1. Introduction
1.1 About Consentic
In this document, ‘we’, ‘us’, ‘our’ and ‘Consentic’ refers to Pracway Pty Ltd ABN 92 623 589 284 trading as Consentic.
As a platform and Service provider Consentic helps facilitate Consent transactions for medical procedures. We provide a mechanism for Doctors to be able to provide information (including the Content) to Patients about a Procedure and for Patients to be able to provide Consent to such Procedure.
1.2 Protecting your privacy
Your privacy and maintaining the confidentiality of your personal information is important to Consentic. This document sets out how we handle your personal information, including the collection, storage, use and disclosure of your personal information, and how you can access and change your information, provide us with feedback or make a complaint.
1.3 Definitions
In this policy:
Doctor means the Patient’s Doctor.
Content means the Website, as well as all content, videos, sound files, HTML/CSS, Javascript, graphics, voice and sound recordings, artwork, photos, documents, text, data, products, services and/or other materials, made available on the Website by us or other third parties, any information provided by Us by email or link from Us, as well as the look and feel of all of the foregoing.
Consent means medical consent and/or financial consent where relevant.
Patient means the person using the Service to whom the Procedure relates.
Personal Information has the same meaning that it has under the Privacy Act, namely information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified or reasonably identifiable individual.
Procedure means the relevant medical procedure the Doctor has recommended to the Patient and for which the Patient accesses the Service.
Procedure Additional Information means the material specific risk information in relation to the particular Patient and Procedure the Doctor includes as part of the medical consent.
Service means the service provided by Consentic via the Website in facilitating online Consent transactions for medical procedures, providing a mechanism whereby Doctors are able to provide information (including the Content) to Patients about a Procedure and for Patients to be able to Consent to such Procedure.
Website means the Internet site at the domain www.consentic.com or any other site or technology through which Consentic make the Service available.
You means the Patient and/or the Doctor, using the Service.
2. Collection of Your Personal Information
2.1 What kinds of personal information does Consentic collect?
We will collect personal information about Patients from the Patient, Patient’s Doctor/s,Hospital/s, Health Fund and/or from Medicare. The personal information that we may collect andhold about Patients may include:
- the Patient’s name, date of birth, gender, address, telephone and email contact details;
- the Patient’s electronic signature;
- the Patient’s Procedure;
- the Patient’s Health Fund details, including level of cover;
- the Patient’s Medicare number;
- Procedures recommended for Patients;
- any Procedure Additional Information included by Doctors;
- any notes made by Doctors and/or Patients in the Patient profile within the Service.
In providing the Service, Consentic may require the Patient’s Doctor to verify a Patient’s Consent and sign electronically. For that purpose the personal information that we may collect and hold about the Doctor may include:
- the Doctor’s name, date of birth, gender, address, telephone and email contact details;
- the Doctor’s electronic signature. How does Consentic collect personal information? We may collect your personal information in a range of ways, including:
- when a Doctor or Patient logs into and uses Services provided via the Website;
- when a Doctor and/or Patient inputs a Patient’s personal information and any Procedure Additional Information via the Website;
- when a Doctor makes notes in the Patient profile within the Service;
- when a Patient or Doctor completes and electronically signs a consent form;
- from the Patient’s Health Fund where necessary (e.g. to obtain information about the level of cover);
- from Medicare where necessary;
- when you contact us in person, by phone, via mail, email or online (or when we contact you through any means).
2.2 If you do not provide us with your personal information
If you do not provide us with the personal information we reasonably request, we may be unable to provide you with the Services that you are requesting.
3. Use and Disclosure of Your Personal Information
3.1 How does Consentic use your personal information?
We use your personal information to provide, manage and administer our Services to you and to operate an efficient and sustainable business. As part of these processes, we may disclose personal information on a confidential basis to a Patient’s Doctor/s, Health Fund, Hospital/s and/or to Medicare. In operating our business, we may use your information and data to:
- provide you with login details;
- verify your identity;
- compile and link relevant video and other Website Content with Patients;
- compile relevant online quiz/checklists to confirm a Patient’s understanding of the video and other Website Content;
- process payments;
- obtain information from a Patient’s Health Fund (for example level of cover to enable financial consent);
- contact you in relation to any matter relating to you or the services provided to you;
- answer your enquiries and deliver customer service to you;
- carry out internal functions, including administration, training, accounting, audit and information technology;
- perform diagnostics testing and analysis of problems or support issues with Our Services or for the purposes of research;
- use aggregated data on an anonymous basis regarding Service use together with relevant analytics data and research;
- monitor, price and evaluate services;
- resolve complaints;
- conduct customer surveys;
- conduct our commercial operations in accordance with relevant laws;
- comply with laws and regulations.
3.2 Who does Consentic disclose your personal information to?
Consentic operates globally. In the course of conducting our business and providing our services to you, we may disclose your information to our related entities and bodies corporate, and your information may be handled by us in any location where we operate.
In addition, in order to allow us to provide, manage and administer our Services to you and to operate an efficient and sustainable business, we may be required to disclose your information to third parties. This may include disclosure in the following circumstances:
- to a Patient’s Doctor/s, Hospital/s, Health Fund, and/or Medicare to facilitate the provision of Services to you;
- to government and regulatory bodies;
- to any persons or entities engaged by us or acting on our behalf in relation to our business, such as service providers/suppliers including the Stripe payment platform or other payment platform determined by Consentic. Suppliers are required to handle your personal information in accordance with the privacy requirements;
- to any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives;
- to lawyers, auditors and other advisors appointed by us or acting on our behalf;
- where we need to disclose information to enforce our legal rights;
- where disclosure is required by law, including compulsory notices from courts of law, tribunals or government agencies.
- If we send your information outside of Australia we will require that the recipient of the information complies with privacy laws and contractual obligations to maintain the security of the data.
3.3 How does Consentic store personal information and for how long?
We will take all reasonable steps to ensure that your personal information is stored securely and is protected. This includes a range of systems and communication security measures, as well as the secure storage of hard copy documents.
The Website is protected by a secured global API gateway infrastructure. This API-serving infrastructure is only accessible over encrypted SSL/TLS channels, and every request must include a time-limited authentication token generated via human login or private key-based secrets through the authentication system.
In addition, access to your personal information will be restricted to those properly authorised to have access. We keep your personal information for as long as we need it to provide you with the Services you requested from us and to comply with legal requirements.
If we no longer require your personal information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or de-identify your personal information except in limited permitted circumstances.
4. Accessing and Correcting Your Personal Information
4.1 Can I access my personal information?
You can ask us for access to the information that we hold about you at any time. Simply contact us (our contact details are listed below) to make your request. We will always endeavour to meet your request for access within a reasonable time and in the manner requested by you, if it is reasonable to do so. However in some circumstances, we may be unable to give you access to certain information, such as where:
- we no longer hold or use the information;
- providing access would have an unreasonable impact on the privacy of others;
- the request is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings and would not normally be disclosed as part of those proceedings;
- providing access would be unlawful;
- denying access is required by law;
- providing access would be likely to prejudice the prevention, detection, investigation and prosecution of possible unlawful activity;
- the information would reveal our commercially sensitive information;
- where access would pose a threat to the life or health of any individual.
If we are unable to give you access to the information you have requested, we will give you written reasons for this decision when we respond to your request. If you have any concerns about the refusal, please see section 6 for further information. We may charge you a reasonable fee for access to some types of information. This charge will be limited to the cost of recouping our costs for providing you with the information. We will not charge you to make a request to access your information.
4.2 Correcting your personal information
To enable us to provide you with the best possible service, it is important that the information we hold about you is accurate. We will take reasonable steps to ensure your personal information is accurate, complete and up-to-date at the time of collecting, using or disclosing it. However, you should notify us when your details change. If you believe any information we hold about you is inaccurate, incomplete or out-of-date, you should contact us. We will respond to your request within a reasonable period and take reasonable steps to amend your records.
5. Your Privacy Online
5.1 Online data collection and use
When you access the Website, we collect certain anonymous technical information about user activities on the website. This may include information such as the type of browser used to access the website and the pages visited. This information is used by Consentic to make decisions about maintaining and improving our website and online services.
5.2 Cookies and analytics
We use cookies and industry standard analytics to collect data to help us determine which pages are most popular, peak usage times and other information that helps us make our Website easier and more efficient for you to use. When you visit our Website we may set a cookie on your machine so that when you next visit our Website it links to your personal information that is stored on our system.
A “cookie” is a small text file placed on your computer by a web server when you access a website. Cookies are frequently used on websites. Cookies in themselves do not identify the individual user, just the computer used.
You can choose if and how a cookie will be accepted by configuring your preferences and options in your browser. For example, you can set your browser to notify you when you receive a cookie or to reject cookies. However, if you decide not to display cookies, then you may not be able to gain access to all the Content and facilities of this Website.
5.3 Your privacy and Consentic
When you use Consentic Services, we will keep a record of the fact that you have logged in, as well as a record of your transaction and user account history.
When you register for and use Consentic, you accept and are bound by the Consentic Terms of Use. For information about your use of Consentic, including the privacy and security of your Consentic account, please refer to the Consentic Terms of Use.
6. Contacting Consentic
6.1 Your feedback & complaints process
If you have any questions, feedback or concerns about this policy or how your information is handled by Consentic, you can contact us at any time at info@consentic.com. Consentic will manage any concerns internally, directly with you.
If you are not happy with Consentic’s response, or if you do not feel your complaint has been
resolved, you are able to seek advice from the Office of the Australian Information Commissioner
by calling 1300 363 992 or email enquiries@oaic.gov.au.