Last updated: November 2021
360MC’s main business activities are:
- Design, development and manufacture of medical devices;
- Clinical research;
- Distribution and sale of medical devices;
- Episode of care management for patients in a joint replacement journey.
Collection and Use of Personal Information
To perform our business activities, we may collect personal information of contractors, consultants, external providers, patients, medical practitioners, customers, clients, employees and the wider community. You may be asked to provide your personal information anytime you are in contact with 360MC and/or our affiliated companies. We use this information to provide and improve our products and services. 360MC uses and handles personal information in accordance with the Australian Privacy Principles. 360MC services have been deemed as a permitted health situation under section 16B of the Privacy Act 1988 (Cth), as the information is necessary to provide a health service that has been requested by the referring surgeon. You have the option of not providing personal information we request. However, if you decide not to provide the requested information, we may not be able to provide you with our products and services.
Personal Information We Collect and Hold
The kinds of personal information (including health information) we may collect and hold include, but are not limited to, the following:
- For patients: name, date of birth, gender, address, contact details, details of surgery, treatment and underlying medical conditions, details of Medicare and/or private health fund, medical imaging, details of the clinic or hospital at which diagnosis or treatment was or will be performed, details of the medical practitioner(s) involved with the patient, patient-reported outcome measures, activity metrics, vital signs, location and functional assessments;
- For medical practitioners: name, business address, contact details, patient and operating lists;
- For customers and external service providers: name, position, professional qualifications, business address and ABN, contact details, sales history, credit references and credit card information, survey/questionnaire results, records of complaints and enquiries, performance metrics and accreditations status; and
- For employees: name, address, contact details, date of birth, education and employment history, job performance metrics, bank and remuneration details, tax file number, next of kin, signature, curriculum vitae and confidentiality agreement(s).
How We Collect Personal Information
360MC collects personal information through electronic or paper forms on our websites, apps, via email, mail, phone or in person. In some instances, information about an individual may be provided via an authorised third party, e.g. the patient’s surgeon or clinic receptionist.
Use of Personal Information
The purpose for which 360MC collects, uses and discloses personal information includes the following:
- To create, develop, operate, deliver and improve our products and services;
- To administer and manage services including charging, billing, collecting debts and monitoring performance;
- To assist with identification of users and verification of identity;
- To respond to your queries or feedback;
- To comply with legal and regulatory obligations;
- For internal purposes, such as auditing, data analysis and research to improve our products and services; and
- All other purposes related to our business.
Collection and Use of Non-personal Information
We also collect information that does not, on its own, identify an individual. We may collect, store, use and disclose non-personal information for any purpose. For example, we may collect non-personal information for research aimed at improving the quality of medical care. We may log certain statistics about user activities on our websites solely to improve the navigational experience on our sites.
When we combine non-personal information with personal information, we treat the combined information as personal information.
Disclosure of Personal Information
Personal information collected and held by 360MC will only be accessed and handled by personnel authorised to do so, for the purpose of carrying out their duties. Employees and contractors are prohibited from disclosing information about or undertaking transactions on behalf of a customer, surgeon or patient, without the individual’s authorisation. This includes disclosure of information to and transactions with partners, relatives, friends or organisations.
Security of Personal Information
360MC is committed to holding personal information securely and as such, will take all reasonable steps to protect this information from misuse, loss, unauthorised access, modification and disclosure. The Privacy Officer will ensure that 360MC manages personal information in accordance with this policy, and all relevant privacy laws.
Digital infrastructure is internally managed, protected by password security access, data encryption, continuously monitored anti-virus and firewall capabilities. 360MC has a dedicated IT Manager to secure, protect and maintain digital data infrastructure.
All data held by 360MC is stored in facilities with physical security measures.
Retention of Personal Information
Personal information we obtain will be retained for as long as required by applicable laws and for as long as we require the information for the purposes for which it was collected.
When 360MC becomes aware of the collection of unsolicited information, it will make an assessment determining whether or not this information was collected while conducting normal business functions. An investigation will be raised to manage the assessment, notification and subsequent actions to destroy or redact the information where appropriate.
If you wish to disable cookies, your browser should allow you to opt out of receiving cookies. If you are not sure whether your browser has this capability, check with your provider to find out how to disable cookies. Please note that certain features of our websites may not be available once cookies are disabled.
Access to Personal Information
You have the right to access your personal information held by 360MC. Furthermore, you may request that inaccurate or incomplete personal information be updated. You may also request that we delete your data if 360MC is not required to retain it by law or for legitimate business purposes. You can request access, correction or deletion of your personal information by contacting our Privacy Officer (details below). We will ask you to provide a form of identification so that we can verify your identity before proceeding with your request.
To ensure your personal information is secure, we communicate our privacy and security guidelines to 360MC employees and strictly enforce privacy safeguards within the company.
Privacy Enquiries and Complaints
In your email please:
- Outline the details of your complaint including relevant dates and third parties (if any); and
- Provide any relevant documents or correspondence.
- Acknowledge receipt of your complaint within 5 business days; and
- Provide you with a written response to your complaint within 10-15 business days depending upon the complexity of your complaint.
Our Privacy Officer can be contacted at firstname.lastname@example.org.