Privacy policy

Hairmop Pty Ltd (ACN 609 183 388) trading as “Mosh” and “Moshy” ("we", "us", or "our") is committed to privacy protection.

At and (the "Sites"), we understand the importance of keeping Personal Information private and secure. This privacy policy ("Privacy Policy") describes generally how we manage Personal Information and safeguard privacy. If you would like more information, please don't hesitate to contact us. Mosh and Moshy are health platforms that provide and facilitate confidential consultations with Australian registered doctors (“Doctors”) and health practitioners such as psychologists (“Practitioners”). We also sell personal care products and facilitate the supply by mail of medications by independent pharmacies (“Pharmacies”) which use the platform.

We are committed to respecting your privacy. Our Privacy Policy sets outs out how we collect, use, store and disclose your Personal Information. We are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”). The Privacy Act lays down 13 key principles in relation to the collection and treatment of Personal Information, which are called the “Australian Privacy Principles”.

By providing Personal Information to us, you consent to our collection, use and disclosure of your Personal Information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our Sites. We encourage you to check our Sites periodically to ensure that you are aware of our current Privacy Policy.

Doctors, Practitioners and Pharmacies may also collect, use and disclose your Personal Information (including your health information) in similar ways to those described in this Privacy Policy. Doctors, Practitioners and Pharmacies are also required to uphold professional standards for the protection of your Personal Information. Some of the practitioners who use our platform work for us, and others are operating their own practice independent of us. While we don't interfere in the way practitioners provide health care services, we require all practitioners who use the platform to comply with applicable privacy-related laws and standards and professional obligations relating to patient confidentiality.

We care about your privacy:
We will never rent, trade or sell your email address to anyone.
We will never publicly display your email address or other personal details that identify you.

1. Definitions

In this Privacy Policy the following capitalised terms have the following meanings:

  1. Personal Information means any information or an opinion which can be used to identify an individual and described in detail in clause 3 including
  2. Sensitive Health Information. For example, this may include your name, age, gender, postcode and contact details; Sensitive Health Information includes, but is not limited to, information about height, weight, medical history, sexual orientation/activity, religious and other beliefs, ethnicity and genetics, as well as Medicare numbers, Individual Healthcare Identifiers, health care and concession card details and health insurance details.
  3. Spam Act means the Spam Act 2003 (Cth);

2. How do we collect your Personal Information?

We may collect the Personal Information you directly give us through some of the following means:

  1. when you make an inquiry or order in relation to goods or services throug one of our websites located at or;
  2. when you attend an online consultation with a Doctor or Practitioner through our Sites, your treating practitioner will make, hold and maintain your medical records within Mosh or Moshy's system (as applicable). Doctors, Practitioners and Pharmacies may also create and hold medical records in their own systems. Any health information held by us will be managed in accordance with the Health Records and Information Privacy Act NSW (2002) or other relevant State legislation.
  3. in administering and performing any contracts with service providers;
  4. when you contact us via telephone or facsimile;
  5. from any correspondence with us (whether in writing or electronically);
  6. through any mobile applications provided by our organisation;
  7. while conducting customer satisfaction and market research surveys; and
  8. when administering any of our services.

We may also collect Personal Information from publicly available sources and third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners and your relatives and representatives.

3. What Personal Information do we collect?

The type of Personal Information we may collect can include (but is not limited to), your name, postal address, email address, phone numbers, date of birth, billing and shipping information, your device ID, IP address, statistics on page views, traffic, standard web log-in information, details of the services and products you make enquiries about, and, if applicable, employment information.

We will collect and hold Sensitive Health Information about you, such as your height, weight and medical history and any information you provide to a Doctor or Practitioner. That information may also include your Medicare number, Individual Healthcare Identifier, health care and concession card details and health insurance details. Sometimes your medical history and profile may also include information about sexual orientation/activity, religious and other beliefs, ethnicity and genetics, where relevant. We only collect sensitive health information about you with your consent, or otherwise in accordance with the Privacy Act.

Where you do not wish to provide us with your Personal Information, we may not be able to provide you with requested goods or services or do the other things described in the next section.

4. Why do we collect, use and disclose Personal Information?

We may collect, hold, use and disclose your Personal Information for the following purposes:

  1. to enable you to access and use our website and services;
  2. to provide facilities to Doctors, Practitioners and Pharmacies who work with or use Mosh or Moshy so that they can arrange consultations with you and provide services and goods to you;
  3. to communicate with you in the event that any services requested are unavailable or if there is a query or problem with a scheduled consultation or an order for goods, or with your subscription;
  4. to operate, protect, improve and optimise our website and services, business and our users' experience, such as to perform analytics, conduct research and quality assurance activities, and for advertising and marketing;
  5. to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
  6. to maintain and update our records including medical records. We aim to provide users with continuity of care which requires that records from one consultation or order are available to Doctors, Practitioners and Pharmacies who subsequently provide you with services or goods;
  7. subject to our legal obligations and your rights to unsubscribe, to send you marketing messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
  8. to comply with our legal obligations, exercise and defend our legal rights, resolve disputes, and perform and enforce our agreements. Some of the laws under which our obligations and rights in respect of collection of Personal Information arise include the Human Services (Medicare) Act, Healthcare Identifiers Act and National Health Act; and
  9. to otherwise manage our business.

5. To whom do we disclose your Personal Information?

We may disclose Personal Information for the purposes described in this Privacy Policy to:

  1. our employees, contractors and related bodies corporate;
  2. third party suppliers and service providers, and other providers for the operation of our websites and/or our business or in connection with providing our products and services to you (including for the purposes of delivering goods to you);
  3. professional advisers, dealers and agents;
  4. payment systems operators (e.g. merchants receiving card payments);
  5. Doctors, Practitioners and Pharmacies (including pharmacists and Pharmacy staff);
  6. anyone to whom our assets or businesses (or any part of them) are transferred, or other parties involved in asset and business transfers (or prospective transfers);
  7. specific third parties authorised by you to receive information held by us;
  8. should a Doctor or Psychologist form the professional opinion that a user is at imminent risk of harm, including self-harm, and where it is consistent with his or her professional and ethical obligations to do so, to contact emergency services (such as an Ambulance Service) to request a welfare check or similar intervention; and/or
  9. other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

6. Prescriptions, tokens and active script list (ASL)

Where a prescription is issued to you by a Doctor, Mosh and Moshy offer a range of options for facilitating the dispensing to you of the relevant medications. The manner in which your Personal Information relating to the prescription is managed will depend on the option you select. We have, or are working towards having, capability for Doctors to issue prescriptions via all channels which are permitted in Australia.

If you opt for a paper prescription, the Doctor will either send the prescription to you, or send it to your own pharmacy or to a Pharmacy which uses the platform, as directed by you. Where the law allows, the Doctor may send a scan, photo or fax of the prescription with the original paper prescription to follow, where required.

'Tokens' are unique identifiers - such as a barcode or QR code - for your prescription (also called an e-script). They can be printed or sent by email, SMS or via an app. Your Doctor can send a token to you, or you can elect to have Mosh or Moshy (as applicable) hold and manage the tokens associated with the prescriptions issued by the Doctor(s) on your behalf and forward them to your own pharmacy or to a Pharmacy which uses the platform, as directed by you (this includes managing tokens relating to repeat prescriptions). Where Mosh or Moshy is holding and managing tokens on your behalf, they will continue to do so unless and until all such prescription(s) (including any repeats) have been dispensed or you revoke your consent. You may at any time require that any tokens held which have not already been dispensed are instead sent to you.

An ASL is a central repository of a patient's tokens. If you have an ASL, and we are able to do so at the relevant time, tokens for your prescriptions will be added to your ASL unless you ask your Doctor not to do so. Any pharmacy (including any Pharmacy which uses the platform) which dispenses your prescription will need to access your ASL. Mosh, Moshy, Doctors, Practitioners, Pharmacies and third parties may collect, use and disclose information about your prescriptions in accordance with the options you select and the directions you give us as described above.

7. Using our website and cookies

We may collect Personal Information about you when you use and access our website.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.

In some cases, third parties may place cookies through this Site. For example:

  1. Google Analytics, one of the most widespread and trusted website analytics solutions, may use cookies de-identified data about how long users spend on this Site and the pages that they visit;
  2. Google AdSense, one of the most widespread and trusted website advertising solutions, may use cookies to serve more relevant advertisements across the web and limit the number of times that a particular advertisement is shown to you; and
  3. third party social media applications (eg, Facebook, Twitter, LinkedIn, Pinterest, YouTube, Instagram, etc) may use cookies in order to facilitate various social media buttons and/or plugins in this Site.

8. Security

We are committed to protecting the security of your information. In order to mitigate against unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We store data online and use Secure Sockets Layer to provide users secure and private access.

Mosh and Moshy are primarily hosted in Australia. From time to time we may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store Personal Information will not always involve a disclosure of Personal Information to that overseas provider. However, by providing us with your Personal Information, you consent to the provision of such information to overseas recipients (such as servers located in the United States of America) and acknowledge that overseas recipients may not be bound by the Privacy Act, and you may not be able seek redress under that Act from them or us.

We will only disclose your Personal Information overseas, for example, to a third-party service provider or to cloud servers which are based outside of Australia, in accordance with the Australian Privacy Principles (APPs), particularly APP 8. Where we do transfer your Personal Information to another country, we will ensure certain conditions are met, for example:

  1. the receiving person or organisation is subject to a binding agreement to protect that information in accordance with Australian standards;
  2. or the receiving person or organisation is subject to a law or a scheme substantially similar to the APPs, including mechanisms for enforcement;
  3. or have provided your prior consent to the disclosure.

Where we do this, we will take reasonable steps to ensure these parties take appropriate measures not to breach the APPs.

9. Links

Our Sites may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

10. Accessing or correcting your Personal Information

You can access the Personal Information we hold about you by contacting us using the information below. Sometimes, we may not be able to provide you with access to all of your Personal Information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your Personal Information.

If you think that any Personal Information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

11. Do we use your Personal Information for direct marketing?

We and/or our carefully selected business partners may send you direct marketing communications and information about the services offered on our Sites. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the information below, or by using the opt-out facilities provided (e.g. an unsubscribe link).

12. Retention

We may retain your Personal Information as long as you are registered to the Sites. You may close your account by contacting us. However, we may retain Personal Information for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Information it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes.

13. Making a complaint

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your Personal Information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

14. Contact Us

For further information about our Privacy Policy or practices, or to access or correct your Personal Information, make a complaint or unsubscribe from marketing communications, please contact us at [email protected].

Effective: 24 January 2022
Last updated: 2 March 2023