Privacy policy

We value your privacy and we work hard to protect the information you provide to us. Candor Medical Pty Ltd ACN 654 827 808 (Candor) is an online health platform that facilitates confidential consultations with Australian registered health practitioners (Health Practitioners). Candor is bound by the Australia Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).

This Privacy Policy explains how we manage your personal information (which includes your health information), including our obligations and your rights in respect of our dealings with your personal information.

Please take a moment to read our Privacy Policy as it describes what happens to your personal information that is collected via our website at www.candormedical.com or app.candormedical.com (collectively the Website) or as a result of you using our services.

Consent to collect your personal informaiton

By engaging with Candor and providing us with your personal information, you provide consent for our Health Practitioners and staff to access and use your personal information so they can provide you with the best possible healthcare.  Only staff who need to see your personal information will have access to it as outlined in this privacy policy. You also provide consent for Candor to share information with third parties in accordance with the 'Disclosing Personal Information' section below. If we need to use your information for anything else, we will seek additional consent from you to do this.

How we collect your personal infofrmation

We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. Our Health Practitioners may also collect and hold your personal information (including your health information).

We may collect the personal information you directly give us through some of the following means:

  1. when you make an inquiry or order in relation to goods or services through the Website;
  2. when you undergo an online consultation with a Health Practitioner through the Website;
  3. When your treating Health Practitioner makes notes relating to your consultation;
  4. while administering or performing any contracts with service providers;
  5. if you contact us via telephone;
  6. from correspondence (whether in writing or electronically), including when you contact us through our Website;
  7. through any mobile applications provided by Candor;
  8. while conducting customer satisfaction and market research surveys;
  9. when administering any of our services; and
  10. as otherwise required to manage our business.

We may also collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners. If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.

Types of personal information we collect

The type of personal information we may collect can include (but is not limited to), your name, postal address, email address, phone numbers, date of birth, billing and shipping information, your device ID, IP address, statistics on page views, traffic, standard web log-in information, details of the services and provides you make enquiries about, and, if applicable, employment information.

We will collect and hold sensitive health information about you, such as your medical history, medications, allergies, adverse events, immunisations, social history, family history, risk factors, and any information you provide to Health Practitioners. We only collect sensitive health information about you with your consent, or otherwise in accordance with the Privacy Act.

Where you do not wish to provide us with your personal information, we may not be able to provide you with requested goods or services.

Our purposes for handling your personal information

We collect, hold, use and disclose personal information to:

  1. offer and provide you with our goods and services including healthcare services;
  2. manage and administer those goods and services, including account keeping procedures;
  3. provide facilities to Health Practitioners using Candor so that they can undergo consultations with you;
  4. communicate with you about, including (but not limited to), the services you have sought,  requests from the Health Practitioner, receipts and invoices, dispatch and tracking information, returns and exchange authorisations;
  5. send you marketing or promotional information in relation to Candor or any of Candor's business partners that might be of interest to you (including via SMS, email and personalised website experiences, such as a dashboard of recommendations for health products and services which may benefit you);
  6. improve Candor’s products and services, including research and development;
  7. comply with our legal and regulatory obligations;
  8. consider your application for employment (if applicable); and
  9. otherwise to manage our business.
Disclosure of personal information

We may disclose personal information between our group companies or to third parties such as our suppliers, organisations that provide us with technical and support services, or our professional advisors, where permitted by the Privacy Act.

If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.

Specifically, we may disclose personal information for the purposes outlined in this Privacy Policy to:

  1. Health Practitioners;
  2. Cloud service providers; and
  3. Payment system operators.

We may disclose de-identified personal information to relevant pharmaceutical sponsors for purposes relating to product research and development, pharmacovigilance reporting, product planning, clinic support, and health practitioner education.  

Candor and/or external parties may also require access to, and disclosure of, your personal information in the following circumstances:

  1. Where it is necessary to provide medical care;
  2. Where it is necessary to facilitate the running of the business; or
  3. Where we are legally obligated to do so in order to co-operate with a law enforcement authority or court order.

By requesting goods and services from Candor you unconditionally consent to all means of disclosure outlined in this Privacy Policy.

Protection of personal information

We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third party servers, which may be located overseas.

We maintain appropriate physical, procedural and technical security for our offices and information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal information. This also applies to disposal of personal information. We further protect personal information by restricting access to personal information to only those who need access to the personal information do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.

We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.

Direct marketing

Like most businesses, marketing is important to our continued success. We believe we have a unique range of products and services that we provide to customers at a high standard. We therefore like to stay in touch with customers and let them know about new opportunities. We may provide you with information about new products, services and promotions either from us, or from third parties which may be of interest to you.

We will not disclose your personal information to third parties for marketing purposes without your consent.You may opt out at any time if you no longer wish to receive commercial messages from us.

You can make this request by unsubscribing from all future marketing messages by following unsubscribe links included in each marketing email or by contacting our Privacy Officer.

Cookies

A cookie is a small text file stored in your computer’s memory or on your hard disk for a pre-defined period of time. We use cookies to identify specific machines in order to collect aggregate information on how visitors are experiencing the Website. This information will help to better adapt the Website to suit personal requirements. While cookies allow a computer to be identified, they do not permit any reference to a specific individual. For information on cookie settings of your internet browser, please refer to your browser’s documentation.

Accessing and correcting your personal information

You have the right to request access to, and correction of, your personal information.Candor will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we may ask you to verify that your personal information held by Candor is correct and current.

You may also request that we correct or update your information. We will respond to all requests for access to or correction of personal information within a reasonable time. You should make such requests in writing to  support@candor.org.

Overseas transfers of personal information

We will not share your personal information with anyone outside of Australia (unless under exceptional circumstances that are permitted by law) without your consent. We do not currently transfer information overseas directly, but we may engage with cloud service providers who store information overseas.

Resolving personal information concerns

If you have any questions, concerns or complaints about this Privacy Policy, or how we handle your personal information, please contact us in writing at: support@candor.org


We take all complaints seriously, and will respond to your complaint within a reasonable period.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 0491 205 199
Email: enquiries@oaic.gov.au

Changes

We reserve the right to change the terms of this Privacy Policy from time to time, without notice to you. An up-to-date copy of our Privacy Policy is available on our Website and we encourage you to check our website periodically to make sure you are aware of our current Privacy Policy.

The last update to this policy was made on 21/10/22.