- Longevum recognises the importance of each user’s privacy and is committed to protecting any personal information held about a user and safeguarding privacy.
- The Chief Executive Officer is appointed the Privacy Officer for Longevum (Privacy Officer). Any inquiries or complaints from individuals about Longevum’s compliance with the APP will be dealt with the by Privacy Officer (details below).
PP 2 – ANONYMITY AND PSEUDONYMITY
- Where it is lawful and practical to do so, a user may deal with Longevum anonymously or using a pseudonym (for example to enquire about the services Longevum provides).
- Longevum may not be able to provide services to users where a pseudonym is used, as personal information is required to interact with other providers and so on.
- Where possible, a user who chooses to access the services of Longevum anonymously or by pseudonym will be advised of any potential consequences resulting from their decision. For example where the lack of a correct name and date of birth, will make it difficult for other providers to correctly identify the user in the third party systems. Also, if a user chooses to use a pseudonym as a user name, Longevum will not know this fact and will treat the user name as accurate. In this case, it is not possible for Longevum to advise of potential consequences.
- The law or a court/tribunal order may require or authorise Longevum to deal with individuals who have identified themselves.
- Longevum will not preclude a user from interacting with Longevum because they request anonymity. However, in the case of Gevity, every user needs to provide a name. As a result, for a Gevity user remain anonymous, the user would need to utilise a pseudonym to register.
PP 3 – COLLECTION OF SOLICITED PERSONAL INFORMATION
The purpose of collection of personal information:
- Longevum will only collect personal information reasonably necessary to provide users with quality services and as is necessary for the carrying out the functions of Longevum.
Types of personal information collected:
- General details
- Date of birth
- Email address
- Telephone number
- Medicare number
- Family descent
- Country of birth
- Medical history
- Smoking history
- Medical conditions
- Family history
- Medical conditions of parents and siblings
- Activity level at work and play
- Consumption level of fruit and vegetables
- Consumption level of alcohol
- Other details relating to a user’s relationship with Longevum and the services provided.
How is personal information collected:
- Longevum obtains details when a user completes their profile information in Gevity.
- Personal information about a user will only be collected by lawful and fair means and directly from the user.
PP 4 – DEALING WITH UNSOLICITED PERSONAL INFORMATION
- Unsolicited personal information received by Longevum will as soon as practicable, be destroyed or de-identified if it is lawful and reasonable to do so giving consideration to the options available and the resources and costs of undertaking such actions.
PP 5 – NOTIFICATION OF COLLECTION OF PERSONAL INFORMATION
- Longevum contact details
- From and where personal information about the user was collected
- The purpose for the collection and the consequences if personal information is not provided. Longevum will ensure that users who are asked to provide personal information understand the consequences, if any, of providing incomplete or inaccurate information.
- Access and correction to personal information (see below)
- Likely cross border disclosure of personal information (see below)
- Longevum will ensure that personal information will only be used for the purpose it was collected, or that would reasonably be expected by the user providing the information (unless an exception applies).
- Longevum may track and utilise Gevity usage data to improve features and services of the product.
- Longevum may disclose dis-identified data for data analysis or research purposes. Dis-identified data has been cleansed to remove user details (such as name, email address, and date of birth).
- Longevum will obtain consent from the user if the identified information is to be used for a secondary or unrelated purpose or will be provided to a third party.
- Longevum will only disclose personal information without consent where such disclosure is required by law, or for law enforcement, or in the interests of the user’s or the public’s health and safety.
- While Longevum strives to protect your personal information, no data transmission over the Internet can be guaranteed to be absolutely secure and Longevum cannot warrant the security of any information you provide to Gevity.
- Longevum does not use personal information it holds for the purpose of direct marketing.
PP8 – CROSS BORDER DISCLOSURE OF PERSONAL INFORMATION
- Longevum does not, in the usual course of its business, disclose personal information to overseas recipients.
- Any transfer of personal information overseas (for example the information residing in an overseas datacentre) would be secured in such a way that it cannot be viewed by unauthorised persons.
- It is possible that in some circumstances service providers involved in the Longevum business may transfer personal information outside Australian boundaries in the course of managing that information. If such an eventually occurs, Longevum will take reasonable steps to ensure that any service provider who is handling information will be contractually bound to comply with the Privacy Act and the country to which the information is to be transferred has a system of privacy protection at least equal to the system under the Privacy Act.
PP9 – ADOPTION, USE OR DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS
- Longevum will not adopt, use or disclose a government related identifier unless permitted by the Privacy Act or the Healthcare Identifiers Act 2010.
PP10 – QUALITY OF PERSONAL INFORMATION
Longevum will take reasonable steps to ensure that personal information kept, used or disclosed is accurate, complete, relevant and as up to date as practicable and not misleading.
All personal information held by Longevum will be:
- If in paper form, received and stored in a secure, lockable location;
- If in electronic form, protected from theft, loss or corruption;
- Accessible by staff only on a “need to know” basis;
- Protected from viewing or access by unauthorised persons; and
- Not taken from Longevum offices unless authorised and for a specified purpose.
- Longevum will destroy or permanently dis-identify personal information that is no longer needed or required (see above).
- Longevum will ensure that all personal information transmitted electronically will be appropriately encrypted before transmission. For Gevity personal information, the profile information (including name, date of birth etc) will be encrypted, ensuring that the remaining health data is in effect, dis-identified.
PP12 – ACCESS TO PERSONAL INFORMATION
- Under normal circumstances Longevum will provide a user with access to their personal information within a reasonable time (30 days) of receiving a request for access.
- All requests are to be provided in writing.
- Patient identification is also requested to ensure that a false application is not lodged.
- Longevum may charge reasonable fees for providing copies of personal information requested. As at the date of this policy Longevum’s fees are:
- Admin Charge: $35.00
- Photocopying Fee: $0.25 per page (black and white)
- Postage: As required to send material requested
- Provision of access to a user’s personal information will be undertaken in a way that is appropriate to the person’s particular circumstances, e.g. use of interpreters, etc.
- If a user believes that information held by Longevum is inaccurate or incomplete, Longevum will take steps to amend or correct the information.
- Longevum may refuse access if it reasonably believes that:
- Giving access would pose a serious threat to the life, health or safety of any individual or to the public health or public safety;
- Giving access would have an unreasonable impact on the privacy of other individuals;
- The request for access is frivolous and/or vexatious;
- The information requested relates to an existing or anticipated legal proceeding;
- Giving access would prejudice negotiations between Longevum and the individual;
- Giving access would be unlawful;
- Denying access is required or authorised by law or a court/tribunal;
- Giving access would likely prejudice the taking of appropriate action in relation to a suspected unlawful activity or serious misconduct;
- Giving access would be likely to prejudice an enforcement related activity conducted by or on behalf of an enforcement body.
- Access may be given by email, phone, in person, hard copy or electronic record.
- If information is withheld, Longevum will provide an explanation to the user as to the reasons why this was the case.
- All requests for access are to be made to the Privacy Officer.
PP13 – CORRECTION OF PERSONAL INFORMATION
Longevum will take all reasonable steps to ensure that all personal information it holds is accurate, up-to-date, complete and relevant and not misleading.
A user may ask to have their personal health information amended if he/she considers that is not up-to-date, accurate and complete. Longevum will correct this information, if it the user is unable to correct this information themselves.
- Longevum is committed to advising users about its information handling practices.