Australian and European Privacy Policy
1. Introduction
To support clinical engagement and sustainable performance improvements in hospital and health services, we, Healthcare Logic Global Limited (ACN 626 171 917), and each of its subsidiaries (collectively "we" or "us") develop the next generation of hospital analytics platforms. In operating our business, we may collect personal information. This Policy outlines the personal information that we may collect and how it is managed.
The primary purpose for collecting personal information is to operate our business and to enable meaningful information to be provided to our clients, so they operate at a higher level. We value the privacy of all our clients and share the importance of maintaining the privacy of any individuals whose personal information is processed by us.
If you are a patient of a health organisation that uses our services, that organisation controls the use of your personal information and not us – we process your personal information in accordance with that organisation’s instructions. You should refer to the privacy policy of that organisation to understand how your personal information is collected and used.
If you are located in the UK, EU or European Economic Area ("EEA"), the European Region Addendum at the end of this Privacy Policy also applies to you.
2. Personal Information
Personal information is information or an opinion about an individual, where that individual could be directly or indirectly identified from that information or opinion. Personal information may include, for example, the name, address, email address, birthday or other financial information of individuals. Personal information includes health information about a person, where that person could be identified from the information or opinion.
3. Whose information may we collect?
In carrying out our work, we collect personal information of individuals who:
a) work for organisations investigating the use of, using, or testing our products and services;
b) work for organisations who are engaged by us to support our business (for example, other software providers, our professional advisors, or collaborating universities or researchers) in the development, implementation, marketing or delivery of our products and services;
c) provide information to us by contacting us through our website, by email or telephone, or who talk to us to find out more about our business and our services, make a general enquiry or apply or express an interest in working with us.
As explained in section 1.1, we also process personal information of patients of a hospital or health service that uses our products and services. We do this in accordance with such health organisation’s instructions, so you should read their privacy policy to understand how your personal information is collected and used in that respect.
4. Use of personal information
We collect personal information by different means – for example, within our analytics platforms on secure servers or via questions on our website. How the information is collected and from where that information is collected governs how we use this information and how it stored. The use of personal information and any disclosure of the information is set out below.
Category | What type of information may be collected, and how? | How do we use it and specific disclosures? |
---|---|---|
A. Clients If you work for or with one of our existing, potential or previous clients, we may collect your personal information. |
When we work with existing, previous, or
potential clients, we may collect your
name, contact details, occupation,
qualifications, experience and other
information, including your username and
password for our products and how (and
when) you use our products.
This personal information may be
collected:
|
We use this information to:
We may also be asked to share information with your employer regarding your use of our products. The organisation you work for is responsible for ensuring you provide any necessary consent to the provision of personal information to us. |
B. Contractor organisations Individuals working for organisations who work with us to support our business and operations |
If you work for one of our contractors,
service providers or collaborators, we may
collect your name and contact details and
other information relevant to working
with us, which could include dietary
requirements, age, gender, health
information, financial information for
credit purposes or other matters. If you use our information systems or products in the provision of services to us, we may also collect your username, password and your use of our systems. |
We use this information to work with you,
including in relation to administration
matters (for example, invoicing),
development and delivery of our products
and services, research opportunities and
other matters associated with working
with you. We may use this information to contact you to provide updates or information about us and our products and services. If necessary, we may, for administrative, operational needs or service and product delivery, disclose your personal information to our clients. Our clients may be located outside Australia, including New Zealand, the United Kingdom, the Republic of Ireland or other European countries. |
C. Individuals Who contact us. |
We collect this information when you
contact us through our website, social
media, email or telephone. We might also collect this information if you meet one of our team and provide them with your contact details, or if you attend an event organised by us or if you apply for a position with us. |
We use this information to respond to your
enquiry or if you have applied for a job with
us to assess your application. As part of our marketing and business development, we may use this information to contact you to tell you about our business, products or services and provide news, case studies and other news and information about our company. |
D. Patients Patient data of a health organisation in any country using our products or services. |
Health organisation use our products to
collect personal information about their
patients and services. Each health organisation is responsible for the collection of information about their patients, obtaining any necessary consent to use that information (if applicable) and the circumstances of any disclosure of that information. When our products are used within a health organisation in Australia or New Zealand, we may back up that data or download the data into our information system for the purpose of providing additional support to the hospital or health service. This does not apply to our services and products used within a health organisation in the UK/EU/EEA. The personal information may include detailed patient information, including names, contact details, patient identification numbers, support contacts and other health information. |
We only use this information on the
instruction of our clients who have collected
the data to interpret the data, convert the
data into a usable form, to carry out further
analysis and validation exercises for the
customer and to provide other technical
and customer support to our clients. We recognise the importance of maintaining privacy, confidentiality and the security of patient information and are bound by obligations of confidentiality and privacy to our clients. Any personal information contained in data downloaded from our products used in Australia and New Zealand will not be transferred out of our system to any third party (other than our secure cloud-based information system). Any personal information contained in data downloaded from our products used in the EU/ EEA will not be transferred out of the health organisation’s system to any third party except in limited cases where the health organisation requires support services involving personal information. Any disclosure to a third party will be carried out only in the following limited circumstances:
We will not use this information to contact you to market our products and services. |
5. General Disclosures
To support our operations, product development, sales and the delivery and ongoing support for our products, we use organisations who we trust and who agree confidentiality and privacy obligations with us.
Your personal information may be disclosed to some of these organisations as part of our business operations, in
the event some of all of our business is purchased or our ongoing research and development. Examples include:
• contractors who work directly with us to provide our products and services, or
• cloud-based services which support our operations, for example, accounting software or client
relationship management software used by us.
These include providers located in Australia, New Zealand, the United Kingdom or Ireland.
We will not sell personal information collected by us to any third party.
In limited circumstances, if required by law, we may disclose your personal information in accordance with that legal requirement.
6. Access to your personal information
You may access the personal information we hold about you and update and/or correct it, subject to certain exceptions. If you wish to access your personal information, please contact us in writing.
Healthcare Logic will not charge any fee for your access request.
To protect your personal information, we may require identification from you before releasing the requested information.
7. Maintaining the quality of your personal information
It is important to us that your personal information is up to date. We will take reasonable steps to make sure that your personal information is accurate, complete and, where necessary, up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
8. Updating our Privacy Policy
This Policy may change from time to time and is available on our website. This Policy was last updated in July 2023
9. Contact us about our Privacy Policy or your personal information
Contact us on privacy@healthcarelogic.com if you would like:
• a copy of your personal information,
• to correct or amend the personal information we hold,
• have a question about our Privacy Policy, or
• have a complaint or concern regarding how we have handled your personal information.
10. How to make a privacy complaint
If you believe we have breached applicable privacy laws, you can make a privacy complaint to us. Complaints can be made by contacting us using our contact details set out in section 9 of this policy.
We endeavour to respond to you within 2 business days to acknowledge your complaint and explain how we will investigate it. We will try to resolve your complaint within 30 days and write to you to explain the reasons for our decision. When this is not possible, we will contact you and let you know how long it will take for us to resolve your complaint.
If you are not happy with our response to your complaint, you can contact us to discuss your concerns or you can lodge a complaint with Office of the Australian Information Commissioner by visiting https://www.oaic.gov.au/privacy/privacy-complaints.
EUROPEAN REGION ADDENDUM
If you are in the UK, EU or the EEA, this section applies to you
11. Status
If you are a patient of a health organisation that uses our services, that organisation is the "controller" of your personal information and not us. You should refer to the Privacy Policy of that organisation to understand how your data is collected and used.
We endeavour to respond to you within 2 business days to acknowledge your complaint and explain how we will investigate it. We will try to resolve your complaint within 30 days and write to you to explain the reasons for our decision. When this is not possible, we will contact you and let you know how long it will take for us to resolve your complaint.
In all other cases, under EU/EEA/UK data protection law, Healthcare Logic Global Limited, and each affiliate company with whom your information is shared, is the controller of your personal information.
12. Protecting your Data outside the UK/EU/EEA
Healthcare Logic is an Australian company, and when you contact us or do business with us, your information is processed by us, our affiliate companies and third-party service providers in countries outside the EU/EEA such as Australia and the United States. Except for limited exceptions, the European Commission has not found these countries to have the same levels of data protection for personal information as there are in the EU. Your personal information may be subject to requests by law enforcement and governmental agencies (including intelligence agencies) outside the UK/EU/EEA when you use our services which could impact on your rights under local law, such as your right to an effective legal remedy.
Regardless of where your personal information is processed, we apply the same protections described in this privacy notice. Where personal information is transferred between our group of companies or to our service providers, this is done using the framework set out in the GDPR, such as standard contractual clauses approved by the European Commission or our service providers’ binding corporate rules (which are available on request).
13. Our Legal Basis for Processing Your Information
In order to collect, process, and share personal data for the purposes described in this Privacy Policy, we rely on a number of separate and overlapping legal bases, including:
• as necessary to perform or conclude any contract with you;
• as necessary for the legitimate interests of us or of a third party, provided those interests are not overridden by your interests or rights. We rely on our and others’ legitimate interests in:
a) securing our website and our platform;
b) responding to any requests received through the website;
c) enforcing our terms;
d) where applicable, performing or concluding a contract with the organisation that you work for;
e) analysing how our website is being used and the effectiveness of our marketing and advertising campaigns and improving them;
f) monitoring the use of our products to understand their use, provide ongoing support to our clients, research, development and improvement of our products and services;
g) protecting our and others’ intellectual and other property, interests and rights;
h) protecting us and others against error, fraud, damage and harmful or illegal activity;
i) sending and presenting tailored content to you;
j) complying with our legal obligations under laws outside the UK/EU/EEA and responding to legal requests from governmental and law enforcement agencies; and
k) operating and expanding our business, including through corporate acquisitions and mergers.
• as necessary to comply with our legal obligations;
• consistent with your consent. For example, where you have opted-in to receive direct marketing communications about services or information we think may interest you or where you have consented to the use of non- essential cookies on our website;
• in limited cases, as necessary to protect the vital interests of you or of other users.
We may process personal data on more than one lawful ground depending on the specific purpose for which we are using that data. We only use personal data for the purposes for which we collected it unless we believe that we need to use that personal data for another reason that is compatible with the original purpose or as applicable law permits.
14. Retention of your Personal Information
We retain your personal information for the period necessary to fulfil the purposes outlined in this privacy policy or such longer retention period as may be required or permitted by applicable law. For instance, we may keep your information to comply with our legal obligations (e.g. tax laws), to resolve disputes, to enforce our agreements or as otherwise permitted by law.
The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or pseudonymised, and other relevant criteria.
15. Additional Rights
In addition to the rights set out in the main body of this Privacy Policy (i.e. your right to access your personal information and rectify any incorrect personal information we hold about you), you have certain other rights under the UK, EU and EEA data protection laws.
Please note that these rights are not absolute and are subject to certain exemptions under applicable data protection law.
As a data subject, you have the following rights:
• where we rely on our legitimate interest to use your personal data, you have a right to object to this use
(in which case we will desist from processing your personal information unless we can demonstrate an
overriding legitimate grounds for the continued processing of your personal information);
• the right to port your personal information in certain cases;
• the right to withdraw your consent at any time (though this does not impact on the lawfulness of what we
did up based upon your consent until that point);
• the right to request us to restrict the use of, or stop using, your personal information in certain cases;
• the right to object to the use of your personal data for direct marketing;
• you may request that we delete the personal data which we hold about you where you withdraw your
consent and in certain other cases; and
• where you are dissatisfied with how we have dealt with your data protection rights, you may make a
complaint to the data protection regulator in your jurisdiction.
***