Our Privacy Policy

Introduction

This Privacy Policy explains how we collect and handle your personal information. It also describes your rights in relation to the personal information we hold about you.

This Privacy Policy commences from 1 April 2025 (Commencement Date). Prior to this date, the collection, use and disclosure of your information was covered by the Medibank Group privacy policy.

From the Commencement Date, this Privacy Policy applies to everyone who currently receives or has requested to receive health services with the Amplar Health Group. This includes:

• anyone who receives health services from us, or whose information is shared with us in connection with a referral for health services including:
  • virtual and telehealth services,
  • allied health services (for example, physiotherapy, occupational therapy, and podiatry services),
  • at-home health services, and
  • advice and coaching,
    1. individuals who contact us regarding any products and services offered by members of the Amplar Health Group, and
    2. individuals whose personal information we collect in the course of carrying out our functions and activities, such as service providers and contractors.

Although Amplar Health is part of the Medibank Group, this Privacy Policy does not apply to other parts of the Medibank Group. Medibank’s privacy policy is available here: https://www.medibank.com.au/privacy/.

2          Types of personal information we may collect

The types of personal information we may collect about you include:

1. 1. identifying information such as your name, date of birth, driver’s licence number or photo,
   2. identifying information of third parties including your next of kin or details of your emergency contact, other clinicians involved in your care, persons appointed as your guardian or power of attorney,
   3. sensitive information, including:
      1. information about your health, health history and health services provided to you,
      2. clinical measures such as blood pressure, pathology results and responses to health-related questionnaires,
      3. other sensitive information – such as your race and ethnicity where we are required to collect it or it helps us tailor services to meet your needs,
   4. contact information such as home address, home and mobile phone numbers and email address, and in some cases your work contact details,
   5. financial information such as bank account and credit card details,
   6. government-issued identifiers such as Medicare numbers,
   7. information about involvement in other programs that you participate in,
   8. if you visit our website, your IP address and IMEI information, and
   9. information about your usage of our website and apps.

3          Why, when and how personal information is collected and held

Why we collect personal information

We collect personal information:

1. 1. to enable us, and the people and organisations who work for or with us, to provide or offer to provide you with products and services,
   2. where we are required to do so by law, or
   3. where you provide it to us in your capacity as a service provider or contractor, for the purposes for which you provided us with that information, and for any related purposes.

When we collect personal information

We may collect personal information at various times, including:

1. 1. when you contact us by phone, mail, email or online or when we see you in person,
   2. when you contact us to enquire about or request services,
   3. when you visit our website or when you input or allow collection of information through our apps, and
   4. while we are delivering care and services to you.

How we collect and hold personal information

We may collect personal information about you directly from you or from other sources such as:

1. 1. an agency or organisation on whose behalf we are providing you with services or products (for example, where we act as their agent),
   2. a third party such as a hospital, nurse, doctor, allied health provider, community worker or other health service provider who has treated you, or that we have engaged to provide you with care or services,
   3. an agency, organisation or provider that has referred you to us for care or services,
   4. your health fund, government agency or other payor who funds your health service,
   5. persons who are authorised to share personal information with us – including people you have authorised to deal with us in relation to your arrangements, such as attorneys you have appointed under a power of attorney, your guardian, or your other agents or representatives,
   6. a member of the Amplar Health Group which has provided you with health services or other services,
   7. third parties who we partner with or use to offer or provide you with products and services,
   8. if you are a health service provider, from relevant government or industry services, databases and directories,
   9. publicly available sources or networking services. We may do this to offer you our products and services or to verify identity or other information provided by you,
   10. by using cookies and similar technologies to understand how you use our website, apps and social media platforms. We use these to provide personalised experience, support navigation, remember your preferences and deliver tailored marketing. We only use cookies if the privacy settings you have chosen on your device allow it to accept our cookies. You can access the content on our website without accepting cookies, but may find navigation and returning to our website easier if you do,
   11. CCTV cameras at our offices, and
   12. information sources, service providers or organisations that we use to prevent or minimise the risk of fraud.

4          Why we need your personally identifiable information

In most cases we need your information to deliver health care services to you, and to manage your enquiries and address your questions and concerns.  If you do not provide or allow us to have your personal information when we require it, we may be unable to provide you with some or all of the products and services you need. If you ask us, we will tell you what personal information we need in order to provide you with a particular product or service.

Where it is lawful and practicable for us, you can choose not to identify yourself when dealing with us and instead, use a pseudonym. If you ask us, we will let you know if this is possible.

5          Use of your personal information

We may use personal information for any of the following purposes:

1. 1. to manage our relationship with you, to identify and communicate with you, or to provide you with products, services or information that you have requested,
   2. to deliver health care and other related services to you,
   3. to manage and resolve any service-related complaints or issues,
   4. where we record your calls, to identify you and manage our relationship with you. We may also use call recordings, for training, coaching and development purposes unless you ask us not to at the time of the call,
   5. to comply with our legal obligations or enforce our legal rights, or as otherwise required or authorised by law,
   6. subject to section 6, to notify you of other health services and products offered by members of the Medibank Group or the Amplar Health Group or third parties that may be relevant and of benefit to you,
   7. to manage, review, improve and develop our product and service offerings or our business and operational processes, technology and systems.  This includes obtaining feedback, analysing and using data, undertaking research activities and projects or partnering with third parties to assist us to do so,
   8. to assist you with assessing your suitability for health products and services,
   9. to undertake other general functions and activities relating to the operation of our business and assets. This includes training, coaching, development and audits, and
   10. to analyse, investigate, pursue and prevent suspected fraudulent or criminal activities.

6          Disclosing your personal information

Who we disclose personal information to

In collecting and using personal information, we may disclose personal information:

1. 1. to members of the Amplar Health Group for the purpose of:
      1. providing you with health services you have requested,
      2. ensuring you are eligible for services and that our records for you are accurate,
      3. with your consent, offering health management programs and other support services which may be of benefit to you,
   2. to members of the Medibank Group for the purpose of managing and resolving any service-related complaints or issues,
   3. to the funders of services provided to you,
   4. to health service providers to provide health services to you. These providers include hospitals, doctors, nurses, physiotherapists, other allied health providers and other health professionals,
   5. to service providers in order to provide other services to you. These providers include gardeners, cleaners, transport providers, accommodation providers and carers,
   6. to your carers, guardians, agents, advisors or other persons that you have authorised, or who are responsible for you,
   7. to our agents, service providers and professional advisors,
   8. to payment system operators and financial institutions,
   9. to government agencies if required or permitted by law,
   10. to health funds, service providers or organisations who assist us in the detection and investigation of fraud,
   11. to other parties to whom we are authorised or required by law to disclose information,
   12. on a de-identified basis, to third parties that we partner with to provide or improve our products and services. We will only disclose your identifiable information to them with your consent, or
   13. to potential or actual buyers of parts or all of our assets or businesses.

7          Communicating with you and direct marketing

Service-related communications

We will communicate with you using the contact details that we have collected for you. In some circumstances and for some products and services, we will require an email address to communicate with you.

If you provide us with an email address, we will send most service-related communications to you by email. Service-related communications are the essential things you need to know about our products and services.

Marketing communications

If you consent to receive communications from us regarding offers and services, or where we are permitted to do so by law, we may contact or approach you directly to promote these offers and services and keep you informed of special offers from members of the Amplar Health Group, the Medibank Group, and third parties. We may do this via various channels (for example, by mail, SMS, phone, email and MMS messages, through targeted marketing on social media platforms, in app or push notifications).

You can opt-out of receiving these communications at any time by:

1. 1. submitting a ‘unsubscribe’ request via the link in our communications,
   2. updating your communication preference settings on our relevant app(s), or
   3. letting us know through our details set out in section 11.

However:

1. 4. you will still receive the service-related communications described in this section 6,
   5. you will need to opt-out separately from direct marketing from each company within the Amplar Health Group, from the Medibank Group, and from direct marketing in our apps,
   6. we may be required to share your details with our marketing partners and service providers to ensure that they do not direct market you, and
   7. if you have provided us, our marketing partners or service providers with several different email addresses or contact details, you will need to let us know which of the email addresses or contact details that the opt-out will apply to.

8          How you can access your personal information

You can ask us for access to the information, including medical records and call recordings, we hold about you at any time. To enable us to assess and respond to your request promptly, please call or email us through the communication channels in section 11 and provide us with all necessary information about your request. To protect you and us from fraud and misuse of your information, when you contact us to seek access to your personal information, we will need to be reasonably satisfied it is you or a person you have authorised. To do this, we may:

• require you to verify your identity, or
• use a third party and secure service or your IMEI or IP address to assist us to verify your identity.

We will endeavour to respond in a reasonable time, usually within 30 days of receipt of your request.

We may charge a reasonable fee for providing your personal information. We will let you know in advance of charging any fee to confirm that you still wish to proceed with your request. In some circumstances, we may refuse to provide you with access to your personal information. For example, access to your records may be denied if we have reasonable grounds to believe it would pose a serious threat to your life, health or safety or that of another person, or to public health or safety. If we do refuse to provide you with access to your personal information, we will write to you to let you know.

9          How you can correct personal information

To enable us to provide the best services to you, it is important that the information we hold about you is up to date. Please let us know when your details change.

If you believe any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please let us know through the communications channels described in section 11. We will take reasonable steps to update any personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading.

In some circumstances, we may refuse to correct your personal information. If we do this, we will write to you to let you know.

10        Disclosure overseas

We may disclose your personal information to organisations located outside of Australia from time to time in the ordinary course of our business, functions or activities. Most of these overseas organisations are service providers or their related entities which provide support and assistance to us in delivering our products and services to you and are likely to be located in the following countries:

New Zealand, United States, Japan, Ireland, Fiji, France, India, Indonesia, United Kingdom, Germany, Singapore, Canada, South Africa, Vietnam, Mauritius, the Philippines, and Netherlands.

11        Privacy Policy updates

We will review and update this Privacy Policy from time to time where necessary to reflect changes in applicable laws or in our privacy management practices. Where we make a material change to this Privacy Policy, we will notify you in writing or through our website.

The most up-to-date version of our Privacy Policy can always be found on our website, https://amplarhealth.com.au/.

12        How you can contact us

Specific privacy queries including to correct your information or request a copy of your information

Email us at privacy@amplarhealth.com.au and ensure that you state the programme you are enrolled in or the product or service you are receiving.

General privacy queries or complaints

If you have any general privacy queries or if you are concerned about the manner in which your personal information has been handled, please contact our Group Privacy Officer at:

Medibank and Amplar Health Privacy Officer
Medibank Private Limited
GPO Box 9999 (Your Capital City) or

privacy@amplarhealth.com.au.

We will review your enquiry in accordance with our internal procedures and applicable privacy laws.

If you wish to make a formal complaint, please provide your complaint in writing to our Privacy Officer and provide all information relevant to your complaint. We will receive and be able to action your request faster if you email it to us using the details above.

If we have not responded to you within a reasonable time or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act 1988 (Cth) to make a complaint to the Office of the Australian Information Commissioner. You can do so here.

Glossary of terms

Amplar Health
Medibank Health Solutions Pty Ltd (ABN 99 078 934 791) trading as Amplar Health.

Amplar Health Group
Amplar Health and each of the following subsidiaries of Amplar Health:

1. Medibank Health Solutions Telehealth Pty Ltd (ABN 40 069 396 792) trading as Amplar Virtual Health,
2. Amplar Home Health Pty Ltd (ABN 59 008 193 100),
3. Healthstrong Pty Ltd (ABN 61 155 277 919) trading as Amplar Allied Health,
4. Integrated Care Services Pty Ltd (ABN 71 059 950 695) trading as Amplar Preventative Health,
5. MH Investment Holdings Pty Ltd (ABN 18 169 818 884),
6. MHSI Pty Ltd (ABN 57 659 284 607),
7. MH Operations Pty Ltd (ABN 15 659 287 680),
8. MH Solutions Investments Pty Ltd (ABN 52 642 022 124), and
9. Medi Financial Services Pty Ltd (ABN 94 138 752 815).

IMEI
International Mobile Equipment Identity number.

Medibank
Medibank Private Limited (ABN 47 080 890 259).

Medibank Group
Medibank, the Amplar Health Group, Live Better Management Pty Ltd (ABN 93 003 457 289), Australian Health Management Group Pty Ltd (ABN 96 003 683 298) and Medibank Private Employee Share Plan Trust (ABN 53 501 924 436).

we, us or our
Amplar Health or one or more members of the Amplar Health Group, as the context requires.