We take your privacy seriously and understand the importance of protecting your personal information and health information.
This Policy outlines the types of personal information and health information that we usually collect, the purposes for which we collect it, to whom we disclose it, how we hold and keep it secure and your rights in relation to your personal information and health information, including how to complain and how we deal with complaints. This Policy should be read together with our respective website Terms and Conditions and any location specific legal notice.
By visiting our website or providing us with your personal information or health information (either directly or allowing another person to do so on your behalf), you acknowledge and agree that the personal information or health information we collect about you will be collected and handled in accordance with this Policy. If you do not agree with any part of this Policy, you must not provide your personal information or health information to us.
Our business interests span both Australia and New Zealand. We, our, or us refers to:
We may collect information from you or about you, including your:
The laws we comply with in our dealings with your personal information or health information will depend on your location. We will always comply with Applicable Privacy Laws and Applicable Anti-Spam Laws which means:
Where it is lawful and practicable to do so, you may deal with us anonymously (e.g. when enquiring about our services generally). However, we usually need your name, contact information and other details to enable us to provide our services or products to you.
We will only collect personal information or health information from you when it is reasonably necessary to undertake our business activities and functions, or as otherwise permitted by law. We may also collect your personal information or health information for one or more of the following purposes:
We may also use your personal information or health information for other purposes not listed above which will be made clear to you at the time we collect your personal information, or for such purposes as may be required or permitted by the Applicable Privacy Laws.
The personal information or health information collected depends on the dealings you have with us, and may include your:
If you are making an application or enquiry in relation to employment, or you have a dental practice and are interested in joining us, or you are an existing employee or practice, we may collect additional information from or about you such as:
We only collect sensitive information where it is reasonably necessary for our functions or activities and either you have explicitly consented, or we are required or authorised by law to do so. This may include health information, medical history, details about medication you take, or information for the purposes of a job application such as information about national origin or immigration status, or optional demographic information such as race.
We may collect your credit card details or other financial information where you provide them to us at one of our clinics for the purposes of arranging direct debit or payment plans you have requested. We will only use your financial information for the purpose for which it was collected and in accordance with this policy. We may also collect financial information from you through our sales facilities, to be used by us solely to facilitate payment for the services you have requested. Financial or credit card information we collect from you is strictly confidential and held on secure servers in controlled facilities.
In certain circumstances we are required, to collect government identifiers such as Medicare, National Health Index, pension or Veterans Affairs numbers. We will only use or disclose this information in accordance with the applicable laws.
We will, if reasonable and practicable to do so, collect personal and health information directly from you. This may take place when you fill out documents such as a form. Information may also be collected from you in other ways, including:
We may collect personal and health information from third parties such as:
We will not sell, distribute, rent, licence, disclose or reveal, share or pass your personal information or health information on to any third parties, other than in accordance with this Policy, and to those who are contracted to us to keep personal information or health information confidential.
We may disclose personal information or health information:
We operate and communicate with organisations in a number of countries around the world. Therefore, we may need to disclosure personal information or health information outside your country. We will only disclose information to an organisation in a foreign country: (i) where that country has a substantially similar privacy regime; or (ii) where the overseas organisation has agreed to comply with the Applicable Privacy Laws, or (iii) where we have your informed consent to the disclosure.
We may use your personal information to identify a product or service that you may be interested in or to contact you about an event or promotion. We may with your consent or where required by Applicable Anti-Spam Laws, use the contact details you have provided to contact you from time to time (whether by phone, post, email or SMS) to tell you about new products or services and special offers that we believe may be of interest to you.
You can withdraw your consent to receiving direct marketing communications from us at any time by unsubscribing from the mailing list by clicking ‘unsubscribe’ at the bottom of any email from us, by contacting us on the details at the end of the policy or by using the unsubscribe facility set out in any other electronic communication you receive. Once you have unsubscribed from the electronic communication, you will be removed from the corresponding marketing list as soon as is reasonably practicable and in accordance with Applicable Anti-Spam Laws.
We may occasionally engage other companies to provide marketing or advertising services on our behalf. Those companies will be permitted to obtain only the personal information they need to deliver the service. If we provide those companies with any of your personal information, it is to provide you with a better or more relevant and personalised experience and to improve the quality of those services. We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.
Every time you use our website, information may be collected by us or on our behalf via services such as Google Analytics. Types of information collected may include:
The information that may be collected provides us with details about how the website is being used including the frequency and duration of visits, and which web pages you have accessed on the website.
We may provide third parties with aggregate statistics about our visitors, traffic patterns and related site information. This data reflects site-usage and does not contain identifying information.
We may also utilise certain third-party advertising services (e.g. organizations such as FastClick or Google) to display advertising for our advertisers. These third-party services may also place a cookie on your computer for the purposes of ad tracking and presentation. We do not share personally identifiable visitor information with these third-party services.
We take all reasonable and appropriate steps (including organisational and technological measures) to protect your personal information and health information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Some of the ways this is done include:
Where we store your personal information and health information depends on what interaction you have had with us. These include:
However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your personal information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information within a secure environment.
The Australian Privacy Act requires us to notify affected individuals and the Australian Information Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:
(a) - there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur) (data breach);
(b) - the data breach is likely to result in serious harm to any of the individuals to whom the information relates; and
(c) - we are unable to prevent the likely risk of serious harm with remedial action.
If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach to determine whether the breach is an ‘eligible data breach’ that requires us to notify the affected individuals. This is to ensure that you are notified if your personal information is involved in a data breach that is likely to result in serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.
The NZ Privacy Act requires us to notify the New Zealand Privacy Commissioner about ‘notifiable privacy breaches’ and may require us to notify you. A notifiable privacy breach occurs when the following criteria are met in relation to personal information held by us:
(a) - there is: (i) unauthorised or accidental access to that information; or (ii) disclosure, alteration, loss, or destruction of that information; or (iii) an action that prevents us from accessing that information on either a temporary or permanent basis (privacy breach); and
(b) - it is reasonable to believe the privacy breach has caused serious harm to an affected individual or individuals or is likely to do so.
If it is not clear whether a suspected privacy breach meets these criteria, we will investigate and assess the breach to determine whether the breach is a ‘notifiable privacy breach’ that requires us to notify the affected individuals. This is to ensure that, subject to the NZ Privacy Act, you are notified if your personal information is involved in a privacy breach that has caused or is likely to cause serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.
It is your responsibility to ensure that the personal information or health information you provide us is accurate, complete and up-to-date. However, as required by Applicable Privacy Law, we will also endeavour to ensure that the personal information and health information collected from you is up to date, accurate and complete.
Medical records are our property - however you have a right to access them subject to some exceptions allowed by applicable laws. In the case of pathology services, it is recommended that you obtain the information from the referring doctor. We will disclose the medical record to an authorised personal representative or legal adviser where you have provided written authority, unless any of the applicable legislative exceptions apply.
You may request access to or correction of your personal information and health information we hold about you at any time by contacting the relevant Privacy Officer using the details set out at the end of this Policy. We will need to verify your identity. Subject to any applicable exceptions or requirements, we will provide you with access to the personal information or health information you request within a reasonable time and usually within 28 days in Australia and 20 working days in New Zealand. If we decide to refuse your request, we will tell you why in writing and how to complain.
We may charge a reasonable fee for collating and providing access to personal and health information.
If you have a question or comment regarding this Policy or wish to make a complaint or exercise your privacy rights, please contact our Privacy Officer on the following details:
Phone: (09) 361 7100
Attn: Privacy Officer
Lumino The Dentists
P O Box 106514
NEW ZEALAND 1143
E-mail: [email protected]
We will need to verify you, and we will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.
If you are not satisfied with our response, you may complain to:
Australia: The Office of the Australian Information Commissioner (OAIC) via the OAIC website: www.oaic.gov.au.
New Zealand: the New Zealand Privacy Commissioner via the website: https://www.privacy.org.nz/your-rights/making-a-complaint/
This policy was last updated 23 April 2021.