Privacy Policy

This privacy policy sets out how Midnight Health Pty Ltd (ABN 13 647 966 738))(“we”) treat the privacy of customers and others with whom we interact, including website visitors, patients, suppliers, partner pharmacies and general practitioners.

In this privacy policy, the term “personal information” has the meaning in the Privacy Act 1988 (Cth) and under that legislation includes information about an identifiable individual, including names, addresses, telephone numbers, email addresses, dates of birth, credit and banking details, details of professional memberships and if and where applicable, includes information that constitutes “sensitive information” such as health information.

Background

We operate a business that provides a secure platform for telehealth consultations, the generation of pharmaceutical prescriptions by general practitioners and access to various products and treatments via partner pharmacies through an ecommerce solution. These services are accessed and provided via our website midnight.health

Collection and Storage of Personal Data and Information 

We collect personal information about individuals when using our service. Our usual approach is to collect personal information directly from the individual concerned.

The types of personal information we collect or may collect includes names, dates of birth, email addresses, signatures, mailing addresses, residential addresses, Medicare numbers, health fund details; credit card details, payment and transactional information and some health information such as details of medications already prescribed and/or taken or to be taken by the individual, as well as medical history, together with any information we are required to collect by law. These may be collected in relation to customers wishing to obtain prescriptions, treatments or products, partner pharmacy staff, management, and general practitioners.

For example, we collect personal information in circumstances including:

  • from you, when you use youly.com.au, stagger.com.au, cantro.com.au, hub.health, vidality.com.au or midnighthealth.com.au to request a clinician’s assessment, prescription or partner pharmacy product;
  • to confirm your identity when you deal with us;
  • for the purposes of providing information to or receiving information from a medical professional to facilitate the issuing of a prescription;
  • when paying for goods with credit cards or Paypal;
  • when you message us via social media, email, phone or visit our website and make an enquiry to which a later response is requested and to do so requires your contact details;
  • when recording medical queries, complaints and adverse events;
  • when you ask to be included on marketing distribution lists, agree to receive targeted advertising material and communications, or when you interact with us through any social media platforms;
  • for other regulatory purposes; and
  • when evaluating job applicants and personnel, including their contact details, employment history and educational qualifications. This may include “sensitive information” as defined in the Privacy Act. Further details about our privacy policy and practices for job applicants will be available at the time of application.

Access to Personal Information

You have the right to access any personal information held by us, in accordance with Australian Privacy Principle 12. Demographic details such as your address and contact information can be viewed and updated at any time through your patient portal.
If you wish to access other information we hold about you, such as your responses to medical questionnaires, or if you would like to request a correction to your personal information, please email us at [email protected]. We will respond to your request as soon as possible and provide you with access in accordance with applicable laws.

Cookies

We may use ‘cookies’ to collect data (typically not personal information) relating to your general internet usage. This data may include IP-addresses, browser versions, number of visits and similar such data relating to your navigation of the internet and our site. A cookie is a small text file that is placed on your computer’s hard drive. Cookies help us to improve our site and to deliver a better and more tailored service, for instance by storing information about your preferences and allowing us to recognise you when you return to our site.

You may refuse to accept cookies by activating settings on your internet browser. However, please note that if you select such settings you may be unable to access certain parts of our site.

Storage and security of your personal information

We hold personal information in our own encrypted and secure databases. We take all reasonable steps to protect your personal information, including internal and external security, restricting access to personal information to those who have a need to know, maintain technological products to prevent unauthorised computer access and regularly review our technology to maintain security.

However, unfortunately, the internet is not always a secure place, and we cannot guarantee total security of your personal information in all circumstances.

When you provide personal information to us, you warrant that it is accurate, current and complete and undertake to maintain the accuracy, currency and completeness of the personal information we retain.

We treat website and credit card security seriously and endeavour to provide a secure, safe platform through which to conduct transactions.

We will take reasonable steps to destroy or de-identify personal information if it is no longer needed for any purpose for which it may be used or disclosed in accordance with the Privacy Act.

Disclosure of your personal information

We may disclose your personal information to any of our related group companies. They will only use it for the same purposes that we may under this policy. We may provide personal information to third parties outside our group companies for limited purposes, such as to help us in providing or offering goods and services to customers and patients, where you have provided your consent.

Those persons and businesses may include:

(a) General practitioners for the purpose of issuing prescriptions;

(b) Organisations who carry out credit, fraud and other security checks;

(c) Couriers and delivery businesses (where we arrange to deliver goods to you or persons you have requested us to send deliveries to);

(d) Third party suppliers of goods or services that may be of interest to you (with your consent);

(e) Third parties that carry out market research;

(f) Third party software providers who store details of customer account for us or who provide other IT services; and

(g) Marketing businesses engaged by us to disseminate materials to which recipients have consented (if applicable).

We may also disclose your personal information to third parties outside our group of companies:

(a) Where we have your express permission to do so;

(b) Where it can reasonably be inferred from the circumstances that you consent to the disclosure to the third parties;

(c) If we or substantially all of our assets are acquired by a third party, in which case personal information which we hold about our customers may be one of the transferred assets (subject to the same constraints on use and disclosure as under this policy); and

(d) If we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, or in order to enforce or apply our terms and conditions; or to protect our rights, property, or safety of that of our personnel or customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Except as above, we limit the information we provide to third parties to the information they need to help us and partner pharmacies to provide or facilitate the provision of goods and services to you.

We deal with third parties that are required to meet the privacy standards required by law in handling your personal information and use your personal information only for the purposes that we gave it to them.

Use of your personal information

We may use personal information for the purpose of marketing but only where such use complies with the Privacy Law and the Australian Privacy Principles in particular.

We use the personal information collected from you for the purpose it was provided or collected (as indicated above), including in the following ways:

(a) To assess your requests for assessments, prescriptions and pharmacy treatments and products;

(b) To respond to enquiries received from you;

(c) To process, confirm, fulfil and update you about your orders;

(d) To perform authorised financial transactions with you;

(e) To verify your identity and to assist you if you have forgotten any username or password;

(f) To communicate with you and provide you with information (whether by email, post or other means) about our products or services, where you have requested or consented to receiving this from us or where this provision is otherwise permitted under the Australian Privacy Principles;

(g) To facilitate communication by third parties (whether by email, post or other means) in relation to products or services that may be of interest to you, where you have requested or consented to us providing your personal information to third parties for that purpose;

(h) To enable research and market analysis, where you have consented to same;

(i) To notify you about changes to our goods and services;

(j) To address medical queries, complaints and adverse events and provide adverse reaction reports for the purpose of reporting to regulatory bodies such as the Therapeutic Goods Administration;

(k) To receive and address feedback or complaints from you; and

(l) To protect our legal interests and fulfil our regulatory obligations (if and to the extent necessary).

All customers and others with whom we interact have the option to opt-out of receiving marketing communications from us. If you do not wish to continue to receive electronic marketing communications from us and/or selected third parties you should opt-out by clicking on the “unsubscribe” link in any email communications that we might send you.

If you request us not to send other electronic communications, we will also comply with that request to the extent reasonably practical.

Access to Personal Information

You may review or update the contact information, such as your email address, physical address or contact information, in your Hub.health Account by logging into your Hub.health Account and reviewing your Account settings and profile. 

Following a request, we will provide you with a copy of personal information which we hold about you in accordance with our obligations under the Privacy Act.

If you wish to access other information we hold about you, such as your responses to medical questionnaires, please email us at [email protected].  We will respond to your request as soon as possible and provide you with access if we are permitted to do so under applicable laws.  We may charge a fee for retrieving this information (we will inform you of the fee before providing the information).

Please note that there are some circumstances set out in the Privacy Act where we may refuse your request.

We will promptly acknowledge and investigate any complaints about the way we manage personal information.

Overseas Transfers of Personal Information

As at the date of this Privacy Policy, we are not likely to disclose your personal information to overseas recipients.If in future we do propose to disclose personal information overseas, we will do so in compliance with the requirements of the Privacy Act. We will, where practicable, advise you of the countries in which any overseas recipients are likely to be located.

If you do not want us to disclose your information to overseas recipients, please let us know.

From time to time we may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider. However, by providing us with your personal information, you consent to the storage of such information on overseas servers (such as servers located in the United States of America) and acknowledge that Australian Privacy Principle 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.

SMS Marketing

By providing your mobile phone number, you consent to receive SMS marketing messages. These messages may include information about new products, services, promotions, events, and other relevant updates. Message frequency will vary. Standard message and data rates may apply. You can opt out of receiving SMS marketing messages at any time by replying “STOP” to any message or by contacting us directly. We will take all reasonable measures to ensure the security and confidentiality of your personal information. However, please note that SMS communications are not completely secure, and we cannot guarantee the security of information sent via SMS. If you have any concerns about receiving SMS marketing messages, please contact us to discuss alternative communication methods.

hubPass for Business
If you access our services as a hubPass for Business member, your employer may access dashboards containing de-identified and aggregated data summarising your and other employees’ demographics, health risks and utilisation of our services. No data can be used to identify you personally and to further protect your privacy we do not display any health-related metrics with fewer than 10 data points.

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

How can you lodge a privacy related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns to the Practice Manager. You may do this by emailing [email protected].

We will then attempt to resolve it in accordance with our resolution procedure. You can expect for your concern to be dealt with within 30 days of lodgement.

If you are still concerned, you may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.

Privacy policy changes

We may modify, alter, or otherwise update this privacy policy at any time. We will post revisions on our website at this page and encourage you to review this policy from time to time.