Privacy Policy – Client

Find My Appointment | My Appointments

Privacy Policy
for Patients and Visitors

IMPORTANT NOTE: The My Appointments and Find My Appointment platforms are in the beta testing phase and not all features, functionalities and services are presently available for use, including the Find My Appointment platform itself. As such, references in this Privacy Policy to any features, functionalities or services are not intended to be a representation that they are available for use. The provisions of this Privacy Policy which refer to features, functionalities and services which are launched in the future (including the Find My Appointment platform) will apply: 

• to your use of them when they become operational; and
• to any use by you of the My Appointments platform in the interim to the extent to which that use may be connected to your future use of such features, functionalities and services.
  

FMA Operations Pty Ltd (ABN 43 642 625 689) and its related entities (we, us or our) own and operate the Find My Appointment online directory (FMA) and the My Appointments practice management platform (MA).

FMA is an online directory that includes information about natural health practitioners / service providers (Practitioners), including sole practitioners and those within multi-practitioner (and multidisciplinary) clinics/practices (Practices). 

MA is an online platform (including an associated mobile application (MA App)) that includes functionalities that Practitioners can use to manage their natural health Practices, take bookings for appointments, and interact with their patients (including engaging in virtual telehealth consultations).

Practitioners can list their businesses on FMA, and visitors to the FMA website (Visitors) can use FMA to find a Practitioner from whom they may wish to obtain natural health advice, care or treatment, to ascertain the Practitioner’s contact details, and potentially to make a booking with the Practitioner.

MA is used by Practitioners and their authorised support and administrative staff (Practice Staff) as a practice management platform for their Practice.  Clients of those Practitioners can register a patient account on MA and that allows Practitioners (and their Practice Staff) and those clients (Patients) to use MA to interact with each other.  Practitioners, Practice Staff and Patients can access and use MA through a web browser or the App. 

A Visitor who wishes to make a booking with a Practitioner may be invited by that Practitioner or their Practice Staff to register an account on MA and thereby become a Patient for the purposes of this Privacy Policy.

This Privacy Policy explains how and what of your personal information (including sensitive information and health information) we collect, use and disclose and how we manage your personal information as a Visitor or Patient.

We are bound by and adhere to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) under that Act (together, Privacy Act) and this Privacy Policy.

By using MA as a Patient, accessing FMA as a Visitor or Patient, or providing any personal information to us via MA, FMA or otherwise, you agree and consent to us (as operator of FMA and MA) collecting, using and disclosing your personal information (including your sensitive information and health information) in accordance with this Privacy Policy. 

By accessing and using MA as a Patient you also: 

• agree to be bound by the Patient Terms of Use.
• agree and consent to your Practitioner’s (and/or their Practice’s) collection, use and disclosure of your personal information in accordance with your Practitioner’s and/or their Practice’s privacy policy.

If you are under 16 years of age you must, prior to your access to MA and/or FMA, refer this Privacy Policy to a parent/guardian and obtain their express consent to us collecting, using and disclosing your personal information in accordance with this Privacy Policy.

There is no obligation for you to provide us with any of your personal information but, if you choose not to, we will not be able to provide the information or services that you require.

WHAT PERSONAL INFORMATION IS COLLECTED AND HOW

Using FMA or contacting us

As a Visitor or Patient using FMA, we collect your personal information when you provide it to us through FMA (i.e. entering information into a form on the FMA website or through the App or making an enquiry) and/or if you otherwise contact us by phone, email or mail. We also collect information through the use of cookies in accordance with the Cookies section below.

Account Information

For Patients with an MA account, we collect (either directly from you when you enter it on MA or from your Practitioner or Practice Staff when they enter it on MA) certain personal information of yours that we call Account Information for the purpose of administering your account on MA. Your Account Information includes your full name, mobile telephone number and email address.

Patient Information

As a Patient, your Practitioner(s) and/or their Practice Staff may collect the following personal information from you (Patient Information):

• your full name, phone number(s), date of birth, residential address, occupation;
• your health information (which is sensitive information), including your health history, past or planned surgical procedures, consumption of alcohol, use of drugs and tobacco, family health history and your exercise regimes and routines;
• your Medicare number;
• where applicable, the details of any private health coverage you may have;
• any other Patient Information that your Practitioner requests that you provide to them on an intake form or during a consultation; and
• medical/health-related test results.

Depending on your relationship with your Practitioner(s), they may obtain this Patient Information from you through MA, such as when you enter, upload or otherwise provide it through your MA account / MA’s user interface, or they may obtain it another way, such as in a face to face or telehealth consultation, via an electronic or hard copy ‘intake form’, or over the telephone. Where your Practitioner or their Practice Staff obtain such information from you other than through MA, they may enter some or all of that information into MA to store it as part of their records for you as their Patient. 

Although Patient Information may be collected through, uploaded into and/or stored in MA, it is collected by Practitioners/Practices, not us. We simply provide MA as a platform to the Practitioner/Practice for them to use to collect, upload, store and use such Patient Information. We do not access your Patient Information (other than your Account Information). 

During the beta testing phase of MA our third party IT service providers may be able to access Patient Information; however, where they are not subject to equivalent privacy protections and access obligations as we are (e.g. the EU General Data Protection Regulation), we ensure they take reasonable steps to safeguard your personal information and only access and use your personal information where necessary and for the purposes for which it was supplied, and we will take reasonable steps to ensure that such third parties are subject to or bound by the privacy obligations of the Privacy Act with respect to the protection of your personal information.

If you have any questions or concerns regarding the collection, use, holding and/or sharing of your Patient Information by your Practitioner(s) or their Practice(s), please contact them directly.

Personal information of others

If you provide us with or request us to access (e.g. for maintenance or other support) the personal information of others you represent and warrant to us that: (a) you are authorised by that other person to provide their personal information to us; (b) you have referred them to this Privacy Policy and obtained their express consent to our collection, use and disclosure of their personal information in accordance with this Privacy Policy (except where they do not have capacity to provide such consent); and (c) you have complied with the APPs in collecting that personal information. This applies, for example, if you are a Patient and you enter into MA someone’s contact details as your ‘emergency contact’ or as a family member, or you are a parent, guardian or Authorised Representative of a Patient who is legally authorised to access and manage a Patient’s personal information.

Credit card information

We use a third party payment processor – Lateral Payment Solutions Pty Ltd (ABN 12 610 150 064) (Latpay) – to process payments between you and your Practitioner.  Latpay – not us – collects your credit card details (and other personal information such as your name) and stores that information encrypted at Latpay’s secure payment gateway. Your card will only be stored if you select this option at the time of payment. Latpay collects and processes payment by in accordance with their terms of service and privacy policy.  We do not access your credit card details or other personal information collected by latpay. If you have any questions or concerns regarding the collection, use, holding and/or sharing by latpay of your credit card details or other personal information, please contact latpay.

HOW YOUR PERSONAL INFORMATION IS USED

General

We use the personal information we collect from you:

• where you access and use FMA (via the FMA website or the App), for the purpose of responding to your queries after you contact us and for other purposes as permitted or required by law;
• to provide you with access to MA and FMA;
• to administer, provide support and contact you in relation to your account on MA (and FMA);
• to facilitate the recommendation, ordering and buying/selling of natural health products from Practitioners to Patients;
• to inform you of updates to the features and functionality of MA and FMA;
• for certain marketing communications (see ‘Marketing Communications’ section below);
• to evaluate and improve MA and FMA;
• to compile de-identified statistical information about usage of MA and FMA; and
• for other purposes as required or permitted by law.

During the beta testing phase of MA, where necessary for testing, maintenance, support and troubleshooting of MA and FMA, our third party IT service providers may have access to your personal information (including that in your Patient Information). However, access is limited to only those individuals who need to see or access that personal information to do their job and they do not keep a copy of any records that contain any of the personal information so accessed.Account Information

As a Patient, we use your Account Information for the purpose of operating MA and FMA, in particular to maintain and identify your account, to respond to your queries, process login issues and for other purposes as permitted or required by law.

Patient Information

As a Patient, we do not use your Patient Information, which is managed by your Practitioner(s) and/or by an MA administrator within their Practice(s).  Each Practitioner or Practice may manage and use your Patient Information differently from other Practitioners/Practices.  Your Practitioner or their Practice may use your personal information for managing and facilitating their interactions with you related to the natural health services you obtain from them, including to send you emails, SMS messages and/or push notifications via your MA App to remind you of upcoming appointments, to conduct telehealth consultations with you, to make payment arrangements with you, and to provide information, advice, care and treatment as part of the health care services you obtain from them.  For information on how your personal information is managed and used by a given Practitioner and/or their Practice, including who has access to it within the Practice, please contact your Practitioner or their Practice.

HOW YOUR PERSONAL INFORMATION IS SHARED

Account Information

Your Account Information is shared with the Practitioner on whose behalf we collected it (and other Practice Staff within their Practice).  

Your Account Information will also be effectively accessible to any other Practitioners or Practice Staff (of the same Practice or other Practices) who enter any of your items of Account Information (i.e. full name, mobile telephone number or email address) into MA (through their own MA account interface), as the MA system will in that case indicate to them that you already have an MA account as a Patient (and will disclose your other items of Account Information to them for the purpose of them adding you as their Patient).  However, the terms governing Practitioner and Practice Staff use of MA prohibit Practitioners and Practice Staff attempting to ascertain if any visitor (or any other person) has a Patient MA account (and thereby ascertaining their other Account Information) without that visitor’s (or other person’s) prior consent.  

Patient Information

We do not share your Patient Information except to make it available in MA to the Practitioners/Practices who collected it, in accordance with their MA account authorisations.  Practitioners/Practices have the ability to provide API keys to third party apps, allowing those third party apps to access data stored on the MA platform (including Patient Information and other personal information) that is accessible to that Practitioner/Practice. In effect, this amounts to your personal information being disclosed by your Practitioner and/or their Practice to certain third parties. If you have any questions or concerns, please contact your Practitioner or their Practice.

General

A number of third party service providers support the functionality of MA and we may share your personal information with our third party service providers who assist us to perform one or more of the purposes set out in this Privacy Policy.  In particular, MA integrates with third party service providers whom we use to provide telehealth consultation services, SMS notification services and the Payment Processing Services.  As such, you may be asked to share, and we may share, your personal information (including sensitive information and health information) with: 

• our telehealth consultation service provider(s) for the purpose of facilitating or conducting telehealth consultations through MA; 
• our SMS notifications service provider(s) for the purpose of sending SMS messages to you; and/or 
• our Payment Processor for the purpose of facilitating or conducting digital payments.

If you use the telehealth consultation functionality of MA, please read the third party service provider’s privacy policy to learn about how it collects, uses and discloses your personal information.

We store your personal information on secure servers located in Australia and managed by Amazon Web Services, Inc. Our third party service providers are located in Australia and the United States and may store your personal information outside of Australia.

When we engage third party service providers to perform services for us as part of MA, those third parties may be required to handle your personal information. If such third party service providers are not ordinarily subject to the Privacy Act or a law with equivalent privacy protections and access (e.g. the EU General Data Protection Regulation), we ensure they take reasonable steps to safeguard your personal information and only use your personal information for the purposes for which it was supplied, and we will take reasonable steps to ensure that such third parties are subject to or bound by the privacy obligations of the Privacy Act with respect to the protection of your personal information.

We may also disclose your personal information otherwise as required or permitted by law.

MARKETING COMMUNICATIONS

If you indicated a preference for a method of communication, we will endeavour to use that method to communicate with you whenever practicable to do so. If at any time you decide you no longer wish to receive marketing communications from us you may use the opt-out/unsubscribe facility option in our email or SMS communications or make a request to not receive marketing communications from us by contacting us using the details noted in the Contact Information section below.

As a Visitor, we may use certain limited information about you (such as your name, email and mobile phone number) to promote natural health services, to promote natural health and complementary medicine education material and for other promotional campaigns (subject to your Practitioner’s opt-out within the period specified with campaign notification). 

We may use your Account Information, with your or your Practitioner’s (or their Practice’s) approval via an opt-in mechanism, for campaigns to encourage the use of MA, to provide promotional material or natural health and complementary medicine education material, and to promote natural health services.

As a Patient, your Practitioner or their Practice may, with your consent, use your personal information for direct marketing, including to send you emails, SMS messages or push notifications via your MA App to alert you, for example, to promotions, events or new products. 

You can manage push notifications in your mobile device settings, and SMS settings for marketing by logging into your MA account.  You can also contact your Practitioner to manage your email and SMS marketing settings in relation to that Practitioner.

SECURITY OF YOUR PERSONAL INFORMATION

We take reasonable steps to protect your personal information from loss, misuse and interference and from unauthorised access, modification or disclosure. We encrypt your personal information when it is transmitted over the internet. We are certified as being compliant with HIPAA and ISO/IEC 27001:2013.

We take (and we require our third party service providers with whom we share your personal information to take) reasonable steps to destroy or permanently de-identify your personal information where it is no longer required, once any legal obligations to retain it have expired.

However, our data protection measures are not a guarantee of the security of your personal information. You must also take care to protect your personal information. Please notify us as soon as possible if you become aware of any security or data breaches.

UPDATING AND/OR ACCESSING YOUR PERSONAL INFORMATION

We take reasonable steps to ensure that your personal information that we hold is accurate, complete and up to date. To assist us to do this, please ensure you provide us with correct information and inform us whenever your personal information changes. 

If you are a Patient and wish to access, update or correct your Account Information, please contact us using the details noted in the Contact Information section below.

If you are a visitor to FMA without an MA Account and, after contacting us with an enquiry, wish to access, update or correct your personal information that we may hold about you, please contact us using the details noted in the Contact Information section below. 

If we refuse to correct your personal information following a request by you to do so, then we will provide you with a written notice of the reason(s) for such refusal and the procedure to complain about our refusal. We will respond to any requests regarding the correction of your personal information so that it is accurate, complete and up to date within a reasonable period after a request is made. We will not charge you for any request to correct your information.

Where you request access to your personal information, we will respond to any such request within a reasonable period after the request is made. If we refuse to provide access to your personal information for any reason, we will provide you with a written notice of the reason(s) for such refusal and the procedure to complain about the refusal. 

We may recover from you our reasonable costs of supplying you with access to your personal information, but we will not charge you for any request you might make to access your personal information.

If you are a Patient and wish to update or access your Patient Information, please login to MA or contact your Practitioner as this Patient Information is managed by your Practitioner and/or their Practice, not us.

COOKIES

Information may be collected through the use of “cookies” on FMA and MA. Cookies are small text files that a website can use in order to recognise visitors who revisit a website so as to facilitate their ongoing access to and use of the site. They enable usage behaviour to be tracked and aggregate data to be compiled that would facilitate more targeted advertising and improved content. Typically, cookies involve the assigning of a unique number to the visitor. You can prevent the use of cookies by setting up your web browser to block them.

LINKS ON OUR WEBSITE

FMA and MA may contain links to websites which are owned or operated by other parties. You should make your own enquiries as to the privacy policies of these parties/websites. We are not responsible for the information on, or the privacy practices of, such websites or the entities that operate them.

IF YOU HAVE A PRIVACY COMPLAINT

We are committed to maintaining and protecting your privacy. If you wish to make a complaint, please contact us using the contact information in the Contact Information section below. 

Please provide us with sufficient detail regarding your complaint and any supporting evidence. We will notify you in writing if we require any additional information or otherwise of the outcome of our investigation of the complaint

If your complaint is not satisfactorily resolved, you may refer your complaint to the OAIC at www.oaic.gov/about-us/contact-us.

CONTACT INFORMATION

Any queries about this Privacy Policy, correction or access requests or privacy complaints should be addressed to:

Anil Mustafa
Privacy Officer
FMA Operations Pty Ltd

Address: PO Box 450, Mawson ACT 2607, Australia

Email: hello@myappointments.app

CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or change our Privacy Policy at any time. You can find the date of the most recent review of this policy at the end of the document. When we make any material changes to this Privacy Policy we will highlight these in a banner on FMA and MA and send a notification to you by email or by way of a popup when you next login to MA. 

Your continued use of MA and/or FMA, requesting our services or the provision by you of further personal information to us after this Privacy Policy has been revised will be deemed to be your acceptance of and consent to the revised Privacy Policy.

This Privacy Policy was last revised on 6th July 2021.