privacy policy

---

Privacy Policy
Protecting your privacy is our priority.

We are healthmemmo Pty Ltd (ACN 648 843) and this is our Privacy Policy (Policy) which outlines our ongoing obligations in respect of how we manage your Personal Information. By using healthmemmo and/ or otherwise providing us with your personal information you authorise the collection, use, storage, and disclosure of your personal information in line with this Policy.

Personal Information is any information or an opinion about an identifiable individual and does not have to be true or in a material form.

Why we collect Personal Information

We collect Personal Information in the ordinary course of our business, which is the provision of services related to running cloud-based healthcare administration and communication software known as healthmemmo (healthmemmo). healthmemmo is provided to individuals to assist them in managing their health affairs. healthmemmo is also provided to healthcare providers who provide medical or health and wellness services (Healthcare Providers) to assist them in managing their practices, including by storing and managing patient information and records. We also process, on behalf of our Healthcare Providers,Personal Information which includes health information and other medical data.

How we collect Personal Information

We collect information in a variety of ways, such as when you contact us by phone or email or when you use our products and services (including our website, mobile application, or support services).Information will only be collected by us directly from you unless you authorise another person to provide the information or that person is your legal representative (such as a parent or legal guardian). Some Personal Information is collected and stored on our software by Healthcare Providers in the course of providing medical services to you. Information which is collected by Healthcare Providers is subject to their privacy policy.

What Personal Information is collected?

The types of Personal Information we collect include your name, address, telephone number, email, IP address, device identification, your social media details and any additional information you provide to us, including your information about your health conditions and health care, including referrals, medical records, care appointments, investigation requests, test results, treatment instructions, and other data generated from medical equipment in the course of providing medical services to you (such as a scan). Healthcare Providers in using our services may also collect and input or upload your Personal Information to our website.If you contact us on behalf of your employer, the information you provide may contain information about your employment, position, email addresses and employers contact details. In those circumstances certain employment information is collected.

Use of Personal Information

We collect your Personal Information for the primary purpose of providing our goods and services. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you could reasonably expect such use or disclosure. Examples of when we may use your Personal Information include:
a) informing you about our goods and services;b) providing you with the goods and services you have requested;c) administration needs in relation to providing you with goods and services, including the administration of your account;d) dealing with requests, enquiries or complaints and other customer care related activities;e) carrying out any activity in connection with a legal, governmental, or regulatory requirement; andf) imposed on us or in connection with legal proceedings, crime or fraud prevention, detection, or prosecution.

Why Healthcare Providers collect Personal Information

Healthcare Providers may collect and use your Personal Information for purposes which include:
a) communication between specialists, patients, GP's, and medical professionals;b) requesting or changing medical appointments;c) offering several treatment options for you to accept; d) responding directly to your enquires relating to treatment; e) giving you SMS, email or push notification reminders for appointments and treatment; or f) carrying out other activities related to your medical care. Where Healthcare Providers collect or process Personal Information using healthmemmo, that use is subject to the privacy practices and policies of your healthcare providers. Enquires relating to health information collected or processed by your Healthcare Providers should be referred to your Healthcare Providers.

Cookies and browser analytics

What are cookies?

Cookies are small text files that are placed on your computer by the websites you visit. They are processed and stored by your web browser. When you visit a website or engage with a business through social media, certain information is collected by cookies. This is generally anonymous information, and it does not reveal your identity. In and of themselves, cookies are harmless and serve crucial functions. They are widely used to make websites work more efficiently and improve the user experience, as well as to provide information about the use of a website. 

Why we use cookies

By storing and using information about your use of our website, including preferences and habits, we can make your visit to our website more productive. For example, some cookies remember your language or preferences so that you do not have to repeatedly make these choices.
We may use the following types of cookies:

a) Required cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that pass information from one web page to another and to use online forms.

b) Analytical cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users can find what they are looking for easily. We also use third party cookies, such as those provided via the Google Analytics service. The information passed back to such third-party providers is anonymous.

c) Marketing cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences. These cookies also record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our website and communications sent to you more relevant to your interests.

How to remove cookies

Your web browser can choose whether to accept cookies. Most web browser software is initially set up to accept them. If you do not want your browser to use cookies, you can manage and control their use through your browser, including removing cookies by deleting them from your "browser history" (cache) when you leave the site or cease using healthmemmo. If you choose to reject cookies some parts of our website and healthmemmo may not work properly.

Data retention and security

Security mechanisms we employ

Generally, we store your Personal Information using secure servers protected from unauthorised access, modification, and disclosure. However, like most businesses, we may hold some information on our staff’s computers (such as emails from you) and where necessary as hard copy files (such as printed invoices).Our systems are located in Australia and are managed by us and our trusted service providers. Personal Information that we store or transmit is protected by security and access controls, including username and password authentication, multi-factor authentication, and data encryption (such as SSL) where appropriate.In our dealings with third party service providers, we take care to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.

How long we keep your Personal Information

We retain your Personal Information for as long as is necessary to provide our goods and services, as required for our internal business operations, and to comply with our legal obligations. If we hold Personal Information about you, and we do not need that information for any purpose, we will take reasonable steps to destroy or de-identify that information, in accordance with the Australian Privacy Principles (APP) and the European Union General Data Protection Regulation (GDPR), unless we are prevented from doing so by law.Under Australian law, financial records, such as those relating to financial transactions, must be retained for 7 years after the transactions associated with those records are completed.If you no longer want us to use your Personal Information, you can request that we erase it and, where you have an account with us, close your account. Where possible we will do so in accordance with the APPs and GDPR. However, where you request the erasure of your Personal Information, we will retain information from deleted accounts as necessary for our legitimate business interests, to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations or requests by government, a court of law, or law enforcement authorities, enforce the terms of service and take other actions permitted by law. Any information we retain will be handled in accordance with this Policy.

Personal Information controlled by Healthcare Providers

If your Personal Information is collected by Healthcare Providers in the course of providing medical services to you, we cannot decide when and how your Personal Information should be maintained or deleted. Australian privacy law has strict rules about how a healthcare providers can collect, use, and disclose your health information. If your concern relates to health information collected and controlled by the Healthcare Providers, you need to make a request to them in terms of how they keep your Personal Information.  

Disclosure of your Personal Information

Who we share your Personal Information with?

Your Personal Information (where necessary and appropriate in the context of the type of Personal Information held) may be disclosed to:
a) our employees, a related company, and our professional advisers (lawyers, accountants, financial advisers, etc.);

b) regulators and government authorities in connection with our compliance procedures and obligations, including law enforcement agencies to assist in the investigation and prevention of criminal activities; 

c) a third party, in order to enforce or defend our rights, or to address financial or reputational risks;

d) a rights holder in relation to an allegation of intellectual property infringement;

e) third party contractors, suppliers, and service providers with whom we have a business association, including: 

• delivery and transportation providers; 
• payment gateway providers, such as PayPal Holdings Inc. and Stripe Inc.;
• administration service providers;
• marketing service providers; and 
• information technology service providers, including cloud application providers.

We will not disclose your Personal Information other than in accordance with this Policy without your consent.

Healthcare Providers’ sharing Personal Information

In using healthmemmo, Healthcare Providers may share your Personal Information with relevant parties, including specialists, GP's, medical professionals, or other Healthcare Providers in the course of providing medical services to you. You should refer to your healthcare providers’ privacy policy for further information.

Anonymity and use of pseudonyms

If you contact us with a general enquiry, we may interact with you anonymously or using pseudonyms. However, you are required to provide true and accurate details when requesting the supply of goods or provision of services. You agree you will provide accurate information if we require it.

Access to Personal Information and corrections

We endeavour to only hold Personal Information that is accurate, complete, and up to date. You have the right to make a request to access Personal Information which we hold about you and to request corrections of any errors in that data. To make an access or correction request, contact us using the contact details provided at the end of this Policy.You may also access some of the Personal Information that we collect about you by logging into your account. You can update or correct certain information in your account.To protect your Personal Information, when you contact us, we may require identification from you before releasing the requested information or making the correction.If your corrections relate to health information collected and entered into healthmemmo by your healthcare providers, that data is controlled by and belongs to them. You should contact your healthcare providers in relation to the access and correction of the Personal Information they control. Similarly, if you have entered Personal Information (including health information) that you would like to update, you can do this within your account. 

Disclaimer

While your privacy is important to us, nothing in this Privacy Policy constitutes a voluntary opt-in to any privacy laws, anywhere in the world, which we are not statutorily bound to comply with.

Additional rights for EU residents and citizens

Data controller

For the purposes of the GDPR, we are a ‘data controller’ of Personal Information collected directly by us. If you’re a citizen or resident of the European Economic Area, the following rights apply to you.You are entitled to ask us to port your Personal Information (i.e. to transfer in a structured, commonly used, and machine-readable format, to you), to erase it, or to restrict its processing. You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, withdraw this consent.These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this means that we may retain some data even if you withdraw your consent.

Data processor

Pursuant to the GDPR, we are also a ‘data processor’ of the Personal Information collected by Healthcare Providers. As a data processor, we cannot change the purpose and the means in which the data is used, and we are bound by the instructions given by the data controller. At the choice of the data controller, we will delete or return all Personal Information to the data controller unless otherwise required by law.

Provision of requested Personal Information

Where we require your Personal Information to comply with legal or contractual obligations, then provision of such data is mandatory and if you do not provide it then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In those cases, you must provide us with your Personal Information, otherwise the provision of requested Personal Information is optional.

Data protection authorities

If you have unresolved concerns, you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority in the country: 

a) of your habitual residence; 

b) of your place of work; or 

c) in which you consider the alleged infringement has occurred.

Communications and privacy concerns

Your privacy is important to us. If you have any complaints, concerns, or questions about our handling of your Personal Information, we ask that you first contact our privacy officer whose contact details are listed below. We will investigate your complaint, concerns or questions and reply to you in writing if you provide us with contact details and request us to do so. 

Email: support@healthmemmo.com 

Telephone:   1300 650 975

If, after we have conducted our investigations, you are still not satisfied, then we ask you to consult with the Office of the Australian Information Commissioner:

Email: enquiries@oaic.gov.au 

Telephone:  1300 363 992 (from overseas +61 2 9284 9749)

Post:   GPO Box 5218, Sydney NSW 2001

Variations to this Policy

We will need to change this Policy from time to time to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.

When we do change the Policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this Policy will always be available on this page.

Last Updated: 19 April 2023