Skip to main content
Townsville GP Super Clinic
07 4753 0888

87 Charters Towers Road, Hyde Park,
Townsville QLD 4812

Contact
Appointments

Weekdays: 8.00am - 5.00pm
Open Late Thursdays
Sat & Sun: 9.00am - 6.00pm

Walkin Service

By arrangement on the day
Please phone ahead

Data Management Systems

Nicholl Holdings Pty Ltd

Information Technology
Policy and Procedure Manual

Table of Contents

Information Technology  Policy and Procedure Manual 1

Introduction. 3

Technology Hardware Purchasing Policy. 4

Purpose of the Policy. 4

Procedures. 4

Policy for Getting Software. 7

Purpose of the Policy. 7

Procedures. 7

Policy for Use of Software. 9

Purpose of the Policy. 9

Procedures. 9

Bring Your Own Device Policy. 11

Purpose of the Policy. 11

Procedures. 11

Information Technology Security Policy. 14

Purpose of the Policy. 14

Procedures. 14

Information Technology Administration Policy. 19

Purpose of the Policy. 19

Procedures. 19

Website Policy. 20

Purpose of the Policy. 20

Procedures. 20

IT Service Agreements Policy. 21

Purpose of the Policy. 21

Procedures. 21

Emergency Management of Information Technology. 23

Purpose of the Policy. 23

Procedures. 23

Privacy Policy. 24

Purpose of the Policy. 24

What is Personal Information and why do we collect it?. 24

Sensitive Information. 25

Third Parties. 25

Disclosure of Personal Information. 25

Security of Personal Information. 25

Access to your Personal Information. 26

Maintaining the Quality of your Personal Information. 26

Policy Updates. 26

Privacy Policy Complaints and Enquiries. 26

 

 

 

Nicholl Holdings Pty Ltd

Information Technology
Policy and Procedure Manual

Version 6.8

Document Reference Number ITP1020.6

Last updated 26 October 2020

 

Introduction

The Nicholl Holdings Pty Ltd IT Policy and Procedure Manual provides the policies and procedures for selection and use of IT within the business which must be followed by all staff. It also provides guidelines Nicholl Holdings Pty Ltd will use to administer these policies, with the correct procedure to follow.

Nicholl Holdings Pty Ltd will keep all IT policies current and relevant. Therefore, from time to time it will be necessary to modify and amend some sections of the policies and procedures, or to add new procedures.

Any suggestions, recommendations or feedback on the policies and procedures specified in this manual are welcome.

These policies and procedures apply to all employees and third parties, where specifically noted.

Technology Hardware Purchasing Policy

Policy Number: 1300

Policy Date: 20th October 2020

Computer hardware refers to the physical parts of a computer and related devices. Internal hardware devices include motherboards, hard drives, and RAM.  External hardware devices include monitors, keyboards, mice, printers, and scanners.

Purpose of the Policy

This policy provides guidelines for the purchase of hardware for the business to ensure that all hardware technology for the business is appropriate, value for money and where applicable integrates with other technology for the business.   The objective of this policy is to ensure that there is minimum diversity of hardware within the business.

Procedures

Purchase of Hardware

The purchase of all desktops, servers, portable computers, computer peripherals and mobile devices must adhere to this policy.

Purchasing desktop computer systems

The desktop computer systems purchased must run a Windows Operating System and integrate with existing hardware owned by Nicholl Holdings Pty Ltd.

The desktop computer systems must be purchased as standard desktop system bundle and should be Lenovo.

The desktop computer system bundle must include:

Desktop Small Form Factor or All in One

Desktop screen of 23 inches or larger

  • Keyboard and mouse with wireless being optional at the user’s discretion
  • Windows 10 Professional Operating System – 64 Bit Version
  • Microsoft 365 Business Standard Software with one Subscription per user

 

 

 

 

The minimum capacity of the desktop must be:

  • 2GHz –gigahertz or greater with 4 Cores
  • SSD type Hard Disk Drive
  • 8 Gb (RAM) or greater
  • 4 USB ports or greater

Any change from the above requirements must be authorised by Management.

All purchases of desktops must be supported by the manufacturer, have an onsite warranty of 3 years or greater and be compatible with the business’s existing systems.

Purchasing portable computer systems

The purchase of portable computer systems includes notebooks, laptops and tablet.

Portable computer systems purchased must run a Windows Operating System and integrate with existing hardware such as the business server.

The portable computer systems purchased should be Lenovo.

The minimum capacity of the portable computer system must be:

  • 2GHz –gigahertz or greater with 4 Cores
  • SSD type Hard Disk Drive
  • 8 Gb (RAM) or greater
  • 4 USB ports or greater

The portable computer system must include the following software provided:

  • Windows 10 Operating System
  • Microsoft 365 Business Standard Software Subscription per user

Any change from the above requirements must be authorised by Management.

All purchases of desktops must be supported by the manufacturer, have an onsite warranty of 3 years or greater and be compatible with the business’s existing systems.

 

 

 

Purchasing server systems

Server systems can only be purchased by management, with recommended specifications provided by IT Networks.

Server systems purchased must be compatible with all other computer hardware & Software used within the business.

All purchases of server systems must be supported by the manufacturer, have an onsite warranty of 5 years or greater and be compatible with the business’s other or existing systems.

Any change from the above requirements must be authorised by management.

Purchasing computer peripherals

Computer system peripherals include add-on devices such as printers, scanners, external hard drives etc.

Computer peripherals can only be purchased where they are not included in any hardware purchase or are considered to be an additional requirement to existing peripherals.

Computer peripherals purchased must be compatible with all other computer hardware and software in the business.

The purchase of computer peripherals can only be authorised by management, and specific brands and models recommended by IT Networks.

All purchases of computer peripherals must be supported by the manufacturer, have an onsite warranty and be compatible with the business’s other hardware and software systems.

Any change from the above requirements must be authorised by management.

Policy for Getting Software 

Policy Number: 1301

Policy Date: 20th October 2020

Purpose of the Policy

This policy provides guidelines for the purchase of software for the business to ensure that all software used by the business is appropriate, value for money and where applicable integrates with other technology for the business. This policy applies to software obtained as part of hardware bundles or pre-loaded software.

Procedures

Request for Software

All software, including non-commercial software such as open source, freeware, etc must be approved by management prior to the use or download of any such software.

Purchase of software

The purchase of all software must adhere to this policy.

All purchased software must be purchased by management

All purchased software must be purchased from or approved by IT Networks.

All purchases of software must be supported by the manufacturer and be compatible with the business’s existing server and/or systems.

Any changes from the above requirements must be authorised by management

Obtaining open source or freeware software

Open source or freeware software can be obtained without payment and usually downloaded directly from the internet.

In the event that open source or freeware software is required, approval from management must be obtained prior to the download or use of any such software.

All open source or freeware must be compatible with the business’s existing hardware and software systems.

Policy for Use of Software

Policy Number: 1302

Policy Date: 20th October 2020

Purpose of the Policy

This policy provides guidelines for the use of software for all employees within the business to ensure that all software use is appropriate. Under this policy, the use of all open source and freeware software will be conducted under the same procedures outlined for commercial software.

Procedures

Software Licensing

All computer software copyrights and terms of all software licences will be followed by all employees of the business.

Where licensing states limited usage (i.e. number of computers or users etc.), then it is the responsibility of management to ensure these terms are followed.

IT Networks is responsible for completing a software audit of all software once a year to ensure that software copyrights and licence agreements are adhered to.

Software Installation

All software must be appropriately registered with the supplier where this is a requirement.

Nicholl Holdings Pty Ltd is to be the registered owner of all software used by the business.

Only software obtained in accordance with the getting software policy is to be installed on the business’s computers.

All software installation is to be carried out by IT Networks.

A software upgrade shall not be installed on a computer that does not already have a copy of the original version of the software loaded on it.

 

 

Software Usage

Only software purchased in accordance with the getting software policy is to be used within the business.

Prior to the use of any software, the employee must receive instructions on any licensing agreements relating to the software, including any restrictions on use of the software.

All employees must receive training for all new software. This includes new employees to be trained to use existing software appropriately. This will be the responsibility of management.

Employees are prohibited from bringing software from home and loading it onto the business’s computer hardware.

Unless express approval from management is obtained, software cannot be taken home and loaded on a employees’ home computer.

Where an employee is required to use software at home, an evaluation of providing the employee with a portable computer should be undertaken in the first instance. Where it is found that software can be used on the employee’s home computer, authorisation from management is required to purchase separate software if licensing or copyright restrictions apply. Where software is purchased in this circumstance, it remains the property of the business and must be recorded on the software register by management.

Unauthorised software is prohibited from being used in the business. This includes the use of software owned by an employee and used within the business.

The unauthorised duplicating, acquiring or use of software copies is prohibited. Any employee who makes, acquires, or uses unauthorised copies of software will be referred to management. The illegal duplication of software or other copyrighted works is not condoned within this business and management is authorised to undertake disciplinary action where such event occurs.

Breach of Policy

Where there is a breach of this policy by an employee, that employee will be referred to management.

Where an employee is aware of a breach of the use of software in accordance with this policy, they are obliged to notify management immediately. In the event that the breach is not reported and it is determined that an employee failed to report the breach, then that employee will be referred to management.

Bring Your Own Device Policy  

Policy Number: 1303

Policy Date: 20th October 2020

At Nicholl Holdings Pty Ltd we acknowledge the importance of mobile technologies in improving business communication and productivity. In addition to the increased use of mobile devices, staff members have requested the option of connecting their own mobile devices to Nicholl Holdings Pty Ltd's network and equipment. We encourage you to read this document in full and to act upon the recommendations. This policy should be read and carried out by all staff.

Purpose of the Policy

This policy provides guidelines for the use of personally owned notebooks, smart phones and tablets for business purposes. All staff who use or access Nicholl Holdings Pty Ltd's technology equipment and/or services are bound by the conditions of this Policy.

Procedures

Current mobile devices approved for business use

The following personally owned mobile devices are approved to be used for business purposes:

  • Apple iPhone
  • Samsung Galaxy and Note

Registration of personal mobile devices for business use

Employees using personal devices for business use will register the device with IT Networks.

IT Networks will record the device and all applications used by the device.

Personal mobile devices can only be used for the following business purposes:

  • Email access.
  • Business telephone calls.
  • Business internet access.

Each employee who utilises personal mobile devices agrees:

  • Not to download or transfer business or personal sensitive information to the device. Sensitive information includes but is not limited to business or personal information that Nicholl Holdings Pty Ltd consider sensitive to the business, intellectual property, employee details and customer details.
  • Not to use the registered mobile device as the sole repository for Nicholl Holdings Pty Ltd's information. All business information stored on mobile devices should be backed up
  • To make every reasonable effort to ensure that Nicholl Holdings Pty Ltd's information is not compromised through the use of mobile equipment in a public place. Screens displaying sensitive or critical information should not be seen by unauthorised persons and all registered devices should be password protected
  • Not to share the device with other individuals to protect the business data access through the device
  • To abide by Nicholl Holdings Pty Ltd's internet policy for appropriate use and access of internet sites etc.
  • To notify Nicholl Holdings Pty Ltd immediately in the event of loss or theft of the registered device
  • Not to connect USB memory sticks from an untrusted or unknown source to Nicholl Holdings Pty Ltd's equipment.

All employees who have a registered personal mobile device for business use acknowledge that the business:

  • Owns all intellectual property created on the device
  • Can access all data held on the device, including personal data
  • Will regularly back-up data held on the device
  • Will delete all data held on the device in the event of loss or theft of the device
  • Has first right to buy the device where the employee wants to sell the device
  • Will delete all data held on the device upon termination of the employee. The terminated employee can request personal data be reinstated from back up data
  • Has the right to deregister the device for business use at any time.

 

 

Keeping mobile devices secure

The following must be observed when handling mobile computing devices (such as notebooks and iPads):

  • Mobile computer devices must never be left unattended in a public place, or in an unlocked house, or in a motor vehicle, even if it is locked. Wherever possible they should be kept on the person or securely locked away
  • Cable locking devices should also be considered for use with laptop computers in public places, e.g. in a seminar or conference, even when the laptop is attended
  • Mobile devices should be carried as hand luggage when travelling by aircraft.

Exemptions

This policy is mandatory unless management grants an exemption. Any requests for exemptions from any of these directives, will be referred to management.

Breach of this policy

Any breach of this policy will be referred to management who will review the breach and determine adequate consequences, which can include confiscation of the device and or termination of employment.

Indemnity

Nicholl Holdings Pty Ltd bears no responsibility whatsoever for any legal action threatened or started due to conduct and activities of staff in accessing or using these resources or facilities. All staff indemnify Nicholl Holdings Pty Ltd against any and all damages, costs and expenses suffered by Nicholl Holdings Pty Ltd arising out of any unlawful or improper conduct and activity, and in respect of any action, settlement or compromise, or any statutory infringement. Legal prosecution following a breach of these conditions may result independently from any action by Nicholl Holdings Pty Ltd.

Information Technology Security Policy

Policy Number: 1304

Policy Date: 20th October 2020

Purpose of the Policy

This policy provides guidelines for the protection and use of information technology assets and resources within the business to ensure integrity, confidentiality and availability of data and assets.

Procedures

Physical Security

For all servers, mainframes and other network assets, the area must be secured with adequate ventilation and appropriate access secured by key lock.

It will be the responsibility of management to ensure that this requirement is followed at all times. Any employee becoming aware of a breach to this security requirement is obliged to notify management immediately.

All security and safety of all portable technology, such as laptop, notepads, iPad etc. will be the responsibility of the employee who has been issued with the particular device. Each employee is required to use passwords and to ensure the asset is kept safely at all times to protect the security of the asset issued to them.

In the event of loss or damage, management will assess the security measures undertaken to determine if the employee will be required to reimburse the business for the loss or damage.

All laptops, notepads, iPads etc. when kept at the office desk is to be secured by key lock provided by management

Information Security

All data either general, sensitive, valuable, or critical business data is to be backed-up.

It is the responsibility of IT Networks to ensure that data back-ups are conducted daily and the backed up data is kept in an encrypted state in an offsite facility that conforms to the Acceptable Encryption Policy documented herein.

All technology that has internet access must have anti-virus software installed. It is the responsibility of IT Networks to install all anti-virus software and ensure that this software remains up to date on all technology used by the business.

All information used within the business is to adhere to the privacy laws and the business’s confidentiality requirements.

Technology Access

Every employee will be issued with a unique identification code to access the business technology and will be required to set a password for access every thirty days.

Each password is to be a minimum of eight characters, contain at least one numeric character, one capital and one symbol and is specifically not to be shared with any employee within the business or anyone else.

IT Networks is responsible for the issuing of the identification code and initial password for all employees.

Where an employee forgets the password or is ‘locked out’ after three bad password attempts, then IT Networks is authorised to reissue a new initial password that will be required to be changed when the employee logs in using the new initial password.

Remote Access

It is the responsibility of Nicholl Holdings Pty Ltd employees, contractors, vendors and agents with remote access privileges to Nicholl Holdings Pty Ltd's corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to Nicholl Holdings Pty Ltd.

The following must be observed when accessing Nicholl Holdings Pty Ltd’s data from a remote location:

  • Secure remote access must be strictly controlled with encryption (i.e., Virtual Private Networks (VPNs)) and strong pass-phrases.
  • Authorised Users shall use a password as well as a second method of authentication.
  • All hosts that are connected to Nicholl Holdings Pty Ltd internal networks via remote access technologies must use the most up-to-date anti-virus software, this includes personal computers.
  • While using a Nicholl Holdings Pty Ltd owned computer to remotely connect to Nicholl Holdings Pty Ltd's corporate network, Authorized Users shall ensure the remote host is not connected to any other network at the same time, with the exception of personal networks that are under their complete control or under the complete control of an Authorised User or Third Party.

Information Logging

This policy applies to all production systems on the Nicholl Holdings Pty Ltd Network.

All systems that handle confidential information, accept network connections, or make access control (authentication and authorisation) decisions shall record and retain audit-logging information sufficient to answer the following questions:

  1. What activity was performed?
  2. Who or what performed the activity, including where or on what system the activity was performed from?
  3. What the activity was performed on?
  4. When was the activity performed?
  5. What tool(s) was the activity was performed with?
  6. What was the status (such as success vs. failure), outcome, or result of the activity?

Acceptable Encryption Policy

The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies.

The following must be observed when applying encryption to Nicholl Holdings Pty Ltd’s data:

  • Ciphers in use must meet or exceed the set defined as "AES-compatible" or "partially AES-compatible" according to the IETF/IRTF Cipher Catalog or meet the approval of the Australian Signals Directorate.
  • Algorithms in use must meet the standards defined for use in NIST publication FIPS 140-2 or any superseding document, according to date of implementation.
  • Key exchanges must use one of the following cryptographic protocols: Diffie-Hellman, IKE, or Elliptic curve Diffie-Hellman (ECDH).
  • End points must be authenticated prior to the exchange or derivation of session keys.
  • Public keys used to establish trust must be authenticated prior to use.  Examples of authentication include transmission via cryptographically signed message or manual verification of the public key hash.
  • All servers used for authentication (for example, RADIUS or TACACS) must have installed a valid certificate signed by a known trusted authority/provider.
  • All servers and applications using SSL or TLS must have the certificates signed by a known, trusted authority/provider.

Data Storage Policy

All restricted and/or confidential data must be encrypted or otherwise physically secured in a manner sufficient to prevent its theft or inappropriate use. This includes data in transit (that is, data that is being removed from its origin computing system by electronic or physical means). All data must be available in the event of an emergency.

Encryption standards used to encrypt Nicholl Holdings Pty Ltd data must comply with the Acceptable Encryption Policy.

Disaster Recovery Policy

This policy defines the requirement for a baseline disaster recovery plan to be developed and implemented by IT Networks and Nicholl Holdings Pty Ltd that will describe the process to recover IT Systems, Applications and Data from any type of disaster that causes a major outage.

The following contingency plans must be created:

  • · Computer Emergency Response Plan: Who is to be contacted, when, and how? What immediate actions must be taken in the event of certain occurrences?
  • · Succession Plan: Describe the flow of responsibility when normal staff is unavailable to perform their duties.
  • · Data Study: Detail the data stored on the systems, its criticality, and its confidentiality.
  • Criticality of Service List: List all the services provided and their order of importance.
  • Explain the order of recovery in both short-term and long-term timeframes.
  • Data Backup and Restoration Plan: Detail which data is backed up, the media to which it is saved, where that media is stored, and how often the backup is done. It should also describe how that data could be recovered.
  • Equipment Replacement Plan: Describe what equipment is required to begin to provide services, list the order in which it is necessary, and note where to purchase the equipment.

Any change from the above requirements must be authorised by management

 

Information Technology Administration Policy

Policy Number: 1305

Policy Date: 20th October 2020

Purpose of the Policy

This policy provides guidelines for the administration of information technology assets and resources within the business.

Procedures

All software installed must be registered on the Software Asset Register noting the licence information of the software. It is the responsibility of management to ensure that this register is maintained. The register must record the following information:

  • What software is installed on every machine
  • What licence agreements are in place for each software package
  • Renewal dates if applicable.

Management is responsible for the maintenance and management of all service agreements for business technology. Any service requirements must first be approved by management.

Management is responsible for maintaining adequate technology spare parts and other requirements such as toners, printing paper etc.

A technology audit is to be conducted annually by IT Networks to ensure that all information technology policies are being adhered to.

Any third party contracted to conduct the remote administration must adhere to the following Nicholl Holdings Pty Ltd policies;

  • Information Technology Security Policy
  • IT Service Agreements Policy

 

Website Policy

Policy Number: 1306

Policy Date: 20th October 2020

Purpose of the Policy

This policy provides guidelines for the maintenance of all relevant technology issues related to the business website.

Procedures

Website Register

The website register must record the following details:

  • List of domain names registered to the business
  • Dates of renewal for domain names
  • List of hosting service providers
  • Expiry dates of hosting

Keeping the register up to date will be the responsibility of management.

Management will be responsible for any renewal of items listed in the register.

Website Content

All content on the business website is to be accurate, appropriate, and current. This will be the responsibility of management

The content of the website is to be reviewed annually.

The following persons are authorised to make changes to the business website:

  • Management

Basic branding guidelines must be followed on websites to ensure a consistent and cohesive image for the business.

All data collected from the website is to adhere to the Privacy Act 1988.

IT Service Agreements Policy

Policy Number: 1307

Policy Date: 20th October 2020

Purpose of the Policy

This policy provides guidelines for all IT service agreements entered into on behalf of the business.

Procedures

The following IT service agreements can be entered into on behalf of the business:

  • Provision of general IT services
  • Provision of network hardware and software
  • Repairs and maintenance of IT equipment
  • Provision of business software
  • Provision of mobile phones and relevant plans
  • Website design, maintenance etc.
  • Ongoing Managed Services.

All IT service agreements must be reviewed by management before the agreement is entered into. Once the agreement has been reviewed and recommendation for execution received, then the agreement must be approved by management

Where an IT service agreement renewal is required, in the event that the agreement is substantially unchanged from the previous agreement, then this agreement renewal can be authorised by management.

Where an IT service agreement renewal is required, in the event that the agreement has substantially changed from the previous agreement, management should review the agreement before the renewal is entered into. Once the agreement has been reviewed and recommendation for execution received, then the agreement must be approved by management.

In the event that there is a dispute to the provision of IT services covered by an IT service agreement, it must be referred to management who will be responsible for the settlement of any such dispute.

Any third party contracted to provide IT Service in any capacity must be provided with and adhere to the following Nicholl Holdings Pty Ltd policies;

  • Information Technology Security Policy
  • IT Service Agreements Policy

 

Emergency Management of Information Technology

Policy Number: 1308

Policy Date: 20th October 2020

Purpose of the Policy

This policy provides guidelines for emergency management of all information technology within the business.

Procedures

IT Hardware Failure

Where there is failure of any of the business’s hardware, this must be referred to management immediately.

It is the responsibility of management to contact IT Networks in the event of IT hardware failure.

It is the responsibility of management to undertake tests on planned emergency procedures annually to ensure that all planned emergency procedures are appropriate and minimise disruption to business operations.

Virus or other security breach

In the event that the business’s information technology is compromised by software virus or security breach such breaches are to be reported to management immediately.

Management is responsible for ensuring that any security breach is dealt with within 4 hours to minimise disruption to business operations.

Website Disruption

In the event that business website is disrupted, the following actions must be immediately undertaken:

  • Website host to be notified
  • management must be notified immediately

 

 

Privacy Policy

Policy Number: 1309

Policy Date: 20th October 2020

Purpose of the Policy

Nicholl Holdings Pty Ltd is committed to providing quality services to its patients & customers and this policy outlines our ongoing obligations to them in respect of how we manage any Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.

This Personal Information is obtained in many ways including but not limited to interviews, correspondence, by telephone and facsimile, by email, via our website www.nichollholdings.com.au or from other publicly available sources and from third parties. We don’t guarantee website links or policy of authorised third parties.

We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

  • For the primary purpose for which it was obtained
  • For a secondary purpose that is directly related to the primary purpose
  • With your consent; or where required or authorised by law.

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Disclosure of Personal Information

Your Personal Information may be disclosed in a number of circumstances including the following:

  • Third parties where you consent to the use or disclosure; and
  • Where required or authorised by law.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.   All electronic storage of any personal information will adhere to our Information Technology Security Policy.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

Nicholl Holdings Pty Ltd will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information we may require identification from you before releasing the requested information.

Maintaining the Quality of your Personal Information

It is an important to us that your Personal Information is up to date. We will  take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Policy Updates

This Policy may change from time to time and is available on our website.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

 

Nicholl Holdings Pty Ltd

admin@thedoctors.com.au

 

(07) 4035 8001