Umbo Privacy Policy

Background

In this Privacy Policy, Umbo refers to Umbo Pty Ltd (ABN: 16624275396)

We are committed to protecting your privacy in accordance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act), Health Records (Privacy and Access) Act 1997 (ACT), Health Records Act 2001 (Vic) and the Health Records and Information Privacy Act 2002 (NSW) (NSW Health Records Act), together the (Health Privacy Acts).

Our Privacy Policy provides you with information about how ‘personal information’ (including ‘health information’) may be collected, accessed, used, stored, disclosed or otherwise handled by Umbo.

WHAT IS PERSONAL INFORMATION?

Personal information means any information or an opinion about an identified individual, or individual whose identity is apparent or reasonably identifiable from the information.

What constitutes personal information will vary, depending on whether an individual can be identified or is reasonably identifiable in the particular circumstances. It may include information such as a person’s first name, mailing address, telephone number or email.

Health information includes any information collected in the course of providing a health service. This may include information such as the health or disability of an individual, their express wishes about their future health treatment, and information about health services provided or to be provided.

In this Privacy Policy we also use the term ‘sensitive information’. Health information is sensitive information for the purposes of the Health Privacy Acts, and is subject to higher standards pursuant to those Acts.

PURPOSES FOR WHICH WE MAY COLLECT AND USE PERSONAL INFORMATION

We collect personal information when reasonably necessary for one or more of our functions or activities. Purposes for which we collect, hold, disclose and otherwise use personal information include, the following:

• For research purposes,

• To provide information, goods or services, including health services, whether provided through the website www.umbo.com.au (Website), or otherwise (Services),

• To promote and market Umbo, including their people and activities,

• To provide aggregated statistical information (not including identifiable personal information) to government and other organisations, or in relation to applications for grants or scholarships (Grants), or the management of, or reporting in relation to, such Grants,

• To administer, manage and improve the performance of, and information on, the Website,

• As required by law.

We may share any of the information we gather about you with third party agents and service providers:

• to facilitate the operation of the Website and to provide the Services,

• to provide the Website and the Services or functions on our behalf and to perform related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Service's features, or to process credit card payments), or

• to assist us in analysing how our Website and Service is used.

Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary to assist us, and where possible, will provide aggregated information only, without individually identifiable personal information.

OUR PRACTICES IN RELATION TO ELETRONIC MAILING LISTS

We do not send “commercial electronic messages” by email, SMS or other means unless the relevant electronic account holder consents or we are otherwise permitted to send them under the Spam Act 2003 (Cth). We include certain information about ourselves and an unsubscribe facility in any commercial electronic messages that we send.

If you provide your email address to us via the Website (for instance, by sending an electronic message or by completing a web form), we will only use your email address for the purposes for which you provided it or agreed it may be used. Your email address will not be subscribed to a mailing list without your consent. If you subscribe to one of our mailing lists, you will be sent a confirmation message before your email address is added to that mailing list.

HOW WE COLLECT PERSONAL AND HEALTH INFORMATION

If we collect personal information or health information about you we will take reasonable steps to notify you or to ensure your awareness of at least the following:

• Our identity and contact details,

• The facts and circumstances of collection,

• Whether collection is required or authorised by law,

• The purposes of collection,

• The consequences if personal information is not collected,

• Our usual disclosures of personal information of the kind collected,

• Information about this Privacy Policy, and

• Whether we are likely to disclose personal information about you to overseas recipients, and if practicable, the countries where they are located.

Whether we are likely to disclose personal information about you to overseas recipients, and if practicable the countries where they are located.

We may collect personal information about you in a number of ways, including:

• Directly from you, such as when you provide information by phone or in a form, or when you submit your personal details through our websites;

• From third parties, such as our partners, credit reporting agencies or your representatives; or

• From publicly available sources of information.

Collecting Health Information

We will collect health information only with the consent of the individuals concerned, subject to limited exceptions permitted by the Health Privacy Acts.

We will collect your health information directly from you, unless it is unreasonable or impracticable to do so. For example, we may obtain information collected by a third party, and who has referred you to our Services.

We will collect your health information for the following purposes:

• Research purposes,

• To provide information, goods or Services,

• To provide aggregated statistical information (not including individual identifiable health or personal information) to government and other organisations, or in relation to applications for Grants, or the management of, or reporting in relation to, such Grants, and

• As required by law.

If you do not provide us with accurate health information, we may not be able to provide you with accurate information or provide you the Services.

ANOYNMITY AND PSEUDONYMITY

You can interact with us anonymously or by using a pseudonym when it is lawful and practicable to do so.

For example, you amy be able to provide comments or make certain inquiries anonymously or by using a pseudonym. However, if you choose to remain anonymous or use a pseudonym, it may be impracticable for use to respond to some inquiries (eg. to investigate a complaint) without knowing your identity.

Where you interact with us via one of our websites, we may automatically collect various connection parameters, such as your IP address and details about your internet service provider, in order to administer and improve the performance of the website. If the website uses ‘cookies’ you may choose to configure you web browser to access our websites without accepting the cookies, but it may reduce your user experience and require you to re-enter certain information from time to time.

HOW WE HOLD PERSONAL INFORMATION AND HEALTH INFORMATION

We will take reasonable steps to protect any personal information and health information that we hold from misuse, loss, unauthorised access, modification or disclosure. We will also take reasonable steps to destroy or permanently de-identify personal information and health information that is no longer needed for the purpose for which the information was collected.

Your personal information and health information may be stored in hardcopy documents, as electronic data, in our internal software or systems, or using a third party under an outsourced arrangement for data storage or backup.

OUR PRACTICES IN RELATION TO EMAILS

Umbo logs and stores email messages by capturing each email log file on a mail server. The details captured are date, sender, receiver, subject, size of email message, routing information and group that the sender belongs to. This information may be stored on a server for up to 10 years, after which time it is deleted.

This information may be ‘de-identified’ (so that it is no longer personal information) and then used in its de-identified form for internal research purposes and aesthetic purposes approved through applicable processes.

Further, if an investigation is necessary, a law enforcement agency or other government agency may inspect the above information for the purposes of the investigation. We do not otherwise use or disclose the above information except in accordance with applicable laws, including the Health Privacy Acts. [Question for Umbo: Francesca confirming.]

DISCLOSURE OF PERSONAL INFOMRATION AND HEALTH INFORMATION

Umbo may disclose your personal information and health information:

• For the primary purpose for which it was collected, including to provide the Services,

• For a related purpose as you would reasonably expect, with your consent, or

• As required or authorised by law

For example, we may disclose your personal information and health to:

• Other health service providers or specialists you are referred to (at your request or with your consent),

• Our professional advisors including our accountants, auditors and lawyers,

• Your authorised representatives, responsible persons or legal advisors,

• Credit-reporting and fraud-checking agencies,

• Third parties to whom we have outsourced various business functions,

• Government and regulatory authorities and other organisations, as required or authorised by law (including the National Disability Insurance Agency,

• Our partners or other third parties who assist us in achieving the purpose for which the information was collected (including to provide the Services).

In general, we are not likely to disclose your personal information to overseas recipients, although we may from time to time engage, under an outsourcing arrangement, the data storage or backup services of a cloud service provider that hosts (or may host) data outside of Australia.

In some cases we may also expressly seek your consent to disclose your personal information to an overseas recipient, for the purpose of excluding any potential liability to you for acts or practices done by the overseas recipient in breach of applicable Health Privacy Acts.

HOW TO ACCESS AND CORRECT YOUR HEALTH AND PERSONAL INFORMATION

You have a right under the Health Privacy Acts to request access to your personal information, and to request its correction.

We will provide you with access to personal and health information that we hold about you, subject to any exceptions allowed by law. We may charge you for making updates to your personal information, but the charge (if any) will not be excessive or unreasonable.

If you are aware that personal information or health which we hold about you is inaccurate, incomplete, or out-of-date, please contact us and we will take reasonable steps to correct the information.

We will also respond to each request within a reasonable period after it is made and without unreasonable delay. If we do not provide access or make corrections as requested, then we will notify you of our reasons except to the extent that it would be unreasonable to do so.

UPDATES TO THIS PRIVACY POLICY

We may change or modify this Privacy Policy from time to time. We encourage you to check our websites regularly for updates.

HOW TO CONTACT US

For any matter relating to this Privacy Policy or your personal information, including if you wish to complain about a breach of the Australian Privacy Principles, please contact: Francesca Pinzone at francesca@umbo.com.au.