1.1. We understand the importance of protecting the privacy of your personal information. In handling personal information, we comply with the Privacy Act 1988 (Cth) (Privacy Act), as amended from time to time, and with the 13 Australian Privacy Principles.
2. What information is covered by the Act?
2.1. The Act covers ‘personal information’ and ‘sensitive information’.
(a) Personal information is information or an opinion (whether true or not) about an identified individual (or an individual who is reasonably identifiable) whether the information or opinion is recorded in a material form or not.
(b) Sensitive information includes:
(i) personal information about an individual’s racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices and criminal record;
(ii) health information about an individual – including information or opinion about the health (including illness, disability or injury) of an individual;
(iii) genetic information about an individual that is not health information;
(iv) biometric information and templates that is to be used for the purpose of automated biometric verification or biometric identification.
3. What kinds of information do we collect and hold?
3.1 (a) Depending on the services provided to you and the nature of your dealings with us, Platypus may seek, receive and collect information from you as follows:
(i) personal information, such as your name, address, contact details, date of birth, , financial details and all other information that you provide us or we collect during the course of your matter or in any other dealings with us and/or our clients.
(ii) sensitive information in the form of physiological data we obtain in the course of providing the services and any health information you provide to us such as an illness or injury or health condition which is relevant to our ability to provide services to you and our ability to analyse the relevant data.
(b) We collect personal information from you directly when you personally provide that information to us, for example, in person, over the telephone, electronically or through written correspondence.
(c) We collect sensitive information from you through the fitting of biomedical instruments to collect physiological data, and from you directly when you personally provide that information to us.
3.2. Third Party personal information
(a) Identifiable data collected by us from a client will not be provided to third parties without written informed consent from the experimental subject.
(b) If you provide us with personal or sensitive information or data about or provided by a third party, you represent that you:
(i) have authority to do so,
(ii) have informed consent from the third party about how their information may be used by Platypus, and
(iii) have informed the third party how they may gain access to information held about them by Platypus.
(a) The Client acknowledges that email is not a secure method of communication and that delivery is not guaranteed.
(b) Both parties agree to take reasonable steps to ensure that emails, and their attachments, are free of malicious software and to use good information security practice in the transmission of personal or confidential information.
4. For what purposes do we collect, use and disclose your information?
4.1. We collect, hold, use and disclose personal information that is reasonably necessary for us to carry out our business and to provide services to you (as set out in out terms and conditions). The main purposes for which we collect, hold, use and disclose personal information are to:
(a) provide you with services in accordance with our terms and conditions
(b) fulfil administrative functions associated with our services, for example invoicing, entering into contracts with you or third parties and managing client relationships
(c) send you information
(d) perform research and statistical analysis
(e) answer queries and resolve complaints
4.2. Platypus will take reasonable steps to ensure that personal and sensitive information that it holds is up to date. We may use or disclose the information we hold about you for any of these purposes:
(i) Provide services to you,
(ii) A secondary purpose, only if you would reasonably expect us to use or disclose the information for that secondary purpose,
(iii) Providing information to our insurers, or prospective insurers,
(iv) A purpose required by law, or
(v) In seeking a remedy against you.
4.3. Platypus is not liable for the use of personal information once it is properly disclosed to another party.
4.4. If we are permitted by law, we may use your personal information to send you newsletters, updates, invitations, articles, other information and other material about our products and services. Where you have consented to receiving these communications, that consent will remain current until you advise us otherwise. You can opt out at any time by contacting us at email@example.com.
4.5. We may also collect, hold, use and disclose personal information for other purposes where you have consented to this or where we are permitted or required by law to do so.
4.6. The main purpose for which we collect, hold, use and disclose sensitive information is to provide you with services in accordance with our terms and conditions.
5. How do we interact with you via the internet?
5.3. You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.
5.4. Our website may contain links to third-party websites. We is not responsible for the content or privacy practices of websites that are linked to our website.
6. Can you deal with us anonymously?
6.1. We may provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not practicable for us to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services.
7. How do we hold information?
7.1. We store information using electronic record keeping methods in secure databases (including trusted third-party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
7.2. We maintain physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
7.3. Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
7.4. We take steps to destroy or de-identify information that we no longer require.
7.5. Following the provision of the services to you, the data we have gathered may be de-identified. If this is the case, we use appropriate controls and safeguards in our data storage methods to prevent such data from being re-identified following provision of the Services.
8. How can you access or seek correction of your personal information?
8.1. You are entitled to access your personal information and sensitive information held by us on request. To request access to your personal information please contact our privacy officer at firstname.lastname@example.org.
8.2. You will not be charged for making a request to access your information, but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
8.3. We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors or discrepancies in information that we hold about you and letting us know if your personal details change.
8.4. However, if you consider any personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you are entitled to ask us to correct the information. After receiving a request from you, we will take reasonable steps to correct your information.
8.5. We may decline your request to access or correct your personal information in certain circumstances in accordance with the APPs. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
9. What should you do if you have a complaint about the handling of your personal information?
9.2. You may make a complaint about privacy to the privacy officer at email@example.com.
9.3. The privacy officer will first consider your complaint to determine whether there are simple or immediate steps that can be taken to resolve the complaint. We will generally respond to your complaint within a week.
9.4. If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then, typically, gather relevant facts, locate and review relevant documents and speak with individuals involved.
9.5. In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
9.6. If you are not satisfied with our response to your complaint, or you consider we may have breached the APPs or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner (OAIC). The OIAC can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.
10. Data breach notification
10.1. The Privacy Amendment (Notifiable Data Breaches) Act 2017 requires us to conduct an assessment within 30 days of a potential ‘eligible data breach’ occurring. This occurs when there is unauthorised access to or unauthorised disclosure of your personal information, credit reporting information, credit eligibility information or tax file number information that is likely to have serious physical, psychological, economic or emotional harm to you, or serious harm to your reputation.
10.2. If an eligible data breach is deemed to have occurred following mandatory assessment, we are required to provide a statement to you, including details as to the breach and the recommended course of action. Further, we are required to provide a copy of the statement to the OAIC.
12. Governing law and jurisdiction
All aspects of the Services and the Contract are governed by, and construed in accordance with, the laws of the Australian Capital Territory in which this Terms and Conditions is issued and the parties irrevocably submit to the exclusive jurisdiction of the Courts of the Territory.
Platypus MedTech Consultants Pty Ltd
+61 2 6198 3242