Next Practice is committed to protecting your privacy, and respects and upholds your rights to privacy protection under applicable privacy laws. These laws regulate how we collect, hold, use and disclose personal information (as defined in those laws) about you and other individuals. In Australia, Next Practice complies with the Australian Privacy Principles and the other requirements of the Privacy Act 1988 (Cth) to ensure adherence to the regulations for the maintenance of privacy of personal and health information are upheld.
Our culture is one of trust, confidentiality and professionalism. We recognise that the information we collect is of a highly sensitive nature. We have artfully created a new kind of general practice focusing on transforming the experience so that patients receive not only “Best Practice” care but “Next Practice” care. Our approach of “Next Practice” care applies to our ongoing compliance with privacy regulations and we have adopted the highest privacy compliance standards to ensure personal information is protected.
2. What is your personal information?
Personal information is any information or an opinion that can be used to identify you. This may include your name, address, telephone number, email address, profession, date of birth or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
Distinct from personal information, there is also personal health information. Personal health information is personal information about a person’s health, medical history or medical care. Personal health information may be collected in the process of providing health services to you or may be about any health service provided to you.
3. What personal information is collected from you?
Examples of personal information which we may collect from you include, but are not limited to, your name, postal address, delivery and collection addresses, date of birth, phone number, ABN, e-mail address and any other information provided by you or your referees if you are applying for a position of employment or to be a licensee partner with us. If you provide financial information to us or our payment system providers, or establish a credit account with us, we collect some additional information, such as a billing address, credit card details, financial institution account details and tracking information for cheques or money orders.
We may also collect some information from you during the process of using a Next Practice App, this may include, Medicare number, health fund details, medications and treatments, lifestyle information, profession, ethnicity, family history, the name of any health services or providers which you see or to which you are referred.
4. How we collect your personal information
Next Practice will endeavour to collect information directly from you whenever possible, however personal information may also be collected on our behalf by our agents. We collect personal information about you in a number of ways, including but not limited to:
- directly from you when you make a telephone or online booking or enquiry;
- directly from you if you send us personal correspondence, such as emails or letters;
- when you provide information and navigate through our Website and or any Next Practice App, including through Cookies as defined in clause 13;
- when you complete our “application” form, our “contact us” form, our “Partner enquiry” form or any other forms;
- from billing, medical services and treatment to patients;
- when you enter promotions run by us;
- when you apply for any positions with us (see more information in “Applications for Employment” below);
- when you apply to become a partner (see more information in “Partner Applications” below);
- from Next Practice related companies;
- from publicly available sources of information;
- from third parties such as credit reporting bodies and marketing agencies, including information you may provide to us using our social media pages, and
- from our own records.
We only collect personal information by lawful and fair means that is reasonably necessary for us to conduct our business and to meet our legal obligations or otherwise in accordance with any specific consent given by you.
5. Consent for collection of personal information
Consent for the collection, use and disclosure of Personal Information can be given by you at any time. The essential elements of consent are that it is based on sufficient information to make an informed choice, the person is competent to consent and that it is given freely and not obtained through coercion. There are situations when health service providers may reasonably assume that implied consent has been provided to collect and handle personal information.
For example, when an individual presents to a medical practitioner for a consultation, if a medical practitioner collects a specimen to send a pathology laboratory for testing, it would be reasonable to consider that the individual is giving implied consent to the passing of necessary information to the laboratory. The consent of a patient is not required where the use or disclosure of the Personal Information is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or safety.
6. Applications for Employment
When you apply for a job with us, most of the personal information that we collect about you is the information contained within your application, including your name, address, telephone number, education and employment history.
In considering your application, we may also collect personal information about you from third parties such as your previous employers or referees. We may also collect sensitive personal information about you, such as your criminal record. Where we do so, your consent will be sought first.
The information that we collect in the course of your employment application process will be used to assess your suitability for a position with us (or an entity associated with Next Practice), to assess your qualification to move forward in the recruitment process and/or to store your details for opportunities that may arise in the future.
Where you do not provide us with information that we request of you, we will not be able to assess your suitability for a position or any future openings.
During the course of your employment application process with us, we may disclose your information to:
- your nominated referees;
- past employers;
- recruitment agencies/agencies/contractors acting for you in the employment application process;
- other companies associated with Next Practice;
- government or other agencies, such as to conduct criminal record checks; and
- educational organisations, such as to verify your qualifications and health credentials.
7. Partner Applications
When you apply to become a Next Practice Partner, most of the personal information that we collect about you is the information contained within your application, including your name, address, telephone number, education, employment history and financial history.
In considering your application, we may also collect personal information about you from third parties such as your previous employers and business or personal referees. We may also collect sensitive personal information about you, such as your criminal record. Where we do so, your consent will be sought first.
The information that we collect in the course of your partner application process will be used, to assess your suitability for owning a clinic with us (or another associated company), to assess your qualification to move forward in the partner recruitment process and/or to store your details for opportunities that may arise in the future.
Where you do not provide us with information that we request of you, we will not be able to assess your suitability to be a partner or for any future openings.
During the course of your partner application process with us, we may disclose your information to:
- your nominated referees;
- past employers;
- agencies/contractors acting for you in the application process;
- other companies associated with Next Practice;
- government or other agencies, such as to conduct criminal record and credit checks; and
- educational organisations, such as to verify your qualifications and health credentials.
8. For what purposes do we collect, hold, use and disclose your personal information?
Next Practice uses your personal information so that we can improve and perform our business activities and functions and to provide you with any products or services which you may request, or to respond to any query or complaint that you may have. We may also use your personal information to, for example:
- verify your identity;
- to administer our services, products and programs;
- provide the products or services you require or for related purposes that would reasonably be expected;
- administer and manage our services including charging and billing you for those products and services;
- to provide medical services or treatment to patients;
- assist with the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of us and our related bodies corporate, contractors or service providers;
- provide to third parties who have a bona fide interest in acquiring a clinic or in relation to the sale of our business generally;
- undertake data research and analysis;
- inform you of ways that the services provided to you could or have been be improved;
- conduct appropriate checks for fraud or other legal purposes;
- update our records and keep your contact details up to date; and
- maintain and develop our business systems and infrastructure, including testing and upgrading of these systems.
Next Practice may combine any information which it collects from you with information collected by its related companies. We will not sell or license any of your personal data to third parties for their direct marketing purposes unless we have your express consent to do so.
When collecting your personal information, we do so in accordance with relevant Australian laws and the Australian Privacy Principals. We may also use your personal information for other purposes not listed above.
9. What happens if we cannot collect your personal information?
If you do not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide our services, products and programs to you;
- we may not be able to provide you with information or important updates about services, products and programs that you may want;
- we may be unable to tailor the content of our Websites or a Next Practice App to your preferences and your experience of our Websites or a Next Practice App may not be as enjoyable or useful; or
- we may not be able to process or progress your employment or Partner application.
10. When we disclose your personal information
In order to deliver the products and services you require, Next Practice may disclose your personal information to organisations outside of Next Practice. Your personal information may be disclosed to these organisations so that we can provide you with the required services or conduct the necessary administrative or marketing function required. These organisations include, but are not limited to, organisations and third party service providers who we engage to carry out the following services:
- customer support enquiries;
- mailing operations;
- printing operations;
- billing and debt-recovery functions;
- payment systems requirements;
- technology services;
- installation, maintenance and repair services;
- professional service functions like legal, accounting and business advisory;
- marketing, telemarketing and market research; and
- product, website and app usage analysis.
We may disclose your personal information to:
- any parties necessary to provide the services, products and programs which you request from us;
- any parties necessary to provide you with access to the Website or any Next Practice App;
- external IT services;
- your authorised representatives, insurers or your legal advisers (when requested by you to do so);
- credit reporting bodies or fraud checking agencies (where relevant);
- our related and associated companies;
- our professional advisers, including our accountants, auditors, insurers and lawyers;
- government and regulatory authorities and other organisations, as required or authorised by law;
- potential and current Partners and their agents;
- if Next Practice is, or is in negotiations to be, taken over by, or sold to, another company (“takeover company”), to the takeover company and its professional advisors;
- third party promotion hosting agencies; and
- any others you have been informed of or consented to (express or implied).
Personal Information can be used or disclosed to others for some other purpose if:
- you have consented to the use or disclosure;
- the medical practitioner reasonably believes the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health or safety, or a serious threat to public health or public safety;
- the use or disclosure is required or authorised by law (e.g. statutory duties, to notify certain infectious diseases or suspected child abuse, or compliance with a subpoena or court order);
- where the medical practitioner has reason to suspect unlawful activities or reasonably believes it is reasonably necessary for certain law enforcement purposes; or
- the information concerns a patient who is incapable of giving consent, and is disclosed to a person responsible for the patient for compassionate reasons or to enable appropriate care or treatment to be provided to the patient.
Any disclosure should be limited to that which is either authorised or required in order to achieve the desired objective.
Next Practice will take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the continuing protection of your personal information.
11. Transfer of personal information outside Australia
In addition to holding your personal information in Australia we may hold your personal information in the cloud or on servers located outside of Australia. We take all reasonable steps to ensure that the personal information which has been transferred outside of Australia will be held in jurisdictions whose privacy laws are equal to or better then Australia’s, and will not be held, used or disclosed by the recipient of the information inconsistently with the Australian Privacy Principles.
12. Direct Marketing and your privacy
Next Practice also collects your personal information for marketing purposes, including e-newsletters, promotions and special offers. Our communications may be sent to you in various forms, including mail, SMS, in-app notifications, fax and email in accordance with applicable laws. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. If you have received marketing information from Next Practice and you wish to stop receiving it, you can contact us (either using the contact details below or the opt-out mechanism detailed in our marketing material) and ask us to stop sending the marketing information within a reasonable time after your request has been made. Next Practice will not charge you, or in any way disadvantage you, if you choose to opt out of receiving marketing material. Next Practice may occasionally provide its marketing material to third parties to distribute material on Next Practice’s behalf.
Like many companies, Next Practice sometimes uses "cookie" technology on its Website and other online mediums. A “cookie” is a small summary file containing a unique ID number which is stored on your computer by your browser. When you log in, the cookie tells Next Practice whether you've visited the Website before or if you are a new visitor. The cookie doesn't obtain any personal information about you or provide Next Practice with any way to contact you, and the cookie doesn't extract any information from your computer. Next Practice uses the cookie to help it identify the relevant Website features in which you have the greatest interest, so that it may better personalise your access to the Website and other online mediums you engage with.
If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
14. Links to other websites
The Website and a Next Practice App may contain links to other sites. Next Practice makes no representations or warranties as to the privacy practices of any site operated by a third party and is not responsible for the privacy policies of such other sites.
As part of installation of a Next Practice App on your mobile device, you may receive “Push Notifications”, which may include alerts, badges, banners and sounds, on your mobile device.
You may choose to stop receiving Push Notifications at any time by selecting option within the App’s settings menu or by deleting the App from your mobile device.
16. Security and Data Quality
We will take all reasonable steps to secure your personal information. We recognise the importance of ensuring that personal information is accurate and we will take all reasonable steps to make sure that the personal information collected, used or disclosed is complete and up to date.
Electronic information is protected by various security measures and access to information and databases is restricted to our staff and contractors that need access to the information in order to perform their duties.
Next Practice cares about protecting the security of your personal information, and we have implemented security procedures to protect the personal information which you provide to us.
Because of the sensitive nature of the information collected by Next Practice, extra precautions are taken to ensure the security of the information. Information may be stored electronically and / or hard copy. All electronically stored files are password protected on several levels, and regular backups performed.
17. How you can access and correct your personal information held by the Next Practice
You are entitled at any time to request details and a copy of your personal information held by us by contacting us in writing. To protect your privacy, Next Practice may require proof of your identity before acting upon your request. Access will be provided unless there is a legal or administrative reason for denying or limiting access, as permitted by the Privacy Act 1988 (Cth). We will advise you of the grounds of any refusal.
If an individual asks, they may be given access to the personal Information held about them unless particular circumstances apply that allow us to deny access.
Situations for denial of access include:
- providing access would pose a serious threat to life or health of any individual;
- providing access would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious; or
- denying access is required or authorised by law.
Where we hold information that you are entitled to access, we will endeavour to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). Depending on the circumstances, Next Practice reserves the right to charge you a reasonable administrative fee for access to the personal information. We will not charge for simply making the request and will not charge for making any corrections to your personal information. If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
19. How to contact us
If you would like to contact us or require more information concerning Next Practice’s approach to privacy or how Next Practice handles your personal information, you can write to us at the below address: Attention: Next Practice Privacy Officer Next Practice Level 1
80 Wentworth Avenue
SYDNEY NSW 2010
AUSTRALIA Alternatively, you can email your privacy query directly to us by using the “Contact Us” page on our website.
You are entitled to contact us anonymously or by using a pseudonym if you prefer to do so. If you choose to remain anonymous this may limit our ability to assist you with any feedback or enquiry. We will tell you if we need to collect your name or any other personal information to help further.
20. How do you make a complaint or provide us with feedback?
If you wish to make a complaint to Next Practice about a possible breach of privacy, please provide full details of your complaint in writing, and send it to the Next Practice Privacy Officer (see contact details above). Please allow up to 30 days for your request or complaint to be processed. If your complaint relates to our failure to provide access to or to correct any personal information that we hold about you, or if you are not satisfied with the manner in which we deal with your complaint (within 30 days), you may lodge or refer your complaint directly to the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au). If your complaint does not relate to these matters, you must first lodge a complaint with us in writing and provide us with details of the incident so that we can investigate. We will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by the relevant privacy legislation, if applicable). We may ask you to participate in a dispute resolution scheme (such as mediation) to resolve your complaint. Individuals enquiring about their rights and remedies for breaches of privacy, can access detailed information at the Office of the Australian Information Commissioner www.oaic.gov.au
If you wish to provide us with feedback, either positive or negative, you may contact our Privacy Officer on the details provided above. We take concerns and suggestions seriously and will endeavour to follow up any feedback with a reasonable timeframe.