Privacy Policy

Healthcare Software (ABN 75 094 641 755) ("Healthcare Software", "we", "us" or "our") specialises in the development and provision of innovative software solutions and mobile applications that aim to solve complex problems in the health sector.

Healthcare Software is committed to protecting your privacy and complying with all privacy and data protection laws, principles and regulations that apply in the jurisdiction from which you access and use our products. As Healthcare Software is based in and operated out of Australia, this Privacy Policy has been specifically tailored to comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles.

This Privacy Policy describes our policies and procedures on the collection, holding, use and disclosure of your personal information and should be read together with our Terms of Use. This Privacy Policy applies to all your dealings with Healthcare Software.

Definitions

What is personal information?

When used in this Policy, "personal information" means any information or opinion relating to an identified or identifiable individual.

In general terms, it is information that can be used to personally identify you such as your name, address, telephone number, email address, profession, or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

What is sensitive information?

When used in this Policy, "sensitive information" refers to a sub-set of personal information that is afforded a higher level of privacy protection under the law because of its sensitive nature.

In general terms, sensitive information includes information about your racial or ethnic origin, political opinions, religious and philosophical beliefs, sexual preferences, and criminal history as well as information about your health or genetics. Unless required by law, we will only collect sensitive information with your consent.

What personal information do we collect?

The types of information we collect about you depends on how you interact with us and the purpose of that interaction. They may include:

Employees of our business customers that use our products and services:

• information that allows us to identify you for verification purposes, such as name, date of birth and email address;
• information about how you use our products and services;
• technical information about our products and services that you access;
• the location of where you use our products and services;
• certificates and identifiers, such as provider and prescriber numbers, that enable healthcare providers, organisations and their authorised users to access and use our products and services;
• records of any interactions or communications you have with us, including your remote desktop connection details if we assist you by providing you with technical support;
• any other information that you provide to us directly, or that is provided to us by the business that employs or engages you to facilitate your use of our products and services.

Patients of our business customers that use our products and services:

• personal information such as your name, date of birth, sex, contact details (including address, email address and phone numbers);
• health and other sensitive information such as clinical and health-related information (including any relevant images and diagnostic information and medication details), information about a health service which has or is to be provided to you, details of your nationality, racial or ethnic background and sexual preferences and practices; and
• unique identifiers – such as your patient ID, Medicare number, Department of Veterans' Affairs file number or individual healthcare identifier.

Users of our direct-to-consumer products and services:

• personal information such as your name, date of birth, contact phone details, residential, postal and email addresses, gender, your family/single status, your next of kin, guardian, power of attorney, emergency contacts, health insurance details, your occupation and if you are an Australian resident, your Medicare number and Individual Healthcare Identifier;
• sensitive information such as health information, including your personal medical history, current health issues, health goals, medications, allergies, immunisations, social history, family history, risk factors, areas of interest, ethnic origins and lifestyle patterns;
• details of your care providers including your general practitioner, pharmacist, general treatment providers and other medical providers who may from time to time provide you with medical treatment and advice;
• information about persons who have been designated by you to act on your behalf such as your carer or family members;
• information about health management programs, chronic disease management programs or any other health care programs that you may participate in and associated communications including action plans and evaluations;
• any other personal information that you choose to import or upload.

Others that we deal with in the course of operating our business (for example, users of our website, job applicants, employees, contractors, and service providers):

• communications – a record of any correspondence or communication we have with you (e.g. if you make an enquiry), along with your name, contact details, and any other identifying information provided;
• job applicant or independent contractor – your name, contact details, date of birth, sex, professional background, expertise and qualifications, any references which are provided by third parties about you, and any other information which you provide to us or which is relevant to our assessment of your potential employment or our engagement of your services; or
• website users – any information you submit to us via that website or otherwise provide. In some cases, we may also collect your personal information through the use of "cookies". When you access one of our websites, we may send a "cookie" (which is a small summary file containing a unique ID number) to your computer or internet enabled device. This allows us to recognise your computer or internet enabled device, and whether you have already registered and greet you each time you visit our website/s. It also enables us to keep track of services you view so that, if you consent, we can send you news about those services. We also use cookies to measure traffic and engagement patterns, to determine which areas of our website have been visited and to measure overall, aggregate transaction patterns. We use this to research our website visitor's habits and what they are looking for and accessing, so that we can continually improve our services, programs, content and resources. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

How do we collect personal information?

Where possible we will collect personal information directly from you, however in certain circumstances it may be necessary to collect information about you from third parties. If we receive information about you from someone else, we will take reasonable steps to make you aware of the facts and circumstances of that collection.

We may collect your personal and health information in the following ways:

• when you email, fax, phone or write to us;
• have contact with us in person;
• when you register for access to one of our products or services;
• when you enter, import or upload data into our products and services;
• when your employer (our business customer) provides it to us to facilitate your use of our products and services;
• when you connect third-party devices, products and services to our products and services;
• when you complete a survey or an assessment which may be provided through one of our products or services;
• from hospital, medical and general treatment providers and other health care related entities, where you have given consent for this information to be shared with their service providers;
• when you or your carer, guardian, holders of your power of attorney, or from anyone else that you have given consent to manage your health information, registers to use our direct-to-consumer products or services;
• if you are an Australian resident and you have chosen not to opt-out of Australia's eHealth record system, My Health Record, then, with your consent, we may collect your personal information from your My Health Record in accordance with the Personally Controlled Electronic Health Records Act 2012 (Commonwealth);
• when you participate in public or closed surveys, questionnaires or conference events;
• register for face-to-face or digital events (such as webinars); and
• interact with us online, including through our websites, email, webchats, mobile applications and social media channels (such as Facebook, Twitter, YouTube, Instagram or LinkedIn - these social media channels will also handle your personal information for their own purposes and have their own privacy policies).

What happens if we receive unsolicited personal information?

If we receive personal information that we did not take any active steps to collect, we will determine whether we would have been permitted to collect that information as part of providing our products and services in accordance with the law. We will destroy or de-identify unsolicited personal information that we would not collect as part of providing our products or services if it is lawful to do so. If the information is of the type that we would ordinarily collect to provide our products or services, we will manage that information in accordance with this Privacy Policy.

Why do we collect your personal information?

We will generally explain at the time we collect your personal information the purposes for which we will use it. We will only ever use your personal information for the purpose that we collected it or as otherwise set out in this Privacy Policy. We may collect, hold, use and/or disclose your personal information for the following purposes:

• to provide you with our products and services;
• to identify you and confirm your eligibility to access our products and services;
• to verify your authority to act on behalf of another account holder;
• to establish and maintain your account and record;
• to update our records and keep contact details up to date;
• to provide you with services and information appropriate to your needs;
• to answer your enquiries and to provide information to you about our services;
• to provide effective risk management and to protect against fraud and unauthorised access to your account;
• to provide analysis of information for product development and marketing purposes;
• to develop and improve our products and services;
• to perform administrative functions and for other internal purposes;
• for information technology maintenance and development;
• to investigate and resolve complaints relating to services provided by/or on behalf of us;
• to comply with any law or legislative requirements;
• to keep you informed about your account or record, and other relevant information relating to Healthcare Software;
• for any purpose required or authorised by law; and
• for any other purpose for which you have given your consent.

Do we use your personal information for direct marketing?

We may use your personal information to send you direct marketing communication and information about our services and products, and other related services and products if we have your permission or a legitimate interest in doing so. If at any time you no longer wish to receive this information, you can request to "opt out" from receiving this information by contacting privacy@healthcaresoftware.com.au, by using the unsubscribe link in any email or by replying to any SMS or text-message with “STOP”.

If you opt-out of receiving marketing material from us, we may still contact you in relation to our ongoing relationship with you.

We will NEVER sell your personal information to anyone for direct marketing purposes or otherwise.

Disclosure of personal information

The information we collect from you will be kept strictly confidential and secure at all times. Where your personal information is disclosed, it will be disclosed in a manner that is consistent with applicable privacy laws and regulations and only for a purpose consistent with the purpose for which the information was originally collected.

Your personal information will only be disclosed to third parties in the following circumstances:

• where you would reasonably expect us to disclose it in order to provide the service in respect of which the information was originally collected;
• where you have authorised us to do so;
• where such disclosure is provided for under contract, including under this Privacy Policy or our Terms of Use;
• where we are legally required to do so, for example, in response to a subpoena, court order or other legal process;
• where we need to enforce or apply our Terms of Use to which you have agreed (or other terms that have been agreed to apply to our relationship with you);
• to our commercial partners, where your eligibility to access our products and services is based on your membership of, or relationship with, that commercial partner;
• to your family, carer, legal representative, guardians and attorneys as required or authorised by law. We may require a written authority from you, or from an authorised representative (such as an attorney under a power of attorney) if you would like someone to manage your information on your behalf;
• if you are an Australian resident and have consented to be connected to view or download your My Health Record information, then we are required to disclose your name, date of birth, Medicare number and Individual Healthcare Identifier to the Australian Government in order to establish this connection. We will not disclose any personal health information in establishing a connection to your My Health Record information;
• to emergency service providers in circumstances where your immediate consent cannot be obtained, such as when there is an immediate need to provide you with emergency medical treatment where your state of health and/or life is at risk and where you have provided pre-consent for your personal information to be released for this purpose;
• where our agents or contractors who assist us in providing our products and services require such information in order to perform a core business function on behalf of Healthcare Software but only where the relevant agent or contractor has a confidentiality agreement in place with Healthcare Software. Our agents and contractors will only use your information to the extent necessary to perform their functions;
• where all, or most, of the assets of Healthcare Software or any business unit within Healthcare Software are merged or acquired by a third party, or we expand or re-organise our business, in which case your personal information may form part of the transferred or merged assets;
• for compliance reasons to ensure compliance with relevant laws and regulations;
• for operational reasons for maintaining, reviewing and developing our business systems, procedures and infrastructure including testing or upgrading our products or our computer systems in order to securely and efficiently deliver our services to you and others;
• in exceptional circumstances, where there are grounds to believe that the disclosure is necessary to prevent a threat to an individual's health and safety, for law enforcement purposes or to protect public health and safety; and
• when it is otherwise required or authorised by law.

De-identified Information

We may be required to use your personal information in a de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. We may also provide de-identified information in aggregated form to third parties we have engaged for research, marketing, strategy, and other purposes.

When your personal information and health information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.

Cross-Border Disclosure of personal information

Healthcare Software is based in and operated out of Australia. We will, wherever possible, store your personal information on a secure server located within the country from which you access our products and services. Where this is not possible your personal information will be stored in secure Australian servers and data centres.

If you are accessing our products and services from outside Australia, then you acknowledge that your personal information will be disclosed to our employees and agents in Australia for the purposes of providing you with our products and services. We may disclose personal information outside of Australia but only to contracted service providers that are engaged by us to act on our behalf and assist with our business functions and delivery of our products and services. If we transfer your information to a contracted service provider outside Australia, we will take steps to ensure that your privacy rights continue to be protected to ensure that these contracted service providers are either covered by data privacy laws substantially similar to those in Australia or the relevant contracted service provider adheres to data privacy standards substantially similar to those in Australia.

Your rights in relation to your personal information

You may request access to your personal information collected by us and ask that we correct that personal information. You may also ask us to delete your personal information, restrict the processing of your personal information or transfer a machine-readable copy of your personal information to you or a third-party of your choosing. We will need to verify your identity before we are able to action your request.

We may refuse to action your request where actioning the request would:

• pose a serious threat to the life or health of an individual;
• have an unreasonable impact on the privacy of others;
• be unlawful;
• prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security or negotiations with you;
• jeopardise the conduct of existing or anticipated legal proceedings.

We may also refuse to action your request where we are authorised to do so by law.

You can make a request in relation to the handling of your personal information by emailing us at privacy@healthcaresoftware.com.au and we will respond within 30 days. If we refuse to action your request, we will notify you in writing setting out the reasons.

Your right to anonymity

Where lawful and practicable, you have the option of interacting with us anonymously (for example, as a visitor of the website) or using a pseudonym if you feel more comfortable dealing with us that way. For example, if you contact us by telephone with a general question, we will not ask for your full name unless we need it to answer your question. Generally, it is not practicable for us to continue to deal with you anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services fully.

How is your personal information protected and how long is it kept?

Healthcare Software takes the security of your personal information very seriously and take reasonable steps to protect it from misuse and loss, unauthorised access, modification, or disclosure. The methods we use to ensure this includes the implementation or existence of the following measures:

• all Healthcare Software employees, agents and contractors are bound by confidentiality agreements and procedures have been implemented so that only those people with a genuine need to know have access to your personal information;
• electronic and physical data and document storage security policies;
• policies and procedures governing the retention, use and access of documents and data;
• internal system access security policies including authenticated access of employees and contractors;
• verification procedures to identify an individual before personal information is disclosed;
• access control for our buildings and data hubs; and
• the use of data encryption, firewalls and other security systems for our computer systems and cloud-based services.

In the unlikely event that the security of your personal information is compromised, we will immediately take steps to confirm if a data breach has occurred. If a breach is confirmed, and we form the view that the breach is likely to result in serious harm to you, we will notify you and provide you with a description of the breach, the kinds of information involved, and any recommended actions you could take to protect yourself against the consequences of the data breach. In accordance with our obligations under the Privacy Act 1988 (Cth) and the Australian Notifiable Data Breaches Scheme we will also notify the Office of the Australian Information Commissioner (OAIC) of any data breach that we consider is likely to result in serious harm to any of the individuals to whom the information relates.

Your information is kept while we need it to provide the services that you have requested from us and where applicable, we are required to keep it to comply with statutory requirements.

Where Healthcare Software determines it is no longer necessary to hold your personal information we will securely destroy, delete or permanently de-identify that information, wherever possible.

Complaints about your privacy

Healthcare Software will make every attempt to ensure that your privacy is not breached, however, if you believe that your privacy has been breached or you wish to make a complaint about the way we have handled your personal information, you can contact us at privacy@healthcaresoftware.com.au or lodge a complaint to the address mentioned below:

The Privacy Officer
Healthcare Software
GPO Box 714
Hobart TAS 7001

We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. However, if you believe that we have not resolved the issue you may refer the matter to the Office of the Australian Information Commissioner (OAIC) (www.oaic.gov.au or 1300 363 992), or if accessing the our products and services from outside Australia, the relevant privacy and data protection authority in your country of origin.

Changes to this Privacy Policy

We will review this policy regularly and may update it from time to time. We recommend that you visit our website and app regularly to keep up to date with any changes.

We will let you know about any material changes to our Privacy Policy by emailing you at the email address provided by you to us (if any) and via a notification on our application. Your continued use of Snug or our services following notification of a change to this Privacy Policy indicates that you accept those changes. Through this document we will always let you know the information we collect, how we use it, and the circumstances under which such information may be disclosed by us.

Effective Date: 19 December 2023