Privacy Policy

Find My Appointment | My Appointments

Privacy Policy
for Practitioners and Practice Staff

IMPORTANT NOTE: The My Appointments and Find My Appointment platforms are in the beta testing phase and not all features, functionalities and services are presently available for use, including the Find My Appointment platform itself. As such, references in this Privacy Policy to any features, functionalities or services are not intended to be a representation that they are available for use. The provisions of this Privacy Policy which refer to features, functionalities and services which are launched in the future (including the Find My Appointment platform) will apply: 

• to your use of them when they become operational; and
• to any use by you of the My Appointments platform in the interim to the extent to which that use may be connected to your future use of such features, functionalities and services.
  

FMA Operations Pty Ltd (ABN 43 642 625 689) and its related entities (we, us or our) own and operate the Find My Appointment online directory (FMA) and the My Appointments practice management platform (MA).

FMA is an online directory that includes information about natural health practitioners / service providers (Practitioners), including sole practitioners and those within multi-practitioner (and multidisciplinary) clinics/practices (Practices). 

MA is an online platform (including an associated mobile application (App)) that includes functionalities that Practitioners can use to manage their natural health Practices, take bookings for appointments, and interact with their patients (including engaging in virtual telehealth consultations).

Practitioners can list their businesses on FMA, and visitors to the FMA website (Visitors) can use FMA to find a Practitioner from whom they may wish to obtain natural health advice, care or treatment, to ascertain the Practitioner’s contact details, and potentially to make a booking with the Practitioner.

MA is used by Practitioners and their authorised support and administrative staff (Practice Staff) as a practice management platform for their Practice.  A Practice will generally have one primary MA account held by a Practitioner in their own name and on behalf of the Practice (Main User), which the Main User will set up with the authorisation of the proprietor(s) of the Practice (who may or may not be or include the Main User).  The Main User may authorise and administer one or more sub-accounts on MA for other Practitioners and Practice Staff (Sub-Users).  

Clients of those Practitioners can register a patient account on MA and that allows Practitioners (and other personnel at their Practice) and those clients (Patients) to use MA to interact with each other. Practitioners (whether they are a Main User or a Sub-User), other Practice staff (who will be Sub-Users) and Patients can access and use MA through a web browser or the App. 

A Visitor who wishes to make a booking with a Practitioner may be invited by that Practitioner or their Practice staff to register an account on MA and thereby become a Patient for the purposes of this Privacy Policy.

This Privacy Policy explains how and what of your personal information (including sensitive information) we collect, use and disclose and how we manage your personal information as a Practitioner (whether as a Main User or Sub-User) or as Practice Staff (as a Sub-User), or as a person with a significant ownership interest in the Practice who has authorised a Practitioner to register an MA account on behalf of the Practice (Practice Owner).

We have a separate privacy policy for Patients and Visitors, which explains how and what personal information (including sensitive information and health information) we collect, use and disclose in respect of Patients and Visitors and how we manage that information. 

We are bound by and adhere to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) under that Act (together, Privacy Act) and this Privacy Policy.

By using MA or FMA as a Practitioner, or Practice Staff, or authorising the use of MA or FMA as a Practice Owner, or providing any personal information to us via MA, FMA or otherwise, you agree and consent to us (as operator of FMA and MA) collecting, using and disclosing your personal information (including your sensitive information) in accordance with this Privacy Policy. 

By accessing or using FMA or MA as a Main User, you will also be bound by the Main User Terms of Use.

By accessing or using FMA or MA as a Sub-User (either as a Practitioner or Practice Staff), you will also be bound by the Sub-User Terms of Use.

By accessing or using FMA or MA as a Main User or Sub-User (whether as a Practitioner or as Practice Staff), you also agree and consent to your Practice’s collection, use and disclosure of your personal information in accordance with your Practice’s privacy policy.

There is no obligation for you to provide us with any of your personal information but, if you choose not to, we will not be able to provide the information or services that you require.

WHAT PERSONAL INFORMATION IS COLLECTED AND HOW

For Practitioners

As a Practitioner, whether you are a Main User or a Sub-User, you can (a) set up a profile page on FMA; (b) set up your practice management system using MA; or (c) set up both.

Whichever you choose, we ask you to provide (and we will collect from you) the following personal information:

• your full name, gender, profession and professional qualifications;
• details of any professional (or other) registrations or associations of which you are a member and, where applicable, your registration number or member number for any such association;
• details of any professional indemnity coverage you have;
• a list of languages in which you can converse;
• a profile image depicting your face;
• a description of your professional specialities and the services you provide;
• your contact details (e.g. phone number(s), email address, website and links to social media profiles); and
• any other information you enter on registration as a Practitioner on MA (e.g. in your bio).

If you are a Main User setting up your practice management system using MA on behalf of your Practice, we will also ask you to provide (and we will collect from you) additional information about your Practice and its business, proprietors, payment details, calendar details, appointment types and fees, products stocked and SMS settings.  If you initiate the creation of sub-accounts on MA associated with your Main Account, for other Practitioners or Practice Staff at your Practice, we may also ask you to provide (and we will collect from you) information about those other (Sub-User) persons. All of the foregoing types of information may include personal information. 

For Practice Staff

If you are Practice Staff and you work together with and/or provide administrative support to a Practitioner, and you are authorised within your Practice to access and use MA as a Sub-User, we will collect (either directly from you or indirectly from the Main User) your personal information (including sensitive information) for the purposes of administering your account and profile on MA. Your account information includes your full name, date of birth, email address, postal address, bank account details, ABN and a profile image depicting your face.

Patient Information

For Patients with an MA account, we collect (either directly from the Patient when they enter it on MA or from you when you enter it on MA) certain personal information of the Patient for the purpose of administering the Patient’s account on MA (Patient Account Information). Patient Account Information includes the Patient’s full name, mobile telephone number and email address.

As a Practitioner and/or Practice Staff, you may obtain (i.e. collect) personal information of your / the Practice’s Patients via MA (when you or they type or upload it through MA’s user interface) depending on your relationship with your Patient(s).  In particular, you may require that your Patients provide you with the following personal information, either directly or via MA (Patient Information):

• the Patient’s full name, phone number(s), date of birth, residential address, occupation;
• the Patient’s health information (which is sensitive information), including their health history, past or planned surgical procedures, consumption of alcohol, use of drugs and tobacco, family health history and their exercise regimes and routines;
• the Patient’s Medicare number;
• where applicable, the details of any private health coverage the Patient may have;
• any other Patient Information that you request that your Patient provides to you on an intake form or during a consultation; and
• medical/health-related test results.

Although Patient Information may be collected through, uploaded into and/or stored in MA, it is collected by you as Practitioners/Practice Staff, not us (except Patient Account Information which we sometimes collect directly). We simply provide MA as a platform for you and your Practice to use to collect, upload, store and use such Patient Information. We do not access Patient Information (other than Patient Account Information).  During the beta testing phase of MA our third party IT service providers may be able to access Patient Information; however, where they are not subject to equivalent privacy protections and access (e.g. the EU General Data Protection Regulation), we ensure they take reasonable steps to safeguard your personal information and only access and use your personal information where necessary and for the purposes for which it was supplied, and we will take reasonable steps to ensure that such third parties are subject to or bound by the privacy obligations of the Privacy Act with respect to the protection of your personal information.

You are responsible for the collection, use and disclosure of Patient Information of your Patients and you must do so in compliance with the Privacy Act and all applicable privacy and health records laws.

If you provide us with or request us to access (e.g. for maintenance or other support) the personal information of others (including but not limited to Patient Account Information or other Patient Information), you represent and warrant to us that: (a) you are authorised by that other person to provide their personal information to us; (b) you have referred them to the Privacy Policy relevant to the collection of their information and obtained their express consent to our collection, use and disclosure of their personal information in accordance with that Privacy Policy; and (c) you have complied with the APPs in collecting that personal information. This applies, for example if, as a Practitioner or Practice Staff, you enter into MA the personal information you have collected from any Patient.

Payment and business information

We use a third party payment processor – Lateral Payment Solutions Pty Ltd (ABN 12 610 150 064) (Latpay) – to process payments between your Practice and us (and, where you elect to use it, between your Practice and your Patients).  

The Main User is responsible for selecting the payment plan for the Practice’s use of MA.  

If the Main User elects to use MA on our $0 plan, which requires the Main User and any Sub-Users to use Latpay for payment processing services associated with MA, we will ask you to provide your Practice’s bank account details, other information about the Practice, driver’s licence details of all Business Owners who have at least a 25% ownership interest in the Practice, and other personal information.  That information is passed directly to and collected by Latpay and Latpay stores that information using Latpay’s secure payment gateway. A copy of that information is provided to us but then deleted and not retained or stored by us once we have verified the information in it is correct. 

If the Main User elects to use MA on our $29 plan, which does not require the use of Latpay for payment processing services associated with MA, we will ask you to provide your credit card details and some other personal information and information about the Practice.  That information is passed directly to and collected by Latpay and Latpay stores that information at Latpay’s secure payment gateway.  

The account/credit card details, personal information and business information collected by Latpay in the way described above is stored and used and your payments are processed by Latpay in accordance with their terms of service and privacy policy.  We do not access your bank account or credit card details or other personal information collected by Latpay. If you have any questions or concerns regarding the collection, use, holding and/or sharing by Latpay of your bank account / credit card details or other personal information, please contact Latpay. 

Google Calendar Sync

When you use our application to sync your appointments with your Google calendar, we automatically sync your appointments from MA through to Google. We do not store, share or use your Google user data including any appointments you’ve added directly in your Google calendar at any time. When accessing your Google calendar, MA will create, delete and update events in real-time when they are added in, updated or deleted in your MA account only. If any appointments (including those added originally in MA) are updated in Google calendar, they will not be updated into your MA account. It is imperative any changes you need to make to your MA appointments are done in MA and not in Google calendar as the sync is only 1 way.

Before you can sync your calendar, you must provide explicit permission for MA to access your Google calendar, and you can revoke this permission at any time through your Google account settings.

Our API to Google adheres to Google API Services User Data Policy, including the Limited Use requirements.

HOW YOUR PERSONAL INFORMATION IS USED

We use the personal information we collect from you:

• to provide you with access to and use of MA and FMA as a Main User or (Practitioner or Practice Staff) Sub-User (as applicable); in the case of Main Users, we use your personal information to provide the MA platform to you as an administrator, including its dashboard, client relationship management system, booking system, messaging system and task management features;
• to operate, administer, provide support and contact you in relation to your account on MA (and FMA), including to respond to your queries and process login issues;
• if you are a Practitioner (whether a Main User or Sub-User), for the purposes of creating and maintaining your listing on FMA;
• to allow you to use Latpay’s payment processing services through MA;
• to facilitate the buying/ordering, selling and delivery of natural health products from Practitioners to Patients;
• to inform you of updates to the features and functionality of MA and FMA;
• to evaluate and improve MA and FMA;
• to compile de-identified statistical information about usage of MA and FMA; and
• for other purposes as required or permitted by law.

Occasionally, where necessary for maintenance, support and troubleshooting of MA and FMA, we may have access to your personal information. However, we limit access to only those individuals who need to see or access that personal information to do their job and we do not keep a copy of any records that contain any of the personal information so accessed.

HOW YOUR PERSONAL INFORMATION IS SHARED

For Practitioners

If you create a listing profile on FMA, the personal information you enter into FMA (including your contact details) will be published online and accessible to anyone who accesses FMA.

If you create an account on MA, your contact details will be accessible to your current and prospective Patients on MA (and other Patients on MA who may search for you) so that they may contact you.

General

A number of third party service providers support the functionality of MA and we may share your personal information with our third party service providers who assist us to perform one or more of the purposes set out in this Privacy Policy.  In particular, MA integrates with third party service providers whom we use to provide telehealth consultation services, SMS notification services and payment processing services.  As such, you may be asked to share, and we may share, your personal information (including sensitive information) with: 

• our telehealth consultation service provider(s) for the purpose of facilitating or conducting telehealth consultations through MA; 
• our SMS notifications service provider(s) for the purpose of sending SMS messages to you; and/or 
• our payment processor for the purpose of facilitating or conducting digital payments.

If you use the telehealth consultation functionality of MA, please read the third party service provider’s privacy policy to learn about how it collects, uses and discloses your personal information.

We store your personal information on secure servers located in Australia and managed by Amazon Web Services, Inc. Our third party service providers are located in Australia and the United States and may store your personal information outside of Australia.

When we engage third party service providers to perform services for us as part of MA, those third parties may be required to handle your personal information. If such third party service providers are not ordinarily subject to the Privacy Act or a law with equivalent privacy protections and access (e.g. the EU General Data Protection Regulation), we ensure they take reasonable steps to safeguard your personal information and only use your personal information for the purposes for which it was supplied, and we will take reasonable steps to ensure that such third parties are subject to or bound by the privacy obligations of the Privacy Act with respect to the protection of your personal information.

We may also disclose your personal information otherwise as required or permitted by law.

Patient Information

As a Practitioners/Practice, you have the ability to provide API keys to third party apps, allowing those third party apps to access data stored on the MA platform (including personal information) that is accessible to you / your Practice. In effect, this amounts to the personal information of Patients being disclosed by you to certain third parties. This is your responsibility, not ours, and you must ensure any such disclosure by you is in compliance with the Privacy Act and all applicable privacy and health records laws.

MARKETING COMMUNICATIONS

We may send marketing communications to you as Practitioners and Practice Staff. These communications may be in various forms, including mail, telephone or, with your consent, via SMS and/or email.

If you indicated a preference for a method of communication, we will endeavour to use that method to communicate with you whenever practicable to do so. 

If at any time you decide you no longer wish to receive marketing communications from us you may use the opt-out/unsubscribe facility option in our email or SMS communications or make a request to not receive marketing communications from us by contacting us using the details noted in the Contact Information section below.

SECURITY OF YOUR PERSONAL INFORMATION

We take reasonable steps to protect your personal information from loss, misuse and interference and from unauthorised access, modification or disclosure. We encrypt your personal information when it is transmitted over the internet. We are certified as being compliant with HIPAA and ISO/IEC 27001:2013.

We take (and we require our third party service providers with whom we share your personal information to take) reasonable steps to destroy or permanently de-identify your personal information where it is no longer required, once any legal obligations to retain it have expired.

However, our data protection measures are not a guarantee of the security of your personal information. You must also take care to protect your personal information. Please notify us as soon as possible if you become aware of any security or data breaches.

UPDATING AND/OR ACCESSING YOUR PERSONAL INFORMATION

We take reasonable steps to ensure that your personal information that we hold is accurate, complete and up to date. To assist us to do this, please ensure you provide us with correct information and inform us whenever your personal information changes. 

If you wish to access, update or correct your personal information that we may hold about you, please contact us using the details noted in the Contact Information section below. 

If we refuse to correct your personal information following a request by you to do so, then we will provide you with a written notice of the reason(s) for such refusal and the procedure to complain about our refusal. We will respond to any requests regarding the correction of your personal information so that it is accurate, complete and up to date within a reasonable period after a request is made. We will not charge you for any request to correct your information.

Where you request access to your personal information, we will respond to any such request within a reasonable period after the request is made. If we refuse to provide access to your personal information for any reason, we will provide you with a written notice of the reason(s) for such refusal and the procedure to complain about the refusal. 

We may recover from you our reasonable costs of supplying you with access to your personal information, but we will not charge you for any request you might make to access your personal information.

COOKIES

Information may be collected through the use of “cookies” on FMA and MA. Cookies are small text files that a website can use in order to recognise visitors who revisit a website so as to facilitate their ongoing access to and use of the site. They enable usage behaviour to be tracked and aggregate data to be compiled that would facilitate more targeted advertising and improved content. Typically, cookies involve the assigning of a unique number to the visitor. You can prevent the use of cookies by setting up your web browser to block them.

LINKS ON OUR WEBSITE

FMA and MA may contain links to websites which are owned or operated by other parties. You should make your own enquiries as to the privacy policies of these parties/websites. We are not responsible for the information on, or the privacy practices of, such websites or the entities that operate them.

IF YOU HAVE A PRIVACY COMPLAINT

We are committed to maintaining and protecting your privacy. If you wish to make a complaint, please contact us using the contact information in the Contact Information section below. 

Please provide us with sufficient detail regarding your complaint and any supporting evidence. We will notify you in writing if we require any additional information or otherwise of the outcome of our investigation of the complaint

If your complaint is not satisfactorily resolved, you may refer your complaint to the OAIC at www.oaic.gov/about-us/contact-us.

CONTACT INFORMATION

Any queries about this Privacy Policy, correction or access requests or privacy complaints should be addressed to:

Anil Mustafa
Privacy Officer
FMA Operations Pty Ltd

Address: PO Box 450, Mawson ACT 2607, Australia

Email: hello@myappointments.app

CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or change our Privacy Policy at any time. You can find the date of the most recent review of this policy at the end of the document. When we make any material changes to this Privacy Policy we may highlight these in a banner on FMA and MA and/or send a notification to you by email or by way of a popup when you next login to MA. 

Your continued use of MA and/or FMA, requesting our services or the provision by you of further personal information to us after this Privacy Policy has been revised will be deemed to be your acceptance of and consent to the revised Privacy Policy.

This Privacy Policy was last revised on 23rd March 2023.