1. Introduction
Dociva is a service provided by Dociva Pty Ltd ("we", "us", or "our"). Dociva Pty Ltd operates the Dociva website, platform and related services.
This Privacy Policy explains how we collect, hold, use, disclose and protect personal information and health information when you use Dociva.
Dociva handles personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and other applicable privacy obligations.
Health information is sensitive information. We take reasonable steps to handle health information carefully, securely and only for appropriate purposes connected with providing, supporting and improving our services.
This Privacy Policy should be read together with our Terms of Service and Cookie Policy.
2. What Information We Collect
The information we collect depends on how you use Dociva. We may collect personal information, health information, technical information and service-related information.
Personal information may include:
Health information may include:
Technical and usage information may include:
3. How We Collect Information
We usually collect information directly from you when you use the website, submit an application, complete a questionnaire, request a consultation, make a payment, contact support, use live chat or otherwise communicate with us.
We may also collect information from:
4. Why We Collect and Use Information
We collect and use personal information and health information where reasonably necessary for Dociva's functions and activities, including to:
5. Sensitive Information and Health Information
Health information is sensitive information and is handled with additional care. We collect health information where it is reasonably necessary for providing or supporting healthcare services, where you consent, or where otherwise permitted or required by law.
You must provide accurate, complete and truthful information when using Dociva. Incomplete or inaccurate information may affect the ability of a medical practitioner to assess your request safely.
You should not provide another person's health information unless you are authorised to do so.
6. Direct Marketing and Advertising
Dociva may use limited personal information, such as your email address or contact details, to send service updates or marketing communications where permitted by law. You can opt out of marketing communications at any time by using the unsubscribe option or contacting us.
Dociva does not use sensitive health information for personalised advertising based on medical conditions, symptoms or healthcare vulnerability.
We may use analytics and advertising measurement tools to understand website performance, campaign effectiveness and how users find Dociva. This may include cookies, pixels, conversion tracking or aggregated reporting, as described in our Cookie Policy.
We do not recommend uploading patient health data, medical certificate request data or sensitive health-related customer lists to advertising platforms for remarketing or personalised health advertising.
7. Cookies and Similar Technologies
We use cookies and similar technologies to operate the website, support security, maintain sessions, improve functionality, analyse website performance and measure advertising effectiveness where applicable.
You can manage cookies through your browser settings. Blocking cookies may affect some website functions, including application flow, secure forms, payment-related features and support tools.
For more information, please read our Cookie Policy.
8. Disclosure of Information
We may disclose personal information and health information where reasonably necessary for the purposes described in this Privacy Policy, including to:
We do not sell personal information or health information to advertisers.
We do not disclose your health information to your employer, school, university or other organisation unless you request or authorise us to do so, it is required or permitted by law, or it is necessary for a verification or dispute process that you have initiated or authorised.
9. My Health Record and Government Health Systems
Where Dociva accesses, uses or integrates with government health systems, including Healthcare Identifiers or My Health Record services where applicable, we do so only for appropriate healthcare-related purposes and in accordance with relevant legal, technical, access, audit and participation requirements.
Access to these systems is restricted to authorised users and may be logged, audited and monitored.
Patients may have rights and controls relating to My Health Record and other government health systems. You can access further information through the relevant government health service.
10. Payment Information
Dociva uses third-party payment processors to process payments. We do not store full credit card or debit card details on Dociva systems.
Payment processors may collect and process payment details, billing information, transaction identifiers, fraud-prevention information and other information required to process your payment.
Payment providers handle payment information under their own privacy and security terms.
11. Data Storage and Overseas Disclosure
Where practical, Dociva aims to use Australian infrastructure for core application systems and health-related operational data.
Some third-party providers may process, store or access limited information outside Australia. This may include providers used for payments, email, SMS, analytics, advertising measurement, customer support, security, hosting, software development, monitoring or other operational services.
Countries where information may be processed or accessed may include Australia, the United States, New Zealand, the United Kingdom, countries in the European Union, or other locations where our service providers operate.
Where personal information is disclosed overseas, we take reasonable steps required by applicable privacy laws to ensure appropriate handling of that information.
12. Security of Information
Dociva takes reasonable steps to protect personal information and health information from misuse, interference, loss, unauthorised access, modification or disclosure.
Security measures may include secure connections, access controls, authentication, encryption or other technical safeguards, monitoring, audit logs, staff access restrictions, operational processes and incident response procedures.
No online service, method of transmission or electronic storage can be guaranteed to be completely secure. You should take care when using shared devices, public networks, email forwarding, screenshots or storing documents that contain health information.
13. Retention of Information
We retain personal information and health information for as long as reasonably necessary for the purposes described in this Privacy Policy, including service delivery, clinical recordkeeping, legal compliance, audit, dispute handling, insurance, accounting, security and operational purposes.
Clinical and health-related records may need to be retained for minimum periods required by law, professional obligations, insurer requirements or clinical governance requirements.
When information is no longer required, we will take reasonable steps to destroy, delete or de-identify it where lawful and practicable.
14. De-identified and Aggregated Information
We may use de-identified or aggregated information for service improvement, analytics, reporting, clinical governance, operational planning, security review and business analysis.
We will take reasonable steps to avoid using de-identified or aggregated information in a way that reasonably identifies an individual.
15. Access and Correction
You may request access to the personal information we hold about you. You may also ask us to correct information if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading.
We may need to verify your identity before responding to an access or correction request.
In some circumstances, access may be refused or limited where permitted by law, including where providing access would create a safety risk, affect another person's privacy, prejudice an investigation, breach legal obligations or reveal commercially sensitive information.
If we refuse access or correction, we will provide reasons where required by law.
16. Anonymity and Pseudonymity
You may browse parts of the Dociva website without identifying yourself.
However, because Dociva provides healthcare-related services, we usually need to collect identifying information before providing clinical assessment, issuing documents, processing payments, managing safety risks or complying with legal and clinical recordkeeping obligations.
17. Children and Minors
Dociva services are intended for adults unless a specific service expressly allows use by or for a minor with appropriate parent, guardian or authorised representative involvement.
We may refuse, cancel or redirect a request if we cannot safely or lawfully provide the service to the person the request relates to.
18. Third-Party Links and Services
Our website or communications may contain links to third-party websites, platforms or services that are not operated by Dociva.
We are not responsible for the privacy practices, security, content, terms or policies of third-party websites or services. You should review the privacy policies of any third-party services you use.
19. Data Breaches
If a privacy or security incident occurs, Dociva will take steps to investigate, contain and respond to the incident as appropriate.
Where required by law, we will notify affected individuals, the Office of the Australian Information Commissioner or other relevant parties under the Notifiable Data Breaches scheme or other applicable requirements.
20. Complaints
If you have a concern or complaint about how Dociva handles your personal information or health information, please contact us first so we can review and respond to your concern.
Please include enough detail for us to understand and investigate the issue. We may need to verify your identity before discussing personal or health information.
We aim to respond to privacy complaints within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.
21. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology, third-party providers, legal requirements or business operations.
Any updates will be posted on this page. The updated version will apply from the time it is published, unless otherwise stated.
22. Contact Us
If you have any questions, concerns, access requests, correction requests or privacy complaints, please contact our support team.
You can also contact us by email at support@dociva.com.au.