Privacy Policy - Dr Zacharia

Privacy Policy

This document describes the privacy policy of MICHAEL WILLIAM ZACHARIA trading as Dr Michael Zacharia (ABN: 97 651 504 710) (“Dr Michael Zacharia”, “we”, “us”) in the surgical practice known as Dr Michael Zacharia and Associates Practice and the non-surgical clinic known as The Medispa Clinic for protecting the privacy of personal information we collect about you, including through our websites, located at www.faceliftplasticsurgery.com.au and www.themedispaclinic.com.au, as well as through the provision of our products and services to you. 

 

As a health service provider, we are bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

 

If you do not wish for your personal information to be collected in a way anticipated by this Privacy Policy, we may not be in a position to provide our services to you. In some circumstances, you may request to be anonymous or to use a pseudonym, unless it is impracticable for us to deal with you, or if we are required or authorised by law to deal with identified individuals.

 

Personal Information We Collect 
The types of personal information we collect may include:

  • Name, date of birth, gender, address(es), contact numbers, email address and other contact details;
  • Identification numbers such as driver licence number or Passport number;
  • Demographic data such as age and location;
  • Transaction data (including details about payments to and from you and other details of products you have purchased from us);
  • Technical data (including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website);
  • Profile data (including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses);
  • Usage data (including information about how you use our website, products and services); and
  • Marketing and communications data (including your preferences in receiving marketing from us and our third parties and your communication preferences).

 

We may collect the above types of personal information from people including website visitors, clients, email subscribers, social media fans, employment applicants, potential clients, referral partners and service providers.

 

Sensitive Information
We may also collect the following sensitive information:

  • Health information, including medical history, medications, allergies, adverse events, immunisations, social history, family history, risk factors, and details of prior surgeries;
  • Details of other health service providers involved in your care (e.g. referring doctor’s name, phone and address), and copies of any referral letters and/or medical reports and test results (e.g. pathology results, imaging reports, surgical reports);
  • Photographs and digital facial rendering for the purpose of demonstrating anticipated results achieved through our procedures;
  • Health information contained in your digital health record including an individual’s healthcare identifier (if you participate and only with your consent); and
  • Healthcare identifiers and health fund details. 

 

We usually will only collect sensitive information from clients we are providing services to, or potential clients who have requested our services.

 

How We Collect Personal Information
We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from our clients directly. 

 

We may collect personal information in a number of ways:

  • When someone visits our website; 
  • When someone makes an enquiry with us (for example, in person, by telephone or email); 
  • When someone makes a booking with us (for example, over the phone or on our website);
  • When someone purchases a product or service from us; 
  • When someone signs up to a marketing subscription, such as a newsletter sign-up form; 
  • When someone contacts us via email, our website or via social media such as Facebook, Instagram, TikTok or YouTube; 
  • When someone completes a new client intake form; and
  • When someone participates in one of our programs or services.

 

We collect sensitive information in more limited circumstances, such as:

  • When someone makes an enquiry with us and the sensitive information is disclosed to us to facilitate referral to an appropriate service provider; and
  • When someone participates in one of our services and the sensitive information is disclosed to us to facilitate the delivery of the service.

 

We limit the circumstances in which we collect personal and sensitive information indirectly. This may be where a person has authorized us to collect information from other person(s) or it is not practical or reasonable to collect it from you directly, such as 

  • Information from a health fund, Medicare or the Department of Veterans Affairs;
  • Information from another health service provider (for example, information provided via referral or medical reports); or
  • Information from a parent or guardian. 

 

Cookies
As you probably know, a cookie is a small text file that’s placed on your computer to help us remember your preferences, like your login information or location. Cookies are used for a variety of reasons. We use cookies to make it easier and faster for you to use our Website. We also use cookies for security purposes to protect you online. We and our third-party vendors may also use cookies to display advertisements to you elsewhere on the internet.

Third parties may also use cookies, web beacons and similar technology to collect or receive information from our Website or from you and from elsewhere on the internet and use that information to provide measurement services and targeted advertising (such as the Facebook pixel, Google Analytics and AdWords). If we receive your personal information from third parties, we will protect it as set out in this Privacy Policy.

You can block the use of cookies by selecting the appropriate settings on your browser. You can opt out of third party vendor cookies by visiting your Google Ad settings or http://www.networkadvertising.org/managing/opt_out.asp. Please note that our website may not work as well for you if you disable cookies.

 

Why We Collect, Hold, Use and Disclose Personal Information
We collect, hold, use and disclose personal information as is reasonably necessary for us to operate our business and provide our services, including for the following purposes:

  • to contact and communicate with clients and potential clients;
  • for the purpose of booking and delivering our services and products;
  • to ensure we are the right fit for clients;
  • to ensure the accurate and safe provision of services;
  • to communicate with other healthcare providers involved in a person’s care;
  • to conduct activities relating to research, quality assurance and improvement processes, accreditation, audits, risk and claims management, client satisfaction surveys and staff education and training;
  • to market to you and others, including remarketing (this may involve the use of a Facebook pixel or similar technology to allow us to display our advertising to you elsewhere on the internet, for example, on Google or Facebook);
  • when required for administrative and internal record keeping; 
  • for statistical purposes; and
  • as required by law.

 

We only collect, hold, use and disclose sensitive information where it is necessary for us to provide a service we have been engaged to perform, and not for any unrelated purposes (for example, for research or marketing), unless we have received the person’s prior informed consent. If we form the view that it is necessary for us to disclose personal or sensitive information to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety and it is impractical for us to first obtain the patient’s consent, we may disclose information in those circumstances.

We will retain patient medical records for at least the minimum period required by law (currently 7 years from the date of last entry into the patient record).

We do not disclose personal information to overseas recipients.

We never sell or rent personal or sensitive information we collect. 

 

How We Hold and Protect Personal Information
We store personal information in hard copy and/or electronically, including as 

  • paper records
  • electronic records
  • visuals, videos and photos
  • audio recordings

We may use a third-party provider to host personal information (such as photographs) on an online portal for the purpose of information sharing with the provider of the information. 

 

Security 
We are committed to ensuring that the personal information we hold is secure and protected from misuse, interference, loss and unauthorised access, modification or disclosure. We undertake the following precautions to protect personal information we hold:

 

  • electronic records are stored in protected information systems encrypted with secure passwords;
  • we utilise internationally recognised Secure Server Certificate (SSC) to ensure electronic data security;
  • our websites contain pages encrypted with SSL (Secure Sockets Layer) to ensure the safety of any data that is submitted through use of the website;
  • paper records are stored in a secure filing system;
  • we limit access to personal information to a “need-to-know” basis;
  • all staff and contractors are required to observe the obligations of confidentiality in the course of their employment/contract and are required to sign confidentiality agreements;
  • the backend of our website and social media accounts is password protected;
  • we protect devices we use to collect, hold, use and disclose personal information with industry-standard anti-virus software;
  • our devices are protected by passwords and are stored in secure premises;
  • data is securely stored on cloud servers;
  • all conversations involving the discussion of personal information take place in private, where conversations are unable to be overheard by unauthorised personnel; and
  • if we no longer need personal information, we take reasonable steps to delete or de-identify the information.

We take extra precautions to protect sensitive information, including:

  • all sensitive information is held in secure storage systems protected by passwords;
  • we limit access to sensitive information to a “need-to-know” basis;
  • we protect devices we use to collect, hold, use and disclose sensitive information with industry-standard anti-virus software;
  • our devices are protected by passwords and are stored in secure premises;
  • data is securely stored on cloud servers;
  • all hard copies of sensitive information are kept in secure storage with access by authorised personnel only; and
  • all conversations involving the discussion of sensitive information take place in private, where conversations are unable to be overheard by unauthorised personnel.

If a data breach occurs involving personal information and the breach is likely to cause harm, we will notify the individual as soon as possible after the occurrence in accordance with our obligations under the Privacy Act and related legislation.

 

Requests to Access, Correct or Delete Information

 

Access:
You can request details of personal information that we hold about you in certain circumstances set out in the Privacy Act 1988 (Cth) (the Act). 

Requests must be made in writing to office@drzacharia.com.au. We will acknowledge receipt of your request within a reasonable time (usually 21 days) and detail whether the request can be complied with. We may refuse to provide you with information that we hold in certain circumstances set out in the Act or other legislation. Otherwise, we will provide access to the information if it is reasonable and practicable to do so. In most cases we will do this free of charge, but if your request requires significant effort or expense on our part, we might ask for compensation for that. We will give you an indication of any costs associated with providing the information. If you request for us to process your request, we will pass on agreed costs for time spent and photocopying costs when processing a request. Information can be expected to be provided within 30 days.

 

Correction:
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details set out below. 

 

We will endeavour to promptly correct any information found to be inaccurate, incomplete, or out of date and to notify of the correction, unless it is impracticable or unlawful to do so.

 

Deletion:
If you want us to delete personal information we hold about you or to not collect information from you for a specific purpose, please contact us using the details set out below. 

Please note that if we agree to delete information, because of backups and records of deletions, it may be impossible to completely delete the information without retaining some residual information. 

We will respond to any request to access, correct or delete information within a reasonable time. 

 

Unsubscribe
We like to keep our customers and website visitors up to date, so from time to time we will send you newsletters, invitations and updates. Not to worry: our emails will always come with an “Unsubscribe” button, so you can opt out at any time. To unsubscribe from our email database, or opt out of communications, use the “Unsubscribe” button in our communication or contact us using the details set out below.

 

Concerns
If you have a concern about management of your personal information, please contact us at office@drzacharia.com.au. We can also provide you with a copy of the Australian Privacy Principles, which describe your rights and how your personal information should be handled, on request. 

If unsatisfied with our response, you may lodge a formal complaint about the use of, disclosure of, or access to, your personal information, with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001. 

 

Changes to this policy

If we decide to change our Privacy Policy, we will let you know by posting such changes on our website. 

 

This policy was last updated: 27 August 2021