We are SmileStyler Solutions Pty Ltd (ACN 622 624 355) (“SmileStyler”, “us”, “we”, “our”). We use state-of-the-art 3D manufacturing technology, advanced computer modelling and materials to manufacture fully customised medical devices.
In order to do this, we collect and use patients’ personal information that is provided to us by healthcare providers. We also collect personal information from a range of other people and organisations.
We take our privacy obligations seriously and are committed to handling personal information in accordance with all relevant laws including the Australian Privacy Act and applicable State and Territory health records laws.
Kinds of personal information we collect
We collect personal information from a range of people and organisations including the people that we provide services to such as health service providers and their patients (including parents/guardians in the case of children), our service providers and suppliers, the general public such as visitors to our website and our other business and research partners.
The kinds of personal information that we may collect and hold about you include:
- identifying information, such as your name and date of birth;
- contact information, such as your address, email and telephone number(s);
- information about your health and health services provided to you, including information contained in your health records (for example, x-rays, photos and 3D scanned images from CT, x-ray or camera);
- biometric information and templates, such as dental radiographs;
- health fund membership details;
- financial information, such as credit card, bank account or other payment details;
- government-issued identifiers such as health service providers’ practitioner numbers;
- usernames and passwords that you create when registering for an account with us;
- details of products or services that we provide to you;
- information about how you use the products and services we provide;
- records of our interactions with you; and
- social media handles and other social media profile information that you make available to us or to the public.
If you do not provide or authorise the provision of the personal information we request, then we may not be able to provide you with our products or services, engage with you or respond to your queries or requests.
How we collect personal information
We collect personal information in the following ways:
- (if you are a patient) from the health service provider who is overseeing your treatment;
- (if you are a health service provider) from contractors who provide services to us or third parties who refer you to us because they think you may be interested in our products or services;
- directly from you, or a person authorised to provide this information on your behalf, for example where you register for an account with us, order products or services, provide us with products or services or those of your employer, submit a query or request, respond to a survey or fill in one of our forms;
- by tracking your use of our websites and mobile applications (in which case we may also collect information about your IP address, location or activity); and
- from public sources.
Purposes for which we collect and use personal information
We collect and use personal information for the following purposes:
- to enable us to provide our products and services;
- to manage our relationship with you, including verifying your identity, responding to any queries or requests and contacting you for follow-up purposes;
- to perform market analysis and research;
- to analyse use of our products and services, and carry out quality assurance and product development activities, including through collaboration with third parties;
- to provide education and training, both internally and externally, for example to our staff and to health service providers who use our products to provide treatments to patients;
- to provide patients and prospective patients with details of health care providers who provide treatments using our products;
- to keep you informed of our activities, including through sending out newsletters;
- to manage and develop our business and operational processes and systems;
- to manage and resolve any legal or commercial complaints or issues;
- to perform other functions and activities relating to our business; and
- to comply with our legal and regulatory obligations.
We may from time to time use your personal information in order to send you marketing materials about products or services that we think may be of interest to you. You can opt-out of receiving these marketing communications from us by contacting us at firstname.lastname@example.org
We may also use and disclose your information in accordance with your requests or instructions.
People to whom we disclose personal information
We may share personal information about you with:
- your representatives and advisers, or other persons authorised by or responsible for you;
- our staff who need to know the information to discharge their duties;
- our related entities within our corporate group;
- our business partners, agents, professional advisors and service providers, including health service providers and third parties we collaborate with to carry out product development;
- payment system operators and financial institutions;
- prospective purchasers of all or part of our business or shares in our company or one of its related entities; and
- other parties as authorised or required by law.
In some cases, the people to whom we disclose your personal information may be located overseas. The countries in which these people are likely to be located include, United States of America, Columbia, Denmark, Israel, Canada, France, Germany and Belgium.
On occasion, we may also disclose your personal information to overseas organisations where you instruct us or expressly consent to us doing so. In such cases, we may not take the above steps in relation to the management of your information and we will inform you about this at the time.
Storage and security of personal information
We generally store the personal information that we collect in electronic databases, some of which may be held on our behalf by third party data storage providers. We may also keep hard copy records of this personal information in physical storage facilities. We use a range of physical and technical security processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time in order to address new and emerging security threats that we become aware of.
We will only keep your personal information for as long we need it for the purposes described in this policy and will destroy or de-identify it when it is no longer required.
Access and correction
If you would like to access any of the personal information that we hold about you or if you would like to correct some aspect of it (e.g. because you think it is incomplete or incorrect), please contact our privacy compliance team using the contact details below. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administrative fee for providing you with access to the information you have asked for, but we will inform you of this prior to proceeding. In addition, there may be cases in which we are unable to provide information in response to your request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know the reasons why we cannot comply with your request.
We aim to always meet the highest standards in order to safeguard your privacy. However, if you are concerned about the way in which we are managing your personal information and think we may have breached the Australian Privacy Principles or any other relevant legal obligation, please contact our privacy compliance team using the contact details set out below. We will make a record of your complaint and will refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and will keep you informed of the progress of our investigation.
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner.
Changes to this policy
We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will always be available on our website.
If you require any further information from us on privacy matters, please contact our privacy compliance team at email@example.com