The My RCH mobile application (the App) is a service provided by The Royal Children’s Hospital (ABN 35 655 720 546) (collectively referred to as “we”, “our” or “us”). In this Privacy Policy, “you” and your” refers to any individuals who access or use the App from whom we collect personal information.

This Privacy Policy informs you how we collect, use, disclose, secure and store your personal information when you use or access the App. We are committed to protecting your privacy and personal information. This privacy policy complies with the Information Privacy Principles contained in the Privacy and Data Protection Act 2014 (Vic) (PDP Act) and the Health Privacy Principles contained in the Health Records Act 2001 (Vic) (HR Act) and all related Australian legislation (collectively, Victorian Privacy Law).

If you use or access the App, you are deemed to have accepted and consented to this Policy. The personal information that we collect is used for providing and improving the functionality of the App. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in Victorian Privacy Law and our Terms and Conditions, which are accessible at My RCH Portal and the RCH Privacy Policy (unless otherwise defined in this Privacy Policy).

What information do we collect and hold?

The types of information we may collect includes:

• your name and other contact details (e.g. your physical address, email address, phone number);
• account information (e.g. username and password (hash of password only));
• sensitive information (e.g. your race or ethnic origin);
• relevant health information (e.g. your medical records, prescriptions, allergies and other health information);
• government related identifiers (e.g. Medicare number);
• technical information, such as information collected from your use of the App (e.g. your interaction with, and activity in, the App) and any integrated products and services;
• location information, while you are using the App, to provide location-based services; and
• device information (e.g. device ID number, model, and manufacturer, IP address, and operating system version).

The information that we request will be retained by us and used as described in this Privacy Policy. 

We will only collect and use sensitive information and health information with your consent or as required by law. Such information will only be used for the purposes for which it is collected or otherwise in accordance with Victorian Privacy Law. We will not use or disclose your sensitive information or health information to any third party except as required or permitted by law.

How do we collect your personal information?

We may collect your personal information in a variety of ways, including:

• directly from you or your parent or guardian (such as where you provided information to us, including when you access the App or our website, complete a form or application, or you contact us with a query or request or to resolve and issues);
• from third parties, including government regulators, law enforcement agencies and other government agencies, as well as third parties engaged to assist us with the App; and
• via other automatic data collection, such as cookies and your device location information.

If your personal information is collected from a third party, we will notify you of such where reasonably practicable.

How do we use your personal information?

We will only use your personal information to fulfil the purpose for which it is collected or for related purposes, in accordance with this Privacy Policy and Victorian Privacy Law.

We may also use your personal information for a range of different purposes, including to:

• provide you with, and support the functionality and operation of, the App and any integrated products and services;
• compile anonymous statistical data to conduct research and develop app features, and to perform data analysis;
• resolve any troubleshoot problems, and to maintain and improve the App;
• responding to any enquiries and handling complaints; and
• as otherwise authorised or required by law.

We do not sell or license your information. These are the limited ways we interact with your information in connection with our mobile apps:

• When you choose to add a profile photo to our mobile apps, you may select an existing photo on your device or take a new photo using the camera app on your device. If you select an existing photo on your device, a copy of your chosen photo is stored in the app-private storage on your device. If you use the camera app on your device to take a new photo, the photo you take is first saved to your camera app and then also saved to app-private storage on your device. If you remove the photo from your profile or delete our mobile apps, the copy of the photo is deleted from the app-private storage, but the photo saved to your camera app remains available in your camera app until you choose to delete it. If you already have a photo stored in your profile through your relationship with us – we do not interact with that photo in any way.
• When you choose to use Apple’s HealthKit or Google Fit, we create encrypted identifiers to identify recipients of your Apple’s HealthKit or Google Fit data and store them on your device in app-private storage. If you choose to stop using Apple HealthKit or Google Fit or delete our mobile apps, the identifiers are deleted.
• When you choose to view documents from us (such as letters or images) using our mobile apps, to make the files viewable for you, copies are temporarily stored on your device in app-private storage. The temporary copies are deleted when you close your session on our mobile apps.
• We do not currently offer automatic appointment arrival, however in the future if we offer this functionality and you choose to enable it, identifiers and times for your upcoming appointments are temporarily stored in app-private storage to detect when you arrive for an upcoming appointment. If you choose to stop using our mobile apps or you disable automatic appointment arrival, the identifiers are deleted.
• We do not currently offer location-based check in for in-person appointments, nor allow you to find healthcare providers near you. However, in the future if we offer this functionality you may choose to allow our mobile apps to interact with your location data for those purposes. We do not store your location data.
• If you choose to use the app to notify front desk staff electronically when you arrive for an appointment, you may choose to allow our mobile apps to interact with your Bluetooth data for this purpose. We do not store your Bluetooth data.
• While you use our apps, we collect non-identifying information so we can provide customer service to you and understand how people use our mobile apps so we can improve our products. This information includes the time you began using the app, our details (the organisation you are attending), any error messages or codes, the model of device used and its operating system, and the version of our mobile app used. If you use Android devices, we also collect your connection type (cellular or WiFi) during an error.
• You may contact us through the methods listed on within this policy. If you contact us, we may keep a record of the communication. You can decide how much information you want to share with us in those cases.

How do we disclose your personal information?

We may disclose your personal information (excluding health and sensitive information) to other health professionals and third parties, including but not limited to:

• when specifically authorised by you;
• regulatory bodies, and government agencies;
• third parties engaged by us to perform functions or provide products or services;
• third parties we engage to assist us with our functions or services, including contractors and service provides used for information technology services and support, archiving, App maintenance and development, but only for the purpose of fulfilling those services; and
• as otherwise authorised or required by law.

Subject to your consent, we may provide information, including sensitive and health information, about you to your healthcare provider and healthcare provider organisation involved in your healthcare, as well as other healthcare specialists.

When disclosing your personal information to third parties, we will take reasonable steps to ensure that the third party complies with laws substantially similar to Victorian Privacy Law.

The App does use third party services that will collect information used to identify you, namely Epic Systems Corporation. You can read more about Epic System Corporation’s privacy approach here.

How do we store your personal information?

We have in place steps to protect your personal information from misuse, loss or unauthorised access and disclosure. We store all registration information, encrypted user IDs, device diagnostic information and contact data, in the data store. It is a secure cloud-based facility, using infrastructure located in Australia, which has been classified as appropriate for storage of data up to the ‘protected’ security level.

We will only transfer personal or health information outside Victoria if the recipient is subject to laws substantially similar to Victorian Privacy Law.

Required Google Play Disclosures for Certain Health Apps

Google has determined our mobile apps are subject to their COVID-19 apps requirements. As a result, we are required to provide the following information so we can make our mobile apps available to you in the Play store.

• Our mobile apps interact with your microphone only if you choose to use your microphone to navigate our mobile apps. Our mobile apps interact with your camera roll only if you choose to add a profile photo to a profile in our mobile apps. This information is not used in connection with COVID-19.
• Our mobile apps access, collect, use, and share your information as stated above in the section titled, “How do we use your personal information?”
• Our mobile apps were not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow you to access aspects of your health information on file with us. We allow you to access aspects of existing information that exists in our record relevant to COVID-19-related vaccination information, laboratory test results, and documents with illness-related information using our mobile apps. You may choose if or how you want to access, display, or use the information – just like you can make those decisions about health information relating to other conditions, services, tests, or vaccinations.
• We currently do not offer Telehealth appointments directly through our app, however in the future if we offer this functionality you may choose to use our mobile apps to conduct telehealth appointments with your healthcare providers. Our mobile apps only provide the technical support for those appointments to happen.  We do not interact with any health information about you exchanged during any telehealth appointments.

Openness

This Privacy Policy is available on our website and upon request.

Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

This App does not use “cookies” explicitly. However, the App may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this App.

Links to Other Sites

The App may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the privacy policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Location information

When you use our App, such as to change or cancel appointments or to find community information (i.e. maps, public transport, banks, etc.), we may collect information about your location.

Location data is only used at the time we are providing services to you via the App. If you wish to use the App’s location-service features, you will be asked to consent to your location data being used for this purpose. If you wish to change our access or permissions, you may do so at any time by disabling location-services functions on your device.

Direct marketing

We do not sell or otherwise provide personal information to unrelated third parties for their direct marketing purposes or other use-based data mining purposes.

How can you access or correct your personal information?

You can update your personal information from within the App. If you are unable to update your personal information, we can update such information we hold about you. 

We take reasonable steps in the circumstances to ensure that personal information we collect, use or disclose is accurate, current, complete and relevant. If it is out of date, incomplete, irrelevant or misleading, please contact us as set out below. We may decline your request to access or correct your personal information in accordance with the Victorian Privacy Law. If we do refuse your request, we will provide you with a reason for our decision.

Dealing with us anonymously

We will provide you with the opportunity to deal with us anonymously or by pseudonym where it is lawful and practicable (e.g. when making a general enquiry or requesting a policy or other non-sensitive document from us). If you choose to deal with us anonymously or pseudonymously, we may not be able to provide you with access to and use of the App or any integrated products or services.

Unique identifiers

We do not assign, use or disclose unique identifiers to you unless it is necessary to do so to carry out one of our functions efficiently or is allowed or required by law. Examples of unique identifiers belonging to other organisations include Medicare numbers, tax file numbers and drivers licence numbers.

What can you do if you have a question or complaint?

If you would like further information about the way we manage personal information, or wish to complain, please contact us using the details below and we will investigate the issue. We will notify you of a decision in relation to your complaint as soon as practicable after it has been made.

If you are not satisfied with our decision, you may direct your concerns to either:

Office of the Victorian Information Commissioner

Phone: 1300 006 842

Email: enquiries@ovic.vic.gov.au

Mail: PO Box 24274  Melbourne VIC 3001

or

Health Complaints Commissioner

Phone: 1300 582 113

Online Form: https://hcc.vic.gov.au/make-complaint

Please note that the relevant Commissioner may decline to hear your complaint if it has not first been made to us.

Changes to this Privacy Policy

We may modify or amend this Privacy Policy at any time in our sole discretion. By continuing to use the App, you accept this Privacy Policy as it applies from time to time. You are encouraged to periodically review this Privacy Policy to stay informed of any updates.

This policy is effective as of 1 July 2022.

Contact Us

If you have any privacy related questions or suggestions, please do not hesitate to contact us at:

Phone: 03 9345 6106

Email: privacy.officer@rch.org.au

Mail: Privacy Officer

         Health Information Services

          The Royal Children’s Hospital

          50 Flemington Road

          Parkville  VICTORIA  3052