Privacy Policy

Medlab Clinical Ltd and all related corporations respect that your health concerns are sensitive, and thus understand that you trust us to be very careful with your personal information. This privacy policy describes how those entities and the employees and other entities acting on their behalf (collectively referred to below as Medlab) collect, use, and disclose personal information.

A reference in this policy to:

• “we”, “our”, or “us” is a reference to Medlab;
• “you” or “your” is a reference to the individual whose personal information is collected by us;
• “personal information” includes health information and other sensitive information as well as personal information generally (these terms are defined in the Privacy Act 1988 (Cth)); and
• “website”/“digital portal(s)” refer collectively to our websites and digital portals accessible at https://www.medlab.co, https://clinic.medlab.co/ and https://www.ctrial.com.au/ including any third-party add-on applications, platforms and/or other software programs incorporated into or which work or communicate with any of our websites and digital portals for the purposes of Medlab’s provision of information, products and/or services to you (“third-party add-ons).

At Medlab, we respect your privacy, and we are committed to protecting your personal information. This is why we handle personal information in accordance with the countries in which Medlab operates. Which include Australia, The United Kingdom, and The United States of America.

For Australian residence, the Australian Privacy Principles are set out in the Privacy Act 1988 (Cth), as well as the Spam Act 2003 (Cth). In addition, we handle personal information in accordance with State and Territory privacy laws in circumstances where there is a contractual requirement for us to do so, and in accordance with State or Territory health records laws where applicable.

For UK and EU residence we adhere to the General Data Protection Regulation (GDPR) which became law across the European Union and many other countries and jurisdictions are following suit.

For American residence, we adhere to the California Consumer Privacy Act (CCPA).

We encourage you to read the policy carefully and we hope it will help you to make informed decisions about sharing your information with us.

This policy covers a number of areas, including:

• Our use of your information
• Third-party disclosure
• Your choices
• Our security measures

If you have any questions or concerns about our policy you can email us: [email protected]

PRIVACY AND PERSONAL INFORMATION

The personal information which we collect depends upon the nature of our dealings with you and the products and/or services that we provide to you. It may include your name, gender, contact information, date of birth, Medicare number, health information and other sensitive information about you, particulars of health service we provide to you, or which is contemplated, payment methods, technical information (such as your IP address) and any other ad hoc information which you choose to supply to us and which is of an obvious personal nature.

The protection of your personal information is important to Medlab.

You agree that Medlab may collect and use your personal information for the purposes for which you give it to us and for any other purposes directly connected with the reason(s) for us collecting your personal information and for related purposes which you would reasonably expect us to use your personal information for. This may include, for example, for the purposes of a providing a health service to you in connection with a consultation provided by a Medlab medical or health professional and for related purposes (such as use within Medlab in relation to discussing or disclosing such information and/or in connection with referring you to another external third party medical or health professional for the purpose of managing, monitoring or assisting with your treatment on an ongoing basis and/or for the purpose of completing and sending a script, note or record to a pharmacy for one or more products that our medical or health professional(s) considers may be appropriate for you), for our own internal purposes (including administrative purposes, billing purposes, either directly or through an insurer or compensation agency), and for the purpose of communicating with you, including by sending you information about matters we consider you might be interested in, including information about upcoming studies, product information or services provided to you via the website or otherwise by us.

You agree that we may aggregate personal information obtained from multiple individuals for research purposes. We only do so, however, after de-identification and in accordance with (and to the extent permitted by) de-identification guidelines issued by the Office of the Australian Information Commissioner and research guidelines approved under section 95A of the Privacy Act 1988 (Cth).

We may also disclose your personal information incidentally to third parties who perform technical and support services for us, such as maintenance, personnel, and outsourced service providers. All such third parties are required to provide a contractual commitment to comply with this privacy policy and with privacy laws in general.

You agree that we may at any time transfer your personal information and health information to a related body corporate within Medlab which, in accordance with our normal company operations, requires access to such data.

By using our website and/or receiving products or services from us (including, for example, by participating in a consultation), you consent to Medlab collecting and using your personal information for the purposes described in this policy.

OUR USE OF YOUR INFORMATION

The more we know about you, the easier it is for us to deliver helpful, relevant information and services. We collect personal and non-personal information to tailor the future content which you see and to contact you. We collect personal information and health information about you which you provide to us and otherwise in connection with your use of our website and/or products and services provided to you, including as set out below.

Registration (other than for Telehealth consultations)

When you register on our website, we collect personal information about you such as your name, email address, address, and other contact details. Registration allows you to potentially participate in future studies and receive monthly deals and promotions.

Telehealth consultations

Medlab medical and health professionals, including naturopaths, provide “Telehealth” consultations to customers via telephone or video conferencing facilities, including over the internet. If you wish to participate in one or more Telehealth consultations, you must book an appointment using our scheduling system, which is accessible via our website. We will collect personal information about you in connection with your booking and any consultation which you attend. After you book a consultation, we will send you a new patient pack of materials, which will include a patient questionnaire for you to complete and send back to us before your first consultation, which we will review before your first consultation.

Clinical trials

When you register for a clinical trial on our websites, we strive to collect only de-identified personal information. This information is required to ensure the correct health data is attributed to the correct patient during the trial. We collect only the first letters of your first and last name. An email address is required as it allows the patient to reset their password and receive copies of clinical trial forms. We strongly recommended the use of a non-identifying email address. A mobile phone number is optional and is only used to send a reminder SMS if the patient has missed a due date to fill in an online form related to their enrolled clinical trial.

The personal and health information we may collect from you will include the information referred to in this Policy as well as personal information about your medical history and condition(s), the reason for your participation in the consultation, and your interest in Medlab products and services, and any recommendations, treatment or advice which our medical and health professionals provide to you in connection with or during such a consultation.

We will also collect personal and health information about you from publically available sources of information, including social media (such as your publically available Facebook and Instagram profiles), and other sources of information about you which you refer us to or which we identify.

If our medical or health professional determines that it appropriate to refer you to another medical or health professional either within or outside Medlab, and you consent to that referral, we will also collect information about that referral, including the nature of the referral and the identity of the professional to whom you are referred. We will also collect any information about any treatment or advice provided to you by any such professional if we receive such information from the professional or a related person or entity.

User feedback

From time to time we may ask for your feedback about our website, products, and/or services. This information allows us to better understand the needs of our customers and to gather information about health issues and trends that may be important to them. If you provide any such feedback to us which comprises any personal information, or if you otherwise provide us with any personal information about these issues, then we will also collect that personal information for the purposes outlined in this policy.

Log information

When you visit our website, our servers will collect log information. This information may include your page request, Internet Protocol (IP) address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser. Log information helps us gather information about often our website is being viewed; such as the product pages customers are viewing.

Cookies

We may use cookies to make your use of our website and services as convenient as possible for our customers. Cookies do not personally identify you; they are pieces of information that a website transfers to your computer's hard disk for record-keeping purposes. Cookies help us to personalise your experience and generate tailored content when you visit our website. We may also use cookies to monitor the number of people using our website, what they are viewing, and how they are using the information provided.

Data period

We will only retain your personal information for as long as is necessary to meet the purpose for which it was originally collected, unless and to the extent we are required by law to retain the information for a longer period. When your personal information is no longer required, we will take commercially reasonable and technically appropriate steps to delete or de-identify that information.

You are entitled to view the personal information which we hold about you except in circumstances where applicable privacy and data protection laws authorise us to deny access.  You may be charged an administrative fee for this service.

We will take reasonable steps to ensure that your personal information remains current, complete, and accurate. If upon gaining access to your personal information, you identify an inaccuracy in your personal information, we will correct it if we agree that it is, in fact, inaccurate or, if we disagree, we will include a notation to the effect that you disagree.

THIRD-PARTY DISCLOSURE

To the extent that a third party add-on is involved or used by us or our website including in the course of or in connection with managing Telehealth consultations, one or more third parties may receive or have access to your personal or health information which we collect.

Except as set out in this policy, we will not use or disclose any personal information about you to any third parties without your consent. There may be exceptional circumstances where this may not be possible, such as if the disclosure is required by law or is necessary to protect the rights or property of Medlab, or any member of the public, or to lessen a serious threat to a person's health or safety.

We will not disclose any personal information about you overseas without your consent.

YOUR CHOICES

You are given choices when we ask for personal information and, whenever possible, we try to explain why we ask for information. You can always refuse to provide personal information.

Personalisation

Information you provide on our website when you complete the registration, tools you have used as well as articles you have viewed, will be used to personalise your experience of our website.

Telehealth consultations

Information you provide to Medlab or Medlab medical and health professionals in connection with or during the course of a consultation, including personal information and health information, will be used by Medlab for the purposes outlined above in this policy, including for the purposes of the consultation, providing any treatment advice to you or, if you consent, for the purpose of referring you to another medical or health professional.

Emails

Email communications that you send to us via links on our website may be shared with one or more employees at Medlab. If you provide personal health information in your email, it will be used only for the purposes of answering your email.

Email Alerts

As a Medlab customer, you have the option to receive regular email newsletters and alerts of monthly deals and promotions. You can unsubscribe from newsletters by clicking on the "unsubscribe" link at the bottom of any newsletter. You can manage your alerts or unsubscribe from alerts in your personal profile.

If you would otherwise prefer not to receive marketing or other material from Medlab, please let us know and we will respect your request by emailing [email protected]  

OUR SECURITY MEASURES

We are dedicated to protecting the security and privacy of your information. We have implemented security arrangements to protect your personal information against loss, theft, unauthorised access, and unauthorised disclosure. Your electronic information is stored on secure servers that are protected in controlled facilities. Medlab uses SSL certificates to establish secure connections when presenting data in a digital format and encrypting data between our secure servers and our digital portals. Medlab employs authentication and authorisation protocols when providing access to your personal data. Our employees have limited access to your personal information. However, as we cannot guarantee the security of our communications with you over the Internet, you acknowledge that we cannot give you an absolute assurance that your personal information will be secure at all times. Medlab will not be held responsible for events arising from unauthorised use or access to your personal information unless the unauthorised use or access arises due to Medlab’s failure to comply with the relevant country's laws that Medlab operates in. Our security measures are routinely reviewed and the account is taken of the Guide to Securing Personal Information issued by the Office of Australian Information Commissioner

Future Changes

As we evolve and introduce new services and features on our website and in our business, our policies will be reviewed and may be revised. We reserve the right to change this policy at any time and will notify you by posting an updated version of the policy on our website. If you do not agree with the new policy, you always have the option of closing your account and not acquiring or receiving products and/or services from us.

WHAT ARE YOUR PRIVACY RIGHTS?

If you are a resident in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident of California in the USA. The California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below. Please contact our Privacy Officer at [email protected]

If you are under 18 years of age, reside in California, and have a registered account with a Service, you have the right to request the removal of unwanted data that you publicly post on the Services. To request the removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).

CCPA Privacy Notice

The California Code of Regulations defines a "resident" as:

(1) every individual who is in the State of California for other than a temporary or transitory purpose and
(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as "non-residents."

If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.

A resident of another Country

If you have questions or comments about your privacy rights, you may email us at [email protected]

If you would at any time like to review or change the information in your account or terminate your account, you can: Contact us at [email protected]

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use, and/or comply with applicable legal requirements.

If you have any queries or complaints regarding this privacy policy or our privacy and data protection practices generally, please contact

• Contact: Ian Curtinsmith
• Email: [email protected]
• Ph: +61 2 8188 0311 EXT 169
• Unit 5, 11 Lord St, Botany, NSW, 2019, Australia

If you make such a complaint we will review within 48 hours and establish in consultation with you a reasonable process, including time frames, for seeking to resolve your complaint.

We do not impose any charge for a request for access, but we may charge you a reasonable fee for our costs associated with providing you with access and retrieval costs.

YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA

Right to request deletion of the data - Request to delete

You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation or any processing that may be required to protect against illegal activities.

Right to be informed - Request to know

Depending on the circumstances, you have a right to know:

• whether we collect and use your personal information;
• the categories of personal information that we collect;
• the purposes for which the collected personal information is used;
• whether we sell your personal information to third parties;
• the categories of personal information that we sold or disclosed for a business purpose;
• the categories of third parties to whom the personal information was sold or disclosed for a business purpose; and
• the business or commercial purpose for collecting or selling personal information.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

We will not discriminate against you if you exercise your privacy rights.

Verification process

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with the information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use the personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Other privacy rights

• you may object to the processing of your personal data
• you may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the data
• you can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
• you may request to opt-out from future selling of your personal information to third parties. Upon receiving a request to opt-out, we will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submission.

To exercise these rights, you can contact us by email at [email protected], If you have a complaint about how we handle your data, we would like to hear from you.

Updated and effective as at 8th November 2021.