Touchstone Life Care Pty Limited (“us”, “our” and “we”) is an Australian health technology company with offices in Sydney, Australia.
We are the leading provider of services that enable individuals to reliably communicate their wishes about medical treatment if they become unable to communicate those choices. As long as people have decision-making capacity, they are entitled to consent to, or refuse consent to, any medical treatment. However, there may be times when a person’s decision-making capacity becomes impaired, whether temporarily or permanently, to such an extent that they are unable to make a decision or express it. We provide services that enable people to make an Advanced Care Plan that expresses their decision about medical treatment in those circumstances.
Information privacy is a core component of our business activities. We are committed to dealing with personal information responsibly and in compliance with the thirteen Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) (“Privacy Act”). The APPs regulate our collection and handling of personal information throughout the information life cycle – from collection through to use, disclosure, transmission, storage, handling and disposal – unless otherwise required by law.
1. Open and Transparent Management of Personal Information
We are committed to managing personal information openly and transparently and have implemented practices, procedures and systems that ensure that we comply with the APPs and that enable us to address inquiries and complaints about our compliance with the APPs in a timely and effective manner.
Our approach to privacy is informed by Privacy by Design principles which assist us to manage our collection and handling of personal information, including sensitive and health information as defined by the Privacy Act.
2. Collection of Personal Information
You are required to provide personal information – limited to that required for us to provide services to you – in order to use our services including creating an advance care plan on our site. If you do not provide this information, we will not be able to provide you with access to our services.
The personal information we collect may differ depending on the amount of detail you wish to include in your advance care plan. [
Where we collect personal information we will provide you with a Privacy Collection Notice, specifying when personal information is being collected, the purposes for which it will be used or disclosed, and how it will otherwise be handled (see section 2.1, below). We may also seek your consent to collect and handle additional personal information relevant to your use of our products or services.
In general, we may collect the following personal information:
- personal details such as your name, title and gender
- images of you
- contact details such as your address, postcode, email address, telephone number(s)
- information about your health, health conditions, values, preferences and beliefs relevant to your future health care
- directions about your future health care
- personal information about people you nominate as being relevant, or to have access to, your advance care plan, such as your spouse, your General Practitioner, family members or friends
- details of your responsible person/s including their name, address, phone number, email address and their relationship to you
- personal details provided in relation to support calls, enquiries and complaints
- information you provide through customer surveys
- your opinion and feedback about our services
- usage details such as information and feedback about your use of our products and services
- online details such as your use of our website
Some of the categories of personal information we collect include personal information that is sensitive information and health information. We recognise that sensitive and health information require a higher standard of protection. Any health information provided to us by customers is taken to have been provided consensually.
2.1 Privacy Collection Notices
We collect personal information directly from our customers and individual users using a variety of methods, including forms, website interactions, surveys, emails, telephone conversations and in person. In limited cases, we may obtain personal information from third parties.
3. Use and Disclosure of Personal Information
We use and disclose personal information for the primary purpose of collection or permitted secondary purposes, including secondary purposes to which you have consented. Our Privacy Collection Notices may provide with you with more specific information about the use and disclosure of your personal information.
In general, we may use and disclose personal information for the following purposes:
- to respond to you
- to provide you with the services you have contracted for
- to provide you with access to (including a free trial of) one or more of our products or services
- to process and manage a subscription to a product or service
- to provide a person you have nominated with access to your advance care plan
- to protect personal information, including health information, handled (transmitted, stored, processed) by us
- to undertake quality assurance processes, including assessing whether or not a product or service is working as promised
- to monitor, detect and respond to cybersecurity or privacy incidents
- where required or authorised by or under an Australian law or a court/tribunal order
4. Direct Marketing
When we undertake direct marketing, we let you know. If you do not wish to receive any direct marketing communications from us, you can let us know – including via an ‘opt out’ link in our marketing emails – and we will action your request.
5. Cross-border Disclosure
We store data (our own and our customers’) in highly secure Australian data centres, ensuring that personal information remains in Australia.
Our business activities do not require us to adopt, use or disclose government-related identifiers.
7. Security and Retention of Data
As a provider of cloud-based products and services, we are committed to best practice information security (physical, technical and personnel). We store data in highly secure data centres located in Australia. We have a range of policies, processes and procedures to help us maintain the security of our software/applications.
When we collect and handle personal information – including health information on behalf of our customers – we maintain administrative, physical and technical safeguards to protect its confidentiality, integrity and availability. Personal and health information is encrypted in transit and at rest. We promote a culture of security within our organisation.
We monitor our security posture on a regular basis and take reasonable steps to ensure it remains fit-for-purpose. Any potential privacy incident is covered by our incident-handling policy, including compliance with the Privacy Act’s Notifiable Data Breaches scheme (as/if required).
We retain personal information, including health information, for the period of time we require to perform our business activities, including to discharge our contractual obligations, or as otherwise required by law. In general terms this means that we keep your personal information for seven years if you are an adult. If you are not an adult we keep your personal information until you are twenty five.
We take reasonable steps to destroy or de-identify personal information when it is no longer required or where we determine that unsolicited personal information must be destroyed or permanently de-identified in compliance with the Privacy Act.
8. Information Collected through Technology
We use web beacons – small pieces of data installed in web pages and emails – in HTML emails sent out by us to establish whether the emails have been opened, and if the links in those emails have been clicked on.
We use Google Analytics Demographics and Interest Reporting to capture age, gender and interests of visitors to our website. We use this data for statistical purposes, personalised advertising and to generate reports for evaluating our website. We use Google Adwords Remarketing Service to advertise on third party websites to previous visitors to our website.
Reflecting increasing concerns about privacy and transparency, Google provides a range of options to disable or prevent the collection of user data, including providing website visitors with the ability to prevent their data from being used by Google Analytics (via the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout?hl=en or, where Google Analytics has been implemented with other Google Advertising products, to limit or prevent display advertising and customisation: https://adssettings.google.com/. Alternatively, you can use a browser that blocks access to Google Analytics.
9. Quality of Data, Access, Correction and Complaints
Our products and services provide customers and individuals with the ability to access and correct your own information, helping to ensure that personal information remains accurate, complete and up to date.
You may request access to/correction of any other personal information about you held by us, using the contact details provided below. We will acknowledge receipt of your complaint promptly. We aim to respond to your request for access/correction within 30 days of receiving the complaint or request.
If you have any complaints about our handling of your personal information you may make a complaint in writing, using the contact details provided below. We will acknowledge receipt of your complaint promptly. We take privacy complaints seriously and will use our best endeavours to resolve your complaint.
If you are unhappy with our handling of your complaint, you can contact the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au/privacy/privacy-complaints/.
9.1 Touchstone Privacy Contact Information
Phone: Privacy Officer on 0412281996
Email: firstname.lastname@example.org (attention Privacy Officer)
Touchstone Life Care Pty Limited
11-17 York St
Sydney NSW 2000