Version date: February 2023
1.1 Nexus Australasia Pty Ltd ABN 81 115 828 941 (trading as Zest Healthcare Communications) and its related bodies corporate (“Zest”, “we”, “our” and “us”) are committed to responsible privacy practices and to complying with the Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”) including the Australian Privacy Principles (“Privacy Principles”) and Notifiable Data Breaches scheme contained in the Privacy Act and applicable state and territory health records legislation such as the Health Records Act 2001 (Vic), the Health Records (Privacy and Access) Act 1997 (ACT) and the Health Records and Information Privacy Act 2002 (NSW).
1.2 Where applicable, Zest will handle personal information relying on the related bodies corporate exemption and the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation.
1.4 Where it is practical for us to allow you to do so, you may deal with us anonymously (for example when enquiring generally about our products and services).
2. What is personal information?
3. What types of personal information does ZEST collect?
3.1 The types of personal information Zest collects from you depend on the circumstances in which the information is collected.
3.2 Zest may collect contact details including your name, occupation, address, email address, phone and fax numbers, date of birth, emergency contact and guardian/carer. We may collect answers you provide to questions we ask and other information in relation to your dealings with Zest including but not limited to your gender, ethnicity and place of work. If you purchase products or services from us, we may also collect certain transactional information and financial details to process the transaction.
3.3 If you are an individual contractor to Zest, in addition to the information referred to in section 3.2 we may also collect information relevant to your engagement with Zest including qualifications, resume, reference information from your nominated referees, tax file number, bank details, feedback from supervisors and training records.
3.4 If we are providing you with, or assisting your health service provider or treating health professional (such as a doctor, pharmacist or hospital) to provide you with, a health-related service we may collect your health information and, in such circumstances, you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it and as permitted by the Privacy Act, applicable health records legislation and other relevant laws.
3.5 When you use our websites, we may collect website usage information such as the IP address you are using, the name of your Internet service provider, your browser version, the website that referred you to us and the next website you go to, the pages you request, the date and time of those requests and the country you are in.
3.6 In certain circumstances we are required to collect government identifiers such as tax file numbers, Medicare numbers, health service provider numbers, pension numbers and Veteran’s Affairs numbers. We only collect, use and disclose such information as permitted or required by law.
3.7 In addition to the types of personal information identified above, Zest may collect personal information as otherwise permitted or required by law.
4. How do we collect your personal information?
4.1 Zest collects personal information in a number of ways. The most common ways we collect your personal information are:
- directly from you when you provide it to us or our agents or contractors;
- via our website or when you deal with us online (including through our social media pages);
- if you are an individual contractor to Zest, from your employer or recruitment agency;
- from publicly available sources;
- from credit reporting agencies;
- from our related companies; and
- from third parties (for example, from your health service provider or treating health professional (such as a doctor, pharmacist or hospital) in connection with providing a health-related service to you; from referees if you apply for a position as an employee or contractor with us).
4.2 Most of the information that we hold about you will usually be stored electronically. We may store some of your information in secure data centres that are located in Australia or in other secure data centres of our contracted service providers (including cloud storage providers) that may be located outside of Australia. We may also store information that we hold about you securely in paper files or other hardcopy formats.
5. For what purposes do we collect, use and disclose your personal information?
5.1 The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.
5.2 We may use or disclose your personal information:
- for the purposes for which we collected it (and certain secondary purposes where permitted by law);
- for other purposes to which you have consented; and
- as otherwise authorised or required by law.
5.3 In general we collect, use and disclose your personal information so that we can do business together and for purposes connected with our business operations.
5.4 Unless otherwise required or permitted by law, we will only collect health information about you with your consent and we will only use that information for the primary purpose for which it was collected. In some circumstances, we may collect your health information through third parties (e.g. from healthcare professionals, such as pharmacists, or other health professionals who are treating you). We will only do this if you have consented or where otherwise permitted or required by law.
5.5 Some of the specific purposes for which we collect, use and disclose personal information are:
- to respond to you if you have requested information (including via our websites or via an email or other correspondence you send to us);
- to provide goods or services to you, to assist a health professional or service provider to provide you with certain services (e.g. health services) or to receive goods or services from you;
- to administer and manage services, including charging, billing and collecting debts;
- to enable you to participate in any loyalty programs that we conduct;
- to improve our products and services and keep you up to date on such improvements;
- to understand our customer base and help tailor our products and services;
- to allow performance reporting and benchmarking of your business, if applicable;
- to contact you (directly or through our service providers) to obtain your feedback, to find out your level of satisfaction with our products and services and for other market research activities;
- to verify your identity;
- to address any issues or complaints that we or you have regarding our relationship; and
- to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone, by fax or in any other lawful manner.
5.6 We may also use and disclose your personal information for the purpose of direct marketing to you where:
- you have consented to us doing so; or
- it is otherwise permitted by law.
5.8 Improvement, development and analysis are important aspects of our business. We are constantly working to maintain, improve and develop new products, services and processes. We may use your personal information in a number of ways to help us do this, such as by monitoring your use of our websites, products and services, and their quality and performance. We also use analysis and business intelligence techniques to obtain high-level insights into things like usage and location patterns/trends, website and service performance, demographic trends, and other types of behavioural and health data. This information is generally aggregated and de-identified when analysed and we may share these insights with select business and commercial partners. In some cases, we may create insights with your information on an identified basis but would only do so where you have consented. We may also combine information we hold about you with information from one of our business and commercial partners to improve our data analysis, services and other processes.
6. WHAT HAPPENS IF YOU DON’T PROVIDE PERSONAL INFORMATION?
6.1 Generally, you have no obligation to provide any personal information requested by us. However, if you choose to withhold requested personal information, we may not be able to provide you with products and services that depend on the collection of that information.
7. To whom do we disclose personal information?
7.2 This may include disclosing your personal information to the following types of third parties:
- our related companies;
- health service providers or treating health professionals (such as your doctor, pharmacist or hospital), in connection with providing health-related goods or services to you or as otherwise required or authorised by law; or
- our contractors and other third parties that provide goods and services to us (including suppliers, marketing agencies, data analysis specialists, data processing organisations, billing and debt recovery providers, website and data hosting providers, loyalty program administrators and other IT suppliers);
- manufacturers or suppliers of pharmaceutical products;
- our accountants, insurers, lawyers, auditors and other professional advisers;
- government and regulatory authorities, courts, tribunals and other bodies as required or authorised by law;
- in an emergency, to medical and health service providers;
- any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees);
- in the event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisers;
- carefully selected third parties with whom we have data sharing arrangements;
- third parties that require the information for law enforcement or to prevent a serious threat to public safety; and
- otherwise as permitted or required by law.
7.3 Where we disclose your personal information to third parties we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose we disclosed it to them and in a manner consistent with the Privacy Principles under the Privacy Act and relevant health records legislation, e.g. by (where commercially practical) including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information.
7.4 If you post information to public parts of our websites or to our social media pages, you acknowledge that such information (including your personal information) may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.
8. DISCLOSURE OF INFORMATION OUTSIDE THE STATE/TERRITORY OF COLLECTION
8.1 Some of the third parties to whom we disclose personal information may be located outside the state or territory in which the information was collected or outside Australia. The state/territories and countries in which such third parties are located will depend on the circumstances. For example, we may disclose personal information to our related companies overseas and to our overseas service providers, generally located in New Zealand.
8.2 In the ordinary course of business we may also disclose your personal information to manufacturers or suppliers of pharmaceutical products to enable us and the relevant manufacturer or supplier (who may be located outside of Australia likely to be in the USA, New Zealand, Canada, the United Kingdom and counties in the European Union and India) to deal with any concern, issue, or complaint about a pharmaceutical product or service.
8.3 Except in some cases where we may rely on an exception under the Privacy Act or other law, we will take reasonable steps to ensure that such overseas recipients do not breach the Privacy Principles in the Privacy Act in relation to such information.
8.4 In respect of health information covered by health records legislation, unless otherwise required or permitted by law, we will only disclose your health information to a third party outside the state/territory of collection if we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which upholds principles for fair handling of the information that are substantially similar to those in the applicable health records legislation.
9. HOW DO WE PROTECT PERSONAL INFORMATION?
9.1 Zest will take reasonable steps to keep any personal information we hold about you secure. Please notify us immediately if you become aware of any breach of security.
10. Accuracy of the personal information we hold
10.1 We try to maintain your personal information as accurately as reasonably possible. We rely on the accuracy of personal information as provided to us both directly (from you) and indirectly.
11. LINKS, COOKIES AND USE OF ZEST WEBSITES AND APPLICATIONS
11.2 Zest uses “cookies” and similar technology on its websites and in other technology applications. The use of such technologies is an industry standard, and helps us monitor the effectiveness of our advertising and how visitors use our websites/applications. We use such technologies to generate statistics, measure your activity, improve the usefulness of our websites/applications and to enhance the “customer” experience.
12. HOW CAN YOU ACCESS AND CORRECT PERSONAL INFORMATION WE HOLD ABOUT YOU?
13. QUERIES, COMMENTS AND COMPLAINTS ABOUT OUR HANDLING OF PERSONAL INFORMATION
13.2 When contacting us please provide as much detail as possible in relation to your question, comment or complaint.
13.3 Zest will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
13.4 If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner (click here for information) or other relevant regulators.
14. How can you contact us?
14.1 Please address all privacy complaints and requests to update or access information to:
Attention: Privacy Officer
Nexus Australasia Pty Ltd
ABN 81 115 828 941
737 Bourke Street
Docklands, VIC 3008
Any requests to access, update or correct your health information should be made in writing.
14.2 To unsubscribe from our direct marketing, you can also contact us at firstname.lastname@example.org and set out the contact details that you no longer want used for direct marketing.