Updated 16 Dec 2022
Emyria Ltd (“Emyria”, “we”, “us” or “our”) is committed to dealing with personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. These principles guide the way in which we collect, use, store and share your personal information.
Personal information is any information, or an opinion, that identifies or could reasonably identify an individual.
Purpose
The purpose of this Privacy Policy is to summarise how Emyria deals with personal information. Emyria members, staff, board and committee members will adhere to this Privacy Policy at all times.
Background
Emyria is a healthcare technology and services company staffed by medical, research and business experts. We collect and handle personal information in order to carry out our regular work activities including, among other things, patient management, communication and medical research. Emyria is the group of companies made up of Emyria Limited and its subsidiaries.
Collection of personal information
Emyria collects personal information from its employees, directors and relevant committee members, suppliers, service providers and other people connected with its activities. We also collect personal health information and other sensitive information about our patients, as is expected when attending a medical clinic either in person or remotely.
Personal information collected by Emyria may include:
- contact details (for example, name, address, telephone numbers and email)
- demographic information (for example, gender and date of birth)
- professional information (for example, job, education)
- details of your interactions with us (for example, attendance at our clinics, participation in research and written correspondence from or about you)
We may collect personal information in the following ways:
- directly from you (for example over the phone, in person, by email, through our website or other digital platform, through video conferencing, through social media or via responses to questionnaires, surveys or forms)
- from other health care sources (for example from your referring doctor or other health care providers, from paper or electronic health records, from other hospitals or clinics)
- through your participation in research (for example if you consent to participate in additional research projects, collaborations or registries)
- from publicly available sources of information
- from our own records, obtained while delivering and administering services
- when you register or subscribe to an app or digital service maintained and owned by us
Purpose of Collection and Use
We collect personal information as required to carry out one or more of our functions or activities, including:
- to provide clinical services and maintain medical records
- to communicate with you about your appointments or about our business, services or administrative information (ie: via email, SMS or other digital platform)
- to conduct research and improve our understanding of the treatments and protocols that we recommend
- to provide continuing professional development, education and training for staff
- to co‐ordinate and convene committee meetings
- to enable planning, policy and service development and to market, advertise or otherwise promote Emyria activities, including to inform individuals of additional services provided by us
- to conduct or facilitate surveys; such surveys will be communicated from us and may be done on behalf of a third party
- to recruit suitable applicants to vacancies within our company
- to communicate with staff and contractors about all work-related matters
- for our business purposes, such as data analysis, audits, developing new products or protocols, enhancing and improving our site and services, and conducting business and industry analytics
- to enable you to access and use our digital services
- to respond to your enquiries
- as we believe to be necessary or appropriate:
- (a) under applicable law, including laws outside your state or country of residence;
- (b) to comply with legal process;
- (c) to respond to requests from public and government authorities including those outside your state or country of residence; or
- (d) to enforce our terms and conditions
Information may also be used for secondary purposes as required or permitted by law. Any other use of your personal information will require your informed consent.
Disclosure
We will only use and disclose personal information for the primary purpose for which it was collected, or for a reasonable secondary purpose, unless you agree otherwise, or unless allowed or required by law.
It is possible that a third party may have access to your personal information if they are engaged by Emyria to assist us in performing usual work functions, such as to enhance or audit clinical services or research. Where this kind of disclosure takes place, our policy is to include protective provisions regarding the handling of confidential personal information in the written contracts or statements of work.
When conducting a member survey on behalf of a third party, Emyria does not disclose personal information to that third party. We will never share personal information with a third party for marketing purposes.
Where individuals consent, Emyria de-identifies/anonymises/aggregates patient information for sharing across the Emyria group and with academic or commercial third parties for research and analytical purposes. The privacy policy no longer applies to information once it is de-identified/anonymised/aggregated as this is not considered “personal information” when it is no longer identifiable.
Storage and Security
We store personal information in electronic and/or hard copy and we have secure record‐ keeping systems. We take all reasonable steps to protect personal information from unauthorised use, access, disclosure and alteration.
We do not share our non-biometric access mechanisms (ie: usernames and passwords), or access keys or leave our access account open for others to use.
IT protection systems and internal procedures are also utilised to protect the personal information held by us. We may store electronic information on remote servers or in the cloud directly or through contracted agencies (all information is securely stored encrypted and backed up in Australia, and in some rare cases, encrypted backups are securely stored on United States of America servers).
Emyria uses Secure Socket Layer (SSL) certificates which is the industry standard for encrypting personal information collected via our website. We do not store patient credit or debit card information. We use a third-party provider for payment transactions, which provides a secure online payment gateway solution for credit card and direct debit processing of Emyria’s clinical service payments.
Personal data is maintained under strict security and is only to be accessed internally by Emyria staff who require access as part of their role or to complete a task, or by contractors who have signed a confidentiality agreement and who are working for and on behalf of Emyria and who require access to personal information in order to carry out their duties.
Records containing personal information will be held by Emyria until there is no longer a need or obligation to retain such records, after which time they will be securely deleted, destroyed or de‐identified.
Links to third party websites from our website may be provided. This Privacy Policy does not apply to external websites. The operators of external websites may collect personal information.
Cookies
A record of each visit to the Emyria website is logged – this is a small data file known as a cookie. A cookie does not identify individuals personally, but it does identify computers. Browser setting can be adjusted to disable cookies.
The following information from cookies is recorded for the sole purpose of compiling statistical information about the use of our website:
- IP address and/or domain name
- Operating system (type of browser and platform)
- The date, time and length of visit to our website
- Pages and resources accessed, as well as documents downloaded
Access and Correction
Emyria takes all reasonable steps to maintain the accuracy of personal information it holds. If you believe that your personal information may be incorrect or outdated, you are encouraged to notify us of any changes required.
We can be contacted by phone at 1300 436 363 or email (info@emyria.com).
You may also wish to contact us to request access to your personal information. Any requests for access will need to be provided in writing. Only reasonable requests for access to personal information will be granted, unless the applicable privacy laws permit or require Emyria to decline access.
Complaints and concerns
If you have any concerns or complaints about this Privacy Policy or about the way personal information is handled, please contact us by telephone on 1300 436 363 or email (info@emyria.com). After we receive all the relevant information, we will endeavour to resolve the complaint as soon as reasonably practical.
The website of the Office of the Australian Information Commissioner (OAIC) is an additional source of information www.oaic.gov.au. If an individual is not satisfied with how Emyria has handled their complaint, they may wish to contact the OAIC.
Policy Updates
This Privacy Policy may be updated from time to time. The current version is available on our website.