Patient Notes

Privacy Policy

PatientNotes Pty Ltd (ACN 669 870 875) (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you.

This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth). In addition to the Australian laws, individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK.

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

The types of personal information we may collect about you include:

  • Identity Data including your name and profession.
  • Contact Data including your telephone number, address and email.
  • Financial data including bank account and payment card details (through our third party payment processor, who stores such information and we do not have access to that information).
  • Health information including health records and medical history.
  • Transaction Dataincluding details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
  • Technical and Usage Data when you access any of our websites or platforms, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies or analytics), and communications with our website.
  • Profile Data including your username and password for our platform, profile picture, purchases or orders you have made with us, content you send, receive and share through our platform, and support requests you have made.
  • Interaction Data including information you provide to us when you participate in any interactive features, including surveys, contests, promotions, activities or events.
  • Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience.
  • Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. The types of sensitive information we collect includes health information as detailed above. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain consent and we will only use it as required or authorised by law.

How we collect personal information

We collect personal information in a variety of ways, including:

  • when you interact directly with us, including face-to-face, over the phone, over email, or online;
  • when you complete a form, such as registering for any events or newsletters, or responding to surveys;
  • when you apply for a job with us;
  • from third parties, such as details of your use of any website we operate (from our cookie providers and marketing providers. See the PatientNotes Cookie Policy for more detail on the use of cookies); or
  • from publicly available sources, such as the Australian Securities and Investment Commission (ASIC), Google, and LinkedIn.

Why we collect, hold, use and disclose personal information

Personal information: We collect, hold, use and disclose your personal information for the following purposes:

  • to enable you to access and use our software, including to provide you with a login;
  • to contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make with us;
  • to contact and communicate with you about any enquiries you make with us via any website we operate;
  • for internal record keeping, administrative, invoicing and billing purposes;
  • for analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms;
  • for advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you;
  • to run promotions, competitions and/or offer additional benefits to you;
  • if you have applied for employment with us, to consider your employment application; and
  • to comply with our legal obligations or if otherwise required by law.

Sensitive information (including health information): We only collect, hold, use and disclose sensitive information for the following purposes:

  • to provide our services to you;
  • any purposes you explicitly consent to when requested by us (eg. participation in research programs);
  • if otherwise required by law.

Our disclosures of personal information to third parties

Sensitive information (including health information)

All access to sensitive information is audited and reviewed on a regular basis to ensure access is absolutely required to provide our services. Sensitive data will never be shared for marketing or affiliate purposes.

We may disclose sensitive information to:

  • our employees and contractors with your explicit consent;
  • data storage and technology service providers;
  • any other third parties as required by law, such as where we receive a subpoena.

Personal information: We may disclose personal information (excluding sensitive information) to:

  • our employees and contractors;
  • data storage and technology service providers;
  • marketing service providers (for example email campaigns to educate practitioners about our service or inform practitioners of new features);
  • analytics and customer relationship management service providers (for example to assist our sales and support teams to communicate with practitioners);
  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • any other third parties as required by law, such as where we receive a subpoena.
  • Overseas disclosure

    While we store personal information in Australia, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia, including but not limited to, the United States of America. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.

    Your rights and controlling your personal information

    Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.

    Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

    Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

    Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

    Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

    Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

    Storage and security

    We are committed to ensuring that the personal information we collect is secure. We implement technical and organizational security measures in a layered approach to prevent unauthorized misuse, interference, loss and unauthorised access, modification and disclosure. More details regarding the specific measures we implement can be found on our security page.

    Cookies

    We may use cookies on our website from time to time. You can find more information about the individual cookies we use, their category, and the purposes for which we use them in our Cookie Policy.

    Amendments

    We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

    For any questions or notices, please contact us at:
    PatientNotes Pty Ltd (ACN 669 870 875)
    Email: [email protected]


    Appendix 1: Additional rights and information for individuals located in the EU or UK

    Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.

    What personal information is relevant?

    This Appendix applies to the personal information set out in the Privacy Policy above. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.

    Purposes and legal bases for processing

    We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.

    Purpose of use / disclosure

    Type of Data

    Legal Basis for processing

    To enable you to access and use our software, including to provide you with a login.

    Identity Data

    Contact Data

    Performance of a contract with you

    To do business with you, including to provide our services to you and assess your application to use our services.

    Identity Data

    Contact Data

    Performance of a contract with you

    To contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make with us.

    Identity Data

    Contact Data

    Profile Data

    Performance of a contract with you

    To contact and communicate with you about any enquiries you make with us via our website.

    Identity Data

    Contact Data

    Legitimate interests: to ensure we provide the best client experience we can offer by answering all of your questions

    For internal record keeping, administrative, invoicing and billing purposes.

    Identity Data

    Contact Data

    Financial Data

    Transaction Data

    Performance of a contract with you

    To comply with a legal obligation

    Legitimate interests: to recover debts due to us and ensure we can notify you about changes to our Terms and Conditions and any other administrative points

    For analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms;

    Profile Data

    Technical and Usage Data

    Legitimate interests: to keep our website updated and relevant, to develop our business, improve our business and to inform our marketing strategy

    For marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you.

    Identity Data

    Contact Data

    Technical and Usage Data

    Profile Data

    Marketing and Communications Data

    Legitimate interests: to develop and grow our business

    To run promotions, competitions and/or offer additional benefits to you.

    Identity Data

    Contact Data

    Profile Data

    Interaction Data

    Marketing and Communications Data

    Legitimate interests: to facilitate engagement with our business and grow our business

    If you have applied for employment with us, to consider your employment application.

    Identity Data

    Contact Data

    Professional Data

    Legitimate interests: to consider your employment application

    To comply with our legal obligations or if otherwise required by law.

     

    To comply with a legal obligation

    If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer doing business with us. Further information about your rights is available below.

    Data Transfers

    The privacy protections available in the countries to which we send data for the purposes listed above may be less comprehensive than what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy Policy and Appendix 1. This includes:

    • only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or
    • including standard contractual clauses in our agreements with third parties that are overseas.

    Data retention

    We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

    To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

    Extra rights for EU and UK individuals

    You may request details of the personal information that we hold about you and how we process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation.

    If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the details set out below.

    For any questions or notices, please contact us