The My RCH mobile application (the App) is a service provided by The Royal Children’s Hospital (ABN 35 655 720 546) (collectively referred to as “we”, “our” or “us”). In this Privacy Policy, “you” and your” refers to any individuals who access or use the App from whom we collect personal information.
This Privacy Policy informs you how we collect, use, disclose, secure and store your personal information when you use or access the App. We are committed to protecting your privacy and personal information. This privacy policy complies with the Information Privacy Principles contained in the Privacy and Data Protection Act 2014 (Vic) (PDP Act) and the Health Privacy Principles contained in the Health Records Act 2001 (Vic) (HR Act) and all related Australian legislation (collectively, Victorian Privacy Law).
If you use or access the App, you are deemed to have accepted and consented to this Policy. The personal information that we collect is used for providing and improving the functionality of the App. We will not use or share your information with anyone except as described in this Privacy Policy.
The terms used in this Privacy Policy have the same meanings as in Victorian Privacy Law and our Terms and Conditions, which are accessible at My RCH Portal and the RCH Privacy Policy (unless otherwise defined in this Privacy Policy).
What information do we collect and hold?
The types of information we may collect includes:
- your name and other contact details (e.g. your physical address, email address, phone number);
- account information (e.g. username and password (hash of password only));
- sensitive information (e.g. your race or ethnic origin);
- relevant health information (e.g. your medical records, prescriptions, allergies and other health information);
- government related identifiers (e.g. Medicare number);
- technical information, such as information collected from your use of the App (e.g. your interaction with, and activity in, the App) and any integrated products and services;
- location information, while you are using the App, to provide location-based services; and
- device information (e.g. device ID number, model, and manufacturer, IP address, and operating system version).
The information that we request will be retained by us and used as described in this Privacy Policy.
We will only collect and use sensitive information and health information with your consent or as required by law. Such information will only be used for the purposes for which it is collected or otherwise in accordance with Victorian Privacy Law. We will not use or disclose your sensitive information or health information to any third party except as required or permitted by law.
How do we collect your personal information?
We may collect your personal information in a variety of ways, including:
- directly from you or your parent or guardian (such as where you provided information to us, including when you access the App or our website, complete a form or application, or you contact us with a query or request or to resolve and issues);
- from third parties, including government regulators, law enforcement agencies and other government agencies, as well as third parties engaged to assist us with the App; and
- via other automatic data collection, such as cookies and your device location information.
If your personal information is collected from a third party, we will notify you of such where reasonably practicable.
How do we use your personal information?
We will only use your personal information to fulfil the purpose for which it is collected or for related purposes, in accordance with this Privacy Policy and Victorian Privacy Law.
We may also use your personal information for a range of different purposes, including to:
- provide you with, and support the functionality and operation of, the App and any integrated products and services;
- compile anonymous statistical data to conduct research and develop app features, and to perform data analysis;
- resolve any troubleshoot problems, and to maintain and improve the App;
- responding to any enquiries and handling complaints; and
- as otherwise authorised or required by law.
We do not sell or license your information. These are the limited ways we interact with
your information in connection with our mobile apps:
- When you choose to add a profile photo to our
mobile apps, you may select an existing photo on your device or take a new
photo using the camera app on your device. If you select an existing photo on
your device, a copy of your chosen photo is stored in the app-private storage
on your device. If you use the camera app on your device to take a new photo,
the photo you take is first saved to your camera app and then also saved to
app-private storage on your device. If
you remove the photo from your profile or delete our mobile apps, the copy of
the photo is deleted from the app-private storage, but the photo saved to your
camera app remains available in your camera app until you choose to delete it.
If you already have a photo stored in your profile through your relationship
with us – we do not interact with that photo in any way.
- When you choose to use Apple’s HealthKit or
Google Fit, we create encrypted identifiers to identify recipients of your
Apple’s HealthKit or Google Fit data and store them on your device in
app-private storage. If you choose to
stop using Apple HealthKit or Google Fit or delete our mobile apps, the
identifiers are deleted.
- When you choose to view documents from us (such
as letters or images) using our mobile apps, to make the files viewable for you,
copies are temporarily stored on your device in app-private storage. The temporary copies are deleted when you
close your session on our mobile apps.
- We do not currently offer automatic appointment
arrival, however in the future if we offer this functionality and you choose to
enable it, identifiers and times for your upcoming appointments are temporarily
stored in app-private storage to detect when you arrive for an upcoming
appointment. If you choose to stop using
our mobile apps or you disable automatic appointment arrival, the identifiers
are deleted.
- We do not currently offer location-based check
in for in-person appointments, nor allow you to find healthcare providers near
you. However, in the future if we offer this functionality you may choose to
allow our mobile apps to interact with your location data for those purposes.
We do not store your location data.
- If you choose to use the app to notify front
desk staff electronically when you arrive for an appointment, you may choose to
allow our mobile apps to interact with your Bluetooth data for this purpose. We
do not store your Bluetooth data.
- While you use our apps, we collect
non-identifying information so we can provide customer service to you and understand
how people use our mobile apps so we can improve our products. This information includes the time you began
using the app, our details (the organisation you are attending), any error
messages or codes, the model of device used and its operating system, and the
version of our mobile app used. If you use Android devices, we also collect
your connection type (cellular or WiFi) during an error.
- You may contact us through the methods listed on
within this policy. If you contact us, we may keep a record of the
communication. You can decide how much
information you want to share with us in those cases.
How do we disclose your personal information?
We may disclose your personal information (excluding health and sensitive information) to other health professionals and third parties, including but not limited to:
- when specifically authorised by you;
- regulatory bodies, and government agencies;
- third parties engaged by us to perform functions or provide products or services;
- third parties we engage to assist us with our functions or services, including contractors and service provides used for information technology services and support, archiving, App maintenance and development, but only for the purpose of fulfilling those services; and
- as otherwise authorised or required by law.
Subject to your consent, we may provide information, including sensitive and health information, about you to your healthcare provider and healthcare provider organisation involved in your healthcare, as well as other healthcare specialists.
When disclosing your personal information to third parties, we will take reasonable steps to ensure that the third party complies with laws substantially similar to Victorian Privacy Law.
The App does use third party services that will collect information used to identify you, namely Epic Systems Corporation. You can read more about Epic System Corporation’s privacy approach here.
How do we store your personal information?
We have in place steps to protect your personal information from misuse, loss or unauthorised access and disclosure. We store all registration information, encrypted user IDs, device diagnostic information and contact data, in the data store. It is a secure cloud-based facility, using infrastructure located in Australia, which has been classified as appropriate for storage of data up to the ‘protected’ security level.
We will only transfer personal or health information outside Victoria if the recipient is subject to laws substantially similar to Victorian Privacy Law.
Required Google Play Disclosures for Certain
Health Apps
Google has determined our mobile apps are subject to their
COVID-19 apps requirements. As a result,
we are required to provide the following information so we can make our mobile
apps available to you in the Play store.
- Our mobile apps interact with your microphone
only if you choose to use your microphone to navigate our mobile apps. Our mobile apps interact with your camera
roll only if you choose to add a profile photo to a profile in our mobile apps. This information is not used in connection with
COVID-19.
- Our mobile apps access, collect, use, and share
your information as stated above in the section titled, “How do we use your
personal information?”
- Our mobile apps were not created specifically
for the COVID-19 pandemic. They existed
before the COVID-19 pandemic to allow you to access aspects of your health
information on file with us. We allow you to access aspects of existing
information that exists in our record relevant to COVID-19-related vaccination
information, laboratory test results, and documents with illness-related
information using our mobile apps. You
may choose if or how you want to access, display, or use the information – just
like you can make those decisions about health information relating to other
conditions, services, tests, or vaccinations.
- We currently do not offer Telehealth
appointments directly through our app, however in the future if we offer this
functionality you may choose to use our mobile apps to conduct telehealth
appointments with your healthcare providers. Our mobile apps only provide the technical
support for those appointments to happen.
We do not interact with any health information about you exchanged
during any telehealth appointments.
Openness
This Privacy Policy is available on our website and upon request.
Cookies
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.
This App does not use “cookies” explicitly. However, the App may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this App.
Links to Other Sites
The App may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the privacy policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Location information
When you use our App, such as to change or cancel appointments or to find community information (i.e. maps, public transport, banks, etc.), we may collect information about your location.
Location data is only used at the time we are providing services to you via the App. If you wish to use the App’s location-service features, you will be asked to consent to your location data being used for this purpose. If you wish to change our access or permissions, you may do so at any time by disabling location-services functions on your device.
Direct marketing
We do not sell or otherwise provide personal information to unrelated third parties for their direct marketing purposes or other use-based data mining purposes.
How can you access or correct your personal information?
You can update your personal information from within the App. If you are unable to update your personal information, we can update such information we hold about you.
We take reasonable steps in the circumstances to ensure that personal information we collect, use or disclose is accurate, current, complete and relevant. If it is out of date, incomplete, irrelevant or misleading, please contact us as set out below. We may decline your request to access or correct your personal information in accordance with the Victorian Privacy Law. If we do refuse your request, we will provide you with a reason for our decision.
Dealing with us anonymously
We will provide you with the opportunity to deal with us anonymously or by pseudonym where it is lawful and practicable (e.g. when making a general enquiry or requesting a policy or other non-sensitive document from us). If you choose to deal with us anonymously or pseudonymously, we may not be able to provide you with access to and use of the App or any integrated products or services.
Unique identifiers
We do not assign, use or disclose unique identifiers to you unless it is necessary to do so to carry out one of our functions efficiently or is allowed or required by law. Examples of unique identifiers belonging to other organisations include Medicare numbers, tax file numbers and drivers licence numbers.
What can you do if you have a question or complaint?
If you would like further information about the way we manage personal information, or wish to complain, please contact us using the details below and we will investigate the issue. We will notify you of a decision in relation to your complaint as soon as practicable after it has been made.
If you are not satisfied with our decision, you may direct your concerns to either:
Office of the Victorian Information Commissioner
Phone: 1300 006 842
Email: enquiries@ovic.vic.gov.au
Mail: PO Box 24274 Melbourne VIC 3001
or
Health Complaints Commissioner
Phone: 1300 582 113
Online Form: https://hcc.vic.gov.au/make-complaint
Please note that the relevant Commissioner may decline to hear your complaint if it has not first been made to us.
Changes to this Privacy Policy
We may modify or amend this Privacy Policy at any time in our sole discretion. By continuing to use the App, you accept this Privacy Policy as it applies from time to time. You are encouraged to periodically review this Privacy Policy to stay informed of any updates.
This policy is effective as of 1 July 2022.
Contact Us
If you have any privacy related questions or suggestions, please do not hesitate to contact us at:
Phone: 03 9345 6106
Email: privacy.officer@rch.org.au
Mail: Privacy Officer
Health Information Services
The Royal Children’s Hospital
50 Flemington Road
Parkville VICTORIA 3052