Policy

Privacy Policy

Who we are?

We are Abano Healthcare Australia Pty Ltd (ABN 80 131 333 492), 1300 Smiles Pty Ltd (ACN 094 508 166) and our related body corporates, together the Australian arm of Adams Aus Bidco Pty Ltd (ACN 637 090 996), a trans-Tasman dental support organisation (“we, us, our”).

We manage dental centres in Australia (Centres) and provide facilities and services to the dentists and other dental practitioners who operate from them (dental practitioners). We provide the administrative and non-dental services those dental practitioners need to provide you with dental services (dental services). Normally, those dental practitioners are not our employees and, in providing dental services and doing other things, are operating their own independent dental businesses.

We store and maintain patient records as part of the facilities and services that we provide to dental practitioners.  This assists, if the need arises, other dental practitioners in the Centre to continue to manage your needs and provide continuity of care.

We understand the importance to patients of maintaining privacy in relation to the personal information that we collect, use, disclose, hold or otherwise handle in connection with managing our Centres and providing facilities and services to the dental practitioners operating from our Centres.  This Privacy Policy sets out how we comply with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and other relevant State and Territory legislation in handling your personal information.

By attending a Centre, you consent to your personal information being collected, used, disclosed, stored and otherwise handled in accordance with this Policy and other relevant arrangements between us.  A current version of our Privacy Policy will be available on our websites. We may change our Privacy Policy from time to time by publishing changes to it on our websites. Any revised Privacy Policy will apply both to information we already have about you at the time of the change, and any personal information or health information created or received after the change takes effect.  You should check our websites periodically to ensure you are aware of our current Privacy Policy.

What personal information do we collect and hold?

Personal information is information or an opinion about an identified or reasonably identifiable person, whether or not true and whether recorded in a material form or not.  Personal information may also include information we may collect about your individual preferences.  It does not include information that is de-identified.  Within this Privacy Policy unless indicated otherwise, references to personal information also include sensitive information such as information or an opinion about your health, or health services provided to you by the dental practitioners operating from our Centres.

We will only collect personal information from you where reasonably necessary for purposes directly related to our functions or activities. We will only collect as much personal information as we and the dental practitioners operating from our Centres need to provide you with services (including dental services provided by the dental practitioners) and to allow us to obtain payment for those services. The types of personal information we may collect and hold about you include:

Identity

  • Name
  • Address
  • Date of Birth
  • Gender/Sex
  • Occupation
  • Email address
  • Telephone number
  • Details of next of kin
  • Race

Billing and administration

  • Medicare Number
  • DVA Number
  • Health insurance details
  • Bank account information

Medical

  • Medical history
  • Clinical notes
  • Test results
  • Treatment Plan
  • Prescribed medications
  • Referral details
  • Clinical digital images

We may also collect personal information from you when you use and access our websites (including any information contained in an online enquiry or a request for an appointment, device type and ID, IP address, pages you visited, time and date of visit and geo-location information).

If you do not provide us with all the personal information we request, the dental practitioners operating from our Centres may not be able to provide dental services to you.

How do we collect and hold personal information?

We collect personal information about you in several ways, including from:

  • you directly (including through our websites and social media pages, when you complete an entry form for any competition and/or trade promotion when you complete a new patient form, when you interact with a member of our team, e.g. a receptionist or when you receive dental services from one of the dental practitioners operating from our Centres);
  • someone with responsibility for you (such as your parent, carer or guardian);
  • independent dental practitioners operating from our Centres, including as recorded in your patient records;
  • external providers (such as your insurance or a referring dentist) which is provided to a Centre and included in your patient record;
  • government agencies such as the Department of Veterans Affairs or Medicare, that you may use for assistance to access the dental services at our Centres; and
  • contractors or service providers engaged to carry out functions on our, or our dental practitioners', behalf (such as call centres and other providers of recall, marketing campaigns and other communication services).

When you attend one of our Centres to obtain services from the dental practitioners operating from those Centres, we create a unique record for you. Every time a dental service is provided for you at one of our Centres, new information is added to your patient record.

Your use of our website

Every time you use our website, information may be collected by us or on our behalf via services such as Google Analytics.  Types of information collected may include:

  • the date and time of your visit to our website and online software;
  • your IP address;
  • the address of the documents you access;
  • the type of browser and operating system you are using; and
  • any address of a recurring site and any other website you are about to visit.

The information that may be collected provides us with details about how the website is being used including the frequency and duration of visits, and which web pages you have accessed on the website.

We may provide third parties with aggregate statistics about our visitors, traffic patterns and related site information. This data reflects site-usage and does not contain identifying information.

When you visit our websites, a small data file called a “cookie” is stored on your computer or mobile device by our server.  We use cookies to maintain user sessions and to generate statistics about the number of people that visit our websites.  Generally, this information will not identify you and we do not link it back to your identity or other information that you have provided to us.  If you would prefer not to receive cookies, you can alter your security settings on your web browser to disable cookies or to warn you when cookies are being used. However this may mean you may not be able to take advantage of all features of the websites.

Why do we collect, hold, use and disclose your personal information?

1. Health Services

We collect, use, disclose and handle personal information about you for the purpose of facilitating the delivery of dental services, including to:

  • assist dental practitioners at our Centres to provide you with dental care, treatment and services;
  • provide you and/or your dental practitioner with information that may assist you in managing and improving your oral health;
  • provide a dental history for you that allows your dental practitioner to provide you with better care, as it assists with identifying changes to your oral health over time;
  • respond to your online enquiries or process requests for appointments; and
  • send you appointment reminders (including by SMS or email) in relation to obtaining services from our Centres. This enables us to contact you, for example, to make follow-up appointments or to remind you that you, or a dependent, are due for a regular dental check-up.

2. Ordinary course operation of our business

We use and handle your personal information as is reasonably incidental to our ordinary course operations, including where necessary to manage our administration, store data, conduct systems maintenance and penetration testing, and manage accounts and payment for the services provided to you by the dental practitioners operating from our Centres. Subject to compliance with applicable Australian law, these incidental operations shall include our use and, where necessary, disclosure of your personal information:

  • for billings and collection purposes, including to obtain payment from, as appropriate, you, Medicare, your private health insurance fund or from any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs;
  • to provide you with information and materials about products and services offered by the dental practitioners operating from our Centres which might be of interest to you. Where you attend a Centre you will be taken to have consented to the receipt of such materials (including by SMS and email), and to the use and disclosure of your personal information for this purpose. You may opt-out of receiving such materials by contacting the Privacy Officer below or following the unsubscribe process described in the relevant material;
  • if the circumstances require, to our professional advisers or insurers, or those of your dental practitioners in compliance with applicable law and on a confidential basis;
  • to manage and store your personal information in a secure fashion;
  • for data entry and data analytics purposes;
  • to enable an individual to discharge their duties as a director, officer or executive manager of our corporate group under Australian law; and
  • to third parties, subject to confidentiality and security conditions, (including, in certain circumstances described below, to offshore third parties):
    • who provide support or maintenance services for dental software, systems or equipment we use (including our practice management system, cloud storage systems and software and hardware within our Centres);
    • where otherwise reasonably incidental to our ordinary course operations at our Centres, including to provide or assist us with the services described above.

3. Teaching and research

The dental practitioners operating from our Centres may use de-identified information (derived from your personal information) for teaching purposes.  We may also use this information to monitor, evaluate, plan and improve the services we provide to dental practitioners at our Centres.

We may use your personal information to provide third parties (such as government organisations) with aggregated, de-identified health information about our patients.

Should you, at any time, wish to withdraw your consent for your personal information to be part of a de-identified information database, please notify our Privacy Officer using the contact details below providing your full name, date of birth and address.  Withdrawing this consent will not affect the relationship between you and your dental practitioner, nor will it hinder your ability to access services at a Centre.

4. Other handling

We may also access, use or disclose your personal information:

  • with your consent (or that of your parent, guardian, attorney, authorised representative or other responsible person) including where:
    • you consent to receiving direct marketing communications (including by SMS or email) about products and services provided by dental practitioners operating from our Centres. You may opt-out of receiving such communications by contacting the Privacy Officer below or following the unsubscribe process described in the relevant communication;
    • you provide written consent for your personal information to be accessed, used or disclosed to another person.
  • to respond to and manage a complaint or claim;
  • to prevent prohibited or illegal activities;
  • where required to comply with any Australian law;
  • for the purposes of a permitted general situation or permitted health situation under the Privacy Act; or
  • where we reasonably believe it necessary to lessen or prevent a serious threat to the life, health or safety of an individual or public health or safety.

Do we transfer and store personal information overseas?

We will use best endeavours to ensure your personal information is only stored and accessible from within Australia. However, we may disclose your personal information, or enable it to be accessed by:

  • entities, where required to provide or facilitate the provision of health services to you;
  • wholly owned subsidiaries of our parent company, Adams Aus Bidco Pty Ltd Pty Limited or our other related bodies corporate; or
  • third parties which are based overseas (including in New Zealand, the USA ,France and Philippines):
    • who provide support or maintenance services to us for dental equipment, systems and software (including payroll systems and software), where their access to personal information is incidental to the proper performance of a support or maintenance arrangement;
    • who provide us or your dental practitioners with professional advisory services or international insurance services.

We will take reasonable steps to ensure that these recipients do not breach the requirements of the Privacy Act 1988 (Cth) and other State and Territory privacy legislation that may be applicable. However, when you provide your personal information to us, you consent to the disclosure of that information outside of Australia in the circumstances described above, and acknowledge that we are not required to ensure overseas recipients handle that personal information in compliance with Australian privacy law.

Security and storage of personal information

We may hold your personal information in either electronic or hard copy form. We take reasonable steps, and implement reasonable safeguards, to protect your personal information that we hold from misuse, interference and loss, as well as unauthorised access, modification and disclosure. We ensure that we and the dental practitioners operating from our Centres handle all patient information securely and in accordance with this Privacy Policy and professional duties of confidentiality.

We and the dental practitioners operating from our Centres are subject to a range of obligations relating to the periods for which health information and records must be retained.  We must generally retain health information about an individual until at least:

  • an individual turns 25 – if we collected the information before the individual was 18; or
  • otherwise, 7 years from the last occasion on which that health information was altered, or a health service was provided to that individual from a Centre.

Following such retention periods, if we no longer require personal information for a purpose permitted by Australian law, we will take reasonable steps to securely destroy or de-identify such personal information.

Accessing and correcting your personal information

You (or your parent, guardian, attorney, authorised representative or responsible person) may request:

  • details of what personal information we hold about you; or
  • access to, or that corrections be made to, the personal information we hold about you,

by contacting the Privacy Officer (details below). If you do so, please specify your identity and the details and format of the information which you are seeking access to, or correction of (including the element of inaccuracy or incompleteness, and information required to correct your information).  We will respond to your request within a reasonable time, which will be no longer than 45 days in NSW and Victoria, and 14 days in the ACT.

There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request and informing you of how you can complain about our refusal.

There is no fee for requesting access to your personal information or for us to make corrections to the same. However, we may charge a reasonable fee for our costs involved in collating and providing you with access to any personal information, in accordance with applicable law.  That fee is payable before access is given.

Data breaches

The Privacy Act requires us to notify affected individuals and the Australian Information Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:

  • there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur) (data breach);
  • the data breach is likely to result in serious harm to any of the individuals to whom the information relates; and
  • we are unable to prevent the likely risk of serious harm with remedial action.

If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach to determine whether the breach is an ‘eligible data breach’ that requires us to notify the affected individuals.  This is to ensure that you are notified if your personal information is involved in a data breach that is likely to result in serious harm.  Even if the criteria are not met, we may decide it appropriate to notify you anyway.

Making a complaint

If you have any concerns or would like to make a complaint about how we handle your personal information, please contact the Privacy Officer (details below). Please include your name, email address and/or telephone number and clearly describe your concerns or complaint.

We will endeavour to respond to your complaint within a reasonable time after it is made. If you are unhappy with our response, we will provide you with information about further steps you can take.

How to contact us

You can contact our Privacy Officer in the following ways:

Email

privacy@mavendental.com.au

Post

Attention: Privacy Officer
Maven Dental Group Pty Ltd
PO Box 5454
West End QLD 4101