1.1 When you use Compound, you are trusting us with your information. We recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. We take your privacy seriously.
1.1 We respect your rights to privacy and have a legal obligation to abide by the provisions of the Privacy Act 1988 (Cth) (Privacy Act). The rules that an organisation must follow under the Privacy Act are known as the Australian Privacy Principles (APPs) and cover areas including the collection, use, disclosure, quality and security of personal information. We are also bound by any relevant health privacy principles under State legislation.
1.2 This policy outlines the types of information we collect, why we collect it and how you can manage, update and delete the information we hold.
1.3 Compound Health Pty Ltd (ACN: 673 448 149) (Compound, we, us, our) is an online health platform dedicated to providing preventative healthcare.
1.4 At Compound we:
a. create and link high quality information about various aspects of health; and
b. facilitate confidential consultations between our customers and:
i. registered Australian health practitioners, including medical practitioners and nurses (Partner Practitioners);
ii. allied support and companion persons, such as health coaches (Partner Companions); and
iii. other Australian registered health providers who provide or supplement health services, such as physiotherapists, radiographers and other body scan operators, pathology providers, and pharmacists (Partner Providers), (collectively, Partners).
1.5 We collect a range of information, including personal information about you. Personal information includes information or an opinion about you (whether true or not), which identifies you or from which you are reasonably identifiable.
2. How we collect your personal information
2.1 We will collect and hold your personal information in a lawful and fair manner, and not in an intrusive way.
2.2 Where it is reasonably practical to do so, we will collect your personal information directly from you.
2.3 We collect your personal information directly from you when you:
a. visit the Website and sign up as a subscriber to our content;
b. make an inquiry or order in relation to goods or services through our Website;
c. attend an online consultation with one of our Partners through the Website;
d. contact us via telephone;
e. correspond with us, including when you complete our online quizzes or forms, contact us through our Website, App, in writing or via email;
f. upload your personal information on any mobile applications operated by us;
g. complete a customer satisfaction or market research survey; and/or
h. participate in any of our services.
2.4 How we collect your personal information:
a. from our group companies in order to provide you with goods and services;
b. from our Partners who assist us in providing goods and services to you, including where a Partner Practitioner or Partner Companion holds an online consultation with you, where you undergo a test through a Partner Provider or where a Partner communicates with you regarding the provision of a good or service;
c. from publicly available sources and third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners;
d. from government sources, such as Medicare, the My Health Record system, the electronic transfer of prescriptions service or any other government authority or database relevant to the provision of a service to you (Government Sources); and
e. from any other people or entities involved in assisting us with providing our services to you.
2.5 If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding your information, how we will use and disclose it, and that you may contact us to gain access to and correct or update the information.
3. Types of personal information we collect
3.1 The types of personal information we collect include (but are not limited to): your name, postal address, email address, contact phone numbers, date of birth, driver’s licence details, Medicare information, billing and shipping information, device ID, IP address, statistics on page views, traffic, standard web log-in information, details of the services and Partners you make enquiries about, written consents related to the goods and services we facilitate and, if applicable, employment information.
3.2 We only collect health information about you with your consent, or otherwise in accordance with the Privacy Act. The types of health information we collect include (but are not limited to): your medical history, Medicare number, Individual Healthcare Identifier (IHI) number, height, weight, symptoms, future health goals, medical records, medical prescriptions, and other health information or sensitive information that you provide or that we (or our Partners) consider necessary to provide our (or their) services to you.
3.3 When you use or interact with a wearable or other connected device that integrates with our services, we may also collect the data that is collected by that device, which may include personal and health data, as well as certain information about the device or product such as serial number, Bluetooth address, UPC, or other device-related information to provide optimal services.
3.4 Where you do not wish to provide us with your personal information, we may not be able to provide you with the requested goods or services.
4. Our purposes for handling your personal information
4.1 We collect, hold, use and disclose personal information to:
a. offer and provide you with our goods and services (including to verify your identity, to maintain any of your health records that we hold, to contact you to make appointments or issue reminders, and to tell you about products that might better service your healthcare or lifestyle requirements);
b. facilitate and authorise payment and processing via third party gateways;
c. communicate with you about the provision of our goods and services, including but not limited to, sending communications to you about the services you have sought, dispatch and track information, returns and exchange authorisations, reminders in connection with the services you have sought, as well as to follow-up a matter with you at the request of the Partner or to email you tax invoices;
d. communicate to you announcements and updates, security alerts, technical notices, support and administrative messages and to provide you with information upon your request;
e. send you marketing and promotional information about:
i. us and our goods and services; or
ii. our group companies and business partners and their goods and services,
f. that might be of interest to you, including information about promotional offers, contests, rewards and upcoming events. This information may be delivered to you via SMS, email and personalised website experiences, such as a dashboard of recommendations for health products and services which may benefit you;
g. facilitate third parties communicating with you about our goods or services that might be of interest to you;
h. improve your experience with our goods and services, or to improve our, or any of our group companies’ products and services, including through research and development;
i. comply with our legal and regulatory obligations (including reporting requirements under the Medicare Scheme, the pharmaceutical benefit scheme, or any other government scheme related to the provision of our goods or services to you), exercise and defend our legal rights, prevent criminal or other unlawful activity whether immediate or in the future and to review and resolve complaints or disputes;
j. in connection with a merger, acquisition, organisational restructure, financing, sale of assets, bankruptcy or insolvency event;
k. consider you application for employment (if applicable); and
l. otherwise to manage our business generally, including (but not limited to) notifying medical defence organisations, our insurers, quality assurance and data processing and handling).
5. Disclosure of personal information
5.1 We disclose personal information in accordance with the Privacy Act.
a. Partner Practitioners
b. Partner Companions;
c. Partner Providers;
d. our employees, contractors and group companies;
e. Government Sources, where we are providing you with a health service;
f. cloud service providers;
g. payment system operators (such as Shopify or Stripe);
h. to third parties, such as our service providers, IT support providers, our professional advisors and our marketing and social media partners; and
i. should a Partner form the professional opinion that you are at risk of imminent harm and where consistent with their professional and ethical obligations to do so, contact emergency services to request a welfare check or assistance.
5.3 We will not use or disclose your personal information for any other purpose unless you have consented to that use or disclosure or where we are required or authorised by law.
6. Protection of personal information
6.1 We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, as records on third party servers, which may be located overseas.
6.2 We maintain appropriate physical, procedural and technical security for our offices and information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal information. This also applies to disposal of the personal information.
6.3 We further protect personal information by restricting access to your personal information to only those who need access to the personal information to do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.
6.4 We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
7. Direct marketing
7.1 Like most businesses, marketing is important to our ongoing success. We believe we have a unique range of products and services that we provide to customers at a high standard. Therefore we like to stay in touch with our customers and let them know about new opportunities.
7.2 From time to time, we may use or disclose to our third-party service providers your personal information to provide you with marketing materials that may be of interest to you, including marketing materials in relation to offers, specials, other products and services that we, our group companies, or affiliated business partners provide.
7.3 Except to the extent that our collection, use or disclosure is subject to clause 4.1(a), we will not collect, use or disclose your sensitive information for the purpose of direct marketing without your consent. You may opt out of receiving marketing communications from us at any time by following the opt out instructions provided in such marketing communications, in-App settings or by contacting our Privacy Officer. Where you receive marketing communications from us through multiple channels (eg, SMS, push notifications and email), you will need to opt out from each of those channels by following the instructions provided in such marketing communications or by contacting our Privacy Officer.
7.4 Receiving marketing communications is not a condition of any purchase or service with us. However, you are solely responsible for all charges related to SMS/text/email messages you send, including charges from your wireless or internet provider. If your contact details change, you may need to subscribe with your new contact details to ensure you can still receive marketing communications.
8. Cookies, device IDs, and other tracking technologies
8.2 Our App may also collect and store device IDs, such as advertising identifiers or push notification tokens, to enable application features, analyse application usage, and deliver personalised content and ads. We may share this information with third-party service providers to help facilitate and optimise these functions. For information on device ID and ad tracking controls, please refer to your mobile device settings.
9. Accessing and correcting your personal information
9.1 You may contact our Privacy Officer to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. We may require you to verify your identity and specify what information you require. On the rare occasion when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information about you held by us.
9.2 We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusal.
9.3 We will respond to all requests for access to, or correction of, your personal information within a reasonable time.
10. Overseas transfers of personal information
10.1 From time to time we may engage an overseas service provider to provide services to us, such as cloud-based storage solutions. By providing us with your personal information, you consent to your personal information being handled and stored overseas, including being stored on servers located in USA, Asia or Europe.
10.2 You acknowledge that Australian Privacy Principle 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas service provider breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.
11. Resolving personal information concerns
The Privacy Officer
Compound Health Pty Ltd
155 Clarence Street
Sydney NSW 2000
11.2 Your experience with Compound is important to us. We endeavour to respond to any complaint within a reasonable period.
11.3 If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992 or via their website https://www.oaic.gov.au/
12.2 The last update to this document was January 2024.