Oqea Clinical Privacy Policy v2.0 (Updated August 2024)
We care about you and your privacy.
At Oqea Cares, we’re committed to protecting your personal and sensitive information. That’s why we’ve put together this policy. We want to ensure we provide a safe, trusted and secure environment to streamline the care coordination journey for all our users. We want to explain this in simple terms, however recognising the importance of your privacy, if we need to disclose information then the reason we are doing that is outlined in this policy.
In this Privacy Policy, we will refer to Oqea Clinical Pty Ltd (ABN 73 653 194 640) as “Oqea Cares”, “we”, “us” and “our”.
Because we take your privacy seriously, we have designed this policy with careful reference to the Australian Privacy Principles’ and related privacy laws. We may also reference to related, third-party service providers’ relevant privacy policies and associated documents. It explains how we approach the important issues of privacy and the management of your personal information (as defined in the Privacy Act (“Personal Information”).
Please contact Oqea Clinical’s Privacy Officer (details are at the end of this Privacy Policy) if you require any further information regarding our Privacy Policy.
Oqea Clinical provides psychology, allied health, psychiatry and mental health general practitioner (MH GP) services to its clients (our “Services”).
This privacy policy applies to information we collect and use:
This policy is not intended to cover categories of personal information which are not covered by the Privacy Act.
By choosing to use or interact with our Services, or visit our websites (including https://oqeacares.au/ (“Sites”), or otherwise interact with us, you consent and agree to this Privacy Policy of Oqea Clinical (“Policy”).
In recognition of the critical importance of maintaining confidentiality of health information to a client, the way we collect, store and use the personal information and sensitive information of a client is different from how we collect, store and use personal information of other individuals who interact with us. As this privacy policy is required to clearly express how we manage all personal information, we have divided it into two parts: Part A which relates to clients’ personal information when they interact with us as a client and Part B for individuals interacting with us other than as clients. For example, where a person who is a client also uses our website, they do not do so as a client, and that information is not associated with their information as a client. At all times, the client’s sensitive information remains confidential.
Oqea Clinical as psychologists, and the Oqea.me platform
Oqea Clinical is affiliated with Oqea Pty Ltd (ACN 628 016 491) (“Oqea Pty Ltd”), which provides two digital platforms:
Oqea.me:
Oqea.net, which is:
We will direct any requests and enquiries relating to personal information on Oqea.Me and Oqea.Net to Oqea Pty Ltd, unless they relate to personal information held by our psychologists. They have their own privacy policy and obligations for use, disclosure, modification and destruction of records. For Oqea Pty Ltd’s privacy policy, please visit https://www.oqea.com/oqea-privacy-policy.
The Australian Government introduced updated legislation in 2014 to the Privacy Act (1988), to further enhance the protection and handling of an individual’s privacy and personal information. These principles replace the previous National Privacy Principles that operated from 2001. You can find out more about the Australian Privacy Principles by calling the Office of the Australian Information Commissioner on 1300 363 992 or through their website at www.oaic.gov.au.
We respect and uphold your right to privacy protection under the Australian Privacy Principles in regulating how we collect, use, disclose and hold your Personal Information. We have procedures so only our authorised staff (being System Administrators) have access to your Personal Information, and ensure that it remains confidential and is only used and disclosed for appropriate purposes, where you have consented, when there is a legal obligation to do so (e.g., subpoena or significant and imminent risk of harm) and in accordance with this policy.
We are also bound by the Australian Psychological Society – Code of Ethics, which is relevant to how we handle personal information.
Information We Receive When a client Uses Our Services
The types of Personal Information we collect and hold about clients includes:
We may collect information about you because we are required or authorised by law to collect it.
We may collect Personal Information about you from professionals, other users, our clients, and third parties if:
If you want to change any information that you have previously given us, or if you want to opt out of future communications please contact Oqea Clinical’s Privacy Officer as detailed below.
As a client, we collect your Personal Information when you provide it to us in a number of ways including:
Sometimes we collect information about you from other sources. We do this only if it is necessary to do so. Instances of when we may need to include where:
Also:
In some cases, you might provide Personal Information to us by entering it into forms which stores the information in our cloud-based servers.
When we collect or hold Personal Information in this way, it is only used or disclosed for the primary purpose as described in this Privacy Policy, or the organisation that has disclosed that information to enable us to provide the Services.
Personal Information may be stored on our web servers but will only be accessed by us to provide technical support, or to carry out other functions reasonably necessary to provide the Services. This Personal Information will not be disclosed in any other way without your written consent.
People sometimes share information with us we have not sought out (referred to as ‘unsolicited information’).
Where we receive unsolicited Personal Information about you, we will check whether that information is reasonably necessary for our Services, functions or activities. If it is, we will handle this information the same way we do with other information we seek from you. If not, we will ensure we do the right thing and destroy or de-identify it.
When we receive Personal Information from you directly, we either have already taken or we will take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.
Sometimes we collect your Personal Information from third parties. You may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.
Using and disclosing your Personal Information as a client
Your Personal Information and Sensitive Information will generally only be used and disclosed for the purpose it was collected. This includes maintaining your contact details, providing you with the Services and processing payments. We may disclose your personal information to third parties or contractors who are integral to the provision of our services.
We may provide health Information to other medical service providers, such as your general practitioner or specialist medical practitioners. We will only supply this information with your consent, or in circumstances where it is required for the delivery of health services, such as referral to another health service provider, billing and liaising with government offices regarding entitlements and payments, where it is necessary to prevent or lessen an identified significant and imminent threat to a person’s life, health or safety, or other reason as permitted by law.
We may use your Personal Information (other than Sensitive Information) to:
We use, in addition to our own proprietary technologies and systems, various third-party software and technologies, each of which may have their own privacy policies and terms of use.
Please also note, owing to the ever-changing nature of technology and to provide optimal support to you, we may use different third-party support software and platforms from time to time. To that, any such Personal Information data stored or processed will also be subject to the privacy policies of those relevant individual third parties and platforms and may vary.
We may use your Personal Information to the extent that is reasonably necessary to carry out the Services including for the following purposes:
Our IT infrastructure is in secure buildings with restricted access. Our IT systems are password protected and we conduct regular audit and data integrity checks.
We frequently update and review our IT security software in order to protect our systems (and the data contained in those systems) from cyber security threats. In addition, all our employees are required, as a condition of employment, to treat Personal Information held by Oqea Clinical as confidential.
We store your Personal Information in cloud-based servers. These cloud servers are situated in Australia. The cloud server providers are required to keep all information stored confidential.
If we store your Personal Information on a remote, “Cloud” or offsite server we will endeavour to protect your Personal Information through security measures such as password protection and encryption.
We may destroy or de-identify the Personal Information provided by you once it is no longer needed for our Services. However, we may, in addition to the reasons already disclosed in this Privacy Policy, in certain circumstances be required by law to retain Personal Information after our Services have been completed.
In this case, the Personal Information will continue to be protected in accordance with this Privacy Policy. If we destroy Personal Information we will do so by taking reasonable steps and using up-to-date techniques and processes.
We adhere to the Spam Act 2003 (Cth). The Spam Act prohibits the sending of unsolicited emails, SMS and MMS messages for commercial purposes from or within Australia or to people in Australia. The Spam Act also bans the supply and use of software designed to harvest email addresses.
If you have any complaints, questions or concerns about what information we hold or about the accuracy of that information, please contact Oqea Clinical’s Privacy Officer. Where the information relates to your health information, please speak with your medical professional in the first instance.
If you would like to access the information that we hold about you, or to complain about a possible breach of the Australian Privacy Principles, you can write to Oqea Clinical’s Privacy Officer at the address provided below.
We will respond to your complaint or endeavour to give you access to the information requested within two weeks. In order to maintain the confidentiality of your personal information, we will ask you to meet with us so we can review your specific identification documents before we give you access. If it is not practical for you to meet us in person, we will arrange to check your identification before we mail the information out to you.
If the information that we hold about you is incorrect or not up-to-date, we will update it as soon as possible after you have shown us how and why it is incorrect.
In the unlikely event that we are unable to provide you with access to your personal information for legal reasons as specified in the Privacy Act, we will provide you with reasons for denying access.
If you are not satisfied with our response to your complaint, question or concern, you may wish to lodge a complaint with the Office of the Australian Information Commissioner. Further information can be found on the Commissioner’s Site or by calling 1300 363 992.
Please remember that where a person who is a client also interacts with us (such as via the website), they do not do so as a client, and that the information collected and stored is not associated with their information as a client. The client’s sensitive information remains confidential.
The types of Personal Information we collect and hold about individuals other than as clients relates to individuals including website visitors, clients, suppliers and other business contacts. This will typically not include health information. Typically, this information often includes names, birth dates, addresses, telephone numbers, e-mail addresses and job titles. In the course of providing the Services and our Sites, we may collect and hold more detailed personal information, for example:
We will otherwise not collect Sensitive Information unless you have consented to give this information and it is relevant to our Services.
We will always collect such information in a non-intrusive, lawful and fair manner, and only when you have consented to the collection of such information.
Your Personal Information and Sensitive Information is only collected as is necessary for us to carry out our work and deliver our Services.
We may de-identify or anonymise Personal Information (such that it is no longer Personal Information) and use it in aggregate. This aggregated information may be disclosed to third parties, including researchers, regulators and industry bodies.
When you visit our Sites or use our Services, we collect information about which of those services you have used and how you have used them. We might know, for instance, that you a visited a certain page, saw a specific ad for a certain period of time. Here’s a fuller explanation of the types of information we collect when you use our services:
Most web browsers are set to accept cookies by default. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. Keep in mind, though, that removing or rejecting cookies could affect the availability and functionality of our Sites. To learn more about how we use cookies and your choices, please refer to the “Visiting our Site and Cookie Policy” below. To learn more about how third parties use these technologies on our Services, please read the “Analytics” section of this Policy.
We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions which may require us to collect personal information, like the National Consumer Credit Protection Act and The Anti-Money Laundering and Counter-Terrorism Financing Act.
We may collect Personal Information about you from other users, our clients, and third parties such as recruiters, or your employer if:
If you want to change any information that you have previously given us, or if you want to opt out of future communications please contact Oqea Clinical’s Privacy Officer as detailed below.
For individuals other than as clients, we collect your Personal Information when you provide it to us in a number of ways including:
Sometimes we collect information about you from other sources. We do this only if it is necessary to do so. Instances of when we may need to include where:
Also:
In some cases, you might provide Personal Information to us by entering it into forms which stores the information in our cloud-based servers. Alternatively, your information may be disclosed to us by an organisation with whom you interact.
When we collect or hold Personal Information in this way, it is only used or disclosed for the primary purpose as described in this Privacy Policy, or the organisation that has disclosed that information to enable us to provide the Services.
Personal Information may be stored on our web servers but will only be accessed by us to provide technical support, or to carry out other functions reasonably necessary to provide the Services. This Personal Information will not be disclosed in any other way without your written consent.
People sometimes share information with us we have not sought out (referred to as ‘unsolicited information’).
Where we receive unsolicited Personal Information about you, we will check whether that information is reasonably necessary for our Services, functions or activities. If it is, we will handle this information the same way we do with other information we seek from you. If not, we will ensure we do the right thing and destroy or de-identify it.
When we receive Personal Information from you directly, we either have already taken or we will take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.
Sometimes we collect your Personal Information from third parties. You may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.
Using your Personal Information other than as a client
We may use your Personal Information when:
We use, in addition to our own proprietary technologies and systems, various third-party software and technologies, each of which may have their own privacy policies and terms of use.
Please also note, owing to the ever-changing nature of technology and to provide optimal support to you, we may use different third-party support software and platforms from time to time. To that, any such Personal Information data stored or processed will also be subject to the privacy policies of those relevant individual third parties and platforms and may vary.
We may use your Personal Information to the extent that is reasonably necessary to carry out the Services including for the following purposes:
Our IT infrastructure is in secure buildings with restricted access. Our IT systems are password protected and we conduct regular audit and data integrity checks.
We frequently update and review our IT security software in order to protect our systems (and the data contained in those systems) from cyber security threats. In addition, all our employees are required, as a condition of employment, to treat Personal Information held by Oqea Clinical as confidential.
We store your Personal Information in cloud-based servers. These cloud servers are situated in Australia. The cloud server providers are required to keep all information stored confidential.
If we store your Personal Information on a remote, “Cloud” or offsite server we will endeavour to protect your Personal Information through security measures such as password protection and encryption.
We may destroy or de-identify the Personal Information provided by you once it is no longer needed for our Services. However, we may, in addition to the reasons already disclosed in this Privacy Policy, in certain circumstances be required by law to retain Personal Information after our Services have been completed.
In this case, the Personal Information will continue to be protected in accordance with this Privacy Policy. If we destroy Personal Information we will do so by taking reasonable steps and using up-to-date techniques and processes.
Using your Personal Information other than as a client
We may disclose your Personal Information to third parties but only for the purposes of providing the Services and for the purposes contemplated by your use of the Site.
These third parties may include:
We may disclose your personal information:
We may disclose Personal Information for the following purposes:
When we disclose your Personal Information with a third party, we will require the third party to handle your Personal Information in accordance this Policy and the Australian Privacy Principles.
Oqea Clinical may sometimes use third party service providers to conduct surveys and facilitate information collection. Some of these service providers conduct all or part of their business overseas and so your personal information may be transferred overseas as a result.
Oqea Clinical conducts a due diligence process before entering into an agreement with these service providers and will take all reasonable steps to ensure that your information is not used in a manner inconsistent with the Australian Privacy Principles.
Web traffic information is disclosed to Google Analytics when you visit any of our Sites. Google stores information across multiple countries. When you communicate with us through a social network service such as Facebook or X/Twitter, the social network provider and its partners may collect and hold your personal information overseas.
Our Site may use ‘cookies’ to improve your experience on our site, to display content more relevant to you within the Site, and to display items added while using online facilities. If you are concerned about the use of these cookies, your browser can be configured to notify you when you receive a cookie, and provide you with the opportunity to accept or reject it. You may refuse all cookies from our Site, however some functions may be unavailable.
Our Site may use statistical information collection tools (such as Google Analytics) to track site visits, navigation and performance within our Site for the purpose of monitoring and improving the site. If you are concerned about the use of these tools, you can configure your browser to send a “Do Not Track” request with your browsing traffic.
Our Site may also use third party cookies and Google Analytics Advertising Features including: Remarketing with Google Analytics, and Google Analytics Demographics and Interest Reporting.
Visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings. Further information regarding behavioural advertising, including ways to manage your online privacy, is available at https://www.staysmartonline.gov.au/.
Where you provide your email address to us, we will only use it for the purpose provided unless you have consented to us using it for additional purposes, and we will not pass it on to any other person or organisation unless we have disclosed this to you. We may also disclose your information where required by law to do so.
Our Site may contain links to other sites of interest. We do not control, and are not responsible for, the content or privacy practices of those Sites. Please check the Privacy Policies on other Sites before you provide your personal information to them.
By using our Site and Services you acknowledge and agree that the internet is inherently insecure and that you use the internet at your own risk. You acknowledge that you do not hold Oqea Clinical or its directors, representatives, employees, contractors, suppliers or clients liable for any security breaches, viruses or other malicious software that may infect your computer or other internet browsing device, or any loss of data, revenue or otherwise that may occur as a result of using our Site.
We strive to ensure the security of your Personal Information and we take reasonable steps to protect your Personal Information from:
We will review and update our physical and data security measures in light of current technologies. Unfortunately, no data transmission over electronic, mobile data and communication services can be guaranteed to be totally secure.
Our employees and contractors who provide services related to our information systems are obliged to respect the confidentiality of any Personal Information held by us.
We will do everything reasonably within our power and control to prevent unauthorised use or disclosure of your Personal Information. However, we will not be held responsible for events arising from any unauthorised use or access to your Personal Information.
Certain sections of our Site are secured using industry-standard SSL/TLS technology to encrypt data between your browser and the Site.
If you have any complaints, questions or concerns about what information we hold or about the accuracy of that information, please contact Oqea Clinical’s Privacy Officer.
If you would like to access the information that we hold about you, or to complain about a possible breach of the Australian Privacy Principles, you can write to Oqea Clinical’s Privacy Officer at the address provided below.
We will respond to your complaint or endeavour to give you access to the information requested within two weeks. In order to maintain the confidentiality of your personal information, we will ask you to meet with us so we can review your specific identification documents before we give you access. If it is not practical for you to meet us in person, we will arrange to check your identification before we mail the information out to you.
If the information that we hold about you is incorrect or not up-to-date, we will update it as soon as possible after you have shown us how and why it is incorrect.
In the unlikely event that we are unable to provide you with access to your personal information for legal reasons as specified in the Privacy Act, we will provide you with reasons for denying access.
If you are not satisfied with our response to your complaint, question or concern, you may wish to lodge a complaint with the Office of the Australian Information Commissioner. Further information can be found on the Commissioner’s Site or by calling 1300 363 992.
We may, without notice, amend or modify this Privacy Policy by posting the amended Privacy Notice to our Site or our Services.
Privacy Officer’s contact details
Oqea Clinical’s Privacy Officer can be contacted by:
Privacy Officer
Oqea Clinical Pty Ltd
Email: privacy@oqea.com
Postal Address: 230 Rokeby Road, Subiaco WA 6008