Privacy Policy

This Privacy Policy explains how Spotscreen Pty Ltd (ABN 18 144 922 190) (“Spotscreen”, “we”, “us”, “our”) collects, uses, stores and discloses personal information, including health information, when you interact with us online or offline.

Entity details
Spotscreen Pty Ltd
Suite 12, 86 Francis Ave, Perth WA 6018
Phone: 1300 305 230
Website: https://www.spotscreen.com.au

1) Scope

This Policy applies to personal information we handle through:

  • our website and related pages, forms and communications
  • bookings, enquiries and customer support (phone/email/SMS)
  • onsite/mobile skin check programs and related health education
  • vouchers and participant follow-up processes
  • events, campaigns, and offline forms (paper or tablet)

This Policy is intended to be read alongside any consent forms you are asked to sign (for example, where you consent to sharing results with a workplace or GP).

2) What is “personal information” and “health information”?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Health information is treated as sensitive information under Australian privacy law and generally requires a higher standard of care and (in many cases) consent to collect/use/disclose.

3) What we collect

Depending on how you engage with us, we may collect:

a) Identity and contact details

  • name, date of birth (or age range), gender, email, phone
  • residential or workplace location (as needed for service delivery

b) Booking and service information

  • appointment details, attendance, program type (workplace/participant-pays), referral timeframe
  • communications with you (emails, calls, messages)

c) Health information (when providing our services)

  • screening notes and observations (including dermoscopy images where applicable)
  • skin lesion/location notes, follow-up recommendations and timeframes
  • relevant history you choose to share (e.g. personal/family skin cancer history)

d) Payments (if applicable)

  • payment status and transaction references (we generally do not store full card details; these are handled by payment processors)

e) Website and device data

  • IP address, browser/device type, pages viewed, approximate location (city/region), cookies and similar technologies.

4) How we collect personal information

We collect information when you:

  • book online, complete forms, or contact us
  • attend an assessment (paper or digital intake, clinical documentation)
  • participate through a workplace program (bookings/attendance and program reporting)
  • use our website (cookies/analytics)

We aim to collect information directly from you unless it’s unreasonable/impracticable (e.g. program coordinator provides booking lists). Where required, we’ll take reasonable steps to notify you about collection and how we handle it, consistent with the APPs.

5) Why we collect, use and disclose information

We collect and use personal information to:

  • respond to enquiries, whether online, via email, in person or on the telephone
  • provide and administer bookings, assessments and participant support
  • document assessment outcomes for reference and continuity
  • recommend follow-up (e.g. GP review within a timeframe)
  • send appointment and referral reminders and service communications
  • manage quality assurance, training and clinical governance
  • meet legal, regulatory, insurance and safety obligations
  • improve our services, reporting and operational performance
  • manage billing, reconciliation and client account administration

We only use or disclose personal information for the primary purpose it was collected for (or closely related purposes you’d reasonably expect), unless an exception applies or you consent.

6) Sharing information (disclosures)

We may disclose personal information to:

a) Your workplace / program sponsor

For workplace programs, we may provide the organisation with:

  • de-identified and aggregated reporting (e.g. overall outcomes and trends), and/or
  • administrative reporting (e.g. attendance totals, booking utilisation)

We do not share your identifiable health information (including your individual results) with an employer or third party unless you give explicit consent (via a separate consent form) or we are required/authorised by law.

b) Health providers you nominate (e.g. GP)

If you request it via written signed consent form (provided on request by Spotscreen), we may share relevant information with your nominated GP or clinic to support follow-up.

c) Service providers who help us operate

This may include providers for:

  • booking/CRM systems, secure cloud storage, IT support
  • email/SMS communications
  • payments and invoicing systems
  • analytics/website hosting and security monitoring

They are only authorised to use information as necessary to provide services to us, under confidentiality and security obligations.

d) Legal and safety reasons

We may disclose information where required or authorised by law (e.g. subpoena, court order), or to prevent serious threats to life/health, or to investigate suspected fraud or security incidents.

7) Overseas storage and disclosures

Some of our technology providers may store or process data outside Australia (for example, in cloud environments). Where we disclose personal information overseas, we take reasonable steps to ensure appropriate protections are in place, consistent with the APPs.

8) Cookies, analytics and online tracking

We use cookies and similar technologies to:

  • keep the website functioning
  • understand traffic and improve performance
  • measure campaign effectiveness

You can adjust cookie settings in your browser. Blocking cookies may affect some site functions.

9) Direct marketing

We may send service updates or information that’s relevant to your engagement with Spotscreen (e.g. reminders, program updates, new service information). You can opt out of marketing communications at any time using the unsubscribe link (where provided) or by contacting us.

10) Keeping information secure

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Measures may include:

  • access controls and role-based permissions
  • secure systems and encryption where appropriate
  • staff confidentiality obligations and training
  • secure disposal or de-identification when no longer required

No system is perfectly secure; however, we design our controls to be appropriate to the sensitivity of the information – especially health information.

11) Data retention

We keep personal information only as long as needed for:

  • providing services and maintaining appropriate records
  • legal, tax, insurance and compliance requirements
  • dispute resolution and quality assurance

When no longer needed, we take reasonable steps to securely destroy or de-identify the information.

12) Notifiable Data Breaches

If we experience an “eligible data breach” likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme.

13) Access and correction

You can request access to, or correction of, personal information we hold about you. We may need to verify your identity and may refuse access in limited circumstances permitted by law. If we can’t provide access, we’ll explain why (where lawful). To request access/correction, contact us using the details in section 16.

14) Anonymity and pseudonymity

Where practical, you may interact with us anonymously or using a pseudonym (for example, general enquiries). This may not be possible where we need information to provide services or meet legal obligations.

15) Children and young people

Our services may involve younger participants in some settings. We collect only what’s reasonably necessary. Where consent is required and the person cannot provide it themselves (under 16 years old), we rely on consent from a parent/guardian or authorised representative (as applicable).

16) Complaints and contact

If you have questions, concerns, or want to make a privacy complaint, contact Spotscreen:

Phone: 1300 305 230
Email: enquiries@spotscreen.com.au

We will:

  • acknowledge your complaint
  • investigate and respond within a reasonable timeframe
  • take steps to address issues where appropriate

If you’re not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC).

17) Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. The latest version will be available on our website and can be provided in print on request.