NutriPATH Integrative and Functional Pathology Services
Personal Information is defined in the Privacy Act as information or opinion about an identified individual (or an individual who is reasonably identifiable) whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not.
3. Types of Personal Information we collect In order to provide you with our Services, we often need to collect your Personal Information. If we do not collect the Personal Information or if any of the Personal Information you provide is incomplete or inaccurate, we may not be able to provide the Services or those Services may be compromised. Depending on the nature of the Services we provide to you, the Personal Information we collect may include: (a) contact details (such as your name, date of birth, address, email and phone details); (b) Medicare and private health insurance information; (c) health information; (d) health samples collected for analysis, including blood samples and saliva swabs; (e) information required for you to do business with us including bank account details, credit card information and any (f) other relevant financial information; (g) information on prior dealings with us; and (h) any other Personal Information relevant to the Services we provide.
4. How we collect Personal Information
We will always aim to collect Personal Information directly from you, where practicable. We may also sometimes collect Personal Information through:
(a) our Online Platforms (including your interactions with us on our social media platforms);
(b) forms (hardcopy and electronic) filled out by you when acquiring our Services;
(c) orders for our products and/or Services;
(d) third party service providers, including our partner pathology centres;
(e) your referring general practitioner or health provider;
(f) requests to join our mailing or distribution lists or to be contacted for further information about our products and/or Services;
(g) provision of customer service and support;
(h) responses to surveys or research conducted by us or on our behalf; and
(i) entries into competitions conducted by us or on our behalf.
From time to time, we may collect Personal Information about you from third parties, public sources and as otherwise permitted by law. However, please note that we will only collect Sensitive Information (including health information) with your consent and directly from you, where possible.
5. Use of Personal Information
Our main purposes for collecting, holding, using and disclosing Personal Information are the following:
(a) to supply products or Services to our customers;
(b) to notify our customers about our new or existing products and Services;
(c) to distribute material and general information relating to our Services;
(d) to obtain products and services from our suppliers;
(e) to respond to enquiries from existing or prospective customers seeking information about our products or Services;
(f) to enforce agreements between you and us;
(g) to undertake research and surveys and analyse statistical information;
(h) to conduct competitions;
(i) to comply with contractual, legislative and policy requirements including in relation to occupational health and safety and environmental matters;
(j) to improve our Services and products; and
(k) as otherwise permitted or required by law.
6. Disclosure of Personal Information
We will generally only use or disclose your Personal Information for the purpose for which it was collected (known as the “primary purpose”). This might be to provide you with our Services. We may, however, also use or disclose Personal Information for another purpose related to the primary purpose where you would reasonably expect it to be used or disclosed for such related purpose (known as the “secondary purpose”) or with your consent (which may be express or implied).
Sometimes, we may be required to disclose your Personal Information to third parties in certain circumstances including:
(a) where disclosure is required or permitted by law;
(b) to our related entities, in accordance with the Privacy Act;
(c) if disclosure will prevent or lessen a serious or imminent threat to someone’s life or health; or
(d) where it is reasonably necessary for an enforcement related activity.
In regards to Sensitive Information (which includes your health information), for the primary purpose for which it was collected or for another purpose directly related to the primary purpose where you would reasonably expect it to be used or disclosed for such a directly related purpose. In some circumstances, your Personal Information may be housed and/or processed by third party service providers located in the United States of America and countries within the European Union. We will endeavour to ensure these third parties comply with the Privacy Act. Otherwise, generally we will not disclose your Personal Information to overseas recipients, except we are required or authorised to do so by law.
7. Storage and security
We take security of your Personal Information seriously. Your Personal Information is stored in a manner that strives to protect it from misuse and loss and from unauthorised access, modification or disclosure. Those who work with us are aware of the importance we place on protecting your privacy and their role in helping us to do so. When the Personal Information that we collect is no longer required, we will remove or de-identify the Personal Information as soon as reasonably possible. We may, however, retain Personal Information for as long as is necessary to comply with any applicable law, for the prevention of fraud, for insurance and governance purposes, in our IT back-up, for the collection of any monies owed and to resolve disputes. Here are some examples of the things we do to protect your information.
Staff obligations and training
Services providers and overseas transfers
Our websites and apps
Destroying or de-identifying data when no longer required
8. Access to and correction of Personal Information
You are always welcome to request that we provide you with access to the Personal Information we hold about you by contacting us using the details listed in section 16 below. Generally, we will provide you with access to the information unless applicable laws allow us to refuse, or prevent us from giving you, access to the Personal Information we hold about you. We will never unreasonably refuse requests to access Personal Information.
Where we agree to provide you with access to your Personal Information, sometimes we may make this conditional on us recovering our reasonable costs of doing so. No fee will be incurred for requesting access, but if your request for access is accepted, you will be notified of the fee payable (if any) for providing access if you choose to proceed with your access request.
You may also lodge a request to correct Personal Information we hold about you if you believe it is inaccurate, incomplete, irrelevant, misleading or out of date. There is no fee for doing this. To do so, please contact us at the contact details listed in section 16 below.
9. Direct marketing
Like most businesses, marketing is important to our continued success and viability. We may use Personal Information we hold about you, from time to time, to send marketing materials to current or prospective customers. Generally, we only do so where you consent or where allowed by applicable laws. Our communications to you may be sent in various forms such as by post or by electronic means (including email and SMS).
If you wish to cease receiving this marketing information, please contact us directly on the contact details listed in section 16 below asking to be removed from our mailing lists, or use the “unsubscribe” or “update your preferences” facilities included in all our marketing communications.
Please be assured that we will never use your Sensitive Information for direct marketing purposes.
10. Our Online Platforms
We may also collect statistical information regarding the use of our Online Platforms, including the domains from which website users visit, IP addresses, the dates and times of visits, activities undertaken on our Online Platforms and other clickstream data. In addition, we sometimes use web beacon technology to monitor internet activity on our websites. A web beacon is a clear-pixel image that generates an anonymous de-identified notice of a websites visit when viewed. A web beacon usually works in conjunction with a cookie.
11. Third parties
12. Employment and recruitment
If you send us an application to be considered for an advertised position (or unsolicited), this information may be used to assess your application or suitability for employment with us. This information may be disclosed to our related bodies corporate and service providers for purposes such as aptitude and psychological testing or other human resources management activities.
As part of the application process, you may be asked for your consent to the use and disclosure of certain Personal Information about pre-employment testing. We may also ask you to consent to the disclosure of your Personal Information to those people who you nominated to provide references. A refusal to provide any of this information, or to consent to its proposed disclosure, may affect the success of the application.
- either a current or former employment relationship between us and the individual; and
- an employee record held by us relating to the individual.
For information about our practices relating to employee records, please contact us at the contact details listed in section 16 below.
13. Notifiable data breaches
A notifiable data breach scheme is currently in place in Australia. We are committed to adhering to this scheme as an important step in preventing and managing serious privacy breaches.
A “data breach” means unauthorised access to, or disclosure, alteration, loss, or destruction of, Personal Information—or, an action that prevents us from accessing Personal Information on either a temporary or permanent basis. An “eligible data breach”, in accordance with the Privacy Act, occurs when there is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates and we are unable to prevent the likely risk of serious harm with remedial action.
We, including all our people, take breaches of privacy very seriously. If we suspect a privacy breach has occurred, our priority is to contain and assess the suspected breach. In doing so, we will:
(a) take any necessary immediate action to contain the breach and reduce the risk of harm;
(b) determine the cause and extent of the breach;
(c) consider the types of information involved, including whether the personal information is sensitive in nature;
(d) analyse the nature of the harm that may be caused to affected individuals;
(e) consider the person or body that has obtained or may obtain personal information as a result of the breach (if known); and
(f) determine whether the Personal Information is protected by a security measure.
If we believe an eligible data breach has occurred we will, as soon as practicable, notify the Commissioner and all affected individuals or, if it is not possible to notify affected individuals, provide public notice of the breach (in a manner that protects the identity of affected individuals).
We welcome the General Data Protection Regulation (GDPR) as an important step forward in encouraging high standards of personal data security. Australian businesses of any size may need to comply if they have an establishment in the European Union (EU), if they offer goods and services in the EU (irrespective of whether a payment is required), or if they monitor the behaviour of individuals in the EU (where that behaviour takes place in the EU).
Under the GDPR and the Data Protection Act 2018 (UK), we may have some additional obligations with respect to the processing of “personal data” collected from residents of the EU and/or United Kingdom (UK). The meaning of personal data is similar to Personal Information—however, it is broader as it includes any information relating to an identified or identifiable natural personal.
Where required, we will take appropriate steps to ensure that the personal data of EU and/or UK residents is:
(a) processed lawfully, fairly and in a transparent manner;
(b) collected for legitimate purposes;
(c) accurate and up to date;
(d) kept for no longer than is necessary for the purposes for which it was collected; and
(e) secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
We will comply with all obligations imposed on data importers under the GDPR and the Data Protection Act 2018 (UK) with respect to the personal data of EU and UK residents, including the Standard Contractual Clauses, to the extent that they may apply to us and our relationships with third parties.
EU and UK residents have the right to access personal data we hold about them and to request that personal data be corrected, updated, deleted or transferred to another organisation. EU and UK residents are also able to request that the processing of their personal data be restricted or objected to their personal data being processed. To make any of these requests, please contact our Privacy Officer.
16. Contacting us