Privacy Policy

Medical Exchange Link Pty Ltd ACN 607 351 271 (we, us, our) respects the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). We understand the importance of, and are committed to, protecting personal information. This Privacy Policy explains how we manage personal information (that is, information or an opinion, whether true or not, about an identified individual or an individual who is reasonably identifiable), including our obligations and the rights of individuals in respect of our dealings with personal information.

Please take a moment to read our Privacy Policy as it describes what happens to personal information, including personal information that is collected via our Meddage application (App).

We collect personal information about two primary categories of people, being:

This Privacy Policy sets out how we handle the personal information of all individuals, including both Patients and Practitioners. We will handle all personal information with care and discretion, but our Privacy Policy notes where we take a particular approach when dealing with information about Patients and Practitioners respectively.

  1. How we collect personal information

    2. We will collect and hold personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect personal information directly from the relevant individual.

    We collect personal information from Practitioners when they contact us to establish an account to use our App.

    We may collect personal information from individuals generally through some of the following means:

    1. when an individual contacts us via telephone or facsimile;
    2. from correspondence (whether in writing or electronically);
    3. through the App, and any other websites or mobile applications provided by our organisation;
    4. while conducting customer satisfaction and market research surveys;
    5. when administering any of our services; and
    6. as otherwise required to manage our business.

    In certain cases we may collect personal information about an individual from other parties.

    We collect personal information about Patients from their Practitioners.

    We may also collect personal information about individuals from other third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners, and from publically available sources.

    If we collect personal information about an individual from a third party (including a Practitioner) we will, where appropriate, request that the third party inform the individual that we are holding such information, how we will use and disclose it, and that they may contact us to gain access to and correct and update the information.

  2. Types of personal information we collect

    3. We may collect a range of information about Practitioners, including:

    1. their name and contact details;
    2. their employment information;
    3. their professional credentials;
    4. their billing information; and
    5. details of their Patients.

    We may also collect and hold sensitive information about a Practitioner, most particularly including their membership of professional information.

    We may collect a range of information about Patients, including:

    1. their name and contact details; and
    2. details of their next of kin.

    We may also collect and hold sensitive information about Patients, most particularly including:

    1. health information, including information about health treatments;
    2. genetic information;
    3. information about racial or ethnic origin; and/or
    4. information about sexual orientation.

    We only collect sensitive information about an individual with their consent, or otherwise in accordance with the Privacy Act.

    Where an individual does not wish to provide us with their personal information, we may not be able to provide requested goods or services. In particular:

    1. we may be unable to verify a Practitioner to use our App if they do not provide requested personal information;
    2. a Practitioner may be unable to use our App to communicate with other medical professionals regarding the healthcare of a Patient if the Patient is unwilling for us to collect their personal information.
  3. Our purposes for handling personal information

    4. As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances.

    We may collect, hold, use and disclose personal information about Practitioners to:

    1. verify their status as a medical professional;
    2. facilitate their use of the App, and communications with other users of the App;
    3. offer and provide them with our goods and services;
    4. manage and administer those goods and services, including account keeping procedures;
    5. communicate with them, including (but not limited to), emailing tax invoices, dispatch and tracking information, returns and exchange authorisations;
    6. improve and further develop the App, and associated services;
    7. identify trends and conduct other analysis;
    8. develop and facilitate new products and services;
    9. comply with our legal and regulatory obligations; and
    10. otherwise to manage our business.

    We may collect, hold, use and disclose personal information about Patients to:

    1. facilitate communications between users of the App;
    2. improve and further develop the App, and associated services;
    3. manage and administer the App, including account keeping procedures;
    4. identify trends and conduct other analysis;
    5. develop and facilitate new products and services;
    6. comply with our legal and regulatory obligations; and
    7. otherwise to manage our business.

    We will not use or disclose personal information for any other purpose unless permitted under the APPs, or where the individual has consented to that use or disclosure.

    We may disclose personal information between our organisations or to third parties such as our suppliers, organisations that provide us with technical and support services, or our professional advisors, where permitted by the Privacy Act. If we disclose information to a third party, we generally require that the third party protect personal information to the same extent that we do

  4. Anonymised and de-identified information

    5. Where information is de-identified, aggregated or otherwise anonymised, such that you are not reasonably identifiable from this information, it will not constitute personal information and is not subject to the APPs. We may use and disclose such anonymised information for any purposes as we see fit, including trend identification and other data analysis.

  5. Protection of personal information

    6. We will hold personal information as either secure physical records, electronically on our servers, in cloud storage, and in some cases, records on third party servers, which may be located overseas.

    We maintain appropriate physical, procedural and technical security for our offices, App, and information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal information. This also applies to disposal of personal information.

    We further protect personal information by restricting access to personal information to only those who need access to the personal information do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of personal information.

    We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.

  6. Direct marketing

    7. We will not use or disclose information about Patients for the purpose of direct marketing.

    Like most businesses, marketing is important to our continued success. We believe we have a unique range of products and services that we provide to Practitioners at a high standard. We therefore like to stay in touch with Practitioners and let them know about new opportunities.

    We may use personal information about Practitioners to provide them with information about new products, services and promotions either from us, or from third parties which may be of interest.

    We will not disclose personal information to third parties for marketing purposes unless permitted by the APPs, or where we have been given consent to do so by the individual involved.

    An individual may opt out at any time if they no longer wish to receive commercial messages from us. This request can be made by contacting our Privacy Officer.

  7. Accessing and correcting personal information

    8. An individual may contact our Privacy Officer to request access to the personal information that we hold about them and/or to make corrections to that information, at any time. On the rare occasions when we refuse access, we will provide a written notice stating our reasons for refusing access. We may seek to recover reasonable costs incurred for providing access to any of the personal information held by us.

    We are not obliged to correct any of personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide a written notice stating our reasons for refusing.

    We will respond to all requests for access to or correction of personal information within a reasonable time.

  8. Overseas transfers of personal information

    9. As at the date of this Privacy Policy, we are not likely to disclose personal information overseas recipients, unless a Practitioner directs us to send a Patient's information to a particular overseas recipient. The countries in which the overseas recipients will be located will be the countries nominated in accordance with the request.

    If in future we do propose to disclose personal information overseas, we will do so in compliance with the requirements of the Privacy Act. We will, where practicable, advise of the countries in which any overseas recipients are likely to be located.

    From time to time we may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider.

    Each individual providing personal information to us consents to us disclosing this personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agrees that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the Australian Privacy Principles, that entity will not be bound by, and the individual will not be able seek redress under, the Privacy Act.

  9. Resolving personal information concerns

    10. If there any questions, concerns or complaints about this Privacy Policy, or how we handle personal information, please contact our Privacy Officer:

    We take all complaints seriously, and will respond to each complaint within a reasonable period.

    If dissatisfied with the handling of a complaint, an individual may contact the Office of the Australian Information Commissioner:

  10. Changes

    11. We reserve the right to change the terms of this Privacy Policy from time to time, without notice. An up-to-date copy of our Privacy Policy is available on our Website.

The last update to this document was 27 October 2023