Privacy policy

ZEST privacy policy

Version date: February 2023

 

1. Introduction

1.1 Nexus Australasia Pty Ltd ABN 81 115 828 941 (trading as Zest Healthcare Communications) and its related bodies corporate (“Zest”, “we”, “our” and “us”) are committed to responsible privacy practices and to complying with the Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”) including the Australian Privacy Principles (“Privacy Principles”) and Notifiable Data Breaches scheme contained in the Privacy Act and applicable state and territory health records legislation such as the Health Records Act 2001 (Vic), the Health Records (Privacy and Access) Act 1997 (ACT) and the Health Records and Information Privacy Act 2002 (NSW).

1.2 Where applicable, Zest will handle personal information relying on the related bodies corporate exemption and the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation. 

1.3 This Privacy Policy sets out our policies on the management of personal information including how we collect and hold personal information, the purposes for which we use this information, and to whom this information is disclosed. We may change our Privacy Policy from time to time at our discretion. At any time, the latest version of our Privacy Policy is available from our website at www.zest.com.au/privacy-policy.

1.4 Where it is practical for us to allow you to do so, you may deal with us anonymously (for example when enquiring generally about our products and services).

 2. What is personal information?

2.1 In this Privacy Policy, “personal information” has the meaning set out in the Privacy Act. Essentially, personal information is information or an opinion about an individual who is or can be reasonably identifiable.

2.2 A reference to “personal information” in this Privacy Policy includes “health information”, as defined in the Privacy Act and applicable health records legislation. Essentially, health information is information or an opinion relating to the health or a disability of an individual who is reasonably identifiable.

3. What types of personal information does ZEST collect?

3.1 The types of personal information Zest collects from you depend on the circumstances in which the information is collected.

3.2 Zest may collect contact details including your name, occupation, address, email address, phone and fax numbers, date of birth, emergency contact and guardian/carer. We may collect answers you provide to questions we ask and other information in relation to your dealings with Zest including but not limited to your gender, ethnicity and place of work. If you purchase products or services from us, we may also collect certain transactional information and financial details to process the transaction.  

3.3 If you are an individual contractor to Zest, in addition to the information referred to in section 3.2 we may also collect information relevant to your engagement with Zest including qualifications, resume, reference information from your nominated referees, tax file number, bank details, feedback from supervisors and training records.

3.4 If we are providing you with, or assisting your health service provider or treating health professional (such as a doctor, pharmacist or hospital) to provide you with, a health-related service we may collect your health information and, in such circumstances, you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it and as permitted by the Privacy Act, applicable health records legislation and other relevant laws.

3.5 When you use our websites, we may collect website usage information such as the IP address you are using, the name of your Internet service provider, your browser version, the website that referred you to us and the next website you go to, the pages you request, the date and time of those requests and the country you are in.

3.6 In certain circumstances we are required to collect government identifiers such as tax file numbers, Medicare numbers, health service provider numbers, pension numbers and Veteran’s Affairs numbers. We only collect, use and disclose such information as permitted or required by law.

3.7 In addition to the types of personal information identified above, Zest may collect personal information as otherwise permitted or required by law.

4. How do we collect your personal information?

4.1 Zest collects personal information in a number of ways. The most common ways we collect your personal information are:

    • directly from you when you provide it to us or our agents or contractors;
    • via our website or when you deal with us online (including through our social media pages);
    • if you are an individual contractor to Zest, from your employer or recruitment agency;
    • from publicly available sources;
    • from credit reporting agencies;
    • from our related companies; and
    • from third parties (for example, from your health service provider or treating health professional (such as a doctor, pharmacist or hospital) in connection with providing a health-related service to you; from referees if you apply for a position as an employee or contractor with us).

4.2 Most of the information that we hold about you will usually be stored electronically.  We may store some of your information in secure data centres that are located in Australia or in other secure data centres of our contracted service providers (including cloud storage providers) that may be located outside of Australia. We may also store information that we hold about you securely in paper files or other hardcopy formats.

5. For what purposes do we collect, use and disclose your personal information?

5.1 The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.

5.2 We may use or disclose your personal information:

    • for the purposes for which we collected it (and certain secondary purposes where permitted by law);
    • for other purposes to which you have consented; and
    • as otherwise authorised or required by law.

5.3 In general we collect, use and disclose your personal information so that we can do business together and for purposes connected with our business operations. 

5.4 Unless otherwise required or permitted by law, we will only collect health information about you with your consent and we will only use that information for the primary purpose for which it was collected. In some circumstances, we may collect your health information through third parties (e.g. from healthcare professionals, such as pharmacists, or other health professionals who are treating you). We will only do this if you have consented or where otherwise permitted or required by law.

5.5 Some of the specific purposes for which we collect, use and disclose personal information are:

    • to respond to you if you have requested information (including via our websites or via an email or other correspondence you send to us);
    • to provide goods or services to you, to assist a health professional or service provider to provide you with certain services (e.g. health services) or to receive goods or services from you;
    • to administer and manage services, including charging, billing and collecting debts;
    • to enable you to participate in any loyalty programs that we conduct;
    • to improve our products and services and keep you up to date on such improvements;
    • to understand our customer base and help tailor our products and services;
    • to allow performance reporting and benchmarking of your business, if applicable;
    • to contact you (directly or through our service providers) to obtain your feedback, to find out your level of satisfaction with our products and services and for other market research activities;
    • to verify your identity;
    • to address any issues or complaints that we or you have regarding our relationship; and
    • to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone, by fax or in any other lawful manner.

5.6 We may also use and disclose your personal information for the purpose of direct marketing to you where:

    • you have consented to us doing so; or
    • it is otherwise permitted by law.

5.7 Direct marketing involves communicating directly with you for the purpose of promoting goods or services to you and to provide you with special offers.  Direct marketing can be delivered by a range of methods including mail, fax, telephone, email or SMS.  You can unsubscribe from our direct marketing, or change your contact preferences, by contacting us (see section 14 of this Privacy Policy). 

5.8 Improvement, development and analysis are important aspects of our business. We are constantly working to maintain, improve and develop new products, services and processes. We may use your personal information in a number of ways to help us do this, such as by monitoring your use of our websites, products and services, and their quality and performance. We also use analysis and business intelligence techniques to obtain high-level insights into things like usage and location patterns/trends, website and service performance, demographic trends, and other types of behavioural and health data. This information is generally aggregated and de-identified when analysed and we may share these insights with select business and commercial partners. In some cases, we may create insights with your information on an identified basis but would only do so where you have consented. We may also combine information we hold about you with information from one of our business and commercial partners to improve our data analysis, services and other processes. 

6. WHAT HAPPENS IF YOU DON’T PROVIDE PERSONAL INFORMATION?

6.1 Generally, you have no obligation to provide any personal information requested by us. However, if you choose to withhold requested personal information, we may not be able to provide you with products and services that depend on the collection of that information.

7. To whom do we disclose personal information?

7.1 We may disclose your personal information to third parties in connection with the purposes described in section 5 of this Privacy Policy.

7.2 This may include disclosing your personal information to the following types of third parties:

    • our related companies;
    • health service providers or treating health professionals (such as your doctor, pharmacist or hospital), in connection with providing health-related goods or services to you or as otherwise required or authorised by law; or
    • our contractors and other third parties that provide goods and services to us (including suppliers, marketing agencies, data analysis specialists, data processing organisations, billing and debt recovery providers, website and data hosting providers, loyalty program administrators and other IT suppliers);
    • manufacturers or suppliers of pharmaceutical products;
    • our accountants, insurers, lawyers, auditors and other professional advisers;
    • government and regulatory authorities, courts, tribunals and other bodies as required or authorised by law;
    • in an emergency, to medical and health service providers;
    • any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees);
    • in the event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisers;
    • carefully selected third parties with whom we have data sharing arrangements;
    • third parties that require the information for law enforcement or to prevent a serious threat to public safety; and
    • otherwise as permitted or required by law.

7.3 Where we disclose your personal information to third parties we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose we disclosed it to them and in a manner consistent with the Privacy Principles under the Privacy Act and relevant health records legislation, e.g. by (where commercially practical) including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information.

7.4 If you post information to public parts of our websites or to our social media pages, you acknowledge that such information (including your personal information) may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.

8. DISCLOSURE OF INFORMATION OUTSIDE THE STATE/TERRITORY OF COLLECTION

8.1 Some of the third parties to whom we disclose personal information may be located outside the state or territory in which the information was collected or outside Australia. The state/territories and countries in which such third parties are located will depend on the circumstances. For example, we may disclose personal information to our related companies overseas and to our overseas service providers, generally located in New Zealand.

8.2 In the ordinary course of business we may also disclose your personal information to manufacturers or suppliers of pharmaceutical products to enable us and the relevant manufacturer or supplier (who may be located outside of Australia likely to be in the USA, New Zealand, Canada, the United Kingdom and counties in the European Union and India) to deal with any concern, issue, or complaint about a pharmaceutical product or service.

8.3 Except in some cases where we may rely on an exception under the Privacy Act or other law, we will take reasonable steps to ensure that such overseas recipients do not breach the Privacy Principles in the Privacy Act in relation to such information.

8.4 In respect of health information covered by health records legislation, unless otherwise required or permitted by law, we will only disclose your health information to a third party outside the state/territory of collection if we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which upholds principles for fair handling of the information that are substantially similar to those in the applicable health records legislation.

9. HOW DO WE PROTECT PERSONAL INFORMATION?

9.1 Zest will take reasonable steps to keep any personal information we hold about you secure. Please notify us immediately if you become aware of any breach of security.

9.2 However, except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of your personal information. Nothing in this Privacy Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law including the Competition and Consumer Act 2010 (Cth). 

10. Accuracy of the personal information we hold

10.1 We try to maintain your personal information as accurately as reasonably possible. We rely on the accuracy of personal information as provided to us both directly (from you) and indirectly.

10.2 You may contact us if the personal information we hold about you is incorrect or to notify us of a change in your personal information. Our contact details are set out in section 14 of this Privacy Policy.

11. LINKS, COOKIES AND USE OF ZEST WEBSITES AND APPLICATIONS

11.1 Zest websites may contain links to other sites. This Privacy Policy applies to our websites and not any linked sites which are not operated or controlled by Zest. We encourage you to read the privacy policy of each website that collects your personal information.

11.2 Zest uses “cookies” and similar technology on its websites and in other technology applications. The use of such technologies is an industry standard, and helps us monitor the effectiveness of our advertising and how visitors use our websites/applications. We use such technologies to generate statistics, measure your activity, improve the usefulness of our websites/applications and to enhance the “customer” experience.

11.3 If you prefer not to receive cookies you can adjust your internet browser to refuse cookies or to warn you when cookies are being used. However, our websites may not function properly or optimally if cookies have been turned off.

12. HOW CAN YOU ACCESS AND CORRECT PERSONAL INFORMATION WE HOLD ABOUT YOU?

12.1 You may seek access to personal information which Zest holds about you by contacting us as described in section 14 of this Privacy Policy. We will provide access to that information in accordance with the Privacy Act and health records legislation, subject to certain exemptions which may apply. We may require that the person requesting access provide suitable identification and where permitted by law we may charge an administration fee for granting access to your personal information.

12.2 If you become aware that any personal information we hold about you is incorrect or if you wish to update your information, please contact us (see section 14 of this Privacy Policy).

13. QUERIES, COMMENTS AND COMPLAINTS ABOUT OUR HANDLING OF PERSONAL INFORMATION

13.1 If you have any questions, comments or complaints about our collection, use or disclosure of personal information, or if you believe that we have not complied with this Privacy Policy, the Privacy Act or applicable health records legislation, please contact us (see section 14 of this Privacy Policy). 

13.2 When contacting us please provide as much detail as possible in relation to your question, comment or complaint.

13.3 Zest will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need. 

13.4 If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner (click here for information) or other relevant regulators.

14. How can you contact us?

14.1 Please address all privacy complaints and requests to update or access information to:

Attention: Privacy Officer
Nexus Australasia Pty Ltd
ABN 81 115 828 941

Level 7
737 Bourke Street
Docklands, VIC 3008
OR    privacy@symbion.com.au

Any requests to access, update or correct your health information should be made in writing.

14.2 To unsubscribe from our direct marketing, you can also contact us at donotcontact@symbion.com.au and set out the contact details that you no longer want used for direct marketing.