MedPass Australia ("MedPass") is a trading business operated by a private company, Tammin WA Pty Limited (ABN 53 164 389 520), registered in Australia.
MedPass offers secure cloud-based services ("Services") that allow the safe collection, storage and disclosure of individuals' health information, specifically pre-employment medical assessments ("Assessments"), to allow the re-use of Assessments by subsequent employers, in order to:
MedPass is committed to managing personal information (including sensitive information) in accordance with the Australian Privacy Principles ("APPs") under the Privacy Act 1988 (Cth) and in accordance with other applicable privacy laws. This policy sets out how we manage your personal information and is referred to as our Privacy Policy. In this Privacy Policy, "we", "us" and "our" refers to MedPass and its affiliated companies or related bodies corporate and "you" or "your" refers to any individual about whom we collect personal information. This Privacy Policy tells you how we collect, store, use and disclose your personal information.
1. Employer and worker users and prospective employer and worker users
When you enquire about the Services or when you become a client or a user of MedPass, a record is made which may include your personal information. The type of personal information that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:
Generally, we will collect this information directly from you.
We will likely collect from you personal information which is considered sensitive information within the meaning of the APPs. This includes but is not limited to the collection of sensitive information being your personal health information in the form of Assessments.
2. Other individuals
We may collect personal information about other individuals who are not clients of ours. This includes members of the public who engage with us on social media, individual service providers and contractors to MedPass, and other individuals who interact with us on a commercial basis. The kinds of personal information we collect will depend on the capacity in which you are dealing with us. Generally, it would include names, contact details, and information regarding our interactions and transactions with you.
You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the Services you have requested. If you have any concerns about personal information we have requested, please let us know.
3. Users of our website
Whenever you visit or interact with our website or other online platforms ("Platforms"), we, as well as any third-party service provider and/or advertiser, may use a variety of technologies that automatically or passively record information about how the Platform is accessed and used ("Usage Information"). Usage Information may include your IP address or other unique identifier for the device used to access a Platform ("Device Identifier"), browser type, "Device" type (computer, mobile phone, tablet or other device), operation system, application version, date and time of visit, pages viewed, preceding page views and your use of features or applications on the Platform such as interactions with connections or groups.
Usage Information helps us keep our Platforms relevant to users and allows us to tailor content to a user's interests. Usage Information is generally non-identifying, but if we associate it with you as a specific and identifiable person, we will treat it as personal information.
If you post information on our social media pages, we may collect personal identifiers and characteristics (such as your social media username). Note that the third-party operators of social media websites also receive such information, and their use of your personal information is governed by their own privacy policies.
We use third-party advertising services (such as Google AdWords) to serve advertisements on our behalf. When you visit our website and other websites the third-party analytics services help us understand and improve the usage of our website and the effectiveness of our marketing efforts. In some situations, we allow access to your information to enable the delivery of online advertising to you and others on our website and on other websites and online services from us and our third-party advertising partners, or to send you information we think may be useful or relevant to you.
We collect your personal information:
We generally collect personal information directly from you, or from third parties (i.e. your employer, prospective employer or a medical provider) who you have permitted to provide your personal information or after receiving your express prior consent by way of a collection notice.
We may collect and update your personal information over the phone, by electronic messages (including email and SMS), over the internet, via our website, social media, or in person.
We store information in secure databases (including trusted third-party storage providers based in Australia). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference, and loss and from unauthorised access, modification or disclosure.
We maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
Our website uses encryption technologies to ensure the secure transmission of information via the internet. When you visit our websites, a small data file called a "cookie" is stored on your computer or mobile device by our server. We use cookies to maintain user sessions and to generate statistics about the number of people that visit our websites. Generally, this information will not identify you and we do not link it back to your identity or other information that you have provided to us.
We take steps to destroy or de-identify information that we no longer require. To help us protect your privacy, you should maintain the secrecy of the access credentials (i.e. username and password) you use to access and use our website.
1. Individuals' personal health information
If you are an individual whose personal information has been uploaded to the MedPass database (whether by yourself or by an employer or third-party provider with your express informed consent) for the purpose of us providing the Services, we will:
2. Clients, users and participants
If you are a client, or a user of our website, we may use and disclose your personal information where this is reasonably necessary for, and relevant to, the delivery of the Service.
3. Contractors and other service providers
We may disclose information to third parties we engage in order to provide our services, including contractors and service providers used for data processing or storage, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, email distribution services, market research, background check providers, medical facilities and industry associations who help us supply our products and services.
Personal information may also be shared between our related bodies corporate and affiliated companies located in Australia.
4. Administration and management
We will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:
5. Marketing
We may send you direct marketing to inform you about products or services, special offers, promotions and events that may be of interest to you. These marketing communications may include joint promotions with other promotion partners and may be sent to you using any contact details provided by you, such as post, phone, email or SMS.
Your consent to receive direct marketing communications from us in the above ways will be deemed if you do not opt out when you are offered the opportunity to do so, and will remain current on an ongoing basis unless and until you advise otherwise. If you do not want to receive such offers from us or do not want us to disclose your personal information to our related entities for marketing purposes, you can opt out at any time by contacting us using our contact details provided below or by utilising the “unsubscribe” function in electronic communications. In some circumstances we may need to contact you to obtain additional information, verify your identity or to clarify your request, in order to action it.
If the law requires us to provide you with information about our products or services, we will provide that information even if you have elected not to receive information about our products and services generally.
We may contact and communicate with you either via telephone, post, email or SMS. We may publish (including by posting on social media) customer testimonials/images/videos which may contain personally identifiable information. In each case, we will obtain your consent prior to publishing any content.
6. Other uses and disclosures
We may use and disclose your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy.
Except where indicated above or otherwise separately agreed with you, we will not use or disclose personal information unless:
We will use best endeavours to ensure your personal information is only stored and accessible from within Australia. However, we may disclose your personal information, or enable it to be accessed by our business partners and selected third parties which are based overseas. Such transfers take place to enable us to provide you with our products and services, for marketing purposes and for customer relationship management purposes. Unless we have your consent, or an exception under the APP applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your personal information.
Our website may contain links to third party websites. This Privacy Policy does not apply to the practices of other websites, and we are not responsible or otherwise liable for the actions, information, representations and privacy policies of the third parties that operate or interact with those other websites.
Certain jurisdictions have specific legal requirements and grant privacy rights with respect to personal information, and we will comply with restrictions and any requests you submit as required by applicable law. For example, you may have the right to review, correct, and delete personal information we have about you, or to consent or withdraw consent to certain uses or sharing of personal information. You may contact your employer to access and update the information that you have provided to us indirectly (e.g. through your employer) or contact us in certain instances where you have provided us with your personal information directly.
When you make a request, we may require that you provide information and follow procedures so that we can verify a request you make and your jurisdiction before responding to it. The verification steps we take may differ depending on your jurisdiction and the request. We will match the information that you provide in your request to information we already have on file to verify your identity. If we can verify your request, we will process it. If we cannot verify your request, we may ask you for additional information to help us verify your request.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date in accordance with our obligations under applicable privacy regulation. However, if you consider any personal information that we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are entitled to request correction of the information. In many instances, the personal information we hold about you is in respect of your suitability for employment and provided to us by an employer or a third-party, with your consent. If this is the case, please ensure that you contact your employer or the relevant third-party directly in the first instance if you wish to seek access to update, amend or delete your personal information from our database.
In instances where you directly uploaded your personal information to our database, you may contact us directly to seek an update, amendment or request deletion of your personal information. We will meet this request within a reasonable timeframe.
After receiving a request from you, we will take reasonable steps to correct your information however we are not liable for the accuracy, completeness or veracity of such information which we have collected from you and any third parties.
To request access to or update your personal information please contact our privacy officer using the contact details set out below. We will respond to your request within a reasonable time in accordance with the Privacy Act 1988 (Cth) and other applicable privacy laws depending on the jurisdiction.
You will not be charged for making a request to access your personal information, but you may be charged a reasonable fee for our costs and any expenses involved in compiling information in response to your request. That fee is payable before access is given.
We may decline your request to access or correct your personal information in certain circumstances in accordance with the APPs. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request and informing you of how you can complain about our refusal.
We may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes. By continuing to use our Services, you agree to be bound by the Privacy Policy as amended.
If you have any concerns or would like to make a complaint, please contact the Privacy Officer (details below). Please include your full name, email address and/or telephone number and clearly describe your concerns or complaint. We will endeavour to respond to your complaint within a reasonable time after it is made. If you are unhappy with our response, we will provide you with information about further steps you can take.
You can contact our Privacy Officer in the following ways:
The MedPass Group Pty Ltd, trading as MedPass Australia
Attention: Privacy Officer
Email: admin@medpass.com.au
Postal Address: Lvl 7, 191 St Georges Tce, Perth, WA, 6000