Privacy and Security

Halaxy Privacy Policy

Collection Statement

Halaxy Pty Ltd ACN 633 220 612 ('we', 'us' or 'our') collect personal information about you in order to provide you with services relating to health records of you or your patients and for purposes otherwise set out in our Privacy Policy.

The information you provide will be collected by or on behalf of us and may be disclosed to third parties, including those that help us deliver our services (including information technology suppliers, communication suppliers and our business partners) or as required by law. If you do not provide this information, we may not be able to provide all our services to you. Your data is stored in Australia, and we may disclose your personal information to recipients that are located outside of Australia, including to Xero (which stores data in the USA) if you integrate your Halaxy and Xero accounts.

Our Privacy Policy explains: (i) how we store and use, and how you may access and correct your personal information; (ii) how you can lodge a complaint regarding the handling of your personal information; and (iii) how we will handle any complaint. If you would like any further information about our privacy policies or practices, please contact us at privacy@halaxy.com. By providing your personal information to us, you consent to the collection, use, storage and disclosure of that information as described in the Privacy Policy and this Collection Notice.

Privacy Policy

In this Privacy Policy, 'us' 'we' or 'our' means Halaxy Pty Ltd ACN 131 908 597 and our related bodies corporate. We are committed to respecting your privacy. Our Privacy Policy sets outs out how we collect, use, store and disclose your personal information. We are bound by the Australian Privacy Principles contained in the Privacy Act.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit/debit card and/or bank account information.

In addition to this Privacy Policy, we comply with various privacy legislation, including:

  1. the Privacy Act 1988 (Cth) (“Privacy Act”) (including the Australian Privacy Principles under that Act);
  2. health records legislation, including the Health Records Act 2001 (Vic), Health Records and Information Privacy Act 2002 (NSW), Health Records (Privacy and Access) Act 1997 (ACT); and
  3. marketing legislation, including the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
Collection of personal information - what, how and why

We may collect the following types of personal information:

  1. your name, address, telephone and email contact details;
  2. your gender, date of birth or age and marital status;
  3. your billing details;
  4. if you are a practitioner, your areas of focus and contact details
  5. health information recorded in our system either by you or your practitioner including the treatment you have received, including date, service type, description of the service, which practitioner treated you, test results, current and past medical history, data uploaded by any of your connected health devices;
  6. your bank account or credit/debit card information;
  7. government related identifiers, including your Medicare number;
  8. your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
  9. details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
  10. any additional information relating to you that you provide to us directly through our website or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
  11. information you provide to us through customer surveys; or
  12. any other personal information that may be required in order to facilitate your dealings with us.

We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:

  1. register on our website;
  2. communicates with us in person, by phone, via mail, through correspondence, chats, email, online, or when you or your practitioner share information with us from other social applications, services or websites, or when we contact you or your practitioner through any means;
  3. interact with our sites, services, content and advertising or when you or tour practitioner register, log in for and use services offered by us; or
  4. invest in our business or enquire as to a potential purchase in our business.

In addition;

  1. when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.
  2. We may also collect your personal information from other persons or entities.
  3. Through your use of our services or website, we may also collect information from you about someone else. If you provider us with personal information about someone else, you must ensure that you are authorised to disclose that inflation to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use and disclose such information for the purposes described in this Privacy Policy. This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Privacy Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, our identity, and how to contact us. Where requested to do so by us, you must also assist us with any requests by the individual to access or update the personal information you have collected from them and entered into our website.

We may collect, hold, use and disclose your personal information for the following purposes:

  1. to enable you or your practitioner to access and use our website and our services;
  2. to operate, protect, improve and optimise our website and our services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
  3. to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
  4. for medical research purposes, including providing this information to third parties for this purpose;
  5. to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
  6. to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
  7. to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
  8. to consider your employment application.

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

We and/or our carefully selected business partners may send you direct marketing communications and information about our services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg an unsubscribe link).

In order to allow us to provide, manage and administer our products and services to you and to operate an efficient and sustainable business, we may be required to disclose your information to third parties. This may include disclosure in the following circumstances:

  1. our employees and related bodies corporate;
  2. hospitals, medical and ancillary service providers (for example, practitioners);
  3. any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives;
  4. lawyers, auditors and other advisors appointed by us or acting on our behalf;
  5. where disclosure is required by law, including compulsory notices from courts of law, tribunals or government agencies;
  6. third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
  7. government and regulatory bodies, including, Medicare, the Australian Taxation Office, the Department of Veterans Affairs and the Department of Health and Ageing;
  8. professional advisers, dealers and agents;
  9. payment systems operators (eg merchants receiving card payments);
  10. our existing or potential agents, business partners or partners;
  11. our sponsors or promoters of any competition that we conduct via our services;
  12. anyone to whom our assets or businesses (or any part of them) are transferred;
  13. specific third parties authorised by you to receive information held by us; and/or
  14. other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
We can aggregate Your non-personally identifiable data

By using our services, you agree that we can access and aggregate data we have collected from you using reasonable steps to use your personal information in a way it does not personally identify you. We may access, aggregate this data for our own use or for use by third parties:

  1. to audit, research, measure and analyse the information in order to maintain, administer, enhance and protect our products and services, including analysing usage trends and patterns and measuring the effectiveness of content, advertising, features or services;
  2. for contextual and cookie-based automated content delivery, such as tailored ads or search results;
  3. for health and medical research, public health and service activities, healthcare and medical related services; and
  4. to prepare aggregate reports for current or future advertisers, sponsors or other partners to show trends about the general use of our services. Such reports may include age, gender, geographic, demographic or other general user information, but do not include personal information that personally identifies you.

Disclosure of personal information outside Australia
If we send your information outside of Australia, we will require that the recipient of the information complies with local privacy laws and contractual obligations to maintain the security of the data.

Using our website and cookies

We may collect personal information about you when you use and access our website.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

You are responsible for transfer of your data to third-party applications
Our services may allow you, or others within the relevant subscription to our services to transfer Data, including your personal information, electronically to and from third-party applications and services. We have no control over, and take no responsibility for, the privacy practices or content of these applications or for their data storage processes. You are responsible for checking the privacy policy of any such applications so that you can be informed of how they will handle personal information.

Security

We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. However, we cannot guarantee the security of your personal information.

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Accessing or correcting your personal information

As required under the Australian Privacy Principles, you can access the personal information we hold about you by contacting us at privacy@halaxy.com. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

Making a complaint

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us at privacy@halaxy.com. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

Contact Us

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

privacy@halaxy.com

Effective: 22 January 2019