Find My Appointment | My Appointments
for Practitioners and Practice Staff
FMA Operations Pty Ltd (ABN 43 642 625 689) and its related entities (we, us or our) own and operate the Find My Appointment online directory (FMA) and the My Appointments practice management platform (MA).
FMA is an online directory that includes information about natural health practitioners / service providers (Practitioners), including sole practitioners and those within multi-practitioner (and multidisciplinary) clinics/practices (Practices).
MA is an online platform (including an associated mobile application (App)) that includes functionalities that Practitioners can use to manage their natural health Practices, take bookings for appointments, and interact with their patients (including engaging in virtual telehealth consultations).
Practitioners can list their businesses on FMA, and visitors to the FMA website (Visitors) can use FMA to find a Practitioner from whom they may wish to obtain natural health advice, care or treatment, to ascertain the Practitioner’s contact details, and potentially to make a booking with the Practitioner.
MA is used by Practitioners and their authorised support and administrative staff (Practice Staff) as a practice management platform for their Practice. A Practice will generally have one primary MA account held by a Practitioner in their own name and on behalf of the Practice (Main User), which the Main User will set up with the authorisation of the proprietor(s) of the Practice (who may or may not be or include the Main User). The Main User may authorise and administer one or more sub-accounts on MA for other Practitioners and Practice Staff (Sub-Users).
Clients of those Practitioners can register a patient account on MA and that allows Practitioners (and other personnel at their Practice) and those clients (Patients) to use MA to interact with each other. Practitioners (whether they are a Main User or a Sub-User), other Practice staff (who will be Sub-Users) and Patients can access and use MA through a web browser or the App.
There is no obligation for you to provide us with any of your personal information but, if you choose not to, we will not be able to provide the information or services that you require.
WHAT PERSONAL INFORMATION IS COLLECTED AND HOW
As a Practitioner, whether you are a Main User or a Sub-User, you can (a) set up a profile page on FMA; (b) set up your practice management system using MA; or (c) set up both.
Whichever you choose, we ask you to provide (and we will collect from you) the following personal information:
If you are a Main User setting up your practice management system using MA on behalf of your Practice, we will also ask you to provide (and we will collect from you) additional information about your Practice and its business, proprietors, payment details, calendar details, appointment types and fees, products stocked and SMS settings. If you initiate the creation of sub-accounts on MA associated with your Main Account, for other Practitioners or Practice Staff at your Practice, we may also ask you to provide (and we will collect from you) information about those other (Sub-User) persons. All of the foregoing types of information may include personal information.
For Practice Staff
If you are Practice Staff and you work together with and/or provide administrative support to a Practitioner, and you are authorised within your Practice to access and use MA as a Sub-User, we will collect (either directly from you or indirectly from the Main User) your personal information (including sensitive information) for the purposes of administering your account and profile on MA. Your account information includes your full name, date of birth, email address, postal address, bank account details, ABN and a profile image depicting your face.
For Patients with an MA account, we collect (either directly from the Patient when they enter it on MA or from you when you enter it on MA) certain personal information of the Patient for the purpose of administering the Patient’s account on MA (Patient Account Information). Patient Account Information includes the Patient’s full name, mobile telephone number and email address.
As a Practitioner and/or Practice Staff, you may obtain (i.e. collect) personal information of your / the Practice’s Patients via MA (when you or they type or upload it through MA’s user interface) depending on your relationship with your Patient(s). In particular, you may require that your Patients provide you with the following personal information, either directly or via MA (Patient Information):
Although Patient Information may be collected through, uploaded into and/or stored in MA, it is collected by you as Practitioners/Practice Staff, not us (except Patient Account Information which we sometimes collect directly). We simply provide MA as a platform for you and your Practice to use to collect, upload, store and use such Patient Information. We do not access Patient Information (other than Patient Account Information). During the beta testing phase of MA our third party IT service providers may be able to access Patient Information; however, where they are not subject to equivalent privacy protections and access (e.g. the EU General Data Protection Regulation), we ensure they take reasonable steps to safeguard your personal information and only access and use your personal information where necessary and for the purposes for which it was supplied, and we will take reasonable steps to ensure that such third parties are subject to or bound by the privacy obligations of the Privacy Act with respect to the protection of your personal information.
You are responsible for the collection, use and disclosure of Patient Information of your Patients and you must do so in compliance with the Privacy Act and all applicable privacy and health records laws.
Payment and business information
We use a third party payment processor – Lateral Payment Solutions Pty Ltd (ABN 12 610 150 064) (Latpay) – to process payments between your Practice and us (and, where you elect to use it, between your Practice and your Patients).
The Main User is responsible for selecting the payment plan for the Practice’s use of MA.
If the Main User elects to use MA on our $0 plan, which requires the Main User and any Sub-Users to use Latpay for payment processing services associated with MA, we will ask you to provide your Practice’s bank account details, other information about the Practice, driver’s licence details of all Business Owners who have at least a 25% ownership interest in the Practice, and other personal information. That information is passed directly to and collected by Latpay and Latpay stores that information using Latpay’s secure payment gateway. A copy of that information is provided to us but then deleted and not retained or stored by us once we have verified the information in it is correct.
If the Main User elects to use MA on our $25 plan, which does not require the use of Latpay for payment processing services associated with MA, we will ask you to provide your credit card details and some other personal information and information about the Practice. That information is passed directly to and collected by Latpay and Latpay stores that information at Latpay’s secure payment gateway.
HOW YOUR PERSONAL INFORMATION IS USED
We use the personal information we collect from you:
Occasionally, where necessary for maintenance, support and troubleshooting of MA and FMA, we may have access to your personal information. However, we limit access to only those individuals who need to see or access that personal information to do their job and we do not keep a copy of any records that contain any of the personal information so accessed.
HOW YOUR PERSONAL INFORMATION IS SHARED
If you create a listing profile on FMA, the personal information you enter into FMA (including your contact details) will be published online and accessible to anyone who accesses FMA.
If you create an account on MA, your contact details will be accessible to your current and prospective Patients on MA (and other Patients on MA who may search for you) so that they may contact you.
We store your personal information on secure servers located in Australia and managed by Amazon Web Services, Inc. Our third party service providers are located in Australia and the United States and may store your personal information outside of Australia.
When we engage third party service providers to perform services for us as part of MA, those third parties may be required to handle your personal information. If such third party service providers are not ordinarily subject to the Privacy Act or a law with equivalent privacy protections and access (e.g. the EU General Data Protection Regulation), we ensure they take reasonable steps to safeguard your personal information and only use your personal information for the purposes for which it was supplied, and we will take reasonable steps to ensure that such third parties are subject to or bound by the privacy obligations of the Privacy Act with respect to the protection of your personal information.
We may also disclose your personal information otherwise as required or permitted by law.
As a Practitioners/Practice, you have the ability to provide API keys to third party apps, allowing those third party apps to access data stored on the MA platform (including personal information) that is accessible to you / your Practice. In effect, this amounts to the personal information of Patients being disclosed by you to certain third parties. This is your responsibility, not ours, and you must ensure any such disclosure by you is in compliance with the Privacy Act and all applicable privacy and health records laws.
We may send marketing communications to you as Practitioners and Practice Staff. These communications may be in various forms, including mail, telephone or, with your consent, via SMS and/or email.
If you indicated a preference for a method of communication, we will endeavour to use that method to communicate with you whenever practicable to do so.
If at any time you decide you no longer wish to receive marketing communications from us you may use the opt-out/unsubscribe facility option in our email or SMS communications or make a request to not receive marketing communications from us by contacting us using the details noted in the Contact Information section below.
SECURITY OF YOUR PERSONAL INFORMATION
We take reasonable steps to protect your personal information from loss, misuse and interference and from unauthorised access, modification or disclosure. We encrypt your personal information when it is transmitted over the internet. We are certified as being compliant with HIPAA and ISO/IEC 27001:2013.
We take (and we require our third party service providers with whom we share your personal information to take) reasonable steps to destroy or permanently de-identify your personal information where it is no longer required, once any legal obligations to retain it have expired.
However, our data protection measures are not a guarantee of the security of your personal information. You must also take care to protect your personal information. Please notify us as soon as possible if you become aware of any security or data breaches.
UPDATING AND/OR ACCESSING YOUR PERSONAL INFORMATION
We take reasonable steps to ensure that your personal information that we hold is accurate, complete and up to date. To assist us to do this, please ensure you provide us with correct information and inform us whenever your personal information changes.
If you wish to access, update or correct your personal information that we may hold about you, please contact us using the details noted in the Contact Information section below.
If we refuse to correct your personal information following a request by you to do so, then we will provide you with a written notice of the reason(s) for such refusal and the procedure to complain about our refusal. We will respond to any requests regarding the correction of your personal information so that it is accurate, complete and up to date within a reasonable period after a request is made. We will not charge you for any request to correct your information.
Where you request access to your personal information, we will respond to any such request within a reasonable period after the request is made. If we refuse to provide access to your personal information for any reason, we will provide you with a written notice of the reason(s) for such refusal and the procedure to complain about the refusal.
We may recover from you our reasonable costs of supplying you with access to your personal information, but we will not charge you for any request you might make to access your personal information.
LINKS ON OUR WEBSITE
FMA and MA may contain links to websites which are owned or operated by other parties. You should make your own enquiries as to the privacy policies of these parties/websites. We are not responsible for the information on, or the privacy practices of, such websites or the entities that operate them.
IF YOU HAVE A PRIVACY COMPLAINT
We are committed to maintaining and protecting your privacy. If you wish to make a complaint, please contact us using the contact information in the Contact Information section below.
Please provide us with sufficient detail regarding your complaint and any supporting evidence. We will notify you in writing if we require any additional information or otherwise of the outcome of our investigation of the complaint
If your complaint is not satisfactorily resolved, you may refer your complaint to the OAIC at www.oaic.gov/about-us/contact-us.
FMA Operations Pty Ltd
Address: PO Box 450, Mawson ACT 2607, Australia