Data Security & Privacy Policy
​
Purpose
eye2eye marketing 360 is committed to protecting the privacy, confidentiality, and security of all client and patient information entrusted to us. This policy outlines the procedures and safeguards implemented to ensure that all personal and sensitive information is handled securely, responsibly, and in accordance with applicable Australian privacy legislation.
This policy applies to all employees, contractors, and authorised representatives of eye2eye marketing 360.
​
1. Legislative Compliance
eye2eye marketing 360 operates in accordance with:
-
The Privacy Act 1988 (Cth)
-
Australian Privacy Principles (APPs)
-
Relevant obligations relating to the handling of sensitive health-related information
We are committed to ensuring all personal information is collected, used, stored, and disposed of appropriately and securely.
While eye2eye marketing 360 does not currently hold ISO 27001 certification, the business maintains internal privacy and data security procedures aligned with Australian Privacy Principles and industry best practices.
2. Collection of Information
eye2eye marketing 360 only collects the minimum information required to perform recall and customer communication services on behalf of our clients.
Typical information collected may include:
-
Patient reference number
-
First name
-
Surname
-
Contact number
-
Recall due date
We do not request unnecessary sensitive information unless specifically required and authorised by the client.
​
3. Use of Information
Patient and client information is used solely for the purpose of:
-
Conducting patient recall activities
-
Appointment booking support
-
Customer service communications
-
Reporting outcomes back to the client
Information is not used for marketing outside the scope authorised by the client.
​
4. Data Storage & Security
All client and patient data is stored using secure cloud-based platforms and protected operational systems. Client information is stored within Google Workspace cloud storage. Access is restricted to authorised personnel through individual user accounts, with Multi-Factor Authentication (MFA) enabled and role-based access controls applied where appropriate.
Security measures implemented include:
-
Restricted staff access to authorised personnel only
-
Password-protected business systems
-
Secure cloud storage platforms
-
Individual staff login credentials
-
Multi-factor authentication where applicable
-
Automatic PC screen locking after 30 seconds of inactivity
-
Secure internet and remote access systems
-
Controlled internal access to files and databases
Only team members directly involved in a client account are granted access to the relevant information necessary to perform their duties.
​
5. Data Retention & Disposal
Patient data is retained only for the duration necessary to complete operational recall activities and client reporting requirements.
Once campaigns and reporting are completed:
-
Patient lists are securely deleted from operational systems
-
Data is not retained long term unless specifically requested by the client
-
Any printed materials containing patient information are securely destroyed
eye2eye marketing 360 does not maintain permanent patient databases independent of client systems.
​
6. Confidentiality Obligations
All employees and contractors of eye2eye marketing 360 are bound by strict confidentiality obligations.
This includes:
-
Confidentiality clauses within employment agreements
-
Privacy obligations within staff onboarding procedures
-
Client confidentiality agreements and NDAs where applicable
-
Ongoing reminders regarding secure handling of patient information
Unauthorised disclosure, sharing, copying, or misuse of client or patient information is strictly prohibited.
7. Third-Party Access
eye2eye marketing 360 does not share patient information with unauthorised third parties or external subcontractors.
All recall and customer service activities are conducted internally by our Australian-based team.
Where approved software providers or cloud services are used operationally, these providers are selected based on reputable security standards and business suitability.
​
8. Staff Training & Awareness
All staff receive guidance regarding:
-
Patient confidentiality
-
Privacy obligations
-
Secure handling of sensitive information
-
Appropriate communication standards
-
Password and device security
-
Reporting of suspicious activity or breaches
Privacy and security responsibilities form part of ongoing operational expectations for all team members.
​
9. Remote Access & System Controls
Where remote access to client systems is required, access is:
-
Provided directly by the client
-
Restricted to authorised personnel only
-
Used solely for approved operational purposes
-
Removed when no longer required
TeamViewer, AnyDesk, or equivalent secure remote access platforms may be utilised where authorised by the client.
​
10. Data Transfer Procedures
eye2eye marketing 360 encourages secure transfer of patient data wherever possible.
Recommended methods include:
-
Password-protected spreadsheets
-
Secure cloud sharing platforms
-
Restricted-access Google Drive or Microsoft 365 links
Passwords should ideally be communicated separately from the file transfer itself.
​
11. Data Breach Response
In the event of a suspected or actual data breach, eye2eye marketing 360 will:
-
Immediately investigate the incident
-
Take steps to contain and minimise the breach
-
Assess the nature and scope of affected information
-
Notify affected clients where appropriate
-
Implement corrective actions to prevent recurrence
Where required by law, breaches will be managed in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988.
​
12. Policy Review
This policy is reviewed periodically to ensure ongoing compliance with privacy legislation, evolving cybersecurity risks, and operational best practices.
​
Contact
For any questions relating to this policy or data privacy practices, please contact:
Fatin Tobia
Director
eye2eye marketing 360
T 02 9371 5002
​