Privacy Policy

Overview:

Thank you for using the Prescription Skin platform provided by Prescription Skin Pty Ltd (Prescription Skin), a platform that connects individuals with:

  1. Partner Practitioners and Associate Practitioners for the purpose of conducting telehealth consultations and, if appropriate, providing other health services related to skin conditions;
  2. Partner Contributors for additional support and advice within their scope of practice;
  3. Associate Pharmacies, enabling individuals to have prescriptions filled and delivered to them.

Your privacy is of utmost importance to us, and we are committed to protecting it in accordance with the Privacy Act 1988 (Cth) (Privacy Act), which includes the Australian Privacy Principles (APPs) and any related privacy codes.

This Policy outlines our practices regarding the collection, use, disclosure, and storage of your personal information. It also informs you about how you can access and manage your information. This Policy applies to our obligations when handling information in Australia.

Key aspects of our privacy practices include:

  1. Collection of personal and sensitive information necessary for providing our services
  2. Use and disclosure of information to facilitate telehealth consultations and prescription fulfillment
  3. Secure storage and protection of your information
  4. Your rights to access and correct your personal information
  5. Our approach to data breaches and complaints handling

We encourage you to read this Policy carefully. If you have any questions or concerns about our privacy practices, please don't hesitate to contact us using the details provided at the end of this Policy.

By using our platform, you consent to the collection, use, and disclosure of your personal information as described in this Policy. We may update this Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.


Consent:

By providing personal information, you consent to us collecting, using, storing and disclosing your personal information in accordance with this Policy or as required or permitted by law. If you continue using our services, then we will treat your use as your consent to us handling your personal information in accordance with this Policy.

We will generally obtain consent from the owner of personal information to collect their personal information. Consent will usually be provided in writing; however, sometimes it may be provided orally or may be implied through a person’s conduct. We endeavour to only ask for your personal information if it is reasonably necessary for the activities that you are seeking to be involved in.


What personal information do we collect and why do we collect it?

About our users


Information collected

Why we collect it

How we collect it 
  • Your name, address, and contact details
  • Date of birth
  • Gender
  • Any photos or records you upload, such as images of your skin condition
  • Your device ID, device type and information, geolocation information, IP address, standard web log information, browser session data, device and network information, statistics on page views, acquisition sources, search queries, browsing behaviour and information gathered through internet cookies
  • Information contained in any communications between you and us
  • For the original purpose of personal information collection
  • - To identify and interact with you
  • To perform administrative and operational functions, including training and quality assurance
  • To comply with legal requirements, including any purpose authorised or required by Australian law, court or tribunal
  • For any other purpose for which you provide consent
  • Directly from you when you:
    • use our services
    • provide information on our platform
    • set up a profile with us
    • interact or share personal information via our social media
    • communicate with us
  • Through our third-party service providers
  • Through audio-visual recordings of consultations with Partner Practitioners and Associate Practitioners for quality and training purposes



About our general users that may not have subscribed to our Service but interact with us

Information collected

Why we collect it

How we collect it
  • Information you have provided in communications we have with you.
  • Information you have provided in the platform before you submit it to us, such as through cart abandonment.
  • Information about your access and use of our website, including browser session data, device and network information, statistics on page views, acquisition sources, search queries, browsing behaviour and information gathered through internet cookies.
  • To identify and interact with you.
  • To perform administrative and operational functions.


About contractors or prospective staff members (including health practitioners)

Information collected

Why we collect it

How we collect it
  • Your name, address, contact details (including email address and phone number) and date of birth.
  • Your nationality and which countries you hold citizenship of.
  • Educational details, such as schools you have attended, any qualifications you have received, transcripts and/or English language test results.
  • Employment details, such as a CV, qualifications attained or examples of work.
  • Any licences with relevant regulatory boards and/or other bodies, councils or authorities.
  • To enable us to carry out our recruitment functions.
  • To correspond with you.
  • To fulfil the terms of any contractual relationship.
  • To ensure that you can perform your duties.


About associate pharmacies or prospective associate pharmacies and their representatives


Information collected

Why we collect it

How we collect it
  • Your name, address, contact details (including email address and phone number) and date of birth.
  • The name of your business and registration details.
  • Any licences with relevant regulatory boards and/or other bodies, councils or authorities.
  • To assess potential contractual relationships.
  • To correspond with you.
  • To fulfil the terms of any contractual relationship.
  • To ensure that you can perform your duties.

If you choose not to provide information as requested, we may not be able to service your needs. For example, it will not be possible for us to provide you with our service if you want to remain anonymous or use a pseudonym.

We sometimes receive unsolicited personal information. In circumstances where we receive unsolicited personal information we will usually destroy or de-identify the information as soon as practicable if it is lawful and reasonable to do so unless the unsolicited personal information is reasonably necessary for, or directly related to, our functions or activities.


Sensitive information

Prescription Skin may collect sensitive information from you. Sensitive information includes details about your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information, or biometric information.


The types of sensitive information we may collect include:

  1. Details regarding your medical history, symptoms, or any health information contained in documents you upload, particularly related to skin conditions. If you consent to providing this information, we will only use it to facilitate our services and enable your use of our platform. We may use recordings of consultations for training and quality assurance purposes.
  2. Personal identifying details such as your Medicare card number and details of any concession cards you may hold.

You provide sensitive information when you enter it onto our platform or have a consultation with a Partner Practitioner or Associate Practitioner. By entering your health information, you consent to Prescription Skin:

  1. Collecting and handling it in accordance with this Privacy Policy;
  2. Sharing it with Partner Practitioners, Associate Practitioners, Partner Contributors, and Associate Pharmacies who have agreed to our terms for the purpose of providing our services to you, facilitating the practitioner's provision of their services to you, and ensuring ongoing continuity of care;
  3. Sharing it with our Associate Pharmacies if you elect to have your prescriptions filled by them for the purpose of dispensing and delivering your prescription medicines.

If you do not agree to these terms, you should not provide us with your sensitive information. We are committed to protecting your sensitive information and will only use it for the purposes specified in this Privacy Policy.


Disclosing your personal information

Prescription Skin may disclose your personal information to the following third parties:

  1. Our business or commercial partners;
  2. Partner Practitioners and Associate Practitioners who have agreed to our terms;
  3. Associate Pharmacies who have agreed to our terms;
  4. Partner Contributors who provide additional support within their scope of practice;
  5. Our professional advisers, dealers, and agents;
  6. Third parties and contractors who provide services to us, including customer support, IT services, data storage, webhosting and server providers, marketing and advertising organisations, and payment processing service providers;
  7. Payment system operators and debt-recovery functions;
  8. Third parties that collect and process data, such as Shopify, Google Analytics, or other third parties; and
  9. Any third parties you authorise to receive information held by us.

We may also disclose your personal information if required, authorised, or permitted by law.

Google Analytics: We use Google Analytics Advertising Features, including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, and Google Display Network Impression reporting. We and third-party vendors use first-party cookies (such as Google Analytics cookies) and third-party cookies (such as Google advertising cookies) together.


You can opt out of Google Analytics Advertising Features using the Google Analytics Opt-out Browser add-on. To opt out of personalised ad delivery on the Google content network, visit http://www.google.com/ads/preferences. For permanent opt-out, install their plugin. For mobile devices, follow these instructions: On Android, open Google Settings and select "ads" to control settings. On iOS 6 and above, use Apple's advertising identifier.


Overseas disclosure: We may send information to third parties located outside Australia for providing our services. These third parties are primarily located in the United Kingdom and the European Union, though this may change. Disclosure is made to the extent necessary to perform our functions or activities related to skin health services.


Using your personal information for direct marketing

From time to time, and in support of our future development and growth, we may use your personal information to contact you to promote and market our products and services.

You can opt-out from being contacted for direct marketing purposes by contacting us at info@prescriptionskin.com.au or by using the unsubscribe facility included in each direct marketing communication we send. Once we receive a request to opt out from receiving marketing information, we will stop sending such information within a reasonable amount of time.


Security

Prescription Skin takes all reasonable steps to protect personal information under our control from misuse, interference and loss, and from unauthorised access, modification or disclosure. We hold your personal information electronically in secure databases operated by our third-party service providers.


We protect the personal information we hold through multiple layers of security, including:

  1. Encrypted browsing through HTTPS;
  2. Storing authentication details, such as passwords, in hashed or non-reversible formats;
  3. Active monitoring of errors and logs using industry-level tooling;
  4. Operating within a secure cloud environment;
  5. Relying on TLS security to interact with the databases.

Our servers are hosted with Shopify. We utilise their provided security functionality and monitoring to detect and prevent persistent access to unauthorized services. Server access and deployment are limited to revocable access keys that can only be regenerated on a master account. Access to servers can only be gained by using industry-standard encryption keys that are generated and regularly updated, including when employees leave Prescription Skin.

User logs redact certain types of sensitive information, such as passwords, before they are logged to prevent user information leaking to third parties.

Servers and databases are limited to internal access only to prevent public database access, unless it relates to certain whitelisted services or for monitoring and troubleshooting purposes.

While we take reasonable steps to ensure your personal information is protected, security measures over the internet can never be guaranteed. The transmission and exchange of information is carried out at your own risk.

We encourage you to play an important role in keeping your personal information secure by maintaining the confidentiality of any passwords and account details used on our website. Additionally, given the sensitive nature of skin-related health information, we recommend you take extra precautions when accessing your account in public or shared spaces.

Prescription Skin is committed to maintaining the security and confidentiality of your personal and health information. If you have any concerns about the security of your information, please contact us immediately at help@prescriptionskin.com.au.


Accessing or correcting your personal information

If you would like to access your personal information, please contact us using the details below. In certain circumstances, we may not be able to give you access to your personal information, in which case we will write to you to explain why we cannot comply with your request.

We try to ensure any personal information we hold about you is accurate, up-to-date, complete and relevant. If you believe the personal information we hold about you should be updated, please contact us using the details below and we will take reasonable steps to ensure it is corrected if appropriate. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.


Destroying or de-identifying personal information

We destroy or de-identify personal and sensitive information when we no longer need it unless we are otherwise required or authorised by law to retain the information. This includes adhering to any applicable National or State laws that require the retention of personal and sensitive information, including but not limited to health information.


Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.


Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.


Making a complaint

If you believe your privacy has been breached or you have a complaint about our handling of your personal information, please contact us using the details below.

We take privacy complaints seriously. If you make a complaint, we will respond within 5 days to acknowledge your complaint. We will try to resolve your complaint within 30 days. When this is not reasonably possible, we will contact you within that time to let you know how long we will take to resolve your complaint.

We will investigate your complaint and write to you to explain our decision as soon as practicable.

If you are not satisfied with our decision, you can refer your complaint to the Office of the Australian Information Commissioner by phone on 1300 363 992 or online at www.oaic.gov.au.


Changes

We may, from time to time, amend this Policy. We will notify you of any changes to this Policy and any changes to this Policy will be effective immediately upon the posting of the revised Policy on our website. By continuing to use the services following any changes, you will be deemed to have agreed to such changes.