USER PRIVACY STATEMENT -
SURGICAL ORDER
Surgical Order Pty Ltd ACN 633 961 707 and Implant Order Pty Ltd ACN 633 961 556 (and our related bodies corporate) (Surgical Order, us, we, our) maintains a strict policy of confidence concerning your personal information and is committed to maintaining the privacy and the security of the personal information that we process.
This Policy (Policy) has been developed in accordance with the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles (APPs). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your personal information.
A copy of the Australian Privacy Principles is available at www.aoic.gov.au
If you have any questions or require any further information about this Policy or our privacy information practices, you can contact our Privacy Officer (contact details available at the end of this Policy).
Collection of personal information
Surgical Order will only access, collect and/or use personal information that is reasonably necessary for or directly related to our functions and activities and the provision of our services to you.
What is personal information?
Personal information includes information or an opinion that identifies an individual. Examples of personal information we collect include names, addresses, email addresses, phone, and facsimile numbers.
What personal information do we collect?
The types of personal information collected by us may include but is not limited to:
contact information, such as name, position, practice, office and postal address, email address, phone, facsimile, and mobile telephone numbers;
subscriber name and/or practice name;
position or title (such as a specialist, practice manager, receptionist, IT consultant or otherwise);
practice type (such as general practitioner, dermatologist, general surgeon, orthopaedic surgeon or otherwise);
information about devices (and number) requiring access to our software products;
user names and email addresses;
billing information, such as bank account details; and
any other additional information you provide to us.
Surgical Order does not collect sensitive information about you (such as information relating to your race, ethnicity, health, or religion) unless you have given express consent, it is required or authorised by law, or is reasonably necessary to establish, exercise or defend a legal claim.
How do we collect personal information?
Surgical Order only collect personal information by lawful and fair means.
If it is reasonable and practical to do so, we will collect personal information directly from you. We collect information in a number of ways, such as when you contact us by phone or email, or when you use our products and services.
Surgical Order may also collect personal information from third parties such as hospitals medical practitioners which are parties to Surgical Order’s Master Hospital Agreement and Master Practice Agreement, your representatives or publicly available sources of information. All personal information that we collect is reasonably necessary for the purposes relating to providing our products and services to you.
Why do we collect your personal information?
Surgical Order provide software products and services to assist health service providers to manage their practices, including by storing and managing patient information and records. Under the terms of our Master Hospital Agreement and Master Practice Agreement, we may have access to personal information such as patient personal, sensitive and health information (End-User Data). This may include information about an individual’s health, disability, their use, receipt, or request for provision of health services, medical history, general practitioner, Medicare and health insurance details and other information provided to us.
All End-User Data is de-identified except for use by the hospital or medical practitioner.
Surgical Order only use End-User Data for the purpose of delivering our products and services, and as permitted under the terms of our Master Hospital Agreement or Master Practice Agreement or this Policy.
Surgical Order do not share End-User Data with third parties without consent or unless compelled to do so by law. Surgical Order do not use End-User Data for marketing purposes.
Consequences if personal information is not collected
If Surgical Order are unable to collect the personal information we reasonably require, then we may not be able to provide our services to you.
What is sensitive information?
Sensitive information is information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, or health information.
How do we deal with sensitive information?
Surgical Order will only use sensitive information:
with your consent, or where required or authorised by law; and
for the primary purpose for which it was obtained; or
for a secondary purpose that is directly relevant to the primary purpose.
Third parties
Where reasonable and practicable, Surgical Order will collect your personal information from you directly. In some circumstances, we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Surgical Order may be provided with information by third parties under the terms of our Master Hospital Agreement and Master Practice Agreement. In such a case we need not notify individuals that their information is provided to us. This information will only be used for the purpose of delivering our products and services, and as permitted under the terms of our Master Hospital Agreement or Master Practice Agreement or this Policy.
Disclosure of personal information
Your personal information may be disclosed in various circumstances including:
where you have consented to the use or disclosure of such information to a third party; or
where disclosure is required or authorised by the law.
You may withdraw your consent to disclosure of your personal information at any time. The withdrawal of your consent should be communicated to us in writing within a reasonable time. Such communications should be directed to our Privacy Officer, who’s details are at the end of this Policy.
Security of your personal information
Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification, or disclosure.
Surgical Order securely stores your data on the cloud. The cloud used is Microsoft Azure web hosting.
Surgical Order will take reasonable steps to permanently destroy and de-identify your personal information when such information is no longer needed for the purpose/s for which it was obtained. Most of the personal information collected will be stored in for a minimum of 7 years until it is destroyed. Any files that are destroyed are done so through secure electronic destruction processes.
Notwithstanding the reasonable steps taken to keep information secure, security cannot be guaranteed and breaches may occur. In the event of a security incident, we have in place procedures to promptly investigate the incident and determine if there has been a data breach involving personal information, and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with the Act.
If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us immediately.
What are your data protection rights?
Surgical Order would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:
The right to access – you have the right to request copies of your personal data which we have collected. We may charge a fee for this service;
The right to rectification – you have the right to request that we correct any information you believe is inaccurate;
The right to erasure – you have the right to request that we erase your personal data, under certain conditions;
The right to object – you have the right to object to our processing of your personal data; and
The right to data portability – you have the right to request that Surgical Order transfer the data that we have collected to another organisation, or directly to you, under certain circumstances.
If you wish to exercise any of these rights, please contact our Privacy Officer, who’s details are at the end of this Policy.
Accessing your personal information
You may access the personal information we hold about you and to update and/or correct it subject to certain exceptions. If you wish to access your personal information, please contact us in writing.
In order to protect your personal information, we may require identification from you before releasing the requested information.
Maintenance of your personal information
It is important that your personal information is current. We will take reasonable steps to make sure that your personal information is accurate, complete, and current. If you find that the information we have is inaccurate, incomplete, or not current, please advise us as soon as practicable so we can update our records.
Policy Updates
Surgical Order reserves the right from time to time to amend this Policy. When such amendments are made, the updated policy will become available on the Surgical Order website, https://surgicalorder.com/.
Policy Complaints and Enquiries
If you have any queries or wish to make a complaint about our Policy or the way in which we have used your personal information, please contact us at:
Email: info@surgicalorder.com
Phone: 08 7092 4282
Mail address: 226 Melbourne Street, North Adelaide, South Australia 5006
Our Privacy Officer will contact you about your complaint as soon as reasonably practicable and we will attempt to resolve it with you.
If you are not satisfied with the outcome of your complaint, you may contact the Information Commissioner’s Office:
Email: enquiries@oaic.gov.au
Phone: 1300 363 992
Website: www.oaic.gov.au