We take your privacy seriously and understand the importance of protecting your personal information and health information.
This Policy outlines the types of personal information and health information that we usually collect, the purposes for which we collect it, to whom we disclose it, how we hold and keep it secure and your rights in relation to your personal information and health information, including how to complain and how we deal with complaints. This Policy should be read together with our respective website Terms and Conditions and any location specific legal notice.
By visiting our website or providing us with your personal information or health information (either directly or allowing another person to do so on your behalf), you acknowledge and agree that the personal information or health information we collect about you will be collected and handled in accordance with this Policy. If you do not agree with any part of this Policy, you must not provide your personal information or health information to us
2. Important terminology
Our business interests span both Australia and New Zealand. We, our, or us refers to:
- Maven Dental Group Pty Ltd and 1300 Smiles Limited in Australia;
- Lumino Dental Limited, Abano NZ Limited and Kidz Teeth Limited in New Zealand; and
- Abano Healthcare Group Limited.
We may collect information from you or about you, including your:
- personal information, which means information or an opinion about you, whether true or not, from which your identity is apparent or can reasonably be ascertained or as otherwise defined by applicable privacy law. This is whether the information is recorded in a material format or not. Personal information may also include information we may collect about your individual preferences. It does not include information that is de-identified (anonymous data).
- health information, which means personal information about your health such as your medical history or medical conditions or disabilities as more particularly described under New Zealand’s HIPC. In Australia health information is a category of “sensitive information” as outlined at paragraph 6.
The laws we comply with in our dealings with your personal information or health information will depend on your location. We will always comply with Applicable Privacy Laws and Applicable Anti-Spam Laws which means:
- if you are in Australia, the Privacy Act 1988 (Cth) (Australian Privacy Act), the Australian Privacy Principles and the Spam Act 2003 (Cth); and
- if you are in New Zealand, the Privacy Act 2020 (NZ Privacy Act), Information Privacy Principles, Health Information Privacy Code (HIPC) and Unsolicited Electronic Messages Act 2007.
3. Dealing with us anonymously
Where it is lawful and practicable to do so, you may deal with us anonymously (e.g. when enquiring about our services generally). However, we usually need your name, contact information and other details to enable us to provide our services or products to you.
4. Why do we collect personal information or health information?
We will only collect personal information or health information from you when it is reasonably necessary to undertake our business activities and functions, or as otherwise permitted by law. We may also collect your personal information or health information for one or more of the following purposes:
- to gain an understanding of your needs so we may provide you with the required service and advice
- to contact you to provide advice or information in relation to the way in which the service will be or has been provided
- to provide and administer dental and associated services to you
- to send appointment reminders to you
- to analyse our services and customer needs with a view to developing new and/or improved services
- for surveys, direct marketing, promotions and/or competitions
- to ensure the proper function of the website and online software
- for our marketing, planning, product development and research requirements
- for the promotion of our New Zealand or Australian businesses (as the case may be), our suppliers, practices, and/or third-party partners
- to administer and manage our services including charging, billing and collecting debts
- to respond to your requests, questions, comments and complaints
- to notify you about special offers and products or services available from us or our participating partners, either directly or via a third-party advertising platform
- to resolve disputes or resolve problems
- to prevent prohibited or illegal activities
- fulfilling any mandatory reporting obligations required by applicable law, including communicating with you if a notifiable data breach has occurred in relation to your personal information
- to assess your application for a role with us and to take references
- in connection with your employment with or engagement by us
- any purpose for which you have consented
- any related secondary purpose which we believe you would reasonably expect when we collected your personal information or as a result of our ongoing relationship with you
- any purpose for which we are required or authorised by the Applicable Privacy Laws
- to respond to and manage inquiries, complaints, feedback, and claims, defend our legal interests and investigate and protect against fraud, theft and other illegal activities
We may also use your personal information or health information for other purposes not listed above which will be made clear to you at the time we collect your personal information, or for such purposes as may be required or permitted by the Applicable Privacy Laws.
5. What personal information do we collect and hold?
The personal information or health information collected depends on the dealings you have with us, and may include your:
- date of birth
- address (postal and email)
- telephone numbers
- Medicare, health fund and health insurance cover details
- medical history, test results, medication and other health information
- financial information (including credit card details)
- your IP address and/or other device identifying data
- other information necessary for our functions and activities
- nominated person to contact in case of emergency
- opinion in relation to any of our business activities via surveys and/or competitions and trade promotions
- other such information (including proof of identity) that is relevant for us to provide our products and services to you in the manner that you have requested, or to comply with the Applicable Privacy Laws
If you are making an application or enquiry in relation to employment, or you have a dental practice and are interested in joining us, or you are an existing employee or practice, we may collect additional information from or about you such as:
- details relating to you and your guarantor
- details of your referees
- information provided by your referees
- credit checks
- criminal history checks
- results of any profile testing
- results of any pre-employment testing
- identity documents
- tax file number / IRD number
- health information
- details of your next of kin
6. Sensitive information
We only collect sensitive information where it is reasonably necessary for our functions or activities and either you have explicitly consented, or we are required or authorised by law to do so. This may include health information, medical history, details about medication you take, or information for the purposes of a job application such as information about national origin or immigration status, or optional demographic information such as race.
7. Financial information
We may collect your credit card details or other financial information where you provide them to us at one of our clinics for the purposes of arranging direct debit or payment plans you have requested. We will only use your financial information for the purpose for which it was collected and in accordance with this policy. We may also collect financial information from you through our sales facilities, to be used by us solely to facilitate payment for the services you have requested. Financial or credit card information we collect from you is strictly confidential and held on secure servers in controlled facilities.
8. Using government identifiers
In certain circumstances we are required, to collect government identifiers such as Medicare, National Health Index, pension or Veterans Affairs numbers. We will only use or disclose this information in accordance with the applicable laws.
9. How is personal information or health information collected?
We will, if reasonable and practicable to do so, collect personal and health information directly from you. This may take place when you fill out documents such as a form. Information may also be collected from you in other ways, including:
- when you attend an appointment at one of our practices
- via our websites or online chat rooms
- via our social media pages
- if you complete an entry form for any competition and/or trade promotion whether operated by us or one of our practices
- if you complete any survey
- if you post or email us your information
- if you call us
- if you provide us with your information in any other format such as verbally or via text message
- if you apply for any job vacancy
- if you make a complaint to us
We may collect personal and health information from third parties such as:
- your health service provider
- a health professional who has treated you
- your family or legal guardian
- other sources where necessary to provide a health service
10. Using and disclosing personal information and health information
We will not sell, distribute, rent, licence, disclose or reveal, share or pass your personal information or health information on to any third parties, other than in accordance with this Policy, and to those who are contracted to us to keep personal information or health information confidential.
We may disclose personal information or health information:
- to our related bodies corporate, suppliers, consultants, contractors, or agents so that they can provide you with products or services on our behalf or help us to provide you with the requested products or services including contacting you in relation to the products or services
- if we merge with or are acquired by another entity, to that entity as a part of the merger or acquisition
- to relevant government (including federal, state or territory) authorities and agencies for the purpose of investigating a health issue, including a workplace health and safety matter
- to other health service providers in relation to continuity of care where that service provider is involved in your treatment or diagnostic services
- when conveying information to a responsible person (e.g. parent, guardian, spouse) when you are incapable or cannot communicate, unless you have requested otherwise
- when conveying information to close family members in accordance with the recognised customs of medical practice
11. Disclosure overseas
We operate and communicate with organisations in a number of countries around the world. Therefore, we may need to disclosure personal information or health information outside your country. We will only disclose information to an organisation in a foreign country: (i) where that country has a substantially similar privacy regime; or (ii) where the overseas organisation has agreed to comply with the Applicable Privacy Laws, or (iii) where we have your informed consent to the disclosure.
12. Marketing and your consent/opting out
We may use your personal information to identify a product or service that you may be interested in or to contact you about an event or promotion. We may with your consent or where required by Applicable Anti-Spam Laws, use the contact details you have provided to contact you from time to time (whether by phone, post, email or SMS) to tell you about new products or services and special offers that we believe may be of interest to you.
You can withdraw your consent to receiving direct marketing communications from us at any time by unsubscribing from the mailing list by clicking ‘unsubscribe’ at the bottom of any email from us, by contacting us on the details at the end of the policy or by using the unsubscribe facility set out in any other electronic communication you receive. Once you have unsubscribed from the electronic communication, you will be removed from the corresponding marketing list as soon as is reasonably practicable and in accordance with Applicable Anti-Spam Laws.
We may occasionally engage other companies to provide marketing or advertising services on our behalf. Those companies will be permitted to obtain only the personal information they need to deliver the service. If we provide those companies with any of your personal information, it is to provide you with a better or more relevant and personalised experience and to improve the quality of those services. We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.
13. Information via the website and online software
Every time you use our website, information may be collected by us or on our behalf via services such as Google Analytics. Types of information collected may include:
- the date and time of your visit to our website and online software
- your IP address
- the address of the documents you access
- the type of browser and operating system you are using
- any address of a recurring site and any other website you are about to visit
- the information you submit regarding payment particulars
The information that may be collected provides us with details about how the website is being used including the frequency and duration of visits, and which web pages you have accessed on the website.
We may provide third parties with aggregate statistics about our visitors, traffic patterns and related site information. This data reflects site-usage and does not contain identifying information.
15. Links to other websites and third party advertising services
We may also utilise certain third-party advertising services (e.g. organizations such as FastClick or Google) to display advertising for our advertisers. These third-party services may also place a cookie on your computer for the purposes of ad tracking and presentation. We do not share personally identifiable visitor information with these third-party services.
16. Storing personal information and health information
We take all reasonable and appropriate steps (including organisational and technological measures) to protect your personal information and health information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Some of the ways this is done include:
- requiring our staff to maintain confidentiality
- implementing document storage security
- imposing security measures for access to our computer systems
- providing a secure environment and access control for confidential information
- only allowing access to personal and health information where the individual seeking access has satisfied our identification requirements
Where we store your personal information and health information depends on what interaction you have had with us. These include:
- electronic databases, including those for processing customer enquiries or feedback
- email databases for marketing communications
- paper based forms
However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your personal information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information within a secure environment.
17. Data breaches
The Australian Privacy Act requires us to notify affected individuals and the Australian Information Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:
- there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur) (data breach);
- the data breach is likely to result in serious harm to any of the individuals to whom the information relates; and
- we are unable to prevent the likely risk of serious harm with remedial action.
If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach to determine whether the breach is an ‘eligible data breach’ that requires us to notify the affected individuals. This is to ensure that you are notified if your personal information is involved in a data breach that is likely to result in serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.
The NZ Privacy Act requires us to notify the New Zealand Privacy Commissioner about ‘notifiable privacy breaches’ and may require us to notify you. A notifiable privacy breach occurs when the following criteria are met in relation to personal information held by us:
- there is: (i) unauthorised or accidental access to that information; or (ii) disclosure, alteration, loss, or destruction of that information; or (iii) an action that prevents us from accessing that information on either a temporary or permanent basis (privacy breach); and
- it is reasonable to believe the privacy breach has caused serious harm to an affected individual or individuals or is likely to do so.
If it is not clear whether a suspected privacy breach meets these criteria, we will investigate and assess the breach to determine whether the breach is a ‘notifiable privacy breach’ that requires us to notify the affected individuals. This is to ensure that, subject to the NZ Privacy Act, you are notified if your personal information is involved in a privacy breach that has caused or is likely to cause serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.
18. Keeping personal information and health information accurate and up to date
It is your responsibility to ensure that the personal information or health information you provide us is accurate, complete and up-to-date. However, as required by Applicable Privacy Law, we will also endeavour to ensure that the personal information and health information collected from you is up to date, accurate and complete.
Medical records are our property – however you have a right to access them subject to some exceptions allowed by applicable laws. In the case of pathology services, it is recommended that you obtain the information from the referring doctor. We will disclose the medical record to an authorised personal representative or legal adviser where you have provided written authority, unless any of the applicable legislative exceptions apply.
You may request access to or correction of your personal information and health information we hold about you at any time by contacting the relevant Privacy Officer using the details set out at the end of this Policy. We will need to verify your identity. Subject to any applicable exceptions or requirements, we will provide you with access to the personal information or health information you request within a reasonable time and usually within 28 days in Australia and 20 working days in New Zealand. If we decide to refuse your request, we will tell you why in writing and how to complain.
We may charge a reasonable fee for collating and providing access to personal and health information.
19. Contact us
If you have a question or comment regarding this Policy or wish to make a complaint or exercise your privacy rights, please contact our Privacy Officer on the following details:
Phone: +61 (07) 5635 2000
Attn: Privacy Officer
Maven Dental Group
PO Box 1146
Southport BC, QLD 4215
Phone: (09) 361 7100
Attn: Privacy Officer
Lumino The Dentists
P O Box 106514
NEW ZEALAND 1143
We will need to verify you, and we will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.
If you are not satisfied with our response, you may complain to:
Australia: the Office of the Australian Information Commissioner (OAIC) via the OAIC website: www.oaic.gov.au.
New Zealand: the New Zealand Privacy Commissioner via the website: https://www.privacy.org.nz/your-rights/making-a-complaint/
This policy was last updated 3 December 2021.
Website Terms and Conditions of Use