Privacy Policy

About this Policy

Spot Check Clinic Pty Ltd as trustee for the Spot Check Trust, ABN: 53 791 423 734 (“us”, “we”, or “our”) recognises the importance of your privacy and respects your right to control how your personal information is collected and used.

We are an Australian Privacy Principle Entity (“APP Entity”) as defined in the Privacy Act 1988 (Cth) (the “Act”). This policy complies with the Australian Privacy Principles as set out in the Act and describes the way that we may collect, hold and disclose personal information (“Privacy Policy”).

This Privacy Policy applies to our websites, spotcheck.clinicwww.spotcheck.clinic and spotcheck.online (the “Site”) which is operated by us, and to the products and services provided by us which are detailed on the Site (”Our Services”).

Our Services can only be used when you have reached the age of eighteen (18) years. When we identify personal information of children younger than eighteen (18) years old, we delete that data.

In this policy “Personal Information” means any information that may identify you, or by which your identity might be reasonably determined. The information you provide us may include, among other things, your name, address, email address and phone number. For our Privacy Policy, your Personal Information includes Sensitive Information. “Sensitive Information” is a subset of Personal Information and means any information about an individual’s racial or ethnic origin, political opinions, memberships of a political organisation, religious belief or affiliation, philosophical belief, membership of a professional or trade association, membership of a trade union, sexual preference or practices or criminal record. For Our Services, Sensitive Information also includes your health information.

Collection

The purpose for which we collect Personal Information is to provide you with the best service experience possible on the Site and for our internal business purposes that form part of normal business practices. Some provision of Personal Information is optional. However, if you do not provide us with certain types of Personal Information, you may be unable to enjoy the full functionality of the Site.

As part of Our Services, you can provide further information regarding your skin type and risk profile. We also collect the pictures you take of your skin lesions. When you use Our Services and submit a picture of your skin lesion for analysis by our service, we store the pictures and collect the information relating to your assessment. We do this to be able to assist you with your health. We will ask for your explicit consent to allow us to store this type of information before you use such service. Without your consent, we cannot provide you with Our Services.

To provide Our Services to you, we may collect Personal Information, such as your contact details.  This might include your name, email address and contact phone number, your business or company name. We may also collect some financial information about you such as your payment and billing information, which we use to bill you for Our Services and to process your payments. This might include your credit card details. We may also collect details of conversations we have had with you or any other information relevant to us. As part of your health assessment, we may send you follow-up emails regarding the advice we provide to you and to assist you by reminding you to seek medical attention when necessary.

We may also collect Sensitive Information about you such as medical reports, referrals, medication, health history and other important health information where you consent and such information is reasonably necessary to provide Our Services to you.

We automatically collect information through our Site and Our Services that is often not personally identifiable, such as the website from which you came to our Site, your IP address, browser type and other information relating to the device through which you access the Site. We may combine this information with the Personal Information we have collected about you.

Use and disclosure

Personal Information collected by us will generally only be used and disclosed for the purpose it was collected.
We use your Personal Information to assist you in the best possible way. When you consent, your Personal Information may be used or disclosed for the following reasons:

  • To supply you with our core service: to screen for, detect, diagnose and manage skin cancers and other skin lesions.
  • To manage our business and to improve Our Services continuously.
  • For our customer service to help you.
  • To send you email notifications or SMS messages relating to the results of the analysis of the data you have sent us. This includes emails in which we provide you with information and ask you to provide us with information about possible follow-up actions.
  • In order to support research, we may use your data (sometimes for reward), pseudonymised (without a direct link to your identity) or anonymised (without us being able to identify you at all). This may include sharing your data with third parties. By uploading your images to our Site or consenting to our employees or consultants to take photos and process images of you, you explicitly consent to the images being processed for the purposes of the provision of Our Services, this Privacy Policy and to be used for the purposes of research and testing of Our Services. As such, your images and other Personal and Sensitive Information may be reviewed by our employees or consultants who work for us and third parties who provide hosting of medical records, clinical images and other information. All employees, consultants and third parties with access to your Personal and Sensitive Information are bound by strict confidentiality.
  • In order to fulfill the contract you enter into with us when you use Our Services, we have to process some essential information. When you wish to use one of Our Services, we may need to process your email address, pictures of skin lesions, risk assessment and payment information.
  • To third-parties or contractors who are integral to the provision of Our Services.

Data regarding the health of your skin and risk assessments is Sensitive Information. In order to lawfully process this Sensitive Information for you, we will ask your consent. We require your consent before we can assist you. When you wish to withdraw your consent, please contact us via the contact details at the bottom of this Privacy Policy. When you withdraw your consent, we will not be able to provide you with Our Services and you will have to discontinue using Our Services.

We may, from time to time, use Personal Information for other purposes where it would be reasonably expected by you or if permitted by the Privacy Act, including to effect or enforce a transaction, procuring legal, accounting and auditor’s advice and advice from other consultants. We may also disclose your Personal Information in circumstances where we are compelled by other Australian laws or a court of law to do so.

We may also (for reward) use and share aggregate or non-personally identifying information about clients for market analysis, marketing or other purposes.

In the event that we sell our business, or engage in a transfer, mergers, restructure or change of control or other similar transactions, customer information (containing Personal Information) is generally one of the business assets that forms part of the transaction. Your Personal Information may be subject to such transfer. In the unlikely event of insolvency, Personal Information may be transferred to a trustee or debtor in possession and then to a subsequent purchaser.

We may provide Sensitive Information to other medical service providers, such as your general practitioner or specialist medical practitioners. We will only supply this information with your consent, or in circumstances where it is required for the delivery of health services, such as referral to another health service provider, billing and liaising with government offices regarding Medicare entitlements and payments, where it is necessary to prevent or lessen a serious threat to a patient’s life, health or safety, or other reason permitted by law.

Access and accuracy

You can access and/or correct Personal Information we hold about you at any time by contacting us. We encourage you to contact us to keep your Personal Information up to date.

We will respond to your request for Personal Information within a reasonable time. We reserve the right to charge an administration fee to cover the costs of responding to your request, for example, where Personal Information is archived or held in storage.

If required by law or where the Personal Information may relate to existing or anticipated legal proceedings, we may deny your request for access to your Personal Information. We will respond to your request, setting out the reasons for our refusal in writing.

In most cases, you will automatically have access to any clinical photographs we take and copies of pathology results via the DermEngine/MoleScope service we use. You may download and share this information as you wish. We accept no responsibility for the consequences of your actions should you choose to share this information, alter your own records, or allow access by third-parties.

Storage and security

We will take reasonable steps to protect your Personal Information from misuse, loss, unauthorised access and modification or disclosure. We use commercially reasonable physical, technical and administrative measures to protect Personal Information that we hold, including, where appropriate, password protection, encryption and SSL to protect our Site.  However, we are not responsible for the storage and security of your Personal Information that is held by third-party service providers including but not limited to DermEngine/MoleScope, FirstCheck, MedicalDirector, Automed and Snapforms. These third-parties have their own privacy policies and you should read and satisfy yourself that about their privacy obligations with respect to the storage and security of your Personal Information.

Despite taking appropriate measures to protect Personal Information collected, used and stored by us, no data security measures we implement can guarantee 100% security of your Personal Information at all times. We cannot guarantee the security of any Personal Information transmitted to us via the internet and such transmission is at your risk.  This is an inherent risk you assume when you use our services.

If we no longer require the use of your Personal Information, we will take reasonable steps to destroy or permanently de-identify it when we are legally permitted to do so.

Personal Information may be stored electronically through third-party data centres, which may be located overseas, or in physical storage at our premises or third-party secure storage facilities. Wherever possible, we use third parties who provide high standards of data security and storage in compliance with Australian Privacy legislation. However, we are not responsible for the storage and security practices of third parties, or data breaches affecting third party providers we use.

Electronic transmission of medical information

In some cases, we may wish to send Sensitive Information about you to you by email or text message. Examples are:

  • requested copies of your medical records;
  • pathology results for you to have a written copy for your records;
  • requested SMS notification of your results;
  • email notification about upcoming or missed appointments; and
  • photographs of your skin to the specialist or hospital clinic if we refer you to them.

Because we cannot guarantee the security of unencrypted email or text messages, we will always obtain your permission before sending any Sensitive Information about you by electronic means.

Data breach notification scheme

If we have reason to suspect a data breach has occurred, we will undertake an assessment in accordance with the Notifiable Data Breach Scheme. If we determine there has been an eligible data breach, we will notify you as soon as reasonably practicable.

If the breach relates to the My Health Records Act, we may disclose your Personal Information to the My Health Records System Operator under section 73A of that Act.

Identifiers

An identifier is a unique number assigned to an individual to identify them. Identifiers include Medicare Numbers and Tax File Numbers. We will not adopt an identifier given to you by a government agency as our identifier of you, unless permitted by law.

Anonymous health care

You may request to remain anonymous when you seek services from us. While we endeavour to comply with any request to use our services anonymously or using an alias, there may be circumstances in which it is unlawful or unpracticable to do so. While this will not affect the quality of the medical care you receive, it may, however, result in an:

  • inability to claim Medicare or private health insurance rebates for services we provide;
  • inability to claim Medicare or private health insurance rebates for pathology or other investigation services we request on your behalf, or services provided by specialists to whom we refer you;
  • inability to prescribe medications subsidised by the Pharmaceutical Benefits Scheme; and
  • incomplete or inconsistent medical records if you use different names/identifiers when attending or interacting with us. This may result in suboptimal management of any medical conditions.

Under Australian Privacy Legislation, you do not have the right to anonymity if:

  • you are diagnosed with a medical condition (such as melanoma and certain other cancers) that must be recorded and notified to a government department or agency under a public health law;
  • you wish to claim a healthcare benefit from Medicare or a private health insurer or purchase prescribed medications subsidised by the Pharmaceutical Benefits Scheme; or
  • you wish to gain access to the Personal Information and/or medical records we hold for you.

Your health care will always remain our priority and we are unable to provide services in circumstances where treating you anonymously may compromise your treatment or health outcomes.

We have a legal obligation under the Public Health Act to report certain medical conditions. If, during the course of providing Our Services, we diagnose a prescribed medical condition, we must make a report, including your identity, to the Health Department.

Career applications

Employment applications and resumés collected by us are safely and securely stored and only used for the purposes for which they were collected.

Cookies, web beacons and analytics

When you interact with our Site, we strive to make your experience easy and meaningful. We, or our third-party service providers, may use cookies, web beacons (clear GIFs, web bugs) and similar technologies to track site visitor activity and collect site data. We may combine this data with the Personal Information we have collected from Customers. Examples of information that we may collect include technical information such as your computer’s IP address and your browser type, and information about your visit such as the products you viewed or searched for, the country you are in, what you clicked on and what links you visited to get to or from our Site. If we identify you with this information, any use or disclosure of that information will be in accordance with this Privacy Policy.

Third-party websites

At times, our Site may contain links to other third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but, instead, is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

Marketing emails

We may send you direct marketing emails and information about products and services that we consider may be of interest to you. These communications will only be sent via email and in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth), and only if you consent to receive marketing emails from us. If, at any time, you would like to stop receiving these promotional emails, you may follow the opt-out instructions contained in any such email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails or promotions from us, we still may send you emails about your account or any services you have requested or received from us, or for other customer service purposes. We do not provide your Personal Information to other organisations for the purposes of direct marketing.

If you receive communications from us that you believe have been sent to you other than in accordance with this Privacy Policy, or in breach of any law, please contact us using the details provided below.

Consent to international transfer

We may transfer your Personal Information to organisations in other countries. Recipients may include our related entities or employees, external service providers such as administration providers or information technology providers such as cloud storage and data processing. We only transfer information where we reasonably believe that the recipient is legally or contractually bound to principles that are substantially similar to the Australian Privacy Principles.

Changes to this Policy

We may change this Privacy Policy from time to time. Any updated versions of this Privacy Policy will be posted on our Site. You should check periodically to review our current Privacy Policy, which is effective as of the effective date listed below. Your continued use of our Site and our services constitutes your acceptance and understanding of the Privacy Policy as in effect at the time of your use. If we make any changes to this Privacy Policy that materially affect our practices with regard to the Personal Information we have previously collected from you, we will endeavour to provide you with notice in advance of such change by highlighting the change on the Site, or where practical, by emailing you.

This Privacy Policy is current as of 4 September 2020.

Complaints and enquiries

If you have any questions or complaints regarding privacy, or if at any time you believe we may have wrongfully disclosed your Personal Information or breached our Privacy Policy, please lodge your complaint in writing to:

Practice Manager
Spot Check Clinic
Shop 1, Ground Level
200 Queen Street
Melbourne Vic 3000

or via our website contact form at https://spotcheck.clinic/contact.

If you are not satisfied with our response, you are entitled to contact the Office of the Australian Information Commissioner by calling 1300 363 992 or writing to the Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 1042.