- What personal information do we collect?
2.1. Personal information is information or an opinion about you, whether true or not, which identifies you or from which your identity can be reasonably obtained.
2.2. We collect personal information about you that we reasonably need for our business functions and activities, which include:
2.2.1. making and managing travel bookings on behalf of our clients; and
2.2.2. facilitating arrangements for our clients to receive medical services from health service providers located in Australia.
2.3. If you contact us to make a general enquiry about our services, we will generally collect your contact information, such as your name, postal address, email address, and phone number. We will also collect information on the destination and medical procedure you are interested in, and any other information you provide to us with your enquiry.
2.4. If you engage us to facilitate a health service for you, or ask us to assess your eligibility for a particular procedure we will generally collect the following additional information, some of which is considered ‘sensitive information’ under the Privacy Act:
2.4.1. your gender, date of birth, height, weight, nationality, and occupation;
2.4.2. photographs of you, or the parts of your body relevant to the procedure;
2.4.3. your passport number and health insurance number;
2.4.4. whether or not you need finance or a payment plan; and
2.4.5. your medical history and other health information, such as notes of the treatment given to you, specialist reports and test results, appointment and billing details, and prescriptions and pharmaceutical purchases.
2.5. We will collect and hold personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. For example, we generally collect the personal information you provide us directly over the phone, by email, or via our website enquiry and free assessment forms.
2.6. We may collect personal information from publicly available sources and third parties, such as from our suppliers, contractors, clients and business partners, in circumstances where it is impractical for us to collect the information from you directly. For example, if you engage us to facilitate a health service for you, we may collect a medical discharge report and pre and post-surgery photographs, from the hospital or doctor that provided the health services.
2.7. Alternatively, we may collect your name and contact details from one of our clients, if you have been listed as the client’s emergency contact person.
2.8. If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
- Why do we collect, use and disclose your personal information?
3.1. We only process personal information for purposes that would be considered relevant and reasonable in the circumstances.
3.2. For example, if you choose to make information available to us on one of our website contact forms, we will use that information to respond to your request. Similarly, if you provide us with information so we can arrange a health service for you, we will disclose that information to the relevant hospital, plastic surgeon, or other service providers that provide the health service you have requested.
3.3. We typically collect and handle personal information to enable us to:
3.3.1. provide our services to you and facilitate the provision of services you have requested from third parties to you;
3.3.2. administer our dealings with you;
3.3.3. assess warranty claims and complaints made by you;
3.3.4. communicate with you and provide you with relevant information;
3.3.5. assess your needs and preferences so that we can refer you relevant products and services;
3.3.6. improve our service offerings;
3.3.7. comply with our legal and regulatory obligations; and
3.3.8. otherwise manage our business.
3.4. We will not use or disclose your personal information for any other purpose unless you have consented to that use or disclosure.
- To whom do we disclose your personal information?
4.1.1. the hospitals, plastic surgeons, travel agents and other service providers that provide services you have requested we facilitate;
4.1.2. the plastic surgeons and other health care professionals that assist us in assessing warranty claims and complaints by providing professional assessments on the procedure outcomes;
4.1.3. our employees and related bodies corporate;
4.1.4. our professional advisors;
4.1.5. specific third parties authorised by you to receive information held by us; and/or
4.1.6. other persons, including government agencies, regulatory bodies, and law enforcement agencies, if authorised or required by law.
4.2. Many of the hospitals, plastic surgeons, travel agents and other service providers that we use are located in Australia. By providing your personal information to us, you consent to us disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agree that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the Australian Privacy Principles, that entity will not be bound by, and you will not be able to seek redress under the Act.
- Do you need to provide us with your personal information?
5.1. You do not need to provide us with your personal information. You may deal with us anonymously or by using a pseudonym if you wish. However, if you choose to deal with us anonymously, there may be certain things we cannot assist you with. For example, we may not be able to give you information about your dealings with us as a customer, supplier, or potential employee.
- Direct Marketing
6.1. Like most businesses, we use direct marketing to promote our business from time to time. We may add your email address to our email marketing database so we can send you information and updates about services we think you may be interested in. If we send you an email that does not relate to your personal surgery holiday with CosMediTour you will have the option of unsubscribing from receiving further communications of that nature. You may also opt-out of receiving marketing communications from us by contacting our Privacy Officer on the details below.
7.1. We use “cookies” to store your preferences, record session information and collect information on how you visit and access our web pages. This helps us deliver and continue to improve our services. A cookie is a small set of data, used to a very limited extent, stored by your computer about your interactions with our website.
7.2. Cookies are not used to collect and store personal information. You can delete cookies from your computer at any time. For information on cookie settings of your internet browser, please refer to your browser’s manual.
- How do we protect your information?
8.1. We respect your privacy and we are committed to safely storing and maintaining your personal information. We hold personal information as either physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third-party servers, which may be located overseas.
8.2. We take reasonable steps to ensure your personal information is protected from unauthorised access, loss or misuse and have adopted security protocols, including using software to monitor traffic and identify unauthorised attempts to upload or change contents on our website.
8.3. We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
- Accessing your information
9.1. Subject to any applicable exceptions in the Privacy Act, you may contact our Privacy Officer to request access to the personal information that we hold about you and/or to make corrections to that information, at any time.
9.2. On the rare occasion when we refuse access or to make a correction, we will provide you with a written notice stating our reasons why. We may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information held by us.
9.3. We will respond to all requests for access to or correction of personal information within a reasonable time.
- Resolving personal information concerns
10.2. We take all complaints, issues or concerns seriously, and will respond to your cause within a reasonable period.
10.3. If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner using the details below.
Office of the Australian Information Commissioner:
Mailing Address: GPO Box 5218, Sydney NSW 2001
Telephone: 1300 363 992