CareMonitor Privacy Policy
In this Privacy Policy, 'us' 'we' or 'our' means Caremonitor Pty Ltd (ABN 50 616 417 728). We are committed to respecting your privacy. Our Privacy Policy sets outs out how we collect, use, store and disclose your limited personal information. We are bound by the Australian Privacy Principles contained in the Privacy Act (1988) and by various other state and territory privacy and data protection legislation, to the extent that they apply to us.
By providing limited personal information to us, you consent to our collection, use and disclosure of your limited personal information in accordance with this Privacy Policy and any other arrangements that apply between us including our Terms. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
Limited personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information. We may also collect sensitive information, including information about your health, in connection with the provision of our goods and services to you.
CareMonitor collects limited personal information from the following classes of people:
Health Care Professionals: who may be medical practitioners, allied health practitioners, managers and administrative staff of GP Practices, employees of government health bodies, and other members of the health services community;
Patients; and
Other Individuals: who are not users of the CareMonitor system but who interact with CareMonitor in the course of our business.
We may collect limited personal information from individuals in connection with more than one of the above categories, depending on how you interact with us, and our products and services. We have provided specific guidance as to how we collect, use, and disclose limited personal information for each of these categories. General terms that apply to all categories are set out at the bottom of this policy. We recommend you review this policy in full to understand how and why your limited personal information may be collected, used, and disclosed.
Health Care Professionals
CareMonitor SaaS is used by Health Care Professionals to manage the healthcare of patients via the CareMonitor App. When you enquire about CareMonitor SaaS, create an account, or otherwise interact with CareMonitor SaaS we may collect limited personal information from you.
What limited personal information do we collect from Health Care Professionals?
We may collect the following types of limited personal information from Health Care Professionals:
name;
mailing or street address;
email address;
telephone number and other contact details;
age or date of birth;
employer and employment details;
provider number;
login times and locations, and information on which parts of CareMonitor you have accessed and when;
your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, network IP address and standard web log information;
details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
information you provide to us through customer surveys; or
any other limited personal information that may be required in order to facilitate your dealings with us.
We may collect these types of limited personal information either directly from you, or from third parties. We may collect this information when you:
enquire about or sign up for CareMonitor’s products or services;
create an account in CareMonitor SaaS;
interact with or use CareMonitor SaaS;
communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites; or
interact with our sites, services (including CareMonitor SaaS), content and advertising.
Why do we collect, use and disclose limited personal information of Health Care Professionals?
We may collect, hold, use and disclose your limited personal information for the following purposes:
to enable you to access and use our services (including CareMonitor SaaS) and website;
to operate, protect, improve and optimise our services, website, app, business, and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
to send you marketing and promotional messages and other information that may be of interest to you, including information sent on behalf of our business partners that we think you may find interesting;
to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners; and
to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.
To whom do we disclose limited personal information of Health Care Professionals?
We may disclose limited personal information for the purposes described in this privacy policy to:
our employees and related bodies corporate;
third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
professional advisers, dealers and agents;
payment systems operators (eg merchants receiving card payments);
our existing or potential agents, business partners or partners for the purpose of improving health care;
specific third parties authorised by you to receive information held by us; and/or
other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
Patients
The CareMonitor system is used to manage the healthcare of patients via the CareMonitor App. When you create an account or otherwise interact with the CareMonitor App we may collect limited personal information from you, including sensitive health information. We may also collect information about you from Health Care Professionals or health care providrs involved in your treatment.
What limited personal information do we collect from Patients?
We may collect the following types of limited personal information:
name;
mailing or street address;
email address;
telephone number and other contact details;
age or date of birth;
medicare registration details;
private health insurance details;
credit card information;
health information such as clinical conditions, health metrics, medications, and treatment plans;
login times and locations, and information on which parts of CareMonitor you have accessed and when;
your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, network IP address and standard web log information;
details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
information you provide to us through customer surveys; or
any other limited personal information that may be required in order to facilitate your dealings with us.
We may collect these types of limited personal information either directly from you, or from third parties. We may collect this information when you:
create an account in the CareMonitor App;
interact with the CareMonitor App or with our other products or services;
communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites; or
interact with our sites, services, content and advertising.
In addition to this you expressly consent to us collecting limited personal information about you from your Health Care Professionals or their employers, including receiving information from medical records maintained by your Health Care Professionals or their employers.
Why do we collect, use and disclose limited personal information of Patients?
We may collect, hold, use and disclose your limited personal information for the following purposes:
to enable you to access and use our services, website, and app;
to assist you and your Health Care Providers to better co-ordinate your health care;
to operate, protect, improve and optimise our services, website and app, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
to determine your suitability for clinical trials and other measures designed to improve your health care;
to send you marketing and promotional messages and other information that may be of interest to you, including information sent on behalf of our business partners that we think you may find interesting;
to administer surveys managed by us or our business partners; and
to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.
To whom do we disclose limited personal information of Patients?
We may disclose limited personal information for the purposes described in this privacy policy to:
our employees and related bodies corporate;
Health Care Professionals involved in your care;
third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
professional advisers, dealers and agents;
payment systems operators (eg merchants receiving card payments);
our existing or potential agents, business partners or partners for the purpose of improving health care;
specific third parties authorised by you to receive information held by us; and/or
other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
Other Individuals
We may collect limited personal information from you when you interact with our business other than via the use of, or in relation to, CareMonitor SaaS or the CareMonitor App.
What limited personal information do we collect from Other Individuals?
We may collect the following types of limited personal information:
name;
mailing or street address;
email address;
telephone number and other contact details;
age or date of birth;
credit card information;
your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, network IP address and standard web log information;
details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
information you provide to us through customer surveys; or
any other limited personal information that may be required in order to facilitate your dealings with us.
We may collect these types of limited personal information either directly from you, or from third parties. We may collect this information when you:
sign up for any of our products or services;
communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
interact with our sites, services, content and advertising; or
invest in our business or enquire as to a potential purchase in our business.
In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act (1988).
Why do we collect, use and disclose limited personal information of Other Individuals?
We may collect, hold, use and disclose your limited personal information for the following purposes:
to enable you to access and use our services, website, and app;
to operate, protect, improve and optimise our services, website and app, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
to consider your employment application.
To whom do we disclose limited personal information of Other Individuals?
We may disclose limited personal information for the purposes described in this privacy policy to:
our employees and related bodies corporate;
third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
professional advisers, dealers and agents;
payment systems operators (eg merchants receiving card payments);
our existing or potential agents, business partners or partners for the purpose of improving health care;
specific third parties authorised by you to receive information held by us; and/or
other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
The following terms apply to all classes of individual from whom we collect limited personal information.
Deidentifying Data
You agree that we may compile and deidentify data that we hold (including limited personal information) and may use such deidentified data for any purpose. We will comply with OAIC Guidelines in connection with any deidentification.
Do we use your limited personal information for direct marketing?
We may send you direct marketing communications and information about our services or products. This may take the form of emails, SMS, mail, or other forms of communication, in accordance with the Spam Act (2003) and the Privacy Act (1988). You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link). We will not pass your limited personal information on to third parties for the purposes of direct marketing without your express prior consent.
Disclosure of limited personal information outside Australia
We do not disclose identifiable limited personal information of persons who are located in Australia to people/entities outside of Australia.
Using our website and cookies
We may collect limited personal information about you when you use and access our website (as opposed to when you use the CareMonitor system, which is covered in more detail in the relevant category descriptions above).
While we do not use general website browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our websites may not work as intended for you if you do so.
We may also use cookies both via our website and services delivered via the website (including CareMonitor SaaS) to enable us to collect data that may include limited personal information. For example, where a cookie is linked to your account, it will be considered limited personal information under the Privacy Act (1988). We will handle any limited personal information collected by cookies in the same way that we handle all other limited personal information as described in this Privacy Policy.
Data Retention, Protection, Privacy and Security
We may hold your limited personal information in electronic form. We also collect health-related data from wearable devices for certain features of our applications. These health-related data can be collected from Google Fit, Withings, and Apple Health. The data we collected will enable users to optimise our app usage, facilitates healthcare coordination with healthcare providers and allows us to send necessary communications and notifications.
We take reasonable steps to protect your limited personal information and health-related data from misuse, interference, and loss, as well as unauthorised access, modification, or disclosure. We use several physical, administrative, personnel and technical measures to protect your limited personal information and health-related data. For example, sensitive limited personal information is encrypted. All other access is controlled by access rules and security tokens. We limit access to information on a need-to-know basis Additionally, we implement internal access control measures as well as approval and verification process to prevent unauthorised access. CareMonitor adheres to ISO 27001 framework and Australian Government agencies guidelines in implementing best practices for data retention and protection to ensure that we uphold the highest standards of data security and privacy. However, we cannot guarantee the security of your limited personal information if it is found to be compromised due to factors beyond control, such as unauthorised access by malicious third parties or unforeseen cybersecurity breaches caused by users and/or suppliers.
Data Deletion
Users may request data deletion at any time by submitting a request on https://support.caremonitor.com.au/hc/en-us/requests/new. Our support team strives to acknowledge receipt within 4 hours for critical issues and within 24 hours for non-critical issues. We will conduct necessary verification process to confirm the nature of the requests, adhering to our data retention policy and complying with applicable legal requirements. Secure deletion method will be implemented to guarantee the permanent removal of digital records. The selection of deletion methods will be contingent upon the sensitivity of data and may encompass strategies ranging from overwriting to physical destruction of storage media. Each deletion is logged, documenting the type of deleted data, the responsible party, the timestamp, and the methods used. Subsequently, internal approval and verification processes will be used to validate whether the irreversible removal of data has been completed successfully. This approach acts as our quality control measure, ensuring adherence to established protocols throughout the data deletion process.
Notifiable data breaches
We are governed by the Privacy Act (1988). If there is a data breach with respect to your limited personal information (determined based on meeting the following criteria):
there is unauthorised access to, or disclosure of your limited personal information held by us (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).;
this is likely to result in serious harm to you; and
we have been unable to prevent the likely risk of serious harm with remedial action,
we will notify you and the OAIC (Office of the Australian Information Commissioner) in accordance with our obligations under the Privacy Act (1988). The notification will also include recommendations about steps you should take in response to the data breach.
Links
Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.
Accessing or correcting your limited personal information
You can access the limited personal information we hold about you by contacting us using the information below. Sometimes, we may not be able to provide you with access to all of your limited personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your limited personal information.
If you think that any limited personal information, we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
Making a complaint
If you think we have breached the Privacy Act (1988), or you wish to make a complaint about the way we have handled your limited personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable timeframe. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
Contact Us
For further information about our Privacy Policy or practices, or to access or correct your limited personal information, or make a complaint, please contact us using the details set out below:
Privacy Officer
Level 2, 53 Berry Street, North Sydney, NSW 2060
+61 (02) 8074 4868
Effective: 11 October 2020