Privacy Policy & Collection Notice
Privacy Policy
The Privacy Act 1988 (Cth) (Privacy Act) which includes the privacy rules in the Australian Privacy Principles (APPs) applies to Dr Egg Pty Ltd ACN 616 322 288 trading as MindSkiller® (We, Our, Us, Dr Egg).
Dr Egg Pty Ltd ACN 616 322 288 trading as MindSkiller® provides the MindSkiller® online platform for accessing educational services in relation to mental health literacy and other goods and services that relate to mental health and mental wellbeing (Platform).
This Privacy Policy outlines how We use, share, protect and store personal information that We collect.
This Privacy Policy applies to Our handling of personal information which is broadly defined in and has the same meaning as defined under section 6 of the Privacy Act:
“personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not."
This Privacy Policy also refers to 'sensitive information’, which is a form of personal information. Sensitive information includes information or an opinion about racial or ethnic origin, political opinions, philosophical or religious beliefs and affiliations, sexual orientation, health or genetic information, and criminal record.
We acknowledge Australian Privacy Principle 2 (APP 2) providing individuals the option of not identifying themselves, or of using a pseudonym.
Accordingly, We will allow you to interact anonymously or use a pseudonym, unless We are required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or if it is impracticable for Us to deal with individuals who have not identified themselves or who have used a pseudonym. “Impracticable’ means ‘not practicable; that cannot be put into practice with the available means.”
We acknowledge National Safety and Quality Digital Mental Health Standard section 1.26 to minimise the risk of abuse and exploitation of users and section 1.27 to minimise the risk to young people.
Accordingly, We:
- conduct identity and credentialing checks of help providers who wish to be listed on any of Our online educational support registries. Help providers who have been successfully verified will be identified as such including the date of verification within their listing on the online educational support registries. Those help providers who are yet to be verified or are in the process of being verified by Us will display an "unverified" status against their names,
- apply a "fair and reasonableness test" with a view to protections for minors and individuals experiencing such vulnerabilities that have been identified.
Examples of situations where it is impracticable for Us to deal with individuals who do not wish to identify themselves (i.e situations where you may NOT use a pseudonym), include but are not limited to:
- Help providers who have been subject to Our verification or credentialing processes, have subsequently been approved for verification by Us and consent to be listed on one of Our online educational support registries as a verified help-provider.
- Help providers who have consented to be listed on one of Our online educational support registries but are yet to be verified by Us and are licensed persons that are required to identify themselves in accordance with the rules of their professional regulatory obligations (e.g. medical practitioners and licensed teachers) to any persons with whom they are engaging in a professional interaction.
Examples of situations where you may need to identify yourself include but are not limited to:
- Help seekers who are lawfully using a pseudonym and subsequently wish to utilise a healthcare identifier (e.g. a Medicare number or a private health insurance policy number) in relation to a consultation with a medical practitioner or other help provider.
Examples of situations where anonymity and pseudonymity pursuant to APP 2 are permitted include but are not limited to:
- Help seekers who wish to utilise eLEARNING modules solely and exclusively for educational purposes,
- Help providers who:
- wish to utilise eLEARNING modules solely and exclusively for educational purposes AND
- have NOT consented to be listed on one of Our online educational support registries AND
- do not require Us to provide any confirmation of their progress (and therefore their true identity) to a Continuing Professional Development Provider for CPD purposes.
Under the Terms of Use, you agree to engage in communications with either verified help providers or help providers designated as unverified with whom you already have an existing professional or personal relationship.
We collect personal information:
- that is reasonably necessary for, or directly related to, activities undertaken on the Platform. when you provide it directly, either when you register and when you subsequently interact with the Platform.
Health information (sensitive information) may also be collected about you. The choice of how much information you provide is yours and depends on the purpose(s) for which you interact with the Platform.
Any information that you share will be protected in accordance with the Privacy Act 1988 (Cth) and the HealthRecords and Information Privacy Act 2002 (NSW).
Use for a primary purpose and certain secondary purposes.
We must only use your personal information:
- for the primary purpose for which it was collected or
- a secondary purpose to which you have consented, or
- for a purpose related to (or if sensitive information directly related to) the primary purpose of collection and you would reasonably expect the personal information to be used for such purpose.
When you register on the Platform, you consent to providing Us with personal information. We may also collect sensitive information including health information about you, such as your medical history.
Our Collection Notice can be found appended to this Privacy Policy.
We may use some personal information for direct marketing purposes, but only where the direct marketing communication:
- is directly related to the primary purpose for which the information was collected or
- a secondary purpose to which the individual has consented or
- for a purpose related to (or if sensitive information directly related to) the primary purpose of collection and you would reasonably expect the personal information to be used for such purpose and
- contains a statement that the individual may opt out of receiving that type of communication, and the relevant individual has not made such a request.
When personal information is collected in accordance with the Collection Notice that forms part of this Privacy Policy, you are taken to have consented to the use of your personal information for direct marketing purposes unless you have specifically opted out.
Opting out of direct marketing
Email based direct marketing communications contain an ‘unsubscribe’ link that provides individuals with the opportunity to opt out of direct marketing communications. You may also email Us directly at support@mindskiller.com if you do not wish to receive direct marketing communications.
Individuals who have opted out of direct marketing may still receive administrative emails or phone calls related to the primary purpose as per Australian Privacy Principle 6 in the Privacy Act
Removal of opt-outs.
If you subsequently provide personal information for marketing-related purposes, having previously opted out of direct marketing communications, you have ‘opted in’ once again and may receive direct marketing communications.
8. Collection and use of your personal information
When is information collected
Information may be collected when you contact or interact with the Platform including but not limited to when you:
- register an account,
- utilise eLEARNING modules,
- utilise any other software on the Platform,
- utilise the CONNECT and PLUS services,
- engage Us on the telephone or by text message,
- engage Us in person, in writing by post or
- engage Us on social media platforms including Twitter, Instagram or Facebook. Noting that social media platforms handle your personal information for their own purposes. You can access the privacy policies on their websites.
We may also collect personal information:
- from a third party such as a medical practitioner, but only if you have consented to such collection or it would reasonably be expected for Us to collect their personal information in this way under the Australian Privacy Principles
- by means of artificial intelligence (AI) technologies and/or applications being utilised by the Platform.
What information is collected
- personal contact information such as name, address, telephone, email address, IP address,
- educational subject matter that is of interest to you including educational modules you have clicked on and/or viewed, and notes and other information that you have saved while on the Platform,
- when you purchase goods and services from the MindSkiller® shop, We collect information on what you purchased including credit card details,
- when you donate, We collect your contact information, bank details including credit card information if applicable and the amount you donated,
- when you apply to volunteer We collect personal information necessary to enable the assessment of your application with a view to being verified and identified. Depending on the role this may include your employment or volunteering history, education, criminal history and/or a Working with Children Check. Volunteers for positions on the Board that regulates and oversees Dr Egg’s By-Laws may also have to declare such relevant information to assess any potential, actual or perceived conflict of interest,
- when you apply for a job with Dr Egg, personal information collected is necessary to enable an assessment of your application for employment including but not limited to: curriculum vitae, representations that address the selection criteria including written tasks undertaken by you during the selection process, information provided by referees, information provided by you with a view to managing potential, actual or perceived conflicts of interest, proof of Australian citizenship or residency, copies of academic qualifications,
- We collect personal information necessary to manage employees and contractors in the normal course of business including tax file numbers, employment contracts, proof of citizenship or residency, records relating to an employee's salary, superannuation contributions, other benefits and leave, health related information supplied by employees and contractors or their medical practitioners, information relating to an employee’s or contractor’s training, and information relevant to managing potential, actual or perceived conflicts of interest.
Individuals aged under eighteen (18) years
We may collect information on individuals aged under eighteen (18) that use the Platform.
We are cognisant of National Safety and Quality Digital Mental Health Standard, section 1.27 (to minimise the risk to young people).
We will not profile children, engage in automated decision-making concerning children, or otherwise use their personal data, for advertising/ marketing purposes, unless they can clearly demonstrate how and why it is in the best interests of children to do so.
Individuals experiencing identifiable vulnerabilities
We may collect information on individuals that use the Platform whereby those individuals are experiencing such vulnerabilities that can be identified.
We are cognisant of National Safety and Quality Digital Mental Health Standard, section 1.26 (to minimise the risk of abuse and exploitation of Our users).
We will not profile individuals that are experiencing identifiable vulnerabilities, engage in automated decision-making concerning such individuals, or otherwise use their personal data, for advertising/ marketing purposes, unless they can clearly demonstrate how and why it is in their best interests to do so.
Analytics
We may use Google Analytics or other tools developed internally to collect data about your interaction with the website. The purposes of collecting your data in this way includes: to improve your experience when using the website, to analyse public and consumer interest in goods, services and related subject matter.
Cookies
Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing the Platform.
9. Disclosure
General Disclosure Practices
We do not disclose personal information to another person or organisation unless at least one of the following applies:
- you have consented (whether expressed or implied) to the disclosure of your personal information,
- you would reasonably expect that the information is of a kind that is usually or reasonably passed to those persons, bodies or agencies or the disclosure:
- in the case of personal information (which is not not sensitive information) relates to the primary purpose for which it was collected; or
- in the case of sensitive information, directly relates to the primary purpose for which it was collected or
- is a Permitted General Situation pursuant to section 16A of the Privacy Act or
- is a Permitted Health Situation pursuant to section 16B of the Privacy Act.
We use contracted service providers such as information technology based service providers that have access to personal information. The service providers are required to only use or disclose information for the purposes of their contract.
Disclosure of personal information overseas.
Our Platform is hosted on secure servers in Australia.
We will take reasonable precautions to not disclose your personal information to an overseas entity without your consent.
When information is collected by means of artificial intelligence (AI) technologies and/or applications being utilised by the Platform, the AI technology and/or application may be based outside Australia.
We take all reasonable precautions to ensure that:
- third parties outside Australia do not breach the APPs.
- a zero data retention policy is applied unless the AI technology and/or application is triggered by specific key words or phrases indicating potential unlawful activity, self harm or the harming of others. In such circumstances relevant data may be retained for 30 days.
Noting that web traffic information may be disclosed to Google Analytics when you visit Our websites. Google stores information across multiple countries.
When you communicate through a social network service such as Facebook, Instagram or Twitter, the social network provider and its partners may collect and hold your personal information overseas.
10. Quality of personal information
We endeavour that the personal information collected is accurate and up-to-date by:
- recording information in a consistent format and
- updating personal information in a timely manner
- reviewing the accuracy of information collected from a third party.
11. Storage and security of information
We protect personal information against unauthorised access, modification and/or disclosure and loss by:
- restricting access to IT systems and records, including recordings and transcripts;
- utilising password protection for accessing electronic IT systems
- undertaking background checks on personnel who require access to IT systems and record.;
When no longer required, personal information is destroyed or deleted in a secure manner.
12. Access
Pursuant to Australian Privacy Principles 12 and 13, you have the right to ask for and receive access to personal information held about you and to ask for corrections to that personal information.
We will endeavour to respond within 30 days if you ask for access or correction of your personal information.
The person seeking access must be:
- the person to whom the information relates or
- Australian law otherwise supports such access.
In some cases, additional proof of identity information may be required.
If an access request relates to an individual who is deceased, the personal information will be released to the requester, in accordance with the Privacy Act, unless the information contains the personal information or sensitive information, including health information, of another living person who is reasonably identifiable from the information available.
If access to, or correction of, your personal information is denied, you will be notified in writing setting out the reasons.
13. Complaints
You can lodge a written request or complaint with the Privacy Officer at the following addresses:
MindSkiller Support
32 Adelaide Street
Woollahra NSW 2025
or
We welcome the opportunity to attempt to resolve any legitimate concerns with us, but you are entitled to lodge a complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au/privacy/privacy-complaints/
Collection Notice
1. Who is collecting your personal information?
Dr Egg Pty Ltd (ACN 616 322 288) trading as MindSkiller®:
- complies with all relevant Australian privacy legislation including the Privacy Act (Cth) 1988 and the Health Records and Information Privacy Act (NSW) 2002
- and protects the privacy of the personal information including sensitive information which it collects and holds.
2. How your personal information is collected
Information may be collected when you contact or interact with Us including but not limited to when you:
- register an account,
- utilise eLEARNNG modules,
- utilise any other software on the Platform,
- utilise the CONNECT and PLUS services,
- engage Us on the telephone or by text message,
- engage Us in person, in writing by post or
- Engage Us on social media platforms including Twitter, Instagram or Facebook. Noting that social media platforms handle your personal information for their own purposes. You can access the privacy policies on their websites.
We may also collect personal information:
- from a third party such as a medical practitioner, but only if you have consented to such collection or it would reasonably be expected for Us to collect their personal information in this way under the Australian Privacy Principles
- by means of artificial intelligence (AI) technologies and/or applications being utilised by the Platform.
We may collect your personal information for any of the following purposes, including:
- to contact you.
- to provide you with educational and mental health literacy services.
- to provide you with any other related goods and services, including those offered by Our strategic partners and related bodies.
- to advise your help providers about your progress through MindSkiller® educational modules and supporting services.
- if you are a help provider, to conduct verification and credentialing checks about, including but not limited to, your professional and academic qualifications, background checks and insurance requirements.
- to manage and administer Our commercial relationship with you.
- to provide you with administrative information and/or marketing materials.
- to assess, analyse, research and improve Our services including those offered by Our strategic partners and related bodies, and including goods and services provided through Our Platform.
- for billing and general administration.
- to implement security measures.
- to comply with any relevant laws,
- to communicate with third parties such Medicare Australia and other government bodies and private health insurers.
Please note that social media platforms collect your personal information for their own purposes, in accordance with their terms of use and privacy policies, which can be found on their websites.
4. What may happen if We don’t collect your personal information?
We may not be able to permit you to register or subscribe.
5. Collection of personal information from third parties
We may collect your personal information from the following third parties:
- government entities,
- health insurance providers,
- an individual or entity who may be providing services to you as Our client or contractor or a third party otherwise assisting Us in supplying you with goods or services,
- a third party to assist Us in locating or communicating with you.
6. Disclosing your personal information
General Disclosure Practices
We do not disclose personal information to another person or organisation unless at least one of the following applies:
- you have consented (whether expressed or implied) to the disclosure of your personal information,
- you would reasonably expect that the information is of a kind that is usually or reasonably passed to those persons, bodies or agencies and the disclosure:
- in the case of personal information (which is not not sensitive information) relates to the primary purpose for which it was collected; or
- in the case of sensitive information, directly relates to the primary purpose for which it was collected or
- is a Permitted General Situation pursuant to section 16A of the Privacy Act or
- is a Permitted Health Situation pursuant to section 16B of the Privacy Act.
Personal Information
We may provide your personal information,
- to third parties involved in your medical care, such as clinicians,
- to third parties who perform services on Our behalf, including software development and information technology service providers,
- any of the related bodies and other entities on the Platform.
If you are a help provider:
- any of the related bodies and other entities included in the Platform.
7. Disclosing Overseas
Our Platform is hosted on secure servers in Australia.
We will take reasonable precautions to not disclose your personal information to an overseas entity without your consent.
When information is collected by means of artificial intelligence (AI) technologies and/or applications being utilised by the Platform, the AI technology and/or application may be based outside Australia.
We take all reasonable precautions to ensure that:
- third parties outside Australia do not breach the APPs.
- a zero data retention policy is applied unless the AI technology and/or application is triggered by specific key words or phrases indicating potential unlawful activity, self harm or the harming of others. In such circumstances relevant data may be retained for 30 days.
When web traffic information may be disclosed to Google Analytics when you visit Our websites. Google stores information across multiple countries.
When you communicate through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.
8. How do We protect your information
We utilise both cybersecurity and physical security measures to ensure that your data is stored and managed appropriately.
9. Access to and correction of your personal information
You have the right to ask for and receive access to personal information held about you and to ask for corrections to that personal information.
We will endeavour to respond within 30 days if you ask for access or correction of your personal information pursuant to the Privacy Act.
10. Privacy complaints
You can lodge a written request or complaint with the Privacy Officer at the following addresses:
MindSkiller Support
32 Adelaide Street
Woollahra NSW 2025
We encourage you to attempt to resolve your concerns with Us first, however you can also lodge a complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au/privacy/privacy-complaints/