COMRAD PRIVACY POLICY

This Privacy Policy sets out the policy of Comrad Australia Pty Ltd and Comrad Medical Systems Ltd and its related entities in Australia and New Zealand (“Comrad”, “we”, “our”) with respect to the way we obtain, use and disclose information about you including through our websites at www.comrad.co.nz and www.comrad.com.au.  We adopt and are bound by the Australian Privacy Principles contained in Privacy Act 1988 (Cth) and the Information Privacy Principles established by the New Zealand Privacy Act 1993 (“the Acts”).

We understand and appreciate that you are concerned about privacy, particularly in relation to the use and disclosure of Personal and Sensitive Information.  We are committed to providing a high level of privacy in relation to all Personal and Sensitive Information that is collected by us.

This Privacy Policy applies to Comrad but not to other companies or organisations or websites to which Comrad is linked.  It covers Personal and Sensitive Information collected and used by us in relation to any of the following:

  • our clients or prospective clients;
  • our suppliers or prospective suppliers; and
  • our employees and independent contractors or any person who applies to become an employee or independent contractor.

What about my Employee Records?

In Australia, an act done or practice engaged with us as an employer that is directly related to an Employee Record is exempt from the Australian Privacy Act.  An Employee Record means a record of personal information relating to the employment of our employees. It includes health information and personal information relating to:

  • the engagement, training, disciplining,
  • resignation or termination of employment of an employee;
  • the terms and conditions of employment of an employee;
  • the employee’s performance or conduct;
  • hours of employment, salary or wages;
  • personal and emergency contact details;
  • the employee’s membership of a professional or trade association or trade union membership;
  • the employee’s recreation, long service, sick, maternity, paternity or other leave; and  the employee’s taxation, banking or superannuation affairs.

Having said that, we treat the Personal and Sensitive Information of our employees with absolute confidentiality and strict controls are exercised over who has access to such records.  We will not disclose your employee records to any third party other than as permitted by law or this privacy policy, without your prior consent.

Your Consent

You consent to your Personal Information being used in accordance with this Privacy Policy by any one or more of the following (as applicable, depending on whether you are our client, a patient of our client, a prospective employee or a supplier of goods or services to us):

  • purchasing our goods or services or making enquiries including via phone, email or internet;
  • attending our offices;
  • providing us with your contact details;
  • by way of written agreement with us;
  • visiting our website or participating in an online enquiry;
  • by allowing access to your Radiology Information System;
  • as a patient, by providing your details to our client and seeking and obtaining medical or radiology services from our client;
  • by visiting any website or social media site established by us, including but not limited to Linked in (“Social Media Sites”) and
  • participating in any activity on a Social Media Site including but not limited to entering competitions, subscribing to our blog, posting, pinning, or uploading any material on any Social Media Site, following, liking and/or commenting on us or anything on any Social Media Site (“Social Media Activity”)

where relevant for employees by accepting employment or continuing to be employed by us, and/or by visiting our intranet or participating in any activity on our intranet including but not limited to posting or uploading any material on any our intranet and/or commenting on anything to do with us or our products.

What Personal and Sensitive Information do we collect from you?

For the purposes of this Privacy Policy, “Personal Information” is information or an opinion about you as an identified individual or an individual who is reasonably identifiable, whether or not the information or opinion is true and whether or not it is recorded in a material form.

The type of information collected or to which we have access, differs depending on whether you are or would like to become a client, supplier or employee or independent contractor or whether you are a patient of a client.  Generally, the type of Personal Information collected by us includes your name, address, mobile and telephone numbers, facsimile number and email address.  Sensitive Information includes health information.

If applicable we may also require details of your company’s ABN and/or ACN, financial information including bank account and credit card details, your employer and occupation details.

If you are our client, we will have access to all information on your server, which includes Personal and Sensitive Information of your patients, but we only do so as necessary to carrying out our role and as instructed by you.

If you are our patient, or a patient of our client, we will have access to your Personal and Sensitive Information as the agent of our client and for the purpose of providing software and related services and we will only access, use and disclose such information in the course of carrying out our role in that regard.

If you are a prospective employee, we may be able to obtain other information about you which may itself constitute Personal Information or which, when combined with other information, is capable of identifying you, including photos, videos and other information that you include on Social Media Sites or sites linked to our Social Media Sites (“Other Sites”).  The level of information to which we have access may depend on your privacy settings on such Other Sites.

In some circumstances, you may deal with us anonymously or using a pseudonym.  However, in most circumstances it is impracticable to do so because if you do not provide us with the Personal and Sensitive Information that we require or if you provide it in a way that does not identify you, we are likely to be unable to carry out the services or supply the goods requested by you.

How do we collect your Personal Information?

We collect Personal and Sensitive Information in a number of ways, including:

  • when you provide us with such information including via telephone, email, business cards, application forms, including credit application forms, feedback forms, contracts or any other document provided by you to us;
  • when you engage us  to provide goods or services to you, including requiring the assistance of our customer support team;
  • if you are a client, from your client management system including server, virtual server or cloud when you grant us access;
  • if you are a client’s patient, from the Comrad interface when the client grants us access;
  • when you visit our website or websites that we administer or control;
  • from third parties such as credit reporting agencies;
  • from publicly available sources of information
  • through analysis of the Social Media sites conducted by us or by third parties on our behalf;
  • any other collection of or incidental or directly or indirectly related to the goods or services we may be able to provide to you, on behalf of ourselves or others; and
  • from our own records.

Through our website we can obtain Personal and Sensitive Information if you send such information in an email or when you complete an online enquiry.  When visiting our website the following information may be logged for statistical purposes and for the purposes of improving our services and for the purpose of marketing and advertising:

  • your internet protocol address;
  • the date and time of your visit to our site;
  • the pages that you have accessed and the documents downloaded;
  • website you visited before our website; and
  • the type of browser and operating system you were using.

Any such statistical analysis does not identify you.

Tracking technologies such as cookies may be used on our website to recognise a user’s browser each time that user visits our site and to track which pages the user visits whilst on our site and also to send advertisements to your internet protocol address which are relevant to the pages you have visited.  Cookies are pieces of information that a website transfers to a computer’s hard drive for record keeping purposes.  Cookies may also be used to serve relevant advertisements to website visitors through third party services such as Google AdWords.  These advertisements may appear on our website or on other websites you visit.  Cookies are not malicious programs that access or damage your computer.  Most web browsers are set to accept tracking technologies such as cookies.  These tracking technologies do not personally identify the user.  If you do not wish to receive any cookies, you may set your browser to refuse them.  However, your use of our website may be affected.

How do we use your Personal Information?

Any Personal and Sensitive Information we collect will primarily be used by us to enable us to provide the services that you (or if you are a patient, our client) have requested or for related purposes of or incidental to providing services to you (or our client).

These purposes generally include:

  • supplying our products and services to you;
  • providing quality assurance for our products and services;
  • responding to your enquiries and feedback regarding our business, our products and services;
  • monitoring the performance of our business;
  • marketing including email marketing, telesales, promotional and educative activities including to advise you about products, services and opportunities that may be of interest to you;
  • enforcing the terms and conditions of our engagement with you;
  • to third parties for the management of our database, software, hardware or web based systems;
  • conducting appropriate credit checks;
  • ensuring compliance with statutory obligations.

Direct Marketing

We may, from time to time, communicate with you directly via email or text message to promote our products or services.  On each communication, we will advise how you may unsubscribe or opt out of receiving such communications.  You may, at any time, request not to receive direct marketing communications from us by emailing our Privacy Officer and asking to be removed from the mailing list.  Alternatively, you can fax or mail a request for deletion.  There is no fee for such deletion from the mailing list.

How is your Personal Information disclosed by Comrad?

­We do not and will not rent, sell or otherwise disclose your Personal or Sensitive Information to any other company or organisation, without your prior consent, where that consent is required by law.

You do, however, consent to our use and disclosure of your Personal and Sensitive Information in the following ways and for the following purposes:

  • of or incidental to providing our products and services to you or to others as your agent;
  • to promote and market our products and services to you, including but not limited to advising you about new products that we believe may be of interest to you;
  • to third parties to whom we outsource any of our functions, including payroll, database management and client satisfaction surveys from time to time;
  • of or incidental to a sale of all or part of o­ur business to a third party;
  • to protect and enforce our legal rights; and
  • as required by law, pursuant to a court order, subpoena, warrant, in the course of legal proceeding or in response to a law enforcement agency request.

Disclosure of your Personal Information via Social Media Sites

By engaging in any Social Media Activity on our Social Media Sites, you agree to and are subject to the terms and conditions of such Social Media Sites.  Any Personal Information pinned or posted or uploaded by you onto Social Media Sites can be disclosed in accordance with the terms and conditions and privacy policies of such Social Media Sites.

Generally, photos and other material pinned or posted to Social Media Sites will be able to be viewed by the general public, in Australia and internationally.  Such photos and other material may be shared by others indefinitely and will be visible by anyone visiting the locations to which the photos or other material have been shared.  You may be able to remove the photos or other material that you have pinned or posted from the location at which you pinned or posted it.  However, any material that has been shared will be out of our control and neither you nor we will be able to remove it from any other location.  We are not responsible for any material that has been shared.

We reserve the right to remove any photos, comments or other material that is in any way inappropriate or offensive (in our opinion) from our Social Media Sites.

Cross Border Disclosure

Some of your Personal and Sensitive Information may be disclosed to our related entities overseas, in Australia and New Zealand (“related international entities”).

We have taken reasonable steps to ensure that our related international entities will not breach the APPs in relation to your Personal Information by ensuring they comply with our internal policies and procedures in relation to such Personal Information.  For example, they are not permitted to use or disclose your Personal and Sensitive Information other than as required to comply with their contractual obligations to us and in order to assist us in providing goods and services to you, including but not limited to, helpdesk services.

Some programs, software, online tools, or Social Media Sites used by us, are based in and/or located overseas.  For example, LinkedIn is based in Ireland.  Whilst we do not actively disclose your Personal and Sensitive Information to such organisations, the use of such programs by us may involve disclosure of your Personal and Sensitive Information to such organisations overseas.  Use and disclosure of your Personal and Sensitive Information by such organisations is in accordance with the terms and conditions and privacy policies of such organisations.  To view LinkedIn’s privacy policy, see https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.  When we use third parties such as TeamViewer for helpdesk services, overseas disclosure of some personal information may occur to the countries in which TeamViewer is located. Such information will not be used by TeamViewer for any purpose other than helpdesk functions. TeamViewer’s privacy policy states that they are bound by the German data protection laws.  See http://www.teamviewer.com/en/privacy-policy/

If you consent to disclosure of some of your Personal and Sensitive Information in this manner, we are not required to take reasonable steps to ensure that such organisations do not breach the APPs in relation to the disclosed information.  Having been informed of the possibility that such disclosure may occur, you consent to that disclosure by undertaking or continuing to undertake the type of activities indicating your consent, as specified above.

Security

We are committed to ensuring the security of your Personal and Sensitive Information and we will take all reasonable steps to protect such information from misuse, interference, loss, unauthorised access, modification or disclosure, including:

  • ensuring the physical security of our premises and databases/records;
  • restricting access to personnel who need that information in order for us to be able to provide our products and services; and
  • technological measures, such as computer passwords, data back-up, anti-virus software and firewalls.

We will take all reasonable steps to ensure the Information is accurate and up-to-date and relevant for the purposes for which it may be used pursuant to this Privacy Policy.

Please note that our website does not provide systems for secure transmission of Personal and Sensitive Information across the internet, except where otherwise indicated.  You should be aware that there are inherent risks in transmitting Personal and Sensitive Information via the internet.

Our website may contain links to other websites not owned or controlled by us.  These links are meant for your convenience only.  Links to third party websites do not constitute sponsorship or endorsement or approval of these websites.  Comrad is not responsible for the privacy practises of other such other websites or organisations.

We cannot provide any guarantee with respect to the security of your Personal and Sensitive Information and we will not be liable for any breach of security or unintended loss or disclosure of information due to the website being linked to the Internet.

How to check or change your details

Our Privacy Officer will endeavour to ensure that your Personal and Sensitive Information is accurate, complete and up to date and relevant to the purpose for which we are able to use such information.

If you wish to view the Personal or Sensitive Information we hold about you, please send your request to the Privacy Officer by email, mail or fax using the contact details at the end of this Privacy Policy.  A fee may apply for such access.  If we deny your request for access, we will let you know why.

If you wish to amend your Personal or Sensitive Information because it is inaccurate, out of date, incomplete, irrelevant or misleading, or if you wish your Personal or Sensitive Information to be deleted, please contact our Privacy Officer.

Complaints

If you believe that we have not complied with our obligations pursuant to the Act, or have a complaint about the use or disclosure of your Personal and Sensitive Information by us, please contact our Privacy Officer.

Our Privacy Officer is responsible for liaising with you to ensure that the issues you have raised are fully examined and that your complaint is handled in accordance with this process.  We will treat the process, and all the details of your complaint, in strict confidence.  If we need to discuss any issues arising from your complaint with a third party, we will obtain your consent first.

We will always try to give you a fair opportunity to explain your case. You should make your initial complaint as clear as possible. We may want to meet you in person to discuss your concerns and try to find a satisfactory solution.

What action will we take in response to your complaint?

We will endeavour to resolve your complaint as soon as possible, but the length of time will depend on the nature and complexity of the issues you have raised.  You will receive acknowledgement of receipt of the complaint from us within five business days.  We will give you an estimate of how long it may take us to deal with the matter but we will endeavour to finalise the matter within 30 days.

After investigating and assessing your complaint, we will decide what action (if any) we should take in response.

Some of the things that we decide to do include:

  • take steps to rectify the problem or issue you have raised;
  • provide you with additional information or advice so you can understand what happened and how we have dealt with it; and/or
  • Take steps to change our policies or procedures if your complaint identifies a problem in the way we are doing things.

If we have not resolved a complaint to your satisfaction, you may wish to escalate the matter to the Privacy Commissioner via an online privacy complaint form which can be found for Australia at: http://www.oaic.gov.au/privacy/making-a-privacy-complaint and for New Zealand at: https://www.privacy.org.nz/your-privacy/how-to-complain.

Changes to our Privacy Policy

From time to time we may decide to amend or update this Privacy Policy.  When this occurs, we will post the new version of the Privacy Policy on our website.  We encourage you to review this Privacy Policy from time to time so that you remain informed as to how we are protecting your Personal and Sensitive Information.

Privacy Officer Details

Comrad Australia Pty Ltd

Suites 3 &4, Omnico Business Centre, 270 Ferntree Fully Road, Notting Hill, 3168 Australia

Privacy Officer          : Phil Green

Telephone                 : +613 8540 3333

Email                          : privacy@comrad.com.au

and

Comrad Medical Systems Ltd

Level 1, 225 Papanui Road, Merivale, Christchurch, 8014, New Zealand

Privacy Officer          : Phil Green

Telephone                 : +643 353 1447

Email                          : privacy@comrad.co.nz