GreenChoices is a trademark of Green Leaf Choices. At Green Leaf Choices (“GC”), we respect your rights to privacy and have a legal obligation to abide by the provisions of the Privacy Act 1988 (Cth) (“the Act”). Our objective is to handle information responsibly and provide you with some control over the way information about you is handled.
In general terms, personal information is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. It may also information about your medical history or any conditions you may have. Information which cannot be reasonably linked to your identity (e.g. IP address, browser information, favourite websites or the number of users of a website) does not constitute personal information and is not regulated by the Privacy Act 1988 (Cth). If the information we collect personally identifies you, the information will be considered personal information.
Collection of personal information and other data
For the general public, the nature of personal information collected by the Group may comprise information such as:
- your name, email, address and telephone number and other contact details;
- your age or date of birth;
- your gender;
- your AHPRA number;
- your profession, occupation or job title;
- your social media identities and interests;
- if you transact or deal with us, your financial information, including credit card details;
- your medical history and any medical conditions, or the medical history or medical conditions of your children or children in respect of which you are a guardian, including medications (past and current), allergies, adverse events (side effects), immunisations, social history, family history, risk factors, and test results;
- any additional information relating to you that you provide to us directly through our representatives, medical or allied health professionals.
For healthcare professionals, the nature of personal information collected by the Group may also include information such as:
- the location and scope of services offered by your medical practice;
- information collected in the provision of any services requested, including advising on any forms or regulatory matters; and
- your prescribing practices.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys, or aggregated information about how users use our Site.
When collecting personal information from you, we may collect it in ways including:
- by you completing one of our contact us forms or through an internet portal;
- through email in relation to enquiries from you or responses to emails sent to you or through phones calls, texts or other forms of communications;
- in response to product queries or engagement with our medical or educational representatives; through your access and use of our websites (including the Site) and social media channels;
- by review of your medical records including clinic letters or test results from other health care providers; and
- in connection with patient or doctor surveys or questionnaires.
Generally, we endeavour to collect your personal information directly from you unless it is unreasonable or impracticable to do so. In addition, we may also collect personal information from other sources including:
- agents and service providers such as customer relationship management service providers and third-party service providers;
- information provided on your behalf with your consent or through direct contact with your guardian, other family members or your doctor/healthcare provider;
- from third party bodies such as your health fund, hospitals or other community health services, law enforcement agencies and other government entities, including Medicare and Department of Veterans Affairs; and
- publicly available sources including directories, listings and the internet.
Use and disclosure of personal information and other data
The purposes for collecting such personal information include to arrange and conduct the Group’s business activities and functions, understand our audiences and provide you with requested products and services.
We collect, hold, use and disclose your personal information for the following purposes:
- for administrative and billing purposes;
- to update your contact details;
- to process and respond to any complaint made by you;
- to share with legal and regulatory bodies, including to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country, including any accreditation agencies;
- to use within the Group to understand adverse events (side effects) and treatment effects of medical cannabis;
- for the purposes of data research and analysis, including for (a) the purpose of searching for trends within information received from yourself and other patients (including using third party data) between products and conditions or illnesses (b) proactive screenings, and (c) for the purpose of sending you direct communications in relation to these;
- to answer enquiries and provide information or advice about both existing and new products or services or opportunities that might be of interest to you and in relation to all matters relevant to the services we provide to you;
- to administer conferences, symposia, expert panels, seminars or other similar programs organised by us, which you agree to participate in or be involved with;
- to advise you in connection with clinical trials, other trials, surveys or other matters in which you have expressed an interest or have participated in;
- to discuss and disclose to your health practitioners;
- to conduct business processing functions including providing personal information to our related bodies corporate and affiliates, contractors, service providers or other third parties;
- for the administrative, marketing (including direct communications), planning, product or service development, quality control and research purposes of the Group;
- to facilitate the performance of any services or functions we provide to you using third parties, including contractors;
- to disclose to any Related Body Corporate or any entity which controls or holds a significant shareholding in a Group member for the purpose of carrying out any of the services, functions, activities or tasks permitted to be carried out by the Group under this Policy;
- for the supply to third parties on a de-identified basis to assist product improvement and enhancement of global understanding of cannabis treatments.
- in connection with the unlikely event of a bankruptcy or insolvency; and
- to meet obligations of notification to our medical defence organisations or insurers.
The Group may aggregate personal information so that it is not personally identifiable and disclose such aggregate or de-identified data to third parties. The Group will not sell your personal information to third parties.
On some occasions, your personal information and other data may be transferred to or processed by service providers in overseas countries including but not limited to the US, or even in ‘the cloud’ (which may involve processing in more than one country) in order for such service providers to perform services on our behalf. We will not be accountable under the Privacy Act 1988 for any breach of your privacy by the cloud storage provider nor will you be able to seek redress under the Privacy Act 1988 for any breach of your privacy by the cloud storage provider.
Like most business organisations, the Group performs some of its functions under licence and also contracts out some functions and relies on third party suppliers to conduct specialised activities such as website management, IT systems administrators, share registry services, mail out services, couriers, call centre services, data analysis and processing services, electronic network administrators, insurance broking, supply of equipment, engineering services, security services, financial services, credit reporting services, and professional advisors such as accountants, solicitors, business advisors and consultants. Personal information may be provided to these licensors (where contractually required) and to these suppliers to enable them to perform the agreed tasks.
Some companies that the Group is associated with have their own privacy policies and where they collect personal information from you for their own business, your personal information will be handled in accordance with their privacy policies.
We may send you educational communications and information about medical conditions, clinical trials, research, events, products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with all applicable marketing laws, such as the Spam Act 2003 (Cth). If, in your dealings with us, you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving communications from us by contacting us or by using opt-out facilities provided in the communications and we will then ensure that your name is removed from our mailing list.
Access and correct your personal information
The Group’s objective is to ensure that all personal information collected is accurate, complete and up-to-date. To assist the Group in achieving its objective, please contact the Privacy Officer if any of your details change. Further, if you believe that the information the Group holds is not accurate, complete or up-to-date, please contact the Privacy Officer on firstname.lastname@example.org in order to have the information corrected.
You may request access to any personal information we hold about you at any time by contacting us. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you and, if so, the fees will be as advised from time to time. We will not charge for simply making the request and will not charge for making any corrections or deletions to your personal information.
There may be instances where we cannot grant you access to the personal information we hold; however, we will only do so in accordance with our rights and obligations under the Act. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
Personal information security
The Group take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure in accordance with the sensitivity of that information. Your personal information and other data may be stored in hard copy documents, but is generally stored electronically on our software or systems or on those of our third-party service providers.
As our website is linked to the internet, and the internet is essentially insecure, the Group cannot provide any assurance regarding the security of transmission of information you communicate to us online. The Group also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
Additionally, you acknowledge that the collection and use of your personal information by third-parties may be subject to separate privacy policies and/or the laws of other jurisdictions.
Our Site may contain links to other websites operated by third parties. The Group make no representations or warranties in relation to the privacy practices of any third-party website and are not responsible for the privacy policies or the content of any third-party website. Third party websites are responsible for informing you about their own privacy practices.
IP addresses, cookies and web beacons
We may also collect and receive certain types of information whenever you interact with us on our websites (including the Site) and through e-mails or other communications we may send each other. These technologies we use may include, for example, Web server logs, IP addresses, cookies and Web beacons.
- Web server logs / IP addresses: We may collect web server logs and IP addresses to conduct system administration and report aggregate information to affiliates, business partners and/or vendors to conduct site analysis and web-site performance reviews.
- Web Beacons. On certain webpages or e-mails, we may utilize a common Internet technology called a "web beacon (also known as an "action tag" or "clear GIF technology"). Web beacons help analyse the effectiveness of websites by measuring, for example, the number of visitors to a site or how many visitors clicked on key elements of a site.
We may also collect information from your browser or device when you visit our websites (including the Site) in addition to your IP, including device ID and type, your browser type and language, access times, your mobile device’s geographic location and referring website address.
If you believe that your privacy has been breached, please contact us in accordance with the arrangements set out below and provide details of the incident so that we can investigate it.
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
All complaints should initially be in writing and directed to the Privacy Officer.
Privacy Officer’s contact details
Please address all written correspondence to:
PO Box 3475
Crawley, WA 6009