Privacy Policy

At Quity Pty Ltd (Quity, we, us, our), safeguarding your personal information is fundamental to how we operate. This Privacy Policy explains our practices regarding the collection, use, storage, and protection of your personal information when you interact with our pharmacy and healthcare services (services). By using our website or services, you acknowledge that you have read, understood and agreed to this Privacy Policy.

When you engage with Quity's services, we may collect various types of personal information, being information we hold which is identifiable as being about you and has the meaning given to it in section 6 of the Privacy Act 1988 (Cth), which may include:

• Identity Details: Your name, date of birth, and government-issued identification when required for healthcare services
• Contact Information: Email address, phone number, and residential address for communication and delivery purposes
• Health-Related Data: Medical history, current medications, allergies, and other health information necessary to provide appropriate pharmaceutical care (health information)

In addition to personal information, we may also collect health information and the following information:

• Transaction Records: Purchase history, payment information, and billing details
• Technical Data: Device information, browser type, IP address, and usage patterns when you visit our website
• Communication Records: Records of your interactions with our customer support team

We may access your My Health Records—a national digital health record system—to provide healthcare services. We may collect health information, including shared health summaries, prescription details and medical history, as part of our healthcare services.

My Health Record data is stored and processed exclusively within Australia, in compliance with the My Health Records Act 2012 (Cth). Your other personal and health information not accessed through My Health Records can be disclosed to, or stored with, third parties overseas, in accordance with this Privacy Policy. For the avoidance of doubt, information obtained from My Health Records is not disclosed, accessed or stored overseas.

Your information enables us to deliver and improve our services in the following ways, including:

• Healthcare Delivery: Processing prescriptions, conducting consultations, and providing pharmaceutical advice tailored to your needs
• Order Fulfilment: Managing your purchases, arranging delivery, and handling returns or exchanges
• Account Administration: Maintaining your account, verifying your identity, and ensuring account security
• Service Enhancement: Analysing usage patterns to improve our website, products, and customer experience
• Regulatory Compliance: Meeting legal obligations including healthcare regulations, record-keeping requirements, and reporting duties
• Communication: Sending important updates about your orders, appointments, or changes to our services
• Marketing: Sharing information about new products, services, or promotions that may interest you

We process your personal information based on the following legal foundations:

• Contractual Necessity: Processing required to fulfil our service agreement with you
• Legal Obligations: Processing necessary to comply with healthcare laws, tax regulations, and other legal requirements
• Legitimate Interests: Processing that supports our business operations while respecting your rights and interests
• Consent: We will try to collect your personal information directly from you, unless it is unreasonable or impracticable to do so. We will only collect sensitive information (including health information) with your consent. We collect personal information through various means including our online forms, email and phone contact and review of your medical records
• Vital Interests: In rare circumstances, processing necessary to protect someone's life or health

We take a careful approach to disclosing your information and only do so when necessary:

• Healthcare Providers: Sharing relevant medical information with doctors, specialists, or other healthcare professionals involved in your care
• Service Partners: Working with trusted third parties who assist with payment processing, delivery logistics, and IT services
• Regulatory Authorities: Disclosing information when required by healthcare regulators, law enforcement, or other government bodies
• Professional Advisors: Sharing with legal, accounting, or insurance professionals when necessary
• Business Transfers: In the event of a merger, acquisition, or sale, your information may be transferred as part of that transaction

We never sell your personal information to third parties for their marketing purposes.

Protecting your information is a top priority at Quity. We employ comprehensive security measures including:

• Encryption: Using industry-standard encryption protocols to protect data during transmission and storage
• Access Controls: Implementing strict access restrictions so only authorised personnel can view sensitive information
• Regular Audits: Conducting periodic security assessments and vulnerability testing
• Staff Training: Ensuring all team members understand their privacy and security responsibilities
• Secure Infrastructure: Hosting data on secure servers with robust physical and digital protections
• Incident Response: Maintaining procedures to quickly address any potential security breaches

While we implement strong safeguards, no system is completely impenetrable. We encourage you to use strong passwords and protect your login credentials. We are not liable for any misuse or loss of, or unauthorised access to, personal information or health information where the security of information is not within our control.

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

• Active Accounts: We keep your information while your account remains active and for a reasonable period afterward
• Healthcare Records: Medical and prescription records are retained in accordance with healthcare regulations, typically for a minimum of seven years
• Transaction Data: Financial records are kept for the period required by tax and accounting regulations
• Marketing Preferences: We maintain records of your communication preferences until you update them

When information is no longer needed, we securely delete or anonymise it in accordance with our data retention procedures.

We may use automated decision-making processes in certain circumstances, which involve computer programs that make decisions or perform tasks directly related to decision-making, using your personal and health information.

We may use such automated decision-making to, among other things, assess your eligibility for specific treatment programs based on your medical history and other health information, or prioritise appointment scheduling based on clinical urgency and patient data.

We use reasonable endeavours to ensure that these automated decision-making processes are designed to be fair, accurate and compliant with the Privacy Act and Australian Privacy Principles.

You have several rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Ask us to correct inaccurate or incomplete information
• Deletion: Request removal of your personal information, subject to legal requirements
• Restriction: Ask us to limit how we use your information in certain circumstances
• Portability: Receive your data in a structured, commonly used format
• Objection: Object to certain types of processing, including direct marketing
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact our privacy team using the details provided below. We will respond to your request within the timeframe required by applicable law.

Our website uses cookies and similar technologies to enhance your browsing experience:

• Essential Cookies: Required for basic website functionality, such as maintaining your shopping cart and login session
• Analytics Cookies: Help us understand how visitors interact with our site so we can make improvements
• Preference Cookies: Remember your settings and choices for a more personalised experience
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

Our website may contain links to external sites or integrate with third-party services. These include:

• Payment processors for secure transactions
• Delivery partners for order fulfilment
• Analytics providers to measure website performance
• Social media platforms for sharing content

These third parties have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of external websites or services.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately so we can take appropriate action.

For prescription services involving minors, a parent or legal guardian must provide consent and manage the account on the child's behalf.

We may update this Privacy Policy periodically and at our absolute discretion to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email or through a prominent notice on our website
• Where required by law, obtain your consent to material changes

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.