mCareDigital understands that privacy is important to you and that is why we are sensitive to the private nature of the information you provide to us. mCareDigital is required to comply with the requirements in accordance with the Privacy Act 1988 and the National Privacy Principles within the Privacy Amendment (Private Sector) Act 2000. This Act lays down strict privacy safeguards which organisations must observe in dealing with personal information.
mCareDigital may collect different types of personal and other information based on your use of our products and services and our business relationship with you. Some examples include:
- Contact Information that allows us to communicate with you — including your name, address, telephone number, and e-mail address;
- Name and contact number of any carers, family members and care receivers to ensure product and service is operating effectively for its intended purpose;
- Billing information related to your financial relationship with us — including your payment data, credit history, credit card details, and service history;
- Equipment, Performance, Website Usage, Viewing and other Technical Information about your use of our products, mobile provider, services or websites.
We collect information in three primary ways:
- You give it to us when you purchase or interact with us about a product or service we offer or provide;
- We collect it automatically when you visit our websites or use our products and services;
We may use the information we collect in a variety of ways, including to:
- Provide you with the best customer experience possible;
- Provide the services you purchase, and to respond to your questions;
- Communicate with you regarding service updates, offers, and promotions;
- Deliver customised content and advertising that may be of interest to you;
- Address network integrity and security issues;
- Investigate, prevent or take action regarding illegal activities, violations of our Terms of Service or Acceptable Use Policies.
This Privacy Terms set out the approach which mCareDigital will take in relation to the treatment of Personal Information. It includes information on how mCareDigital collects, uses, discloses and keeps secure individuals’ Personal Information.
1.1 mCareDigital will only collect Personal Information where the information is necessary for mCareDigital to perform one or more of its functions or activities. In this context, “collect” means gather, acquire or obtain by any means, information in circumstances where the individual is identifiable or identified.
1.2 mCareDigital collects Personal Information primarily to supply customers with the products and services ordered from it and its related companies. mCareDigital also collects and uses Personal Information for secondary purposes including:
- billing and account management
business planning and product development;
- to provide individuals with information about promotions, as well as the products and services of mCareDigital affiliated companies and other organisations
- to enhance the online shopping experience by displaying products and/or services that match the personal preferences of individuals based on their previous website browsing history and/or buying activity.
1.3 mCareDigital will not collect Sensitive Information from individuals except with consent and only where it is necessary for mCareDigital to collect such information for an activity or function.
1.4 mCareDigital will not collect Personal Information secretly or in an underhanded way.
1.5 mCareDigital will take steps to ensure that individuals on purchased lists are or have been notified of the information as outlined at 1.3.
2.1 mCareDigital will obtain an individual’s consent for Use of non-sensitive Personal Information for Secondary Purposes at the time of collection, unless the Use is a related Secondary Purpose which would be within the relevant individual’s Reasonable Expectations.
2.2 mCareDigital Uses Personal Information primarily for the purposes listed in 1.2 above.
2.3 If mCareDigital relies on the Direct Marketing exception to Direct Market to individuals it will ensure that:
- the individual is clearly notified of their right to Opt Out from further Direct Marketing;
- there is only one Use of the information before the Opt Out right is given and this Use applies across all mCareDigital Related Bodies Corporate (if the information is shared between those Related Bodies Corporate);
- the individual is given an Opt Out in all further instances of Direct Marketing if they have not previously chosen to Opt Out; and
- if the individual Opts Out of all Direct Marketing the Opt Out will be respected by mCareDigital and all its Related Bodies Corporate.
2.4 mCareDigital will not use Sensitive Information for Direct Marketing.
2.5 mCareDigital may use Personal Information to avoid an imminent threat to a person’s life or to public safety. It may also use Personal Information for reasons related to law enforcement or internal investigations into unlawful activities.
2.6 mCareDigital will not use Personal Information without taking reasonable steps to ensure that the information is accurate, complete and up to date.
3.1 mCareDigital may Disclose Personal Information to related or unrelated third parties if consent has been obtained from the individual. This will include obtaining the individual’s consent for Disclosures made under the credit reporting requirements of the Privacy Act.
3.2 mCareDigital may Disclose Personal Information between Related Bodies Corporate. Where information is disclosed to such a Related Body Corporate, that Related Body Corporate is bound by the original Primary Purpose for which the information was collected.
3.3 mCareDigital may Disclose Personal Information to unrelated third parties to enable outsourcing of functions (such as billing, customer relations management and order fulfilment), where that is Disclosure or Use for a related Secondary Purpose and has been notified to individuals or where such Disclosure is within the individual’s Reasonable Expectations.
3.4 mCareDigital will take reasonable steps to ensure that its contracts with third parties include requirements for third parties to comply with the Use and Disclosure requirements of the Privacy Act.
3.5 mCareDigital may Disclose Personal Information to law enforcement agencies, government agencies, courts or external advisers where permitted or required by law.
3.6 mCareDigital may Disclose Personal Information to avoid an imminent threat to a person’s life or to public safety.
3.7 If a Disclosure is not for a Primary Purpose; is not for a related Secondary Purpose; or upfront consent has not been obtained, mCareDigital will not Disclose Personal Information otherwise than in accordance with the exceptions set out at 3.1 to 3.6 above.
3.8 mCareDigital does not generally sell or share its customer lists on a commercial basis with third parties but if it did, it would only do so if we had the appropriate consent of the individual involved. If the consent provided is conditional, mCareDigital will take steps to ensure (by contract) that the use of its customer list by third parties does not exceed the scope of the consent.
4. INFORMATION QUALITY
4.1 mCareDigital will review, on a regular and ongoing basis, its collection and storage practices to ascertain how improvements to accuracy can be achieved.
4.2 mCareDigital will take steps to destroy or de-identify Personal Information after as short a time as possible and after a maximum of seven years from the date of the last customer interaction, unless the law requires otherwise.
5. INFORMATION SECURITY
5.1 mCareDigital requires employees and contractors to perform their duties in a manner that is consistent with mCareDigital’s legal responsibilities in relation to privacy.
5.2 mCareDigital will take all reasonable steps to ensure that paper and electronic records containing Personal Information are stored in facilities that are only accessible by people within mCareDigital who have a genuine “need to know” as well as “right to know”.
5.3 mCareDigital will review, on a regular and ongoing basis, its information security practices to ascertain how ongoing responsibilities can be achieved and maintained.
6. ACCESS AND CORRECTION
6.1 mCareDigital will allow its records containing Personal Information to be accessed by the individual concerned in accordance with the Privacy Act.
6.2 mCareDigital will correct its records containing Personal Information as soon as practically possible, at the request of the individual concerned in accordance with the Privacy Act.
6.3 Individuals wishing to lodge a request to access and/or correct their Personal Information should do so by contacting mCareDigital Customer Service, as per the details on the website.
6.4 mCareDigital can charge a fee for processing an access request but will generally not do so unless the request is complex or is resource intensive.
7.1 mCareDigital Customer Service representatives will be the first point of contact for inquiries about privacy issues. Individuals wishing to make an inquiry or complaint regarding privacy, should do so by contacting mCareDigital Customer Service, as per the details on the mCareDigital website.
8. ANONYMOUS TRANSACTIONS
8.1 mCareDigital will not make it mandatory for visitors to its website to provide Personal Information unless such Personal Information is required to answer an inquiry or provide a service. mCareDigital may however request visitors to provide Personal Information voluntarily to mCareDigital (for example, as part of a competition or questionnaire).
9. TRANSFERRING PERSONAL INFORMATION OVERSEAS
9.1 mCareDigital will take reasonable steps to limit the amount of Personal Information it sends to unrelated organisations overseas.
9.2 If Personal Information must be sent by mCareDigital overseas for sound business reasons, mCareDigital will require the overseas organisation receiving the information to provide a binding undertaking that it will handle that information in accordance with the National Privacy Principles, preferably as part of the services contract.
Collection Information means the information outlined in 1.3 notified to individuals prior to, or as soon as practical after, the collection of their Personal Information.
Direct Marketing means the marketing of goods or services through means of communication including written, verbal or electronic means. The goods or services which are marketed may be those of mCareDigital or a Related Body Corporate or those of an independent third party organisation.
Disclosure generally means the release of information outside mCareDigital, including under a contract to carry out an “outsourced function”.
Opt Out means an individual’s expressed request not to receive further Direct Marketing.
Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion.
Primary Purpose is the dominant or fundamental reason for information being collected in a particular transaction.
Reasonable Expectation means a reasonable individual’s expectation that their personal information might be Used or Disclosed for the particular purpose.
Related Body Corporate means that where a body corporate is:
- a holding company of another body corporate;
- a subsidiary of another body corporate; or
- a subsidiary of a holding company of another body corporate,
- the first mentioned body corporate and the other body corporate are deemed to be related to each other.
Sensitive Information means:
- information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual preferences or practices; or
- criminal record;
- Health Information about an individual.
- Use means the handling of Personal Information within mCareDigital.