Privacy Policy

Collaborate Privacy Policy

 

About this Privacy Policy

 

1.1 The Collaborate and CollabroatED mobile applications (the ‘App(s)’) is/are owned and operated by Collaborating Clinics App (ABN 23 639 714 287) (‘Collaborate’).

1.2 Collaborate is committed to maintaining the security of Personal Information (‘Personal Information’) provided to us. When you share Personal Information with us, we             treat it with care and take our responsibility to protect it seriously.

1.3 This Privacy Policy clearly describes our privacy practices and how we collect, use, process, and manage your Personal Information.

We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and the EU General Data Protection Regulation (‘GDPR’).

By subscribing to our App, you consent to the collection, use and storage of your data on this App through your use of our Services as described in this Privacy Policy.

Any reference to “Collaborate”, “CollaboratED”, “Collaborating clinics”, “we”, “our”, or “us” means Collaborating Clinic App (ABN 23 639 714 287). Any reference to “you, or “your” means you as a practitioner and subscriber (‘Subscriber’) to our App.

2) About the Collaborating clinics Apps and Services

2.1) Collaborate clinics is an easy to use subscription tool for practitioners to create custom questionnaire forms and collect data from patients using digital devices. Collaborate stores the forms complete with the data entry on the cloud as retrievable electronic health records that the practitioner can email or print. The App is used by practitioners to help reduce the waiting times of patients and to assist practitioners in collecting important patient information efficiently and securely.

2.2) CollaboratED is an easy to use subscription tool enabling practitioners to distribute Information Leaflets digitally. Administrators upload information leaflets to the app and can distribute information leaflets via text or email.

2.3) Administrators can authorise access to distributing staff. Administrators take full responsibility for the authorisation of distributors whom also gain access to distributing rights of the information leaflets.

2.4) Administrators take full responsibility in ensuring full rights to distribution of the information leaflets prior to  uploading to the CollaboratED app.

(collectively our ‘Services’)

2.5) To obtain access to our Services, you must register for a member account through our App (‘Subscriber Account’) and subscribe to our Services.

2.6) By registering for a Subscriber Account, you will be required to accept our Terms and Privacy Policy by clicking the “register” button in the user interface as a condition of joining as a subscriber (‘Subscriber’). By clicking the “register” button you agree to all the terms and conditions of our Terms and Privacy Policy listed on this App and website by Collaborating clinic which gives notice to you through our user interface as follows:

By Registering, you agree that you've read and accepted our website Terms and Conditions and you consent to our Privacy Policy. 

3. What Personal Information is collected

“Personal Information” is information or an opinion that can reasonably identify an individual (s 6(1) of the Privacy Act).

We receive and store Personal Information you provide to us through our business activities, provided to us through your use of and subscription to our App and the supply of our Services in connection with your clinic and business activities.

We may ask you to provide Personal Information such as your name, the name of your clinic or business, phone number, payment details such as your credit or debit card information, address and email address to enable us to provide you with our Services, provide you with subscription information, sales and marketing actions, process your subscription order, provide updates and to meet our contractual obligations.

We may collect additional data from Subscribers at other times, including but not limited to, when you provide feedback, when you provide data about your business affairs, change your content or email preference, respond to surveys and promotions, or communicate with our customer support.

Collaborate may also collect any other Personal Information you provide while interacting with us through the supply of our Services.

4) How we collect your Personal Information

Collaborate collects Personal Information from you in a variety of ways, including when you interact with us electronically or in person, when you access our App and when we provide our Services to you.

We may also receive Personal Information from third parties in connection with the supply of our Services. If we do, we will protect your Personal Information in accordance with this Privacy Policy.

5) How we use your Personal Information

Collaborate uses your Personal Information and you consent to us using your Personal Information to:

supply you with our App and Services in accordance with our Terms;

provide you with information and updates about our App and our Services;

communicate with you by a variety of measures including, but not limited to, by telephone, email, SMS or mail;

manage, research and develop our App and Services including through data analytics;

administer our business activities; and

investigate any complaints.

If you choose to withhold your Personal Information, it may not be possible for us to provide you with our Services or for you to access certain parts of our App and for us to respond to your query.

6) Legal basis in the European Union (EU) for the collection and processing of your Personal Data

“Personal Data” refers to any information relating to an identifiable natural person who can be identified directly or indirectly (‘Data Subject’) (Article 4).

The GDPR applies to the data processing activities of businesses with an establishment in the EU or where the processing activities relate to offering goods or services to individuals in the EU or monitor the behavior of individuals in the EU.

If you are an individual residing in the EU, we may collect and process Personal Data about you in accordance with the GDPR. A “Controller” says how and why personal data is processed and a “Processor” acts on behalf of the Controller by processing the data.

When you subscribe to our Services, we process Personal Data on your behalf as a Processor where you are the Controller and otherwise to the extent that we are a Controller as defined in the GDPR.

“Processing” means any operation or set of operations that is performed upon Personal Data or sets of Personal Data whether automated or not including for collection, recording, organisation, structuring, storage, adaption, or alteration, retrieval, consultation, use, disclosure by transmission or for dissemination.

As we are a Processor of Personal Data on your behalf as the Controller, we must provide you with the:

the legal basis for collecting Personal Data;

which items of Personal Data to collect;

the purposes the Personal Data is to be used for;

which individuals to collect Personal Data about;

whether to disclose the Personal Data and to whom;

whether Data Subject access and other rights apply;

how long to retain the Personal Data and whether to make amendments to the Personal Data.

The legal basis for which we collect Personal Data from you depends on the Services you use and how you use them. Collaborate will only collect and use your Personal Data on the following legal bases: under the Terms of our contract to provide you with our Services, when you give us your express consent to use and process Personal Data for a specific purpose, for the satisfaction of a legitimate interest or to comply with a legal obligation.

We will only otherwise collect your Personal Data with your express consent for a specific purpose and any Personal Data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

As a Processor, we process Personal Data in accordance with your documented instructions and we will not engage another processor without your prior specific and written consent. We will make available to you all information necessary to show our compliance with the GDPR including that we have taken appropriate security measures to protect the Personal Data in accordance with the GDPR. We will delete or return the Personal Data to you at the end of our Services in accordance with your explicit instructions.

We use the following methods and systems in accordance with the GDPR:

IT systems and devices used to collect Personal Data

Mobile devices running either iOS© or Android© software and online web services

How and where we store the Personal Data

3rd party services via “GoDaddy” <godaddy.com> and dotsquares cloud hosting <www.dotsquares.com>

Secure and encrypted Cloud server storage based in Australia

Security Details surrounding Personal Data

All data is encrypted from end to end utilising SSL certificates.

Confidential data is transferred via a double secure firewall enabled email server suitable for health data transfer.

Entered data is only accessible for the relevant practitioner with appropriate subscriber rights.

Password protection throughout to protect inappropriate data breach.

 

Means used to transfer Personal Data from us to you

Upon confirmation of identification data will be transferred via email. Other means such as registered delivery via post can be offered at a cost to the requestor.  

Means used to retrieve Personal Data about certain individuals

All central data can be filtered with relevant person specific details.

 

Retention of Personal Data (how long to retain the data)

Medical records are retained for as long as required by relevant national, state or territory government legislation. Generally, this means that inactive individual patient medical records should be kept until the patient has reached the age of 25 years or for a minimum of seven years from the time of last contact - whichever is the longer.

Means used to amend or delete Personal Data

Post request and identification data is cleared from the server as requested.

You consent to us collecting and processing Personal Data from you that is considered a “special category’ of Personal Data including Personal Data relating to a patient’s racial or ethnic origin, genetic data, data concerning health or data concerning a natural person’s sex life or sexual orientation (‘Sensitive Personal Data’).

You agree and understand that you have obtained the explicit consent of your patients for the collection, processing and cloud storage on this App of their Personal Data including any Sensitive Personal Data. We agree that we will not engage another processor to process this data and nor shall we use it for marketing, advertising purposes or for sale as mailing lists or other commercial uses.

In the event of a Personal Data breach including any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or process, we will report the breach to you without undue delay after becoming aware of the breach, and not later than 72 hours after the breach giving you a description of the nature of the breach.

Unless otherwise required by contractual obligation or any other legal basis, we only store your Personal Data while it remains necessary, or if the purpose of the processing could not reasonably be fulfilled by other means.

If you are under the age of 16, we request that you obtain and provide parental consent before using our App and Services as required by the GDPR.

The Personal Information rights of individuals under the GDPR

If you are an individual residing in the EU, you have certain rights as to how your Personal Information is being controlled and used.

We comply with your rights under the GDPR (subject to the grounds set out in the GDPR) that permit you:

to be informed as to how your Personal Information is being used;

to access your Personal Information and to know specifically what information is held about you and how it is processed, where and for what purpose (we will provide you a copy of your Personal Information in electronic format free of charge if requested);

to rectify your Personal Information if it is inaccurate or incomplete;

to erase your Personal Information (also known as 'the right to be forgotten') if you wish to delete or remove your Personal Information;

to restrict processing of your Personal Information;

to retain and reuse your Personal Information for your own purposes (Personal Information portability);

to object to your Personal Information being used; and

to object against automated decision making and profiling.

You can contact us any time to exercise your rights under the GDPR including as to:

request access to Personal Information that we hold about you;

to correct any Personal Information that we hold about you;

delete Personal Information that we hold about you; or

opt out of emails, marketing, and any other push notifications that you receive from us.

We may ask you to verify your identity before acting on any of your requests.

If you have any questions about Collaborating clinics collection and storage of data, please Contact us via the support page on our website located at <www.collaboratingclinics.com> or using the contact details provided below.

Disclosure of your Personal Information and Third Parties with access to it

We will only share your Personal Information where you have given us your consent, and only for the purposes described in this Privacy Policy.

We may disclose your Personal Information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy. Personal data is only supplied to a third party when it is required for the delivery of our Services.

We may share your Personal Information with third-party service providers to help us provide our services, and to provide you with a payment platform. Our third-party service providers may be located outside of Australia or outside of the EU.

When we disclose your data to third-party service providers we do so on the basis that your data is treated with confidence, and only used for the limited purpose of providing support to our App and services, and in manner consistent with this Privacy Policy.

We may from time to time need to disclose Personal Information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our Subscriber databases, together with any Personal Information and non-Personal Information contained in those databases.

International Data Transfers

We may store, process and transfer your data, including your Personal Information in countries other than the country you live in. Data transfer may occur in and between countries outside of Australia which may include but are not limited to the United States and Europe.

We only employ third-party data processors that are compliant with the GDPR requirements and that have sufficient security measures in place to protect and safeguard your data.

You may not have the same rights to protect your data in these countries as you do in Australia. Where your data has been transferred to a country abroad, it will be treated in accordance with the purposes described in this Privacy Policy.

For individuals in the European Economic Area (EEA), your data will be stored and processed in Australia which provides an adequate level of data protection. This mean that your personal data will be transferred from the EEA to Australia.

If your personal data is transferred from the EEA to a country or international organisation outside of Australia, we will ensure that we have approved transfer mechanisms in place to protect your Personal Information adequately (for example, by entering the European Commission’s Standard Contractual Clauses for data protection for data that is transferred internationally or ensuring the entity is Privacy Shield certified for data transfer to third parties based in the United States).

Security of your Personal Information

We are committed to ensuring that the data you provide to us is secure.

To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, such as encryption of Personal Information, to safeguard and secure data and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

Access to and how you can control your Personal Information

 You may request details of Personal Information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth).

If you would like a copy of your data or believe that your data is inaccurate, out of date, incomplete, irrelevant, please Contact us via the support page on our website located at <www.collaboratingclinics.com> or using the contact details provided below.

Third-party tools and cookies

We use technologies and third-party services that use Google Analytics, pixels, tags and web beacons (code snippets) on our App to improve user experience, the supply of our Services and to analyse how our App is used.

The information collected is mostly anonymous traffic data aside from the approximate location (IP address) and may include browser type, device information, and                    language. The information collection is in aggregate form so that it cannot identify any individual user and provides an overview of how people use our App. It is not used            for any additional purpose.

We may use cookies on our App. Cookies are very small files which a App uses to identify you when you come back to the App and to store details about your use of the App. In addition, cookies may be used to serve relevant ads to App visitors through third party services such as Google AdWords.

Links

Our App may from time to time have links to other sites not owned or controlled by us. Links to third party sites do not constitute sponsorship or endorsement or approval of these sites. Collaborate is not responsible for the privacy practices of other such sites.

Complaints about privacy

If you have any complaints about our privacy practices, please contact us. We take privacy seriously and will respond promptly to your notice.

Changes to this Privacy Policy

We may modify this Privacy Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our App or website.

Our contact details

You can contact us:

using the support section provide on our website located at <www.collaboratingclinics.com>;

by telephone, on the contact number published on the Collaborate or CollaboratED App or website; or

by email, using the email address published on the CollaboratED App or website (from time to time).

© 2021 Collaborate Medical App Pty Ltd. ALL RIGHTS RESERVED.