Emsee Logo
GET IN TOUCH
Emsee Logo
Emsee Logo
Call Us
Emsee Logo
Call Us
Emsee Logo
Call 1300 412 422

Privacy Policy

Entities Covered under this Privacy Policy
“In this privacy policy ‘the Company’ refers to the following list of entities, collectively”
Emsee Holdings Pty Ltd
Emsee Health Pty Ltd
Emsee Medical Services Pty Ltd
Emsee IP Services Pty Ltd

Purpose

‘the Company’ recognises the importance of privacy and is committed to the management and handling of Personal Information in an open and transparent way. ‘the Company’ is required to comply with the Australian Privacy Act 1988 (Cth) (Privacy Act) and this policy creates a framework to ensure that any Personal Information ‘the Company’ holds is collected, used, stored and disclosed in accordance with the Australian Privacy Principles in the Privacy Act.

Your personal information is held securely in accordance with this Privacy Policy and privacy laws and is treated with respect and care. You have the right to contact us to access or correct your personal information. We encourage you to contact us if you have questions or concerns about your privacy or how your personal information is handled by ‘the Company’.

Scope

This Privacy Policy documents the handling of Personal Information by ‘the Company’, both within and outside of Australia and all business activities which utilise ‘the Company’s’ information systems or infrastructure.

References to ‘the Company’ throughout this policy include collectively the above related entities and business operations.

This policy does not apply to the handling of Personal Information about ‘the Company’s’ employees.

Related Policies

‘the Company’s’ policies that should be read in conjunction with this policy are:

  • Mandatory Data Breach Reporting Plan
  • Employee Code of Conduct

Regulatory Environment

As a healthcare services company which deals with Personal Information and Sensitive Information, ‘the Company’ has an obligation to respect the privacy of individuals and to follow the Australian and New South Wales privacy laws, which include:

  • the Privacy Act 1988 (Cth) (as amended from time to time);
  • the National Privacy Principles contained in Schedule 3 to the Privacy Act or where applicable, the Australian Privacy Principles contained in Schedule 1 of the Privacy Act;
  • Health Records Information Privacy Act 2002 (NSW); and
  • all other applicable laws that require a person to observe privacy or confidentiality obligations in respect of Personal Information.

Please notify ‘the Company’ in writing if you are currently, or in the future become, a resident of the European Union.

Personal Information Collected and Held by ‘the Company’

‘The Company’ may collect and hold information about individuals who may be customers, members of the general public, job applicants, business contacts, healthcare professionals and others.
The information ‘the Company’ typically collects and holds is detailed below.

General Public

We collect personal information necessary to provide the health management services requested by you or your requesting clinician. When you become a customer of ‘the Company’, an electronic record is made containing your personal information such as your name, date of birth, address and other contact details. The information we receive in a request will typically include information about your health including:

  • your medical history;
  • results of previous tests and investigations;
  • medications you may be taking or treatments you are undergoing;
  • details about your treating doctors and other health professionals involved in your care;
  • information required for a pharmacist to fulfill a prescription;
  • other information which may be relevant to your care.

We may also collect other sensitive information that is relevant to your care. Information may also be collected about individuals who are not patients of ‘the Company’. For example, we may collect information about your family in the form of a family medical history.

Job Applicants

The types of Personal Information ‘the Company’ collects from job applicants, including for both employment and contract positions, may include:

  • Employment history
  • Qualifications
  • Information relating to credentialing of health professionals
  • Opinions about suitability for employment from referees and previous employers
  • Taxation and banking details
  • Information from public domain and social media websites
  • Driver’s licence/passport details
  • Superannuation Fund details
  • Next of Kin

Job applicants have the right to not disclose Personal Information, however ‘the Company’ may not be able to assess a candidate’s suitability for employment when it does not receive all necessary information.  ‘the Company’ will only disclose the Personal Information of job applicants to third parties with the consent of the job applicant, or as otherwise permitted in limited circumstances by law.

Once a position has been filled, all applications received by ‘the Company’ are filed and kept by the recruitment manager in the human resources team.  However, the following information, if previously collected, will not be retained for applicants who do not commence employment or a contract position with ‘the Company’: bank account details, driver’s licence/passport, Tax File Number, superannuation fund details, next of kin.

Business Contacts

  • Your name, business address, business telephone number(s) and email address
  • Dealings with ‘the Company’ in respect of general business relationships
  • Work, professional and employment references, reports and assessments
  • Information from public domain websites
  • Information obtained when you access ‘the Company’s’ website

Healthcare Professionals

  • Your name, business address, business telephone number(s) and email address
  • Professional details
  • Practice specialty including areas of interest
  • Membership of professional associations
  • Practice and/or business information including, where applicable, interest in ‘the Company’s’ products
  • Information relating to your patients
  • Information from public domain websites
  • Information obtained when you access ‘the Company’s’ website

Adverse Event Reporting

‘the Company’ is required by law to report Adverse Events to sponsors of medicines listed on the Australian Register of Therapeutic Goods.
The following information is collected and used to fulfil these reporting requirements:

  • Identifiable patient information, which may be required for an Adverse Event report to be validated or for follow-up, however in general, only patient initials OR age OR gender is required.
  • Suspect Drug Information (name, strength, dosage, route of administration, therapy start and end date, indications for use).
  • Adverse Event details (date started/ended, outcome, causality).
  • Concomitant medications (if any)
  • Medical conditions (if available)

How Will ‘the Company’ Collect Your Personal Information

Wherever possible, ‘the Company’ will collect Personal Information about you directly from you. Nevertheless, on some occasions ‘the Company’ may collect your Personal Information from other sources, such as:

  • Third party agents or data providers
  • Public domain websites on the Internet
  • Electronic communications such as articles and information pieces in which you feature such as a health information site or a medical professional site
  • Publicly available directories and listings such as telephone directories
  • Newspapers, magazines, professional journals and the electronic media
  • The date, time and domain from which you access ‘the Company’s’ website
  • Personal interactions and/or communications with ‘the Company’s’ employees and/or contractors
  • Databases purchased from an external provider
  • Healthcare professionals

Personal information about you which ‘the Company’ collects and holds may vary depending on your particular interaction with ‘the Company’ and will be for a legitimate business purpose. ‘the Company’ will not collect Sensitive Information about you, such as information about your health or ethnicity without your consent.

Collection of Your Personal Information Through ‘the Company’s’ Website

‘the Company’s’ website provides for direct input of Personal Information under some circumstances.
In addition, ‘the Company’s’ website makes use of ‘cookies’ which are small text files that are stored in the visitor’s local browser cache. This enables recognition of the visitor’s browser to optimise the website and simplify its use. Most browsers are set up to accept these cookies automatically, however you can deactivate the storing of cookies or adjust your browser to inform you before the cookie is stored on your computer. Data collected via cookies will not be used to determine the personal identity of the website visitor.
‘the Company’ expects to increasingly makes use of web analytics, including analysis by third party service providers, which may use IP addresses. While this may in some circumstances be ‘Personal Information’ neither ‘the Company’ nor the service providers have any interest in an individual’s browser activities and will not use the information to take any action targeted to individuals without having obtained that person’s consent.

How Will ‘the Company’ Hold and Use Your Personal Information

Customer Relationship Management (CRM) Software

  • Information relating to patients, healthcare professionals and third parties with which ‘the Company’ conducts business will be held on ‘the Company’s’ secure customer relationship management (CRM) software platform. This information will be accessed and used in the ordinary course of conducting business, including but not limited to communicating with you, order processing and fulfilment, accounting, responding to enquiries or complaints.
  • Information relating to third parties with which ‘the Company’ conducts business will be used to facilitate the provision of products and services to ‘the Company’.

Personal Health Information

  • ‘the Company’ will collect and record your personal health information obtained from you during the course of telehealth consultations.
  • Your personal health information may be provided to your referring healthcare professional or to other healthcare professionals involved in your treatment and care.
  • ‘the Company’ may use your personal health information to prepare a prescription and deliver it to a pharmacy to have your medication dispensed.

Other Use and Disclosure

‘the Company’ may disclose information about you in the course of any of the uses described above, including to related businesses and third-party service providers for routine business purposes such as order delivery, marketing, hosting, data processing and validation, data storage or archiving, printing and mailing. ‘the Company’ will use only reputable service providers and will ensure that it enters into appropriate contractual provisions with service providers to safeguard your privacy.

Should ‘the Company’ in the future buy or sell (or propose to buy or sell) all or part of its business, ‘the Company’ may disclose your Personal Information to a third party, as customer information is generally regarded as a business asset.
‘the Company’ will otherwise only disclose Personal Information about you to a third party where required by law.

Overseas Recipients

‘the Company’ conducts business either directly or via third parties in jurisdictions outside of Australia which includes an affiliate entity maintained overseas. ‘the Company’ ensures that ‘the Company’ or any facility affiliated with ‘the Company’ complies with the privacy laws in Australia in the management of Personal Information.  Your personal information including sensitive information will be collected by, transferred to or accessed by personnel based in ‘the Company’ affiliate facility as part of the routine provision of services to you by ‘the Company’.

Where ‘the Company’ uses external service providers located in countries outside of Australia, ‘the Company’ takes reasonable steps, including by contract provisions, to ensure that these service providers do not breach the Australian privacy laws.

Data Security

‘the Company’ uses technical and organisational security precautions to protect your data from misuse, interference or loss and from unauthorised access, modification or disclosure.
Any Personal Information that is provided to ‘the Company’ by you through ‘the company’s’ systems will be encrypted in transit to prevent its possible misuse by third parties. ‘the Company’s’ security procedures are continuously revised based on new technological developments.
In the event of an actual or suspected data breach, ‘the Company’ will follow the procedures outlined in its Mandatory Data Breach Response Plan, including

  • containing the data breach
  • conducting a risk assessment to assess the severity rating of a suspected or known data breach
  • assessing whether an Eligible Data Breach has occurred.

If an Eligible Data Breach has occurred, ‘the Company’ may report the data breach to third parties such as:

  • Emsee’s financial services provider
  • police or law enforcement bodies
  • the Australian Securities & Investments Commission (ASIC)
  • the Australian Taxation Office (ATO)
  • the Australian Transaction Reports and Analysis Centre (AUSTRAC)
  • the Australian Cyber Security Centre (ACSC)
  • the Australian Digital Health Agency (ADHA)
  • the Department of Health
  • State or Territory Privacy and Information Commissioners
  • Australian Health Practitioner Regulation Agency
  • professional associations and regulatory bodies
  • insurance providers.

‘the Company’ will contact you if you have been personally impacted by an Eligible Data Breach.

Data Retention

‘the Company’ will delete from its records Personal Information which it is no longer required to maintain due to legal or regulatory requirements. This does not apply to patient medical records, which will be retained for a minimum period of 7 years after a patient’s most recent contact with ‘the Company’.
If ‘the Company’ is required to retain Personal Information (e.g. Adverse Event records), then wherever practicable, it will be held in a de-identified form.

Data Access and Correction

You may request access to Personal Information ‘the Company’ holds about you at any time. If you believe your Personal Information is inaccurate, out of date, incomplete, irrelevant or misleading, you may request to have it corrected.
Requests to access or correct Personal Information should be sent to the Privacy Officer. Please provide as much detail as possible to assist in the location of information ‘the Company’ may be holding about you, such as your name, contact details, any former name(s), and if possible the context, for example, your relationship with ‘the Company’. Please specify if you are seeking access to specific Personal Information.
‘the Company’ will respond to your request within 30 days of receipt or within any further time notified to you in writing.

Deletion of Data

You may notify ‘the Company’ at any time if you do not wish ‘the Company’ to retain your Personal Information. ‘the Company’ will comply with all such requests wherever practicable and lawful.

Complaints

All complaints regarding your Personal Informational should be made in writing to ‘the Company’s’ Privacy Officer.
‘the Company’ will respond to your complaint within 30 days of receipt of your correspondence or within any further time notified to you in writing.

If you are not satisfied with the outcome of the response you receive, we can refer you to the Office of the Australian Information Commissioner (as applicable) for further investigation.

Privacy Officer contact information
All requests relating to access, correction or deletion of Personal Information, or any other information relating to ‘the Company’s’ Privacy Policy should be made in writing to:
The Privacy Officer
Emsee Holdings Pty Ltd
436-438 Burwood Road
Belmore
NSW 2192
Australia
Phone: 1300 412 422
Or by email: [email protected]

  • Definitions

Term

Definition

‘the Company’

Emsee Holdings Pty Ltd
Emsee Health Pty Ltd
Emsee Medical Services Pty Ltd
Emsee IP Services Pty Ltd

Confidential Information

Information that is not known to, or readily accessible by, the public and disclosure of that information would cause harm to or disadvantage a person or organisation. Access and disclosure of Confidential Information must be controlled and will only be given to persons who require access to perform their duties.

Data Breach

An incident, in which Personal Information or Confidential Information is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference.

Eligible Data Breach

A Data Breach which has caused serious harm to an individual requiring notification under the Notifiable Data Breaches Scheme under the Privacy Act.

Personal Information

Any information or an opinion about an identified individual, or an individual who is reasonably identifiable, as defined in the Privacy Act.

Privacy Act

Privacy Act 1988 (Cth)

Sensitive Information

Personal Information categorised as Sensitive Information under the Privacy Act, including but not limited to health records.

Stay Empowered and Informed—
Join Our Community

Newsletter sign up
Emsee Logo

Quick Links

About Emsee

Menopause Program

Weight Loss Program

Take Our Assessment

Meet Our Team

Emsee App

Contact Us

Resources

Symptoms

Blog

Contact Us

436 Burwood Rd Belmore NSW 2192, Australia

Email Us

Call Us

Follow Us:

Facebook Linkedin Instagram

EMSEE HEALTH PTY LTD. All Rights Reserved. Terms & Conditions and Privacy Policy
We are a company with Australian jurisdiction.

The information provided on this site is for general information purposes only and does not replace professional medical advice. Please consult with one of our healthcare providers to determine the best course of treatment for you.