Thirlestane Services Pty Ltd as trustee for the Thirlestane Discretionary Trust trading as Zento Group (Zento, we or us) is committed to protecting the privacy of your personal information. We take our responsibility for handling sensitive personal information seriously and we have put measures in place to maintain the integrity of personal information and provide full transparency on conduct. We handle your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).
Zento provides a range of practice management services for medical specialists including:
- administration, finance, accounts, recruitment and staffing, planning, marketing, filing and document management, accreditation, registration, business operations and procedures and compliance
- secretarial services including incoming and outgoing phone calls, email, data entry, patient records handling, credit card payments, BPAY payments, reception, and appointment bookings
We are constantly evolving our services, and new services may be offered from time to time.
What information does Zento collect?
We may collect personal information such as:
- your name
- your date of birth
- your contact details (e.g. address, email address, phone number)
- your gender
- your marital status
- cultural background
- your medications
- your emergency contact details
- advance health directive
- the type of appointment you are requesting
- the reason you are having an operation
- information about your private health insurance fund, including your membership number
- your Medicare number and details
- your photograph or image
- financial information
- transaction information
- technical data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website and mobile app
- analytics data which we may collect directly or use third party analytics tools, to help us measure traffic and usage trends for our products and services. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our products and services. We collect and use this analytics information in aggregate form such that it cannot reasonably be manipulated to identify any particular individual user
- information about your prescriptions
- information about your symptoms
- information about your treating health professionals
- information about the practices of your treating health professionals
We may also collect your medicare details and number, pension/health care card/DVA and/or private health insurance membership details, to assist with the above services (for example, to facilitate your booking of appointments with health professionals, and to help confirm your identity for our services.
Usually we collect your personal information directly from you. Zento may collect your personal information from you in various ways, including via telephone, our website, our mobile app, and email.
We may also collect information from third parties, such as:
- family members, legal guardian/s and/or a person you have authorised to provide your personal information to us
- health professionals and their practices (often via their practice management software systems), in relation to the management of appointments you have made, your requested health services, and the associated fees
You do not have to use our services, and you may choose which of our services you wish to use. Our services typically require you to provide us with personal information and, when you use such services, we require you to provide accurate details and do not permit you to use a pseudonym or remain anonymous. For some services, certain information is designated as mandatory (which is required to use the service) and some is optional (which you may choose not to provide, but your failure to provide that information may limit your use of the service). If you do not provide personal information to Zento that is designated as mandatory, we will be unable to provide you with that service.
Zento uses social networking services such as Facebook, Twitter and Instagram to communicate with the public about its activities. Zento may collect your personal information when you communicate with us by using these social networking services, and the social networking services will also handle your personal information for their own activities. These social networking sites have their own privacy policies.
Why does Zento collect and use your personal information?
The primary reason Zento uses your personal information is to provide the services you have elected to receive.
Zento may also use your personal information:
- on a de-identified basis for analysis, research and quality assurance purposes
- when you have provided prior agreement, for communicating with you about our products and services and those of third parties which we believe may be of interest to you. You will be able to stop receiving these communications at any time by:
- clicking on the “Unsubscribe” link on email correspondence
- replying “Stop” to SMS correspondence
- emailing email@example.com
- to promote and drive engagement with our products and services, including the use of targeted online advertising
- to send push notifications to your mobile device (you can use the settings on your mobile device to enable or turn off mobile push notifications from Zento)
- to report to health professionals and their practices about the use and functionality of our services, including associated financial benefits
- for software development as part of continually working on improving our services to patients which may include working with developers located overseas
- for data analytics to help us improve our service and products, and our users’ experience, including by monitoring aggregate metrics such as total number of visitors, traffic, and demographic patterns
- for payment processing
- for other purposes that are notified to you at the time we collect your information, which you give your consent to, or which are authorised or required by law
Who does Zento disclose personal information to?
We will disclose your personal information to the health professionals involved in your care.
Zento may also disclose your personal information to other persons, such as:
- third party service providers (such as IT and software service providers software developers, providers of research services, payment processing service providers, third parties that collect and process data such as Google Analytics and Hotjar, security entities that minimise risks and block suspicious behaviour such as Google reCAPTCHA, and our professional advisers such as lawyers and auditors), but only for the purpose of providing goods or services to us
- some of these software services allow us to advise you of certain services and benefits available to you
- we require our third party service providers to agree to appropriate privacy restrictions, and only permit them to access personal information to the extent needed to provide goods or services to us
- we also engage third party providers to manage our advertising on other websites
- this type of online, targeted advertising – known as “retargeting” – is used to re-engage consumers who previously visited our website
- the website www.youronlinechoices.com.au allows you to opt-out of some online behavioural advertising and provides further information about how online behavioural advertising works
- please note this does not opt you out of being served advertising
- you will continue to receive generic ads
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights
- other persons notified to you at the time we collect your personal information, who you give your consent to, or to whom we are authorised or required by law to make such disclosure
We may also disclose de-identified information of our users to third parties for analysis, research and quality assurance purposes.
Some third party service providers used by Zento may store your personal information on servers located overseas, however, they must also meet our requirements for privacy and data security.
Data quality and security
Zento will take reasonable steps to ensure that your personal information which we may collect, use or disclose is accurate, complete and up-to-date. However, we rely on the accuracy of the personal information as entered by you, or provided to us by third parties.
Zento will take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure. Zento implements security measures including:
- physical security such as security procedures for access to our business premises
- IT security procedures including password protection, network firewalls, encryption, intrusion detection and site monitoring
We will only retain your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or for legal purposes.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we handle your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Access to, deletion of and correction of your personal information
You have a right to request:
- access to your personal information;
- that your personal information be deleted or de-identified; or
- that we correct inaccuracies relating to your information.
In some circumstances, we may not be able to comply with a request that you make in respect of your personal information. For example, we may be required to retain certain information that you ask us to delete for various reasons, such as where there is a legal requirement to do so. Where these reasons to refuse a request in respect of your personal information exist, we will advise you of those reasons at the time you make your request.
If we do agree to your request for the deletion or de-identification of your personal information, we will delete or de-identify your data but will generally assume that you would prefer us to keep a note of your phone number on a register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data is collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
If you request that your personal information is changed, and if Zento does not agree to change your personal information, we will enclose your statement of the requested changes with your personal information.
If you would like to obtain access to, delete or request changes to your personal information you can ask our Privacy Officer (details below).
Zento can charge a reasonable fee for the time and cost of collating, preparing, and photocopying material for you if you request access to your personal information.
Where we have obtained your consent to handle your personal information, or consent to send you information, you may withdraw your consent at any time and we will cease to carry out the particular activity that you previously consented to, unless we consider that there is an alternative reason to justify our continued handling of your personal information for this purpose, in which case we will inform you of this condition.
In particular, if you wish to make a complaint about how we have handled your personal information, you should forward a written complaint to our Privacy Officer.
We will respond in writing within 30 days of receipt of a complaint. If you are not satisfied with our decision, you can contact us to discuss your concerns.
If the complaint remains unresolved, you have the option of notifying the Office of the Australian Information Commissioner (OAIC). Contact details can be found at OAIC’s website: www.oaic.gov.au
How to contact us
By letter: Privacy Officer, Zento, PO Box 124, West Perth, WA 6857, Australia.
By email: firstname.lastname@example.org