More specifically, the APPs set out the way organisations such as MedicAlert Foundation can collect, use, disclose and provide access to personal and sensitive information. Personal information is specifically defined in the Act, and refers to any information that identifies or could identify a person, whether it is true or not. It includes, for example, your name, age, gender and contact details. Personal information can also include sensitive information (another specifically defined term in the Act), which is information about your health and health services provided to you. We are also bound by the Australian Direct Marketing Association Privacy Code for direct mail activities.
The privacy of our members’ personal information is important to us and we conduct our business with the highest standards of personal and corporate integrity. We aim to provide the best possible service, whilst ensuring you are aware of how your personal information is used within MedicAlert Foundation.
1. Collection of Personal Information
We will always be open and honest in our dealings with you and will only collect information about you that we believe is necessary to undertake our legitimate business activities. We will always collect your personal information by fair and lawful means (for example when you complete an application form, in person, online or by telephone). Most often we will collect your personal information directly from you or your doctor (where we have obtained your consent to do so).
1.1 Type of Information
Member’s personal information is collected through information provided by you (or your representative for purposes of joining the Foundation) and is stored on your current membership file. The information may include:
We also collect sensitive information about you such as medical conditions, allergies, medications taken, blood group and other such relevant information (e.g. special needs and requests), and store this on your membership file.
We will only collect any other personal information, including sensitive information, in accordance with the Act.
The MedicAlert Foundation website and its pages use software known as ‘cookies’ to record your visit to our website and collect some statistical information. We use this information to help administer and improve our websites. We do not use this information to personally identify you. Information we may collect includes:
You may set your web browser to disable cookies from when visiting our websites. However, some website functions may be unavailable if you choose to do so.
We share information from cookies and other technologies with third party providers, including Google Analytics. The information collected can be combined with other information, allowing us or those third parties to identify users at an individual level, their behaviours, activity and needs.
2. Use and Disclosure
2.1 Collection and Use of Information
MedicAlert Foundation collects personal information directly from you wherever possible, however sometimes we may collect personal information about you from a third party, e.g. a friend who has provided your details to us so we can send you a membership form, or your doctor where you have consented to us communicating with him/her.
Any personal information collected about you is used for the following purposes:
2.2 Disclosure and Use of Information by Third Parties
Any information collected by MedicAlert Foundation is kept strictly confidential and is only accessed by authorised MedicAlert Foundation staff, agents, contractors or service providers with whom we have a contractual agreement, in the course of them undertaking their legitimate duties in providing a given product or service.
If your membership of MedicAlert Foundation lapses or is cancelled by you voluntarily, we will not disclose your information except in the circumstances outlined below, and will take steps to delete your information from our system.
Member or customer information will not be disclosed to any external third party organisation except as set out in this document, and will only be made available to an outside entity where:
It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. You can remain anonymous when using some parts of the MedicAlert Foundation website and its pages.
However, it may be necessary for us to collect your personal or sensitive information if you would like to access certain materials or services we offer. If you choose not give us the information we require, we may not be able to provide the services you have requested.
4. Data Quality
MedicAlert Foundation will take all reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up-to date. However the accuracy of that information depends to a large extent on the information you provide. That’s why we recommend that you contact us and:
Each year you will receive a copy in the mail of your medical information (sent with your annual subscription fee, if you are required to pay this to maintain your membership) that you can use to check your details are accurate. If you do not pay your annual fee (if applicable) and confirm the accuracy of your information, or advise us of any changes, we will no longer consider you a member of MedicAlert Foundation, and will delete information we hold in respect of you. We will use all reasonable steps to notify you before we delete your information, to give you one final chance to recommence membership and provide us with current information.
5. Data Security
MedicAlert Foundation will take appropriate steps to protect your personal and sensitive information and keep this information secure. This includes physical security, computer and network security, communications security and personnel security.
We will request sufficient identification to permit authorised access to the existence, use or disclosure of members’ personal information when required, as per our Operating Standards and Emergency Management Call Protocol. Any such identification information shall be used only for this purpose unless we have your consent to use or disclose it for other purposes.
If we no longer require your personal information, including if your membership lapses (including as a result of you not contacting the Foundation annually to confirm the personal information we hold about you, or request that we update the personal information we hold about you), or, is cancelled by you voluntarily, we will take reasonable steps to either destroy the information we hold about you in a secure manner or remove identifying features from the information. We will however, retain basic details such as your name and date of birth to enable us to advise any future callers that we no longer provide services to you. This is also subject to any legal obligations we have to keep information for a certain period of time.
5.1 Order and Pay Online Securely
Our online payment systems use encryption technology to ensure your credit card and contact details are kept safe and secure when transmitted across the internet. This makes it very difficult for third parties to intercept and misuse your details but, as with all internet transmissions such as internet banking, there always remain some risks. We take all reasonable steps to minimise these risks and will notify you as soon as we reasonably can if and when we become aware of any unauthorised access of your personal or sensitive information via the internet.
MedicAlert Foundation complies with permission based direct marketing requirements under the Act and the Spam Act 2003 (Cth). When collecting your personal information, we will request your permission to use that information to send you information on products and promotions or other health-related materials and will give you the opportunity to “opt out” of receiving such marketing material. Where you indicate your consent, MedicAlert Foundation may enter your details into a database for the purpose of contacting you directly about our brands, special offers, consumer research and other promotions.
7. Access and Correction of Personal Information
We will take reasonable steps to ensure that all personal information that we collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading. Please see Section 4 above, for the part you play in assisting us with ensuring this is the case.
MedicAlert Foundation respects the rights of individual members and customers to access and correct their own personal information that is in our possession. Simple access requests can usually be actioned over the telephone by asking for the Privacy Officer on 1800 88 22 22 (Monday – Friday 9am – 5pm CST) as per our Operating Standards. However detailed requests may need to be submitted in writing addressed to the Privacy Officer at:
GPO Box 9963
In Your Capital City
or by email sent to: firstname.lastname@example.org
We will respond to your request to access or correct your personal information, or to withdraw your consent, no later than thirty (30) days after receipt of such requests. If for any reason your request is refused, we will give you a written notice that sets out the reasons for refusal and how to dispute the decision.
8. Transfer of Information Overseas
By providing personal and/or sensitive information to us, you consent to the transfer of that information to any jurisdiction in which we conduct our business activities, for the purpose of enabling us to provide services to you. With effect from the date of this Policy, this includes transfer by us into the United States of America and disclosure to MedicAlert Foundation United States, Inc (MedicAlert US), for the purposes of including your information in MedicAlert US's database to enable worldwide provision of services to you outside of Australia as needed. You can at any time remove your consent to the disclosure of your information to MedicAlert US and inclusion in its database, by contacting our Privacy Officer using the contact details set out in Section 7 above. We may engage Australian or overseas contractors to provide our 24/7 Medic Alert Emergency Response Service and those contractors may have access to your personal or sensitive information for the purposes of providing those services.
We will otherwise only transfer your personal or sensitive information overseas if the transfer is to you or to one of your authorised representatives (including your treating medical practitioner located overseas), with your express consent or otherwise in accordance with the Act. We will not send your information outside of Australia in any other circumstances.
9. Complaints and enquiries
Our Privacy Officer will assess any complaints and liaise with you to resolve any issues within a reasonable time (usually within 30 days). If you are unhappy with the outcome, you may lodge a complaint with the Australian Information Commissioner. See http://www.oaic.gov.au/privacy/making-a-privacy-complaint for further information.
10. Additional Information
Further information on privacy is available at the website of the Office of the Federal Privacy Commissioner: see http://www.oaic.gov.au/.
Dated: 1 July 2015