Bulk Billed Sleep Studies Available - Find Out More
Find a Clinic
60 Locations
  1. Home
  2. Customer Service
  3. Privacy Policy

Privacy Policy

1. Our commitment to privacy

The CPAP Clinic Pty Ltd ABN 17 625 481 432 (trading as Sove CPAP Clinic), and all of its related bodies corporates (within the meaning of section 50 of the Corporations Act 2001 (Cth),) (collectively referred to as The CPAP Group, we, our or us) are committed to protecting the privacy of your (you or your) personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws.

This Privacy Policy sets out our policies for managing your personal information, including information on how and why we why we collect, store, use and disclose your personal information. This Privacy Policy applies when you interact and transact with us, either in person at our stores or clinics, via telephone and email, on our social media channels, on our websites (www.sove.com.au; www.thecpapclinic.com.au) or whenever we refer to or link to this Privacy Policy.

This Privacy Policy may be amended from time to time. Your continued engagement with us and use of our products and services after any changes are made to the Privacy Policy indicates that you accept the amendments. You should check this Privacy Policy regularly to ensure you are aware of any changes, and only provide further personal information to us if you accept the changes.

In this Privacy Policy, the terms ‘personal information’ and ‘sensitive information’ have the same meaning as in the Privacy Act. For the avoidance of doubt, ‘personal information’ includes ‘sensitive information’ (unless specified otherwise).

2. About us

The CPAP Group offers a range of products and services relating to sleep and respiratory disorders. Through the CPAP Group, we partner with a team of respiratory, sleep and heart specialists, as well as a clinical psychologist and other allied health professionals to provide you with medical specialist consultations, sleep studies, oxygen and respiratory treatments. We also offer deliver an extensive range of CPAP and wellness products, with independent pricing and comprehensive care.

3. How do we collect personal information about you?

Where possible, The CPAP Group will collect your personal information directly from you when you:

  • register an account with us;
  • interact with us, e.g. when you call, email or visit our website and social media channels, or when you meet with our sales representatives and attend training for our products and services;
  • sign up to receive marketing communications, interact with us via social media or other on-line platforms (including when you participate in on-line communities) or participate in promotional offers and surveys;
  • make an appointment or visit one of our clinics;
  • register to attend conferences and meetings with us or with third parties;
  • supply us with a product or service; and/or
  • you purchase our products.
We may also collect information from other sources, including:
  • healthcare professionals and their practices or carers that may be involved in your care (such as GPs, doctors, sleep and respiratory physicians), including when we receive referrals or patient forms from your healthcare professional that are emailed, faxed or provided to us or sent to us via their practice management software;
  • your health records (such as consultation notes and pre-sleep and post-sleep study questionnaires) or when we receive information and prescriptions from your healthcare professional;
  • our suppliers, vendors or contractors;
  • information automatically obtained when you access our websites, send us emails or enter your personal information into our webforms;
  • our payment partners (if you enter into any of our payment plans); or
  • your healthcare professional provides us data in relation to your medical care;
  • pharmacies and other medical clinics when we provide products and services on behalf of third parties that you have a relationship with; and/or
  • family members, legal guardian/s and/or a person you have authorised to provide your personal information to us.

4. What personal information do we collect about you

The types of personal information we collect will vary depending on your relationship and interaction with you.
For end users of our products and services, the information we collect includes, but is not limited to:

  • Contact information: We collect contact information about you in person, through communications and through our websites. For example, we collect your name, gender, phone number, postal addresses (personal and/or business), date of birth, postal address and other contact details when you sign up for our products and services.
  • Sensitive information: Given the nature of our products and services, we will from time to time collect your sensitive information (including health information), including your sleep study results, diagnosis, pre-existing health conditions, racial/ethnic information, sexual orientation, religious beliefs, mental health information and any other health related information from your consultations with healthcare professionals. We may also collect your Medicare number or drivers licence for health insurance or identification purposes.
  • Payment information: We may receive contract details (such as signatures) from you or your organisation and use payment processing services to collect payment and billing information, which may contain personal information such as billing name, billing address and payment card details, or bank account details, in connection with some of our products and services. If you enter into any of our payment plans, we may also collect details of your employment history and credit history.

If you are a health professional, vendor or supplier, we may also collect information including, but not limited to:

  • Professional information: about your employer or organisation who you represent, your occupation, education, credentials and qualifications. We may collect your AHPRA numbers, practice specialty including areas of interest, information relating to your patients following adverse event reporting, product complaints, survey and demographic information (such as number and type of patients treated), sales data from sources such as wholesalers or a pharmacy point-of-sale system and/or details of sponsorship or educational support provided to you

If you are a job applicant, we may collect:

  • Job applicant information: We collect personal information when recruiting personnel, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you. We may also collect personal information from third parties in ways which you would expect (e.g. from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions (including criminal history). If you are employed with The CPAP Group, we may also collect driver's license details from you.

We will only collect and retain information that is necessary for us to manage our interaction with you and provide you with our services or products.

You can always choose not to provide us with any personal information we request, but this may mean we cannot provide you with some or all of the services or products you have requested. If you have any concerns about personal information we have requested, please let us know.

5. Sensitive information

If collected, sensitive information will be used by us only:

  • if permitted by applicable law, with your consent;
  • for the primary purpose for which it was obtained; or
  • for a secondary purpose that is directly related to the primary purpose; and/or
  • as otherwise required or authorised by applicable law.

6. How do we interact with you on our websites?

When you visit our websites or use any of our mobile applications, we may collect:

  • technical data such as your internet protocol (IP) address, login data, your browser type, browser activity and related information;
  • information about the computer system you are using including the type of system and operating software;
  • analytics data which we may collect directly or via third party tools to help us measure traffic and establish trends for our products and services; and
  • any information you may enter or share with us.

We use cookies on our website(s). A cookie is a small text file that the website may place on your device to store information. We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our website in future visits. We may also use session cookies (which do not remain after your browsing session ends).

You may refuse the use of cookies by selecting the appropriate settings on your browser. Please note however, that when you do so, you may not be able to use the full functionality of our website.

Our websites may contain links to third-party websites. We are not responsible for the content or privacy practices of websites that are linked to our website.

7. How and why do we collect your personal information?

We collect personal information reasonably necessary to carry out our business, to assess and manage your needs, and provide you with our services and products. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you or third parties and managing client relationships.

  • provide you with treatment, including to provide you with medical reports, refer you to other specialist hospitals;
  • supply you with a range of CPAP and wellness products;
  • bill your charges to Medicare and/or relevant private health funds;
  • respond to employer and/or legal requests;
  • respond to other general requests for information and other general inquiries;
  • provide you with our payment plans and connect you with other financial providers;
  • manage, plan, advertise and/or administer programs, events and competitions for you;
  • inform you of our activities, events, facilities and services;
  • enter into a commercial arrangement with you to supply provides and/or services;
  • recruitment purposes (including for volunteers, internships and work experience); and
  • respond to enquires and/or complaints.

8. Can you deal with us anonymously?

Generally, it is not practicable for us to provide you with our products and services anonymously. If we do not collect personal information about you, you may not be able to use our services and/or purchase our products.

9. How and why do we use your personal information?

The purposes that we may use your personal information will vary, depending on the nature of the relationship you have with you, the type of information, and whether the information is personal information or sensitive information. For example, these purposes may include but is not limited to:

  • provide you with our products and services such as sleep testing, sleep apnea treatment products or annual reviews, or to respond to your requests for information or materials, and to create, develop and maintain our relationship with you;
  • process payments for a range of other administrative, management and operational purposes, including but not limited to: administering billing and payments and debt recovery, planning, managing, monitoring and evaluating our services, quality improvement activities, statistical analysis and reporting, training staff, contractors and other workers and risk management purposes;
  • manage legal liabilities and claims (for example, liaising with insurers and legal representatives), responding to enquiries and complaints regarding our services, obtaining advice from consultants and other professional advisers, responding to subpoenas and other legal orders and obligations;
  • communicate with your health insurer and healthcare providers, e.g. to update them with your treatment outcomes if they have referred you to us for treatment or support;
  • to undertake quality assurance measures, statistical analyses, surveys and research (including market research) to enhance existing, and develop new products and services, including improvements to our websites; or
  • to fulfil our legal, regulatory and risk management obligations including initiating and defending any legal claims; and

10. Why do we disclose your personal information?

We may share or disclose your personal information with our related entities and affiliates, as well as third parties (such as our suppliers, vendors, contractors or your health care professional), for the following purposes, amongst others:

  • to provide you with products and services you have purchased, including parties that are subcontracted to assist us in providing these services;
  • for legitimate business purposes (e.g. third party providers such as IT and software services providers, payment service providers, data hosting, marketing, order fulfilment, shipping providers, third parties that collect and process data such as Google reCAPTCHA, and our professional advisers and consultants such as lawyers);
  • provide us with marketing and/or advertising support, security and IT management, hosting, and for processing secure payments, fulfilling orders, and optimising our services;
  • where it is necessary to provide you with a service or goods that you have requested;
  • as required by law, including with enforcement agencies, courts, tribunals, other governmental authorities or other third parties where we believe this is necessary to comply with legal or regulatory obligations, or otherwise to prevent or lessen a serious threat to public health, public safety or to the life or health of an individual. This includes regulatory authorities such as the Therapeutic Goods Administration, or State and Territory poisons and health authorities;
  • to prevent, investigate, or take action regarding suspected fraud or unlawful activity, violations of any of our Terms and Conditions, or any other agreements directly related to our products or services;
  • to facilitate the sale or other disposition of our business as a going concern; and
  • in the case of healthcare professionals, we may disclose your information for the following purposes, including but not limited to meet reporting requirements under industry codes, arrange conferences and other material to be sent to you.

11. Do we use or disclose your personal information for direct marketing?

We may use or disclose your personal information to our related companies, affiliates and other third parties to inform you about our services, upcoming promotions and events, or other opportunities that may interest you. We may communicate with you via telephone, unencrypted email and text messages (SMS messages), including to send you:

  • postal mail;
  • newsletters and patient information sheets;
  • information relating to products, programs, services or general information we believe may interest you;
  • marketing messages; and/or
  • communications via social media platforms.

If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below.

  • clicking on the “Unsubscribe” link on email correspondence;
  • replying “Stop” to SMS correspondence; or
  • emailing privacy@centurionhealthcare.com.au.

12. Do we disclose your personal information overseas?

We store your personal information in secure databases (including trusted third party storage providers) in Australia. We do not ordinarily disclose your personal information overseas.

However there may be cases where your personal information may be stored, maintained and processed on computers or on cloud services held by our third party storage contractors (such as Microsoft Azure, Salesforce or other web hosting companies) who may share or disclose your personal information with third parties outside of Australia.

Unless we have your consent, or an exception under the APPs apply, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your personal information.

13. How do we protect, and how long will we retain, your personal information?

We will take reasonable steps to ensure that we protect the personal information which we may collect from misuse, interference and loss and from unauthorised access. We employ a number of different security and privacy controls to comply with applicable privacy laws. This includes multifactor authentication for log in, enhanced firewalls and other IT mechanisms.

Despite the security measures and steps taken by us, it is impossible to guarantee absolute security with respect to information sent through the internet. By interacting with us through the internet, you accept the inherent security implications of dealing online over the internet. We also rely on the accuracy of the personal information as provided by you, or by third parties.

Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.

14. Mandatory data breach reporting

If, despite our best efforts, the security of your personal information is potentially compromised due to an actual or suspected data breach and an eligible data breach has occurred, we may report the data breach to third parties such as:

  • the Office of the Australian Information Commissioner and State or Territory Privacy and Information Commissioners;
  • our financial services provider;
  • police or law enforcement bodies;
  • the Australian Securities & Investments Commission;
  • the Australian Taxation Office;
  • the Australian Transaction Reports and Analysis Centre;
  • the Australian Cyber Security Centre;
  • the Australian Digital Health Agency;
  • the Department of Health;
  • professional associations and regulatory bodies; and/or
  • our insurance providers.

Provided we have your contact details, we will notify you if you have been personally impacted by an eligible data breach.

15. How long do we retain your personal information?

We take steps to destroy or de-identify information that we no longer require. We may, from time to time, engage third party professional services to securely shred paper and/or destroy electronic devices or information when no longer required.

We will retain your personal information for the purpose of complying with laws relating to your medical information and/or financial record information, limitation periods for taking legal action, good business practice, and as required under applicable law. For example, any paper based information containing your medical information will be shredded 7 years after the date the document created, or as required under applicable law.

16. How can you access or seek correction of your personal information?

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.

If you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.

You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request. Charges may apply if we are issued with a subpoena for personal information.

Please note that if you request that we destroy, de-identify or not process your personal information, we will be unable to perform the actions necessary for us to provide you with services and products, or otherwise respond to your requests.

In some situations we may not be able to comply with your request with respect to your personal information to the extent required or otherwise permitted by law (e.g. we may be required by law to retain certain information that you have requested to be destroyed or de-identified or in relation to legal proceedings).

To advise us of any changes to or make requests regarding your personal information, you can contact our Privacy Officer using the details below.

We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

17. What if you have a complaint about the handling of your personal information?

You may contact us at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.

You may make a complaint about privacy to the Privacy Officer using the contact details set out below.

The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.

If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.

In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to your complaint, or you consider that we may have breached the Australian Privacy Principles or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner via their website www.oaic.gov.au.

18. How changes are made to this Privacy Policy?

We may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes.

19. How can you contact us?

By letter:
Privacy Officer
The CPAP Clinic Pty Ltd
Suite 103, 6 Eden Park Drive,
Macquarie Park NSW 2113

By email:
privacy@centurionhealthcare.com.au

This Privacy Policy was last updated 29 May 2024