Allie Privacy Policy
Allie Privacy Policy
Allie Privacy Policy
Last modified: 06/04/2023
INTRODUCTION
Here at Clinic Mastery Pty Ltd ACN 610 545 956 trading as Allie, a company incorporated in Australia (we, us or our) protecting your privacy and treating your personal data with care is of paramount importance to us. This Privacy Policy also applies to our related bodies corporate. This Privacy Policy explains what personal data we collect, why we collect personal data and how we collect, use, disclose, store and protect your personal data when you visit our website, use our services or products, provide us with information yourself (such as when you sign up to our service or use our services) or when you accept services from us.
It also explains how to contact us to correct, update or delete any personal data provided to us, or make a complaint if you have concerns. We are compliant with the Privacy Act 1988 Australia and General Data Protection Regulation (EU) 2016/679 (GDPR).
We will only collect and process personal data about you where we have a lawful basis to do so. Lawful basis includes consent (where you have given consent), use of our service (where processing is necessary for the delivery of services to you) and legitimate interests (including security threats or frauds, risk of harm to self or others, compliance with applicable laws, and enabling us to administer our service).
You expressly and voluntarily grant your informed consent to us to deal with your personal data in accordance with the terms and conditions of this Privacy Policy. You have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.
Unless otherwise indicated by the context words importing the singular include the plural and vice versa.
CHANGES THAT WE MAKE TO OUR PRIVACY POLICY
We will notify you about any changes to our Privacy Policy by updating the “Last Updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of our website or services after the date such revised Privacy Policy is posted.
COLLECTION OF YOUR PERSONAL DATA BY THIRD PARTIES
This Privacy Policy does not apply to any third-party service or website which we connect to, and which may also collect and use information about you. We are not responsible for any of the information collected by any third party.
You acknowledge and warrant that you are responsible for and must comply with your own privacy obligations in relation to any personal data you authorise us to collect on your behalf as part of our products and services and you are responsible for ensuring you have the consent of any other party whose personal data we collect when accessing your information technology infrastructure (such as Xero and Cliniko).
IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OUR WEBSITE, USE OUR SERVICES OR PROVIDE ANY INFORMATION ABOUT YOURSELF TO US.
WHICH ENTITIES DOES THIS PRIVACY POLICY COVER?
This Privacy Policy applies to us with respect to content on our websites, our products, services and information you provide to us about yourself.
WHAT IS PERSONAL DATA?
Personal data is defined as data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.
WHEN AND HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect most personal data directly from you when you consent to use our products or services or receive communications from us. Your consent may be express (e.g. you agree to the use of your information by ticking a box) or implied by an action you take or do not take (i.e., because you have agreed to terms and conditions that contain information about the use or disclosure of your information).
You provide us your information when you use our products, services or you use our website generally or you deal with us.
WHAT PERSONAL DATA DO WE COLLECT?
Personal data
We collect demographic and personally identifiable information either directly from you or through our access to your third party applications (such as Xero and Cliniko). That personally identifiable information may include (but not be limited to):
· full name;
· mailing or street address;
· date of birth;
· email address;
· telephone number and other contact details;
· age or date of birth;
· occupation;
· photographic representations of you;
· credit card and PayPal information and other information for billing;
· identifying data about yourself, your employees and contractors;
· wage and remuneration data;
· your device ID, browser, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
· details of the services we have provided to you or that you have enquired about, including any additional information necessary to deliver those services and respond to your enquiries;
· any additional information relating to you that you provide to us directly through our website or use of our services or indirectly through your use of our website or use of our services or online presence or through other websites or accounts from which you permit us to collect information;
· information you provide about yourself when you communicate to us or others when you use the services;
· information you provide to us through surveys; or
· any other personal data that may be required in order to facilitate your dealings with us.
We may collect these types of personal data either directly from you, or from third parties or from third party applications you control and give us access to. We may collect this information when you:
· register for our products or services;
· communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites; and
· interact with our site, products, services, content and advertising.
You can choose not to provide us with your personal data, but then you may not be able to take advantage of some of the features of our services or our website.
We do not access or collect any personal information about your patients other than when we provide a service which requires us to access the names of your patients. You should ensure that your privacy policy allows us to do this.
WHY DO WE COLLECT YOUR PERSONAL DATA?
We may collect your personal data when required by law but generally we collect personal data from you (or about you) to allow us to:
· create and manage user accounts;
· supply you with information about our products and services;
· provide you with our products and services;
· deliver analytics and visualisation of the performance of your business;
· ensure your use of our services and products are safe and secure;
· send administrative information;
· marketing and advertising to you;
· respond to inquiries and offer support;
· request user feedback;
· improve user experience;
· enforce terms and conditions and policies;
· protect from abuse and malicious users;
· respond to legal requests and prevent harm;
· communicate more effectively with you about our services and your care; and
· ensure your experience with us is a positive one.
Personal data collected or received by us will only be used for the stated purpose for which it was provided.
WHEN DO WE DISCLOSE YOUR PERSONAL DATA?
We may collect, hold, use and disclose your personal data for the following purposes:
· to enable you to access and use our services and products;
· to operate, protect, improve and optimise our products or services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
· to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
· to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting; and
· to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.
TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
We may disclose personal data for the purposes described in this privacy policy to:
· our employees, agents and contractors and related bodies corporate;
· third party suppliers and service providers (including providers for the operation of our website and/or our business or in connection with providing our services to you) including banks and payment processors;
· businesses whom you interact with via our services;
· professional advisers and agents;
· payment systems operators (e.g., merchants receiving card payments);
· our existing or potential agents, business partners or partners;
· our sponsors or promoters of any competition that we conduct via our services;
· anyone to whom our assets or businesses (or any part of them) are transferred;
· specific third parties authorised by you to receive information held by us; and/or
· other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
If personal data is disclosed to a third party, we are required to take all reasonable steps to ensure your personal data is treated in accordance with the laws that apply to personal data in that country. We may also disclose your personal data to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.
WHAT OTHER PARTIES PROCESS YOUR PERFONAL DATA?
Personal Data is collected for the following purposes and using the following services:
Heat mapping and session recording
Heat mapping services are used to display the areas of our products and services that you interact with most frequently. This shows where the points of interest are. These services make it possible to monitor and analyse web traffic and keep track of your behaviour. Some of these services may record sessions and make them available for later visual playback.
Hotjar Heat Maps & Recordings (Hotjar Ltd.)
Hotjar is a session recording and heat mapping service provided by Hotjar Ltd. Hotjar honours generic “Do Not Track” headers. This means the browser can tell its script not to collect any of your personal data. This is a setting that is available in all major browsers.
Personal data processed: trackers; usage data; various types of personal data as specified in the privacy policy of the service.
Place of processing: Malta.
https://www.hotjar.com/legal/policies/privacy/
Infrastructure monitoring
This type of service allows our products and services to monitor the use and behaviour of its components so its performance, operation, maintenance and troubleshooting can be improved. What personal data is processed depends on the characteristics and mode of implementation of this service, whose function is to filter the activities of our products and services.
Sentry (Functional Software, Inc.)
Sentry is a monitoring service provided by Functional Software, Inc.
Personal data processed: various types of personal data as specified in the privacy policy of the service.
Place of processing: United States.
Interaction with online survey platforms
This type of service allows you to interact with third-party online survey platforms directly from the pages of our products and services. If one of these services is installed, it may collect browsing and usage data in the pages where it is installed, even if you do not actively use our products or services.
Hotjar Poll & Survey widgets (Hotjar Ltd.)
The Hotjar Poll & Survey widgets are services that enable interaction with the Hotjar platform provided by Hotjar Ltd. Hotjar honours generic “Do Not Track” headers. This means the browser can tell its script not to collect any of your personal data. This is a setting that is available in all major browsers.
Personal Data processed: Trackers; Usage Data; various types of personal data as specified in the privacy policy of the service.
Place of processing: Malta.
https://www.hotjar.com/legal/policies/privacy/
Registration and authentication
By registering or authenticating, you allow our products and services to identify you and give you access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, our products and services will be able to access some personal data, stored by these third-party services, for registration or identification purposes. Some of the services listed below may also collect personal data for targeting and profiling purposes.
Auth0 (Auth0, Inc)
Auth0 is a registration and authentication service provided by Auth0, Inc. To simplify the registration and authentication process, Auth0 can make use of third-party identity providers and save the information on its platform.
Personal Data processed: email address; first name; last name; password; picture; trackers; various types of personal data as specified in the privacy policy of the service.
Place of processing: Australia.
https://auth0.com/docs/secure/data-privacy-and-compliance
Tag Management
This type of service helps us to manage the tags or scripts needed for products and services in a centralised fashion. This results in your personal data flowing through these services, potentially resulting in the retention of your personal data.
Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal Data processed: trackers; usage data.
Place of processing: Ireland.
https://support.google.com/tagmanager/answer/9323295?hl=en
AGGREGATED INFORMATION & DIRECT MARKETING
We do not sell your personal data. We may aggregate the information you and others make available to us and share it with third parties.
We may use, sell, license, and share this aggregated information with third parties for research or other purposes such as to improve our services or to help our partners understand more about the users of our service issues.
We and/or our carefully selected business partners may send you direct marketing communications and information about our service and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the laws of your country. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g., an unsubscribe link).
You can object to us using your information for these purposes.
WHAT IF YOU DON’T WANT US TO COLLECT YOUR PERSONAL DATA?
You are not obligated to provide us with your personal data. You may choose whether you receive communications from us. Whilst it is your choice not to provide your personal data to us this may impede our ability to provide you with all the functionality of our services and website.
WHAT IF YOU DON’T WANT TO RECEIVE FURTHER COMMUNCATIONS FROM US?
Should you wish to remove yourself from our database you may do so at any time by contacting us by emailing us at allie@clinicmastery.com.
HOW CAN I ACCESS, CORRECT AND/ OR UPDATE PERSONAL DATA YOU HAVE COLLECTED?
At any time, you may contact us and request your personal data be modified. We will make all efforts to correct data once we have proved your identity.
We will deal with all requests for access to personal data as quickly as possible, but no later than the prescribed time required by law (unless any complexities arise). Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given.
We will provide you your personal data in a structured, commonly used, machine-readable format.
In some cases, we will refuse to give you access to personal data we hold about you. This includes, but is not limited to, circumstances where giving you access would: be unlawful; have an unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative information generated within our business in connection with a commercially sensitive decision-making process.
We will also refuse access where the personal data relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where we reasonably believe that unlawful activity, or misconduct of a serious nature, is being or may be engaged in against us and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.
If we refuse to give you access, we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.
Please note that the access and correction requirements under this Privacy Policy operates alongside and do not replace other informal or legal procedures by which an individual can be provided access to, or correction of, their personal data.
HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?
For us to provide excellent service we are required to store some personal data and take the greatest of care to ensure this information is treated as private and confidential. Transmitting personal data via the internet does have inherent risks associated with it. We will however take all reasonable steps to ensure the security of this data.
We have taken the necessary measures to ensure the personal data we hold is not compromised. In accordance with and as permitted by applicable law and regulations we will retain your information as long necessary to serve you, to maintain your account or as otherwise required to operate our service.
Our third party data storage centre in Australia is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has reliability and security for your data. However, we cannot be held liable for events outside our control particularly with respect to third parties who act as repositories of your information.
Our website is protected by security certificates and are built considering all modern security stands where possible. We will take reasonable steps to maintain the integrity and security of any personal data we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such personal data.
Note that no information transmitted over the Internet can be guaranteed to be completely secure. While we will endeavour to protect your personal data as best as possible, we cannot guarantee the security of any information that you transmit to us or receive from us. The transmission and exchange of information is carried out at your own risk.
It is important that you protect your privacy by ensuring that no one obtains your personal data, and you must contact us directly if your details change. Should your information be erroneously provided to us or no longer remain valid within the constraints of this Privacy Policy we will securely destroy or de-identify it as soon as practicable, as long as it is lawful to do so.
We have obligations to notify you if you are affected by a data breach. We will take all reasonable precautions to take remedial action to prevent such an event. However, as we cannot guarantee that remedial action will be sufficient to prevent all instances of a breach, we will take steps to notify you of an eligible data breach as soon as practicable, and provide recommendations as to what steps you should take to mitigate any serious issues.
For EU residents, where we employ data processors to process personal data on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal data against unauthorised use, loss and theft.
HOW LONG DO WE KEEP YOUR PERSONAL DATA
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
Therefore:
· Personal Data collected for purposes related to the performance of a contract between us and you shall be retained until such contract has been fully performed.
· Personal data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfil such purposes. You may find specific information regarding the legitimate interests pursued by us within the relevant sections of this document or by contacting us.
We may be allowed to retain personal data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. We may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. Once the retention period expires, personal data shall be deleted. The right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
YOUR RIGHTS ABOUT YOUR PERSONAL DATA
You may exercise certain rights regarding their personal data which we process. In particular, you have the right to do the following:
· You have the right to withdraw consent where you have previously given your consent to the processing of their personal data.
· You have the right to object to the processing of your personal data if the processing is carried out on a legal basis other than consent.
· You have the right to learn if your personal data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the personal data undergoing processing.
· You have the right to verify the accuracy of your personal data and ask for it to be updated or corrected.
· You have the right, under certain circumstances, to restrict the processing of your personal data. In this case, we will not process your personal data for any purpose other than storing it.
· You have the right, under certain circumstances, to obtain the erasure of your personal data from us.
· You have the right to bring a claim before their competent data protection authority.
LOG DATA
Whenever you use our website, or in a case of an error within the website, we collect data and information (through third party products) called Log Data. This Log Data may include information such as your device, Internet Protocol address, device name, operating system version, the configuration of the device when utilizing our website, the time and date of your use of our website and other statistics.
TRANSFER OUT
We may transfer data we receive about you, including all personal data, to our hosting service providers and data centres located overseas, such as an Amazon Web Services node in countries such as the United States. You hereby expressly and voluntarily grant your informed consent to such transfers. Transfers out of your country will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website and European Union Data Protection Agreement.
You acknowledge that personal data that you submit for publication through our website or products or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify or amend this Privacy Policy at any time.
If you object to any changes, you may cease using our website and/or our services. You acknowledge and agree that your continued use of our website means that the collection, use and sharing of your personal data is subject to the updated Privacy Policy.
COOKIES
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website. We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
COOKIES THAT WE MAY USE
We use cookies for the following purposes:
· authentication and status - we use cookies to identify you when you visit our website and as you navigate our website, and to determine if you are logged into the website;
· personalisation - we use cookies to store information about your preferences and to personalise the website for you;
· security - we use cookies s an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;
· analysis - we use cookies to help us to analyse the use and performance of our website and services; and
· cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.
COOKIES USED BY OUR SERVICE PROVIDERS
Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
MANAGING COOKIES
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
· https://support.google.com/chrome/answer/95647 (Chrome);
· https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
· https://help.opera.com/en/latest/security-and-privacy/ (Opera);
· https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
· https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and
· https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
DO NOT TRACK REQUESTS
Our products and services do not support “Do Not Track” requests. To determine whether any of the third-party services it uses honour the “Do Not Track” requests, please read their privacy policies.
GENERAL DATA PROTECTION REGULATION (GDPR) FOR THE EUROPEAN UNION (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal data as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal data. The legal basis for which we collect your personal data depends on the data that we collect and how we use it.
We will only collect your personal data with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal data if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal data if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal data from you that is considered “Sensitive personal data” under the GDPR, such as personal data relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal data if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal data of children.
YOUR ADDITIONAL RIGHTS UNDER THE GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal data is obtained and used. We comply with your rights under the GDPR as to how your personal data is used and controlled if you are an individual residing in the EU.
Except as otherwise provided in the GDPR, you have the following rights:
· to be informed how your personal data is being used;
· access your personal data (we will provide you with a free copy of it);
· to correct your personal data if it is inaccurate or incomplete;
· to delete your personal data (also known as “the right to be forgotten”);
· to restrict processing of your personal data;
· to retain and reuse your personal data for your own purposes;
· to object to your personal data being used; and
· to object against automated decision making and profiling.
Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.
We may ask you to verify your identity before acting on any of your requests.
ENQUIRIES, REQUESTS & COMPLAINTS
Enquiries regarding this Privacy Policy or the personal data we may hold on you, should be addressed to the Privacy Officer at allie@clinicmastery.com.
If you think your personal data, held by us, may have been compromised in any way or you have any other Privacy related complaints or issues, you should also raise the matter with the Privacy Officer.
We will ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Privacy Commissioner Australia, whose contact details are below.
Office of the Australian information Commission
Telephone 1300 363 992
Email enquiries@oaic.gov.au
Office Address Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address GPO Box 5218, Sydney NSW 2001
Website www.oaic.gov.au
DATE OF CURRENT VERSION: 06/04/2023
INTRODUCTION
Here at Clinic Mastery Pty Ltd ACN 610 545 956 trading as Allie, a company incorporated in Australia (we, us or our) protecting your privacy and treating your personal data with care is of paramount importance to us. This Privacy Policy also applies to our related bodies corporate. This Privacy Policy explains what personal data we collect, why we collect personal data and how we collect, use, disclose, store and protect your personal data when you visit our website, use our services or products, provide us with information yourself (such as when you sign up to our service or use our services) or when you accept services from us.
It also explains how to contact us to correct, update or delete any personal data provided to us, or make a complaint if you have concerns. We are compliant with the Privacy Act 1988 Australia and General Data Protection Regulation (EU) 2016/679 (GDPR).
We will only collect and process personal data about you where we have a lawful basis to do so. Lawful basis includes consent (where you have given consent), use of our service (where processing is necessary for the delivery of services to you) and legitimate interests (including security threats or frauds, risk of harm to self or others, compliance with applicable laws, and enabling us to administer our service).
You expressly and voluntarily grant your informed consent to us to deal with your personal data in accordance with the terms and conditions of this Privacy Policy. You have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.
Unless otherwise indicated by the context words importing the singular include the plural and vice versa.
CHANGES THAT WE MAKE TO OUR PRIVACY POLICY
We will notify you about any changes to our Privacy Policy by updating the “Last Updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of our website or services after the date such revised Privacy Policy is posted.
COLLECTION OF YOUR PERSONAL DATA BY THIRD PARTIES
This Privacy Policy does not apply to any third-party service or website which we connect to, and which may also collect and use information about you. We are not responsible for any of the information collected by any third party.
You acknowledge and warrant that you are responsible for and must comply with your own privacy obligations in relation to any personal data you authorise us to collect on your behalf as part of our products and services and you are responsible for ensuring you have the consent of any other party whose personal data we collect when accessing your information technology infrastructure (such as Xero and Cliniko).
IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OUR WEBSITE, USE OUR SERVICES OR PROVIDE ANY INFORMATION ABOUT YOURSELF TO US.
WHICH ENTITIES DOES THIS PRIVACY POLICY COVER?
This Privacy Policy applies to us with respect to content on our websites, our products, services and information you provide to us about yourself.
WHAT IS PERSONAL DATA?
Personal data is defined as data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.
WHEN AND HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect most personal data directly from you when you consent to use our products or services or receive communications from us. Your consent may be express (e.g. you agree to the use of your information by ticking a box) or implied by an action you take or do not take (i.e., because you have agreed to terms and conditions that contain information about the use or disclosure of your information).
You provide us your information when you use our products, services or you use our website generally or you deal with us.
WHAT PERSONAL DATA DO WE COLLECT?
Personal data
We collect demographic and personally identifiable information either directly from you or through our access to your third party applications (such as Xero and Cliniko). That personally identifiable information may include (but not be limited to):
· full name;
· mailing or street address;
· date of birth;
· email address;
· telephone number and other contact details;
· age or date of birth;
· occupation;
· photographic representations of you;
· credit card and PayPal information and other information for billing;
· identifying data about yourself, your employees and contractors;
· wage and remuneration data;
· your device ID, browser, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
· details of the services we have provided to you or that you have enquired about, including any additional information necessary to deliver those services and respond to your enquiries;
· any additional information relating to you that you provide to us directly through our website or use of our services or indirectly through your use of our website or use of our services or online presence or through other websites or accounts from which you permit us to collect information;
· information you provide about yourself when you communicate to us or others when you use the services;
· information you provide to us through surveys; or
· any other personal data that may be required in order to facilitate your dealings with us.
We may collect these types of personal data either directly from you, or from third parties or from third party applications you control and give us access to. We may collect this information when you:
· register for our products or services;
· communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites; and
· interact with our site, products, services, content and advertising.
You can choose not to provide us with your personal data, but then you may not be able to take advantage of some of the features of our services or our website.
We do not access or collect any personal information about your patients other than when we provide a service which requires us to access the names of your patients. You should ensure that your privacy policy allows us to do this.
WHY DO WE COLLECT YOUR PERSONAL DATA?
We may collect your personal data when required by law but generally we collect personal data from you (or about you) to allow us to:
· create and manage user accounts;
· supply you with information about our products and services;
· provide you with our products and services;
· deliver analytics and visualisation of the performance of your business;
· ensure your use of our services and products are safe and secure;
· send administrative information;
· marketing and advertising to you;
· respond to inquiries and offer support;
· request user feedback;
· improve user experience;
· enforce terms and conditions and policies;
· protect from abuse and malicious users;
· respond to legal requests and prevent harm;
· communicate more effectively with you about our services and your care; and
· ensure your experience with us is a positive one.
Personal data collected or received by us will only be used for the stated purpose for which it was provided.
WHEN DO WE DISCLOSE YOUR PERSONAL DATA?
We may collect, hold, use and disclose your personal data for the following purposes:
· to enable you to access and use our services and products;
· to operate, protect, improve and optimise our products or services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
· to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
· to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting; and
· to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.
TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
We may disclose personal data for the purposes described in this privacy policy to:
· our employees, agents and contractors and related bodies corporate;
· third party suppliers and service providers (including providers for the operation of our website and/or our business or in connection with providing our services to you) including banks and payment processors;
· businesses whom you interact with via our services;
· professional advisers and agents;
· payment systems operators (e.g., merchants receiving card payments);
· our existing or potential agents, business partners or partners;
· our sponsors or promoters of any competition that we conduct via our services;
· anyone to whom our assets or businesses (or any part of them) are transferred;
· specific third parties authorised by you to receive information held by us; and/or
· other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
If personal data is disclosed to a third party, we are required to take all reasonable steps to ensure your personal data is treated in accordance with the laws that apply to personal data in that country. We may also disclose your personal data to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.
WHAT OTHER PARTIES PROCESS YOUR PERFONAL DATA?
Personal Data is collected for the following purposes and using the following services:
Heat mapping and session recording
Heat mapping services are used to display the areas of our products and services that you interact with most frequently. This shows where the points of interest are. These services make it possible to monitor and analyse web traffic and keep track of your behaviour. Some of these services may record sessions and make them available for later visual playback.
Hotjar Heat Maps & Recordings (Hotjar Ltd.)
Hotjar is a session recording and heat mapping service provided by Hotjar Ltd. Hotjar honours generic “Do Not Track” headers. This means the browser can tell its script not to collect any of your personal data. This is a setting that is available in all major browsers.
Personal data processed: trackers; usage data; various types of personal data as specified in the privacy policy of the service.
Place of processing: Malta.
https://www.hotjar.com/legal/policies/privacy/
Infrastructure monitoring
This type of service allows our products and services to monitor the use and behaviour of its components so its performance, operation, maintenance and troubleshooting can be improved. What personal data is processed depends on the characteristics and mode of implementation of this service, whose function is to filter the activities of our products and services.
Sentry (Functional Software, Inc.)
Sentry is a monitoring service provided by Functional Software, Inc.
Personal data processed: various types of personal data as specified in the privacy policy of the service.
Place of processing: United States.
Interaction with online survey platforms
This type of service allows you to interact with third-party online survey platforms directly from the pages of our products and services. If one of these services is installed, it may collect browsing and usage data in the pages where it is installed, even if you do not actively use our products or services.
Hotjar Poll & Survey widgets (Hotjar Ltd.)
The Hotjar Poll & Survey widgets are services that enable interaction with the Hotjar platform provided by Hotjar Ltd. Hotjar honours generic “Do Not Track” headers. This means the browser can tell its script not to collect any of your personal data. This is a setting that is available in all major browsers.
Personal Data processed: Trackers; Usage Data; various types of personal data as specified in the privacy policy of the service.
Place of processing: Malta.
https://www.hotjar.com/legal/policies/privacy/
Registration and authentication
By registering or authenticating, you allow our products and services to identify you and give you access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, our products and services will be able to access some personal data, stored by these third-party services, for registration or identification purposes. Some of the services listed below may also collect personal data for targeting and profiling purposes.
Auth0 (Auth0, Inc)
Auth0 is a registration and authentication service provided by Auth0, Inc. To simplify the registration and authentication process, Auth0 can make use of third-party identity providers and save the information on its platform.
Personal Data processed: email address; first name; last name; password; picture; trackers; various types of personal data as specified in the privacy policy of the service.
Place of processing: Australia.
https://auth0.com/docs/secure/data-privacy-and-compliance
Tag Management
This type of service helps us to manage the tags or scripts needed for products and services in a centralised fashion. This results in your personal data flowing through these services, potentially resulting in the retention of your personal data.
Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal Data processed: trackers; usage data.
Place of processing: Ireland.
https://support.google.com/tagmanager/answer/9323295?hl=en
AGGREGATED INFORMATION & DIRECT MARKETING
We do not sell your personal data. We may aggregate the information you and others make available to us and share it with third parties.
We may use, sell, license, and share this aggregated information with third parties for research or other purposes such as to improve our services or to help our partners understand more about the users of our service issues.
We and/or our carefully selected business partners may send you direct marketing communications and information about our service and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the laws of your country. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g., an unsubscribe link).
You can object to us using your information for these purposes.
WHAT IF YOU DON’T WANT US TO COLLECT YOUR PERSONAL DATA?
You are not obligated to provide us with your personal data. You may choose whether you receive communications from us. Whilst it is your choice not to provide your personal data to us this may impede our ability to provide you with all the functionality of our services and website.
WHAT IF YOU DON’T WANT TO RECEIVE FURTHER COMMUNCATIONS FROM US?
Should you wish to remove yourself from our database you may do so at any time by contacting us by emailing us at allie@clinicmastery.com.
HOW CAN I ACCESS, CORRECT AND/ OR UPDATE PERSONAL DATA YOU HAVE COLLECTED?
At any time, you may contact us and request your personal data be modified. We will make all efforts to correct data once we have proved your identity.
We will deal with all requests for access to personal data as quickly as possible, but no later than the prescribed time required by law (unless any complexities arise). Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given.
We will provide you your personal data in a structured, commonly used, machine-readable format.
In some cases, we will refuse to give you access to personal data we hold about you. This includes, but is not limited to, circumstances where giving you access would: be unlawful; have an unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative information generated within our business in connection with a commercially sensitive decision-making process.
We will also refuse access where the personal data relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where we reasonably believe that unlawful activity, or misconduct of a serious nature, is being or may be engaged in against us and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.
If we refuse to give you access, we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.
Please note that the access and correction requirements under this Privacy Policy operates alongside and do not replace other informal or legal procedures by which an individual can be provided access to, or correction of, their personal data.
HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?
For us to provide excellent service we are required to store some personal data and take the greatest of care to ensure this information is treated as private and confidential. Transmitting personal data via the internet does have inherent risks associated with it. We will however take all reasonable steps to ensure the security of this data.
We have taken the necessary measures to ensure the personal data we hold is not compromised. In accordance with and as permitted by applicable law and regulations we will retain your information as long necessary to serve you, to maintain your account or as otherwise required to operate our service.
Our third party data storage centre in Australia is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has reliability and security for your data. However, we cannot be held liable for events outside our control particularly with respect to third parties who act as repositories of your information.
Our website is protected by security certificates and are built considering all modern security stands where possible. We will take reasonable steps to maintain the integrity and security of any personal data we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such personal data.
Note that no information transmitted over the Internet can be guaranteed to be completely secure. While we will endeavour to protect your personal data as best as possible, we cannot guarantee the security of any information that you transmit to us or receive from us. The transmission and exchange of information is carried out at your own risk.
It is important that you protect your privacy by ensuring that no one obtains your personal data, and you must contact us directly if your details change. Should your information be erroneously provided to us or no longer remain valid within the constraints of this Privacy Policy we will securely destroy or de-identify it as soon as practicable, as long as it is lawful to do so.
We have obligations to notify you if you are affected by a data breach. We will take all reasonable precautions to take remedial action to prevent such an event. However, as we cannot guarantee that remedial action will be sufficient to prevent all instances of a breach, we will take steps to notify you of an eligible data breach as soon as practicable, and provide recommendations as to what steps you should take to mitigate any serious issues.
For EU residents, where we employ data processors to process personal data on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal data against unauthorised use, loss and theft.
HOW LONG DO WE KEEP YOUR PERSONAL DATA
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
Therefore:
· Personal Data collected for purposes related to the performance of a contract between us and you shall be retained until such contract has been fully performed.
· Personal data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfil such purposes. You may find specific information regarding the legitimate interests pursued by us within the relevant sections of this document or by contacting us.
We may be allowed to retain personal data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. We may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. Once the retention period expires, personal data shall be deleted. The right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
YOUR RIGHTS ABOUT YOUR PERSONAL DATA
You may exercise certain rights regarding their personal data which we process. In particular, you have the right to do the following:
· You have the right to withdraw consent where you have previously given your consent to the processing of their personal data.
· You have the right to object to the processing of your personal data if the processing is carried out on a legal basis other than consent.
· You have the right to learn if your personal data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the personal data undergoing processing.
· You have the right to verify the accuracy of your personal data and ask for it to be updated or corrected.
· You have the right, under certain circumstances, to restrict the processing of your personal data. In this case, we will not process your personal data for any purpose other than storing it.
· You have the right, under certain circumstances, to obtain the erasure of your personal data from us.
· You have the right to bring a claim before their competent data protection authority.
LOG DATA
Whenever you use our website, or in a case of an error within the website, we collect data and information (through third party products) called Log Data. This Log Data may include information such as your device, Internet Protocol address, device name, operating system version, the configuration of the device when utilizing our website, the time and date of your use of our website and other statistics.
TRANSFER OUT
We may transfer data we receive about you, including all personal data, to our hosting service providers and data centres located overseas, such as an Amazon Web Services node in countries such as the United States. You hereby expressly and voluntarily grant your informed consent to such transfers. Transfers out of your country will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website and European Union Data Protection Agreement.
You acknowledge that personal data that you submit for publication through our website or products or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify or amend this Privacy Policy at any time.
If you object to any changes, you may cease using our website and/or our services. You acknowledge and agree that your continued use of our website means that the collection, use and sharing of your personal data is subject to the updated Privacy Policy.
COOKIES
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website. We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
COOKIES THAT WE MAY USE
We use cookies for the following purposes:
· authentication and status - we use cookies to identify you when you visit our website and as you navigate our website, and to determine if you are logged into the website;
· personalisation - we use cookies to store information about your preferences and to personalise the website for you;
· security - we use cookies s an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;
· analysis - we use cookies to help us to analyse the use and performance of our website and services; and
· cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.
COOKIES USED BY OUR SERVICE PROVIDERS
Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
MANAGING COOKIES
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
· https://support.google.com/chrome/answer/95647 (Chrome);
· https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
· https://help.opera.com/en/latest/security-and-privacy/ (Opera);
· https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
· https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and
· https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
DO NOT TRACK REQUESTS
Our products and services do not support “Do Not Track” requests. To determine whether any of the third-party services it uses honour the “Do Not Track” requests, please read their privacy policies.
GENERAL DATA PROTECTION REGULATION (GDPR) FOR THE EUROPEAN UNION (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal data as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal data. The legal basis for which we collect your personal data depends on the data that we collect and how we use it.
We will only collect your personal data with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal data if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal data if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal data from you that is considered “Sensitive personal data” under the GDPR, such as personal data relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal data if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal data of children.
YOUR ADDITIONAL RIGHTS UNDER THE GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal data is obtained and used. We comply with your rights under the GDPR as to how your personal data is used and controlled if you are an individual residing in the EU.
Except as otherwise provided in the GDPR, you have the following rights:
· to be informed how your personal data is being used;
· access your personal data (we will provide you with a free copy of it);
· to correct your personal data if it is inaccurate or incomplete;
· to delete your personal data (also known as “the right to be forgotten”);
· to restrict processing of your personal data;
· to retain and reuse your personal data for your own purposes;
· to object to your personal data being used; and
· to object against automated decision making and profiling.
Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.
We may ask you to verify your identity before acting on any of your requests.
ENQUIRIES, REQUESTS & COMPLAINTS
Enquiries regarding this Privacy Policy or the personal data we may hold on you, should be addressed to the Privacy Officer at allie@clinicmastery.com.
If you think your personal data, held by us, may have been compromised in any way or you have any other Privacy related complaints or issues, you should also raise the matter with the Privacy Officer.
We will ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Privacy Commissioner Australia, whose contact details are below.
Office of the Australian information Commission
Telephone 1300 363 992
Email enquiries@oaic.gov.au
Office Address Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address GPO Box 5218, Sydney NSW 2001
Website www.oaic.gov.au
DATE OF CURRENT VERSION: 06/04/2023
INTRODUCTION
Here at Clinic Mastery Pty Ltd ACN 610 545 956 trading as Allie, a company incorporated in Australia (we, us or our) protecting your privacy and treating your personal data with care is of paramount importance to us. This Privacy Policy also applies to our related bodies corporate. This Privacy Policy explains what personal data we collect, why we collect personal data and how we collect, use, disclose, store and protect your personal data when you visit our website, use our services or products, provide us with information yourself (such as when you sign up to our service or use our services) or when you accept services from us.
It also explains how to contact us to correct, update or delete any personal data provided to us, or make a complaint if you have concerns. We are compliant with the Privacy Act 1988 Australia and General Data Protection Regulation (EU) 2016/679 (GDPR).
We will only collect and process personal data about you where we have a lawful basis to do so. Lawful basis includes consent (where you have given consent), use of our service (where processing is necessary for the delivery of services to you) and legitimate interests (including security threats or frauds, risk of harm to self or others, compliance with applicable laws, and enabling us to administer our service).
You expressly and voluntarily grant your informed consent to us to deal with your personal data in accordance with the terms and conditions of this Privacy Policy. You have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.
Unless otherwise indicated by the context words importing the singular include the plural and vice versa.
CHANGES THAT WE MAKE TO OUR PRIVACY POLICY
We will notify you about any changes to our Privacy Policy by updating the “Last Updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of our website or services after the date such revised Privacy Policy is posted.
COLLECTION OF YOUR PERSONAL DATA BY THIRD PARTIES
This Privacy Policy does not apply to any third-party service or website which we connect to, and which may also collect and use information about you. We are not responsible for any of the information collected by any third party.
You acknowledge and warrant that you are responsible for and must comply with your own privacy obligations in relation to any personal data you authorise us to collect on your behalf as part of our products and services and you are responsible for ensuring you have the consent of any other party whose personal data we collect when accessing your information technology infrastructure (such as Xero and Cliniko).
IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OUR WEBSITE, USE OUR SERVICES OR PROVIDE ANY INFORMATION ABOUT YOURSELF TO US.
WHICH ENTITIES DOES THIS PRIVACY POLICY COVER?
This Privacy Policy applies to us with respect to content on our websites, our products, services and information you provide to us about yourself.
WHAT IS PERSONAL DATA?
Personal data is defined as data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.
WHEN AND HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect most personal data directly from you when you consent to use our products or services or receive communications from us. Your consent may be express (e.g. you agree to the use of your information by ticking a box) or implied by an action you take or do not take (i.e., because you have agreed to terms and conditions that contain information about the use or disclosure of your information).
You provide us your information when you use our products, services or you use our website generally or you deal with us.
WHAT PERSONAL DATA DO WE COLLECT?
Personal data
We collect demographic and personally identifiable information either directly from you or through our access to your third party applications (such as Xero and Cliniko). That personally identifiable information may include (but not be limited to):
· full name;
· mailing or street address;
· date of birth;
· email address;
· telephone number and other contact details;
· age or date of birth;
· occupation;
· photographic representations of you;
· credit card and PayPal information and other information for billing;
· identifying data about yourself, your employees and contractors;
· wage and remuneration data;
· your device ID, browser, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
· details of the services we have provided to you or that you have enquired about, including any additional information necessary to deliver those services and respond to your enquiries;
· any additional information relating to you that you provide to us directly through our website or use of our services or indirectly through your use of our website or use of our services or online presence or through other websites or accounts from which you permit us to collect information;
· information you provide about yourself when you communicate to us or others when you use the services;
· information you provide to us through surveys; or
· any other personal data that may be required in order to facilitate your dealings with us.
We may collect these types of personal data either directly from you, or from third parties or from third party applications you control and give us access to. We may collect this information when you:
· register for our products or services;
· communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites; and
· interact with our site, products, services, content and advertising.
You can choose not to provide us with your personal data, but then you may not be able to take advantage of some of the features of our services or our website.
We do not access or collect any personal information about your patients other than when we provide a service which requires us to access the names of your patients. You should ensure that your privacy policy allows us to do this.
WHY DO WE COLLECT YOUR PERSONAL DATA?
We may collect your personal data when required by law but generally we collect personal data from you (or about you) to allow us to:
· create and manage user accounts;
· supply you with information about our products and services;
· provide you with our products and services;
· deliver analytics and visualisation of the performance of your business;
· ensure your use of our services and products are safe and secure;
· send administrative information;
· marketing and advertising to you;
· respond to inquiries and offer support;
· request user feedback;
· improve user experience;
· enforce terms and conditions and policies;
· protect from abuse and malicious users;
· respond to legal requests and prevent harm;
· communicate more effectively with you about our services and your care; and
· ensure your experience with us is a positive one.
Personal data collected or received by us will only be used for the stated purpose for which it was provided.
WHEN DO WE DISCLOSE YOUR PERSONAL DATA?
We may collect, hold, use and disclose your personal data for the following purposes:
· to enable you to access and use our services and products;
· to operate, protect, improve and optimise our products or services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
· to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
· to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting; and
· to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.
TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
We may disclose personal data for the purposes described in this privacy policy to:
· our employees, agents and contractors and related bodies corporate;
· third party suppliers and service providers (including providers for the operation of our website and/or our business or in connection with providing our services to you) including banks and payment processors;
· businesses whom you interact with via our services;
· professional advisers and agents;
· payment systems operators (e.g., merchants receiving card payments);
· our existing or potential agents, business partners or partners;
· our sponsors or promoters of any competition that we conduct via our services;
· anyone to whom our assets or businesses (or any part of them) are transferred;
· specific third parties authorised by you to receive information held by us; and/or
· other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
If personal data is disclosed to a third party, we are required to take all reasonable steps to ensure your personal data is treated in accordance with the laws that apply to personal data in that country. We may also disclose your personal data to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.
WHAT OTHER PARTIES PROCESS YOUR PERFONAL DATA?
Personal Data is collected for the following purposes and using the following services:
Heat mapping and session recording
Heat mapping services are used to display the areas of our products and services that you interact with most frequently. This shows where the points of interest are. These services make it possible to monitor and analyse web traffic and keep track of your behaviour. Some of these services may record sessions and make them available for later visual playback.
Hotjar Heat Maps & Recordings (Hotjar Ltd.)
Hotjar is a session recording and heat mapping service provided by Hotjar Ltd. Hotjar honours generic “Do Not Track” headers. This means the browser can tell its script not to collect any of your personal data. This is a setting that is available in all major browsers.
Personal data processed: trackers; usage data; various types of personal data as specified in the privacy policy of the service.
Place of processing: Malta.
https://www.hotjar.com/legal/policies/privacy/
Infrastructure monitoring
This type of service allows our products and services to monitor the use and behaviour of its components so its performance, operation, maintenance and troubleshooting can be improved. What personal data is processed depends on the characteristics and mode of implementation of this service, whose function is to filter the activities of our products and services.
Sentry (Functional Software, Inc.)
Sentry is a monitoring service provided by Functional Software, Inc.
Personal data processed: various types of personal data as specified in the privacy policy of the service.
Place of processing: United States.
Interaction with online survey platforms
This type of service allows you to interact with third-party online survey platforms directly from the pages of our products and services. If one of these services is installed, it may collect browsing and usage data in the pages where it is installed, even if you do not actively use our products or services.
Hotjar Poll & Survey widgets (Hotjar Ltd.)
The Hotjar Poll & Survey widgets are services that enable interaction with the Hotjar platform provided by Hotjar Ltd. Hotjar honours generic “Do Not Track” headers. This means the browser can tell its script not to collect any of your personal data. This is a setting that is available in all major browsers.
Personal Data processed: Trackers; Usage Data; various types of personal data as specified in the privacy policy of the service.
Place of processing: Malta.
https://www.hotjar.com/legal/policies/privacy/
Registration and authentication
By registering or authenticating, you allow our products and services to identify you and give you access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, our products and services will be able to access some personal data, stored by these third-party services, for registration or identification purposes. Some of the services listed below may also collect personal data for targeting and profiling purposes.
Auth0 (Auth0, Inc)
Auth0 is a registration and authentication service provided by Auth0, Inc. To simplify the registration and authentication process, Auth0 can make use of third-party identity providers and save the information on its platform.
Personal Data processed: email address; first name; last name; password; picture; trackers; various types of personal data as specified in the privacy policy of the service.
Place of processing: Australia.
https://auth0.com/docs/secure/data-privacy-and-compliance
Tag Management
This type of service helps us to manage the tags or scripts needed for products and services in a centralised fashion. This results in your personal data flowing through these services, potentially resulting in the retention of your personal data.
Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal Data processed: trackers; usage data.
Place of processing: Ireland.
https://support.google.com/tagmanager/answer/9323295?hl=en
AGGREGATED INFORMATION & DIRECT MARKETING
We do not sell your personal data. We may aggregate the information you and others make available to us and share it with third parties.
We may use, sell, license, and share this aggregated information with third parties for research or other purposes such as to improve our services or to help our partners understand more about the users of our service issues.
We and/or our carefully selected business partners may send you direct marketing communications and information about our service and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the laws of your country. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g., an unsubscribe link).
You can object to us using your information for these purposes.
WHAT IF YOU DON’T WANT US TO COLLECT YOUR PERSONAL DATA?
You are not obligated to provide us with your personal data. You may choose whether you receive communications from us. Whilst it is your choice not to provide your personal data to us this may impede our ability to provide you with all the functionality of our services and website.
WHAT IF YOU DON’T WANT TO RECEIVE FURTHER COMMUNCATIONS FROM US?
Should you wish to remove yourself from our database you may do so at any time by contacting us by emailing us at allie@clinicmastery.com.
HOW CAN I ACCESS, CORRECT AND/ OR UPDATE PERSONAL DATA YOU HAVE COLLECTED?
At any time, you may contact us and request your personal data be modified. We will make all efforts to correct data once we have proved your identity.
We will deal with all requests for access to personal data as quickly as possible, but no later than the prescribed time required by law (unless any complexities arise). Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given.
We will provide you your personal data in a structured, commonly used, machine-readable format.
In some cases, we will refuse to give you access to personal data we hold about you. This includes, but is not limited to, circumstances where giving you access would: be unlawful; have an unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative information generated within our business in connection with a commercially sensitive decision-making process.
We will also refuse access where the personal data relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where we reasonably believe that unlawful activity, or misconduct of a serious nature, is being or may be engaged in against us and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.
If we refuse to give you access, we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.
Please note that the access and correction requirements under this Privacy Policy operates alongside and do not replace other informal or legal procedures by which an individual can be provided access to, or correction of, their personal data.
HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?
For us to provide excellent service we are required to store some personal data and take the greatest of care to ensure this information is treated as private and confidential. Transmitting personal data via the internet does have inherent risks associated with it. We will however take all reasonable steps to ensure the security of this data.
We have taken the necessary measures to ensure the personal data we hold is not compromised. In accordance with and as permitted by applicable law and regulations we will retain your information as long necessary to serve you, to maintain your account or as otherwise required to operate our service.
Our third party data storage centre in Australia is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has reliability and security for your data. However, we cannot be held liable for events outside our control particularly with respect to third parties who act as repositories of your information.
Our website is protected by security certificates and are built considering all modern security stands where possible. We will take reasonable steps to maintain the integrity and security of any personal data we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such personal data.
Note that no information transmitted over the Internet can be guaranteed to be completely secure. While we will endeavour to protect your personal data as best as possible, we cannot guarantee the security of any information that you transmit to us or receive from us. The transmission and exchange of information is carried out at your own risk.
It is important that you protect your privacy by ensuring that no one obtains your personal data, and you must contact us directly if your details change. Should your information be erroneously provided to us or no longer remain valid within the constraints of this Privacy Policy we will securely destroy or de-identify it as soon as practicable, as long as it is lawful to do so.
We have obligations to notify you if you are affected by a data breach. We will take all reasonable precautions to take remedial action to prevent such an event. However, as we cannot guarantee that remedial action will be sufficient to prevent all instances of a breach, we will take steps to notify you of an eligible data breach as soon as practicable, and provide recommendations as to what steps you should take to mitigate any serious issues.
For EU residents, where we employ data processors to process personal data on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal data against unauthorised use, loss and theft.
HOW LONG DO WE KEEP YOUR PERSONAL DATA
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
Therefore:
· Personal Data collected for purposes related to the performance of a contract between us and you shall be retained until such contract has been fully performed.
· Personal data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfil such purposes. You may find specific information regarding the legitimate interests pursued by us within the relevant sections of this document or by contacting us.
We may be allowed to retain personal data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. We may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. Once the retention period expires, personal data shall be deleted. The right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
YOUR RIGHTS ABOUT YOUR PERSONAL DATA
You may exercise certain rights regarding their personal data which we process. In particular, you have the right to do the following:
· You have the right to withdraw consent where you have previously given your consent to the processing of their personal data.
· You have the right to object to the processing of your personal data if the processing is carried out on a legal basis other than consent.
· You have the right to learn if your personal data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the personal data undergoing processing.
· You have the right to verify the accuracy of your personal data and ask for it to be updated or corrected.
· You have the right, under certain circumstances, to restrict the processing of your personal data. In this case, we will not process your personal data for any purpose other than storing it.
· You have the right, under certain circumstances, to obtain the erasure of your personal data from us.
· You have the right to bring a claim before their competent data protection authority.
LOG DATA
Whenever you use our website, or in a case of an error within the website, we collect data and information (through third party products) called Log Data. This Log Data may include information such as your device, Internet Protocol address, device name, operating system version, the configuration of the device when utilizing our website, the time and date of your use of our website and other statistics.
TRANSFER OUT
We may transfer data we receive about you, including all personal data, to our hosting service providers and data centres located overseas, such as an Amazon Web Services node in countries such as the United States. You hereby expressly and voluntarily grant your informed consent to such transfers. Transfers out of your country will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website and European Union Data Protection Agreement.
You acknowledge that personal data that you submit for publication through our website or products or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify or amend this Privacy Policy at any time.
If you object to any changes, you may cease using our website and/or our services. You acknowledge and agree that your continued use of our website means that the collection, use and sharing of your personal data is subject to the updated Privacy Policy.
COOKIES
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website. We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
COOKIES THAT WE MAY USE
We use cookies for the following purposes:
· authentication and status - we use cookies to identify you when you visit our website and as you navigate our website, and to determine if you are logged into the website;
· personalisation - we use cookies to store information about your preferences and to personalise the website for you;
· security - we use cookies s an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;
· analysis - we use cookies to help us to analyse the use and performance of our website and services; and
· cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.
COOKIES USED BY OUR SERVICE PROVIDERS
Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
MANAGING COOKIES
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
· https://support.google.com/chrome/answer/95647 (Chrome);
· https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
· https://help.opera.com/en/latest/security-and-privacy/ (Opera);
· https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
· https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and
· https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
DO NOT TRACK REQUESTS
Our products and services do not support “Do Not Track” requests. To determine whether any of the third-party services it uses honour the “Do Not Track” requests, please read their privacy policies.
GENERAL DATA PROTECTION REGULATION (GDPR) FOR THE EUROPEAN UNION (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal data as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal data. The legal basis for which we collect your personal data depends on the data that we collect and how we use it.
We will only collect your personal data with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal data if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal data if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal data from you that is considered “Sensitive personal data” under the GDPR, such as personal data relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal data if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal data of children.
YOUR ADDITIONAL RIGHTS UNDER THE GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal data is obtained and used. We comply with your rights under the GDPR as to how your personal data is used and controlled if you are an individual residing in the EU.
Except as otherwise provided in the GDPR, you have the following rights:
· to be informed how your personal data is being used;
· access your personal data (we will provide you with a free copy of it);
· to correct your personal data if it is inaccurate or incomplete;
· to delete your personal data (also known as “the right to be forgotten”);
· to restrict processing of your personal data;
· to retain and reuse your personal data for your own purposes;
· to object to your personal data being used; and
· to object against automated decision making and profiling.
Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.
We may ask you to verify your identity before acting on any of your requests.
ENQUIRIES, REQUESTS & COMPLAINTS
Enquiries regarding this Privacy Policy or the personal data we may hold on you, should be addressed to the Privacy Officer at allie@clinicmastery.com.
If you think your personal data, held by us, may have been compromised in any way or you have any other Privacy related complaints or issues, you should also raise the matter with the Privacy Officer.
We will ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Privacy Commissioner Australia, whose contact details are below.
Office of the Australian information Commission
Telephone 1300 363 992
Email enquiries@oaic.gov.au
Office Address Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address GPO Box 5218, Sydney NSW 2001
Website www.oaic.gov.au
DATE OF CURRENT VERSION: 06/04/2023
©️ Copyright 2024. All rights reserved.
©️ Copyright 2024. All rights reserved.