CIRCUMCISION VASECTOMY AUSTRALIA – PRIVACY POLICY

(For App and Site Users)

1. INTRODUCTION

1. This is the Privacy Policy for the Circumcision Vasectomy Australia Site located at https://circumcisionvasectomyaus.com.au/ (“the Site”) mobile application located at https://play.google.com/store/apps/details?id=com.cva.android and https://apps.apple.com/in/app/cva-support-ipowner-pty-ltd/id6754309600  (“the App”) and any CVA practise management system which is owned and operated by Circumcision Vasectomy Australia [ACN: 693 097 031] (“we”, “us”, “our” and “CVA”). Collectively referred to as (“the Services”).
2. CVA is a registered medical practise in Australia providing specialist medical services to its patients.
3. This Privacy Policy has been developed in accordance with the Privacy Act 1988 (Cth) (“Act”), the Australian Privacy Principles (APPs) and the Guide to Health Privacy published by the Office of the Australian Information Commissioner (“OAIC”) and if applicable the General Data Protection Regulation (GDPR) where relevant which sets out standards and guidelines for the collection, access, storage and use of personal and sensitive information.
4. CVA is committed to ensuring the proper processes and steps for the collection, access, storage and use of patients personal and sensitive information.
5. Your continued use of the Services constitutes your acceptance of this Privacy Policy.
6. CVA may amend this Privacy Policy at any time (if required by law) or for other reasons by publishing its updated policy and it is your responsibility to read any updates each time you use the App its website or via its practise management system
7. Capitalised terms not defined in this Privacy Policy are defined in our Terms & Conditions which can be read here: https://cvasupport.circumcisionvasectomyaus.com.au/terms-and-conditions.html 

2. HOW AND WHAT PERSONAL INFORMATION WE COLLECT

1. We collect your personal information directly and automatically from you via the App, site and online booking and practise management system through analytics tools you use accessing the Services, and information you submit to us. For example, when you make a booking or use the Site. We may also collect certain information when you contact us, including via phone and email, whether it be as part of an enquiry or request; and financial information if making a purchase.

• If any Financial information is handled by a third-party payment provider, you will be subject to their payment terms and conditions and any privacy policy they maintain.

2. Personal information under the Act includes technical or inferred data that could identify an individual. The type of personal information we collect about you via the Services may include:

• your name;
• your contact details, including email address, mailing address, street address and/or phone number;
• your age and/or date of birth;
• your demographic information, such as postcode;
• your preferences and/or opinions;
• information you provide to us through customer surveys;
• details of services we have provided to you and/or that you have enquired about, and our response to you;
• your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
• information about your access and use of our Services, including through the use of Internet cookies, your communications with our Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
• additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media Services and/or accounts from which you permit us to collect information; and
• any other personal information requested by us and/or provided by you or a third party.

1. We may also collect and store other materials and information you provide to us via the Services, such as feedback documents, photographs and images and other materials you may provide to us.
2. In accordance with the Act CVA will take all reasonable and appropriate steps to ensure the information we collect is necessary, relevant, and not beyond that needed to provide you the services.

3. HOW WE USE AND DISCLOSE YOUR PERSONAL INFORMATION

1. We may collect, store and/or disclose your personal information for a number of reasons, including to:

• deliver, administer and improve goods and services available via the Site and/or the App;
• provide users with ongoing customer assistance and technical support;
• ensure Site integrity;
• promote the Site and/or the App and the CVA business generally via direct marketing, promotions, competitions, and social media;
• work with our related companies and service providers;
• maintain and update our records;
• protect and uphold the rights, property and safety of us, our users and others;
• where required by law, disclose personal information;
• identify and contact and/or ban you from our App if you breach our Terms & Conditions;
• investigate your activity on our App for any reported suspicious or prohibited behaviour;
• facilitate potential acquisitions of our business and assets;
• enforce our Terms & Conditions, or protect the rights, property or safety of ourselves or others;
• to enable you to access and use our Site App and associated social media Services;
• to enable you to use our Site and App to connect with CVA Practitioners who can provide services to you;
• to contact and communicate with you;
• for internal record keeping and administrative purposes;
• for analytics, market research and business development, including to operate and improve our App, associated Services and social media Services;
• to offer additional benefits to you and advertising and marketing, including sending you promotional information about CVA’s products and services; and
• to comply with our legal obligations and resolve any disputes that we may have.

1. When we collect your personal information, we will tell you why we are collecting it and how we plan to use it, when we collect your information. 
2. We will not disclose your personal information that we collect to a third party for direct marketing their products and services without your consent.

4. HOW AND WHAT SENSITIVE INFORMATION WE COLLECT

1. Sensitive information is a sub-set of personal information under the Act and is given a higher level of protection under the APP’s. It is information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information and genetic or biometric information.

The type of sensitive information we may collect about you includes but is not limited to health information, such as details of any current or previous medical conditions, copies of previous health records, your Medicare number, prescription information, test results, video footage, photographs, images and or scans.

We will not collect sensitive information about you without first obtaining your explicit and freely given consent. Consent is validly obtained where you are adequately informed, you give it voluntarily, is current and specific, and when you have the capacity to understand and communicate it.

Your sensitive information may only be used and disclosed by CVA for the primary purpose for which the sensitive information was collected which in this case includes:

• To connect you with a CVA employees appointed contractors, using our Services;
• To assist you with your inquiries to be connected with a CVA medical practitioner;
• To assist a medical practitioner suitably qualified to provide the services to you; and/or
• Providing services for a purpose that is directly related to the primary purpose for which the sensitive information was collected.

By using the App and accessing the Site you give explicit consent to CVA where we have de-identified your sensitive information, (such that you are no longer identifiable from it), to  use that de-identified sensitive information for the purpose of medical analysis, research and publication, direct marketing, cross border disclosure, and disclosure to third parties.

We will only do so with your express consent which includes acknowledging that de-identification your sensitive information may not altogether remove the risk that the information may be re-identified. Sensitive information may also be used or disclosed if required or authorised by law.  

5. HOW WE TREAT YOUR IDENTIFICATION INFORMATION

Identification information is defined in the Privacy Act 1988 (Cth), and includes details such as your full name, your date of birth or your current or last known address. We treat your contact details, such as your telephone number and your email address, the same way we treat identification information.

We will not disclose Identification information about you such as your telephone number or your email address to a third party, other than:

• Your medical practitioners, for the purpose of providing the services through the Services;
• Other third-party service providers to whom disclosure is necessary to provide you our services via the Services, such as IT, data storage, webhosting and server providers;
• To CVA and its medical practitioners, employees, contractors and/or related entities, to the extent necessary to provide you with our services via our Services;
• Payment systems operators, to the extent required to make payment;
• Our professional advisors;
• A party who acquires our business or assets (or any part of them) on condition they commit to handling your personal information in accordance with this Privacy Policy and the Act;
• Credit reporting agencies, courts, tribunals and regulatory authorities, if you fail to pay for goods or services we have provided to you; and
• Courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or to establish, exercise or defend our legal rights.

6. DISCLOSURE OF PERSONAL INFORMATION (NOT SENSITIVE PERSONAL INFORMATION OR IDENTIFIABLE TO THIRD PARTIES)

For all other personal information that is not sensitive personal information or identification information set out in preceding sections of this Privacy Policy, you consent to us disclosing that personal information (without any additional prior written consent) to the third parties for the following purposes:

• third party service providers for the purpose of enabling them to provide their services to CVA;
• medical practitioners, for the purpose of providing you with the services via the Services;
• other third-party service providers to whom disclosure is necessary to provide you with services through the Services, such as IT, data storage, webhosting and server providers;
• our existing or potential agents or business partners;
• third parties to collect and process data, such as Google Analytics or other relevant businesses. This may include parties that store data outside of Australia;
• medical practitioners, for the purposes of providing you with services through the Services;
• our employees, contractors and/or related entities, to the extent necessary to provide you with our services and access to our Services;
• payment systems operators, but only to the extent required to make payment;
• our professional advisers;
• a party who acquires our business or assets (or any part of them) on the condition that they commit to handling your personal information in accordance with this Privacy Policy and the Act;
• credit reporting agencies, courts, tribunals and regulatory authorities, if you fail to pay for goods or services we have provided to you; and
• courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights.

Where we disclose your personal information to third parties, including medical practitioners, we will request that third party handle your personal information in accordance with this Policy and the Act.

Please note that we treat personal information that is sensitive personal information, and personal information that is identification information, differently. If we collect:

• Sensitive personal information from you, we deal with this information as outlined in clause    above ‘How we treat personal information that is also sensitive information’; and
• Identification information from you, we deal with this information as outlined in clause above ‘How we treat personal information that is also identification information’.

7. WITHDRAWING CONSENT

1. You can opt out from receiving our marketing communications or further communications at any time by contacting us  at admin@circumcisionvasectomyaus.com.au or follow any ‘opt out’ or ‘unsubscribe’ feature displayed in our email or App  from time to time.
2. You may request CVA to delete your personal information and delete your account and withdraw your consent for our use of your personal information by contacting us at admin@circumcisionvasectomyaus.com.au. We will within a reasonable time cease to collect, use and/or disclose your personal information and or delete your account, (except to the extent that we must retain your personal information for compliance, regulatory or other legal purposes).
3. You acknowledge and agree that if you withdraw your consent for us to use, store and process your personal information, we may no longer be able to provide you with the services.

8. SECURITY

1. We strive to ensure the security, integrity and privacy of your personal information. Our App is hosted on a secure, cloud-based web hosting environment, which provides robust security features to keep personal information secure from misuse, loss or unauthorised use or disclosure, including but not limited to; Security Audits and Infiltration Testing; Database Encryption; Multiple Layer Security Architecture; Secure Sign-Up and Login and Cryptography Hash Functions.
2. We take reasonable steps to ensure that personal information we hold is protected through procedural safeguards including data minimisation and restricted access control. The information we collect, and hold will vary depending on our interaction or engagement with you and will only be collected if essential for the provision of servicers or the App. The scope of essential personal information is outlined in clause 2.2. and the access control measures we take to protect your personal information outlined in clause 8.1.
3. Although we use best efforts to maintain security of your information, unfortunately no data transmission over the Internet can be guaranteed to be totally secure or free from professional hacking or bad actors and you acknowledge that we will not be liable if  your personal information is accessed or disclosed due to reasons beyond our reasonable control, including but not limited to hacking from a third party.

9. COOKIES

1. The App and Site and practise management  system  may use ‘cookies’ which is when a Site transfers certain data to an individual's hard drive for record-keeping purposes which also allows us to track usage patterns and compile data to help improve our content and target advertising. 
2. If you disable or restrict your cookies, some of the features of the App may not function properly. Please note our cookies are either essential or functional. If you do not wish to receive any cookies, you may set your browser to refuse them.  You can revoke or provide consent at any time by accessing the cookie banner.

10. LINKS TO THIRD PARTY SITES

We are not responsible for the content or practices of Sites or applications operated by third parties linked to the Services. These links are for your convenience only and you agree that once you leave the App, Site or practise management system via such a link, you are responsible for checking the applicable privacy policy of the third-party site or application.

11. RETENTION AND ACCESS TO YOUR PERSONAL INFORMATION

1. You may request access to your personal information by emailing admin@circumcisionvasectomyaus.com.au, and we will provide you with such access within a reasonable timeframe, subject to exceptions permitted by law. We will provide access to your personal information in the manner you request which may be subject to a fee to cover our reasonable costs in providing access.
2. We take reasonable steps to ensure that all personal information we store about you is accurate. If you find  any personal information that we hold  about you is inaccurate or incomplete, please contact us admin@circumcisionvasectomyaus.com.au  and ask for a correction.
3. When the personal information we store is no longer required for the primary purpose it was originally collected or (for any other legal or business purposes), we will take all steps to ensure such information is either destroyed or anonymised.  If deletion is not possible, we will securely store and isolate your personal information from further processing.

12. YOUR DATA PROTECTION RIGHTS

You have the following data protection rights:

• The right to access - and request us for copies of your personal information.
• The right to rectification - to correct any information you believe is inaccurate.
• The right to erasure - and request that we erase your personal information.
• The right to restrict or object to processing - of your personal information, under certain conditions.
• The right to data portability - and request we transfer the data we have collected to another organisation or directly to you, under certain conditions.

13. DATA BREACH RESPONSE PLAN

We are committed to protecting personal information in accordance with the Australian Privacy Principles (APPs). We have implemented a Data Breach Response Plan to identify, assess, and respond to data breaches, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme.

14. HOW TO CONTACT US

If you have any requests, questions or feedback about your privacy or personal information, or wish to remove or update your personal data from our database, please contact us at admin@circumcisionvasectomyaus.com.au.

15. COMPLAINTS

If you believe that we are not processing or handling your personal data in accordance with the Act, you can lodge a complaint with us via at admin@circumcisionvasectomyaus.com.au. If we fail to respond to your complaint within 30 days or you’re not happy with our response, you can lodge a complaint with the OAIC here: Lodge a privacy complaint with us | OAIC.