these third parties respect your right to privacy and comply with the Act.  We may disclose your personal information to:
• our staff and professional advisors;
• facilitate the provision of any services you request we provide to you using third parties, including contractors, healthcare providers and dispensing pharmacies; 
• provide aggregated or de-identified information to third parties, for example, we may disclose information for research, evaluation and development purposes; 
• to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority; and
• meet obligations of notification to our insurer

If we refer you to a third party service provider, that service provider may also collect and store your personal information. We make no representation or warranties in relation to the privacy practices of any third party service provider and we are not responsible for their collection, use or disclosure of your personal information. Third party service providers you deal with are responsible for informing you about their own privacy practices.

Overseas disclosure

While we will take reasonable steps to ensure that overseas recipients of personal information do not breach the APPs; we also acknowledge that we cannot control those events. Therefore, your acceptance of these terms indicates your express consent to the disclosure of your information for the purposes identified in this Privacy Policy to overseas recipients and your understanding that Heyday is not responsible for ensuring the actions of those third party recipients comply with the APPs. We will not be liable to you for any breach of the Act or this Privacy Policy by these overseas third parties and on this basis you consent to such disclosure.

Direct communications

We may send you communications and information about medical conditions, clinical trials, research, events, products and services that we consider may be of interest to you. 

These communications may be sent in various forms, including mail, SMS and email. If you indicate a preference for a method of communication, we will endeavour to use your preferred method.

You may opt out of receiving some or all of these communications at any time by using the unsubscribe function on our electronic communications or contacting us as at any time.

How can you access and correct your personal information?

You have a right to request the correction of your personal information held by Heyday. If you believe that the information Heyday holds is not accurate, complete or up-to-date, please contact the Privacy Officer on info@heydaymedical.com in order to have the information corrected. 

You have a right to request access to any personal information we hold about you. You can request access at any time by contacting the Privacy Officer. 

We may refuse your request for access where authorised or required by law. For example, we must refuse access where granting access would unreasonably interfere with the privacy of others or cause a breach of confidentiality. We will provide written reasons for any refusal.

How do we hold and protect your personal information?

We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. Your personal information is generally stored electronically on our software or systems or on those of our third-party service providers. Our website is hosted on Webflow (https://webflow.com/legal/privacy).  Webflow use Amazon Web Services Servers for data storage. All electronically stored data is encrypted. Some personal information may also be stored in hard copy documents.

Information provided by you during the Clinic booking process and during any interactions with our healthcare team, and clinical notes made by our doctors and nurses on your patient ID, will be stored in a cloud based software tool called CorePlus. CorePlus’ stores all data in Australia and you can read more about CorePlus security and privacy here:
https://help.coreplus.com.au/en/articles/1142132-security-and-privacy

You may choose to share personal information with our doctor and nursing team via email and our team will respond via email. The Heyday Medical email is a google Gmail domain. All emails are stored securely in the Google world-class data centers. Data is encrypted in transit and at rest. For more information on Google Gmail privacy and security, please visit: https://safety.google/intl/en_us/gmail/

Staff will deal with personal information in accordance with this policy and will take steps to keep it secure.

Complaints and concerns

If you have a complaint or concern regarding how we have handled your personal information, please contact the Privacy Officer in writing (contact details are at the end of the policy). Please provide adequate details of your complaint or concern.  Our representative will contact you within a reasonable time after receipt of your complaint. We will discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

If you are not satisfied with how we have handled your complaint, you can contact the Office of the Australian Information Commissioner.

Complaints and concerns

Please address all correspondence to:
Heyday Rx Pty Ltd
Attn: Privacy Officer
PO BOX 83
Trentham VIC 3458
Email: info@heydaymedical.com