Privacy Policy – Dr Kamal Touma

Privacy Policy of Kamal Touma Pty Ltd

Kamal Touma Pty Ltd provides mental health services to help people manage and recover from mental illness. As a healthcare company, Kamal Touma Pty Ltd recognises the importance of privacy and is committed to the management and handling of Personal Information and Sensitive Information in an open and transparent way. Kamal Touma Pty Ltd is required to comply with Privacy Laws. This policy creates a framework to ensure that any Personal Information Kamal Touma Pty Ltd holds is collected, used, stored, and disclosed per the Australian Privacy Principles in the Privacy Act. Kamal Touma Pty Ltd acknowledges that due to the sector in which it operates, unauthorised disclosure of Personal Information may lead to a risk of serious harm, including harm to their mental or physical well-being, financial loss, or damage to the reputation of Kamal Touma Pty Ltd’s patients.

This risk is particularly high given the vulnerability of patients receiving services. Accordingly, Kamal Touma Pty Ltd takes every reasonable effort to ensure that your Personal Information is held securely in accordance with this Privacy Policy and privacy laws and is treated with respect and care. You have the right to contact us to access or correct your Personal Information. We encourage you to contact us if you have questions or concerns about your privacy or how your Personal Information is handled by Monarch Mental Health Group.

This Privacy Policy documents the handling of Personal Information by and on behalf of Kamal Touma Pty Ltd.

As a provider of healthcare services which deal with Personal Information and Sensitive Information, Kamal Touma Pty Ltd has an obligation to respect the privacy of individuals and to follow the Australian privacy laws, which include:

the Privacy Act 1988 (Cth) (as amended from time to time);
the National Privacy Principles contained in Schedule 3 to the Privacy Act
or where applicable, the Australian Privacy Principles contained in Schedule 1 of the Privacy Act;
Health Records Information Privacy Act 2002 (NSW) and equivalent legislation in all other States and Territories in which Monarch Mental Health Group operates
all other applicable laws that require a person to observe privacy or confidentiality obligations in respect of Personal Information.

In addition, Kamal Touma Pty Ltd assesses whether the General Data Protection Regulation (GDPR) applies to any personal data it collects, processes or stores. Accordingly, please notify Kamal Touma Pty Ltd in writing if you are currently, or in the future become, a resident of the European Union, so that Kamal Touma Pty Ltd can assess whether any Personal Information it holds falls within the scope of the GDPR.

1. What personal data does Kamal Touma Pty Ltd collect about you and how is it collected?

Kamal Touma Pty Ltd may collect and hold information about individuals who may be customers, members of the general public, job applicants, business contacts, healthcare professionals and others. The information Kamal Touma Pty Ltd typically collects, holds and processes is detailed below.

Members of the Public

Information obtained when you access Kamal Touma Pty Ltd’s websites
Information you provide when calling Kamal Touma Pty Ltd’s inbound call centre, including name, home address, telephone number, email address, gender, date of birth, and age
During patient intake, Kamal Touma Pty Ltd will record a patient’s medical history, diagnosis, Medicare number, health fund details, emergency contact, home address, email, mobile number, referring doctor information, health care team information, credit card or bank details

Healthcare Professionals

Your name, business address, business telephone number(s) and email address
Professional details, including provider number
Practice specialty including areas of interest
Membership in professional associations
Practice and/or business information including, where applicable, interest in Monarch Mental Health Group products
Information relating to your patients
Information relating to your participation in Monarch Mental Health Group sponsored or supported clinical trials, conferences, or other educational events
Information from public domain websites
Information obtained when you access Kamal Touma Pty Ltd’s websites
Information and all notes obtained during telephone sales calls, including date and duration of the call, call outcome, follow-up required
Information about patients obtained when reporting adverse events required for reporting to regulatory authorities and for safety data reporting by Kamal Touma Pty Ltd’s global pharmacovigilance function
Frequent flyer numbers, passport details and next of kin details, when Monarch Mental Health Group sponsors or arranges your travel to educational events or for business relating to Kamal Touma Pty Ltd

Suppliers and Business Partnerships (other than Healthcare Providers)

Your name, business address, business telephone number(s) and email address
Dealings with Kamal Touma Pty Ltd in respect of general business relationships
Referrer names and addresses, practice staff names and emails (for co-location partners)
Work, professional and employment references, reports, and assessments
Information from public domain websites
Information obtained when you access Kamal Touma Pty Ltd’s websites
Bank information for payment of invoices
Vaccination status for COVID-19 or other relevant public health/pandemic instances, where you will attend Kamal Touma Pty Ltd offices or have face-to-face contact with Kamal Touma Pty Ltd personnel or customers

Job Applicants and Contractors

The types of Personal Information Kamal Touma Pty Ltd collect from job applicants, including for both employment and contract positions may include:

Employment History
Qualifications
Residential address
Date of birth
Opinions about suitability for employment or contract work from referees and previous employers
Taxation and banking details
Information from public domain and social media websites
Information obtained when you access Monarch Mental Health Group’s websites
Driver’s licence/passport details
Superannuation fund details
Next of kin/emergency contact information
Psychometric testing results
AHPRA registration status
“Right to work” check to ascertain the right to reside and work in Australia
Police clearance, where required for customer-facing roles and employment purposes

Vaccination status for COVID-19 or other relevant public health/pandemic instances, where relevant for the performance of the role being applied for.

Job applicants have the right to not disclose Personal Information, however, Kamal Touma Pty Ltd may not be able to assess a candidate’s suitability for employment or a contract position when it does not receive all necessary information. Kamal Touma Pty Ltd will only disclose the Personal Information of job applicants to third parties with the consent of the job applicant, or as otherwise permitted in limited circumstances by law.
Once a position has been filled, all applications received by Kamal Touma Pty Ltd are filed and kept in Kamal Touma Pty Ltd’s human resources files. However, the following information, if previously collected, will not be retained for applicants who do not commence employment or a contract position with Kamal Touma Pty Ltd: bank account details, driver’s license/passport, Tax File Number, superannuation fund details, next of kin

How will Kamal Touma Pty Ltd Collect Your Personal Information?

Kamal Touma Pty Ltd will strive to collect Personal Information about you directly from you. Nevertheless, on some occasions, Kamal Touma Pty Ltd may collect your Personal Information from other sources, such as:
Third-party agents or data providers
Public domain websites on the Internet
Electronic communications such as articles and information pieces which you feature such as a health information site or a medical professional site
Publicly available directories and listings such as telephone directories
Newspapers, magazines, professional journals, and the electronic media
Personal interactions and/or communications with Monarch Mental Health Group employees and/or contractors
Databases purchased from an external provider
Healthcare professionals
Carers

Personal information about you that Kamal Touma Pty Ltd collects and holds may vary depending on your particular interaction with Kamal Touma Pty Ltd and will be for a legitimate business purpose. Kamal Touma Pty Ltd will not collect Sensitive Information about you, such as information about your health or ethnicity without your consent.

3.2 Collection of Your Personal Information through Kamal Touma Pty Ltd’s Websites

Kamal Touma Pty Ltd’s websites provide for direct input of Personal Information under some circumstances. In addition, Kamal Touma Pty Ltd’s websites make use of ‘cookies’ which are small text files that are stored in the visitor’s local browser cache. This enables the recognition of the visitor’s browser to optimise the website and simplify its use. Most browsers are set up to accept these cookies automatically, however, you can deactivate the storing of cookies or adjust your browser to inform you before the cookie is stored on your computer. Data collected via cookies will not be used to determine the personal identity of the website visitor.

Kamal Touma Pty Ltd expects to increasingly make use of web analytics, including analysis by third-party service providers, which may use IP addresses. While this may in some circumstances be Personal Information, neither Kamal Touma Pty Ltd nor the service providers have any interest in an individual’s browser activities and will not use the information to take any action targeted to individuals
without having obtained that person’s consent.

Collection and Storage of Personal Information via Customer Relationship Management (CRM) Software, Telephone Sales Calls and Other Marketing Activities

Kamal Touma Pty Ltd utilises CRM tools to collect, process and store information which includes Personal Information in support of its operational and marketing activities. The CRM tool collects data offline and online via Kamal Touma Pty Ltd’s website, together with business-relevant information such as referral count and dates for referring Healthcare Professionals. Information on the CRM tool is collected from Kamal Touma Pty Ltd’s inbound call centre, website, referral forms, outbound telesales, events, and fax campaigns.

Telephone sales calls and in-bound telephone medical queries with Healthcare Professionals and medical practice staff will collect the following information which is stored on Kamal Touma Pty Ltd’s CRM tool: name, phone number, and the company of person spoken with, Company address, website, phone, email, fax number, associated employees; time and outcome of call and data collected during calls, e.g., direct email address and fax number.

The patient care team operating Kamal Touma Pty Ltd’s inbound call centre will record in the CRM call information such as who connected with, the date of the call, the call outcome, call duration and call notes.

How will Monarch Mental Health Group Store Your Personal Information?

Kamal Touma Pty Ltd stores and uses your Personal Information on a number of different platforms, depending on specific functionality and the user within Kamal Touma Pty Ltd’s environment. The standard storage platforms Kamal Touma Pty Ltd uses to store and where appropriate process your Personal Information is as follows:

Microsoft 365 environment tools, which include: SharePoint, OneDrive, Microsoft Teams, Lists, Forms, Power BI
Messaging services used by Healthcare Professionals to communicate with
each other, which includes: WhatsApp
Connecting with applications and data reporting platforms – MuleSoft
Patient management system
CRM and CMS – HubSpot
Automated forms management – Snap forms
Accounting software – Xero
Workforce management and scheduling platform – Deputy.

From time to time it is expected that platforms and applications used for storage of your Personal Information may change, and Monarch Mental Health Group reserves the right to change the applications it uses without notifying you without updating this Privacy Policy.

How Will Kamal Touma Pty Ltd Use Your Personal Information?

Customer Relationship Management (CRM) Software

Information relating to healthcare professionals and third parties with which Monarch Mental Health Group conducts business will be held on Kamal Touma Pty Ltd’s secure customer relationship management (CRM) software platform. This information will be accessed and used in the ordinary course of conducting business and for continuous and improved relationship management, including but not limited to communicating with patients, healthcare professionals and medical for marketing purposes, operational purposes, accounting, responding to enquiries or complaints

Healthcare Professionals
In addition to the uses of Personal Information specified in the CRM section, Kamal Touma Pty Ltd may use your information as follows:

To provide you with information relevant to your practice
To involve you in conferences and provide training and support relevant in Monarch Mental Health Group’s therapy areas relevant to your practice
To otherwise satisfy our legal and regulatory obligations

Other Use and Disclosure
Kamal Touma Pty Ltd may disclose information about you in the course of any of the uses described above, including to related businesses and third-party service providers for routine business purposes such as order delivery, marketing, hosting, data processing and validation, data storage or archiving, printing, and mailing. Kamal Touma Pty Ltd will use only reputable service providers and will ensure that it enters into appropriate contractual provisions with service providers to safeguard your privacy.

If you conduct business with Kamal Touma Pty Ltd and as a consequence are a close contact with Kamal Touma Pty Ltd’s personnel, Kamal Touma Pty Ltd may disclose information about your visits to Kamal Touma Pty Ltd’s offices and/or interaction with Kamal Touma Pty Ltd’s personnel if required in relation to COVD-19 or other relevant public health/pandemic instances.

Kamal Touma Pty Ltd will otherwise only disclose Personal Information about you to a third party where required by law.

4.1 Overseas Recipients

Kamal Touma Pty Ltd may transfer your Personal Information to service providers located outside of Australia. Under these circumstances, your Personal Information will always be stored in a secure manner that is at least as robust as the practices followed by Kamal Touma Pty Ltd in Australia.

Your Personal Information may be aggregated with data from other Kamal Touma Pty Ltd sources and stored or processed on computers or web-based database systems located outside Australia where data protection laws may differ from ours
Your Personal Information may be stored, maintained, and processed on computers or web-based database systems at Kamal Touma Pty Ltd which may be accessed by and shared with third parties working with Kamal Touma Pty Ltd
Some of our overseas service providers are located globally including in the European Union. Where Kamal Touma Pty Ltd uses external service providers located in countries outside of Australia, Kamal Touma Pty Ltd takes reasonable steps, including by contract provisions, to ensure that these service providers do not breach the Australian privacy laws

4.2 European General Data Protection Regulation (GDPR)

Monarch Mental Health Group acknowledges that it may collect Personal Information from patients, healthcare providers and others who are European residents and that such Personal Information may be subject to the GDPR. Although many of the privacy principles of the GDPR are similar to the Act and other Australian privacy laws, there are some differences. Accordingly, we request that you notify us if you are a European resident when you transfer your Personal Information to us or if you are aware that we are collecting your Personal Information. Your Personal Information will still be subjected to the same information security standards as are applied to all Personal Information held by Kamal Touma Pty Ltd. However, we may manage your Personal Information in a different manner to take into account data portability entitlements and other GDPR-specific requirements.

Data Security

Kamal Touma Pty Ltd uses technical and organisational security precautions to protect your data from misuse, interference, or loss and from unauthorised access, modification, or disclosure. Kamal Touma Pty Ltd’s security procedures are continuously revised based on new technological developments to ensure that any Personal Information that is provided to Kamal Touma Pty Ltd will be protected against possible misuse by third parties.

In the event of an actual or suspected data breach, Kamal Touma Pty Ltd will follow the procedures outlined in its Mandatory Data Breach Response Plan, including

containing the data breach
conducting a risk assessment to assess the severity rating of a suspected or known data breach
assessing whether an Eligible Data Breach has occurred

If an Eligible Data Breach has occurred, Kamal Touma Pty Ltd may report the data breach to third parties such as:

Kamal Touma Pty Ltd’s financial services provider
police or law enforcement bodies
the Australian Securities & Investments Commission (ASIC)
the Australian Taxation Office (ATO)
the Australian Transaction Reports and Analysis Centre (AUSTRAC)
the Australian Cyber Security Centre (ACSC)
the Australian Digital Health Agency (ADHA)
the Department of Health
State or Territory Privacy and Information Commissioners
Australian Health Practitioner Regulation Agency
professional associations and regulatory bodies
insurance providers.

Kamal Touma Pty Ltd will contact you if you have been personally impacted by an Eligible Data Breach.

Data Retention

Kamal Touma Pty Ltd will maintain your Personal Information for as long as is necessary to fulfil the purposes for which it was collected and for additional legal purposes related to Kamal Touma Pty Ltd’s legitimate business interests. Patient medical records will be retained for a minimum period of 7 years after a patient’s most recent contact.

If Kamal Touma Pty Ltd becomes aware that you are a European resident, it will ensure that your personal data is kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Kamal Touma Pty Ltd will delete from its records Personal Information that is no longer required, subject to minimum statutory periods for retention of patient medical records.

If Kamal Touma Pty Ltd is required to retain Personal Information for regulatory purposes, then wherever practicable, it will be held in a de-identified form.

Data Access and Correction

You may request access to Personal Information Kamal Touma Pty Ltd holds about you at any time. If you believe your Personal Information is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request to have it corrected and/or supplemented.

Requests to access or correct Personal Information should be sent to Kamal Touma Pty Ltd. Please provide as much detail as possible to assist in the location of information Kamal Touma Pty Ltd may be holding about you, such as your name, contact details, any former name(s), and if possible the context. Please specify if you are seeking access to specific Personal Information.

Kamal Touma Pty Ltd will respond to your request within 30 days of receipt or within any further time notified to you in writing, or if you are a European resident, will correct any of your inaccurate personal data without undue delay. Kamal Touma Pty Ltd will take reasonable steps to verify the identity of any person requesting access to or correction of their Personal Information to ensure that the person making the request is actually the data subject.

Deletion of Data

You may notify Kamal Touma Pty Ltd at any time if you do not wish Kamal Touma Pty Ltd to retain your Personal Information. Kamal Touma Pty Ltd will comply with all such requests wherever practicable and lawful, subject to minimum statutory periods for retention of patient medical records. Kamal Touma Pty Ltd will take reasonable steps to verify the identity of any person requesting the erasure of their Personal Information to ensure that the person making the request is actually the data subject. If you are a European resident, Kamal Touma Pty Ltd will correct any of your inaccurate personal data without undue delay where the right to be forgotten applies.

5.1 Complaints

All complaints regarding your Personal Informational should be made in writing to Kamal Touma Pty Ltd by emailing kamal@kamaltouma.com.au. Kamal Touma Pty Ltd will respond to your complaint within 30 days of receipt of your correspondence or within any further time notified to you in writing.

If you are not satisfied with the outcome of the response you receive, we can refer you to the Office of the Australian Information Commissioner (as applicable) for further investigation.