Our Privacy Policy


Who are we and what do we do?

‍Integrated Health Systems Pty Ltd (ACN 646 798 450) (“IHS”) is a private company which is registered in Australia. IHS offers secure cloud-based services (“Services”) that allow the safe collection, storage, and disclosure of individuals’ personal information (which includes health information) in order to facilitate better patient outcome and improvement of the patient journey and communication.IHS is committed to managing personal information (including sensitive information) in accordance with the Australian Privacy Principles (“APPs”) under the Privacy Act 1988 (Cth) and in accordance with other applicable privacy laws. This policy sets out how we manage your personal information and is referred to as our Privacy Policy. In this Privacy Policy, “we”, “us” and “our” refers to IHS and its affiliated companies or related bodies corporate and “you” or “your” refers to any individual about whom we collect personal information. This Privacy Policy tells you how we collect, store, use and disclose your personal information.

What personal information do we collect and hold?

‍Clients and users
‍
‍When you become a client or a user of IHS’s software (including patients of a client) (“users”), a record is made which may include your personal information. The type of personal information that we collect will vary depending on the circumstances of collection and the kinds of services which have been provided by our clients. Whenever users visit or interact with our website or application (“Platforms”), we and our third party providers may automatically or passively record their metadata information about how the Platform is accessed and used (“Usage Information”). Usage Information helps us keep our Platforms relevant to users and allows us to tailor our content. Usage Information is generally non-identifying, but if any aspect of it may identify you, we will treat it as personal information. We may use third-party advertising services to serve advertisements on our behalf. When you visit our Platforms, the third-party analytics services help us understand and improve the usage of Platforms and the effectiveness of our marketing efforts. The delivery of online advertising to you and others on our Platforms will not result in the disclosure of any of your personal information to those third-parties.
   
Patients
‍
‍In addition tothe above, we will also collect patients’ personal information which is consideredsensitive information within the meaning of the APPs. This includes but is notlimited to the collection of patients’ personal health information includingpatient identifiers, contact information, payment information, Medicare and/orhealth insurance information, and information about their episode of care(including, but not limited to, information such as their surgical procedure,comorbidities and weight, and any notes made by our clients).Clients are solelyresponsible for ensuring that all necessary consents have been obtained from patientsprior to the uploading of any of their information to our servers.

‍Why do wecollect, hold and disclose your personal information?
‍
‍We collect yourpersonal information:
‍
To provide the Services to you and others;
‍
Identify our users, clients, potential clients, and theirrepresentatives;
‍
Carry out administrative tasks such as billing, enteringinto contracts with you or third parties, debt recovery activities and managingclient relationships.
‍
Carry out our quality assurance and complaint handlingactivities in a professional and efficient manner; and
‍
For market research purposes and directly marketing to youin accordance with the APPs.


‍How do wecollect your Personal Information?

‍We generally collectpersonal information directly from our users or their representatives on ourPlatforms, including an integration between a third-party.We may also collectcertain ancillary information by electronic messages (including email and SMS,or any of our integrated messaging services), and via your usage of ourPlatforms.

‍How do wehold, store and secure your Personal Information?

‍We arecommitted to providing a highly secure and reliable Platforms to our clients to perform their services. In order to protect the personal information which wehold, we use industry-standard physical, procedural and technical security measures in accordance with our obligations under the APPs, including encryption as appropriate. Our security model and controls are based oninternational standards and industry best practices, such as ISO 27001, ISO27018 and OWASP Top 10. Our systems are hosted on Amazon Web Services. This allows us to provide a reliable service and keeps your data readily available. This data centre employs leading physical and environmental security measures, resulting in highly resilient infrastructure. We take reasonable steps to protect your personal informationfrom misuse, interference and loss and from unauthorised access, modification or disclosure.


How do weuse and disclose your Personal Information?

‍1.         Users

‍If you are anindividual whose personal information has been uploaded to the IHS database(whether by yourself or by our client with your express informed consent) forthe purpose of us providing the Services, we will:

useand disclose your personal information where this is reasonably necessary for,and relevant to, our delivery of the Services, including disclosures to ourclients and other third parties (such as Medicare Australia, third partyinsurers, or other regulatory payers) for the purposes of delivering andenabling the Services;

de-identifycertain information for the purposes of conducting analytics and obtainingrelevant metrics (which may be used for the purposes of providing advertisingor other marketing related activities to you or others);

and any other purpose which we may determine to be appropriate from time to time but consistent with the APPs.

 2.         Contractors and other service providers

‍We may disclose information to third parties in order to assist us in providing the Services, including contractors and service providers used for payment processing, data processing or storage, technology providers, information technology services and support, Platform maintenance/development, and email and SMS distribution services who help us supply our products and services.

 3.         Marketing

‍We may send our clients direct marketing to inform them about products or services, special offers, promotions and events that may be of interest.Your consent to receive direct marketing communications from us in the above ways will be deemed if you do not opt out when you are offered the opportunity to do so, and will remain current on an ongoing basis unless and until you advise otherwise. If you do not want to receive such offers from us, you can opt out at any timeby contacting us using our contact details provided below or by utilising the“unsubscribe” function in electronic communications.
If the law requires us to provide you with information about our products or services, we will provide that information even if you have elected not to receiveinformation about our products and services generally.

‍4.         Other uses and disclosures

‍We may use and disclose your personal information for other purposes explained at the time ofcollection or otherwise as set out in this Privacy Policy. We may also useor disclose your personal information where:

Youhave consented to the use and disclosure (including to our clients);
The disclosure is to our business partner for the purposes of providing the Services to you, in which case we will require them to use and disclose thepersonal information only for the purpose for which it was provided to them;

The third party is a person involved in a dealing or proposed dealing (including asale) of all or part of our assets and business;

The disclosure is permitted, required or authorised by or under law or ordered by a Court or Tribunal;

The disclosure is required or appropriate to protect your, our, or other’s rights, property,or safety; or We are involved in a merger, acquisition, financing due diligence, reorganisation,bankruptcy, receivership, sale of company assets, or transition of service to another provider, and your information may be disclosed in connection with the negotiation of such transaction, and/or transferred as part of such atransaction as permitted by law and/or contract.

Do wetransfer your personal information overseas?

‍We will use our best endeavours to ensure your personal information is only stored within Australiaand will not disclose your personal information to any overseas third parties.

Links toThird-Party Websites
‍
‍Our Plat forms may contain links and integrations to third party websites and platforms. This Privacy Policy does not apply to the practices of those third parties, and we are not responsible or otherwise liable for the actions, information,representations and privacy policies of the third parties that operate or interact with those other websites.
In order to use our Services, you may be required to provide those third parties with additional information, such as your credit card information. Any information which you provide to those third parties will not be shared with us and we will not collect or hold that information.

‍Your PrivacyRights

‍Certain jurisdictions have specific legal requirements and grant privacy rights withrespect to personal information, and we will comply with restrictions and any requests you submit as required by applicable law. You may contact us to access and update any of your information that we hold.

‍How can you access or seek correction or deletion of your personal information?

‍We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date in accordance with our obligations under applicable privacy regulation. In instances where we hold your personal information in our database, you may contact us directly to seek an update, amendment or request deletion of your personal information. We will meet this request within a reasonable timeframe. After receiving a request from you, we will take reasonable steps to correct your information however we are not liable for the accuracy, completeness or veracity of such information which we have collected from you and any third parties. To request access to or update your personal information please contact our privacy officer using the contact details set out below. We will respond to yourrequest within a reasonable time in accordance with the Privacy Act 1988(Cth) and other applicable privacy laws depending on the jurisdiction. You will not be charged for making a request to access your personal information, but you may be charged a reasonable fee for our costs and any expenses involved in compiling information in response to your request.

Changes toour Privacy Policy

‍We may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our Platforms regularly to keep up to date with anychanges. By continuing to use our Services, you agree to be bound by the Privacy Policy as amended.

‍Complaints

If you have any concerns or would like to make a complaint, please contact the Privacy Officer(details below). Please include your full name, email address and/or telephone number and clearly describe your concerns or complaint. We will endeavour toinvestigate your matter and respond to your complaint within a reasonable timeafter it is made. If you are unhappy with our response, we will provide youwith information about further steps you can take.

Contact Us
‍You can contact our Privacy Officer in the following ways:
‍IntegratedHealth Systems Pty. Ltd.
Attention:Privacy Officer
Email:legal@integratedhealth.io