Humanetix Privacy Policy

Version: V1.0
Release date: April 2023

Introduction

This is the privacy policy of Humanetix Pty Ltd (ABN: 58 147 390 056).

This privacy policy describes:
■ sources of the information we hold;
■ the types of personal information we hold;
■ how we use that personal information;
■ under which circumstances we may disclose that information;
■ how that personal information is kept secure;
■ how you may ask us to update or correct your personal information;
■ your rights; and
■ how to contact us.

We provide a software platform to hospitals, aged care homes, community care homes and similar facilities (each a Care Provider). The software platform allows Care Providers to manage and optimise workflows tailored to their work environment (Platform). We will collect, hold, store and/or manage personal information collected and/or held by us in accordance with the Privacy Act 1988 (Cth) (Act) and this privacy policy.

Sources of Information

There are two sources of information we hold.

First:

■ Care Providers collect information from and about persons:
– to whom they are providing services (Direct Care Recipients); and
– who have a relationship to a Direct Care Recipient e.g. family members and guardians (Indirect Care Recipients).
■ Some of that information may be stored by that Care Provider on our Platform.
Note: A Care Provider, storing information on our Platform, promises us that such information has been collected lawfully and in accordance with its privacy policy.

Second:
■ We collect information from persons with whom we interact, including from visitors to our Platform and our website about their browsing session.
■ Information collected by us may include personal information.

Types of Personal Information

Personal information held by us will include:
■ Personal information of a general nature:
– such as name, address, e-mail address, and telephone number; and
– Platform and website browsing information (such as information about browser type, Internet Protocol address, language setting, referring site, any additional websites visited together with the date and time of each visit),(General Personal Information); and
■ Personal information that comprises clinical or care data (and is classified as sensitive information under the Act) including information about:
– an illness, disability or injury suffered or sustained by a Direct Care Recipient;
– the treatment and/or care delivered or to be delivered to a Direct Care Recipient;
– the expressed wishes about the future provision of health services to a Direct Care Recipient;
– genetic information about a Direct Care Recipient that could be predictive of the health of that person or a genetic relative of that person
(Specific Personal Information)

Use of Personal Information

Personal Information will be used by us primarily for the following purposes:
■ to enable our Platform and website (including any underlying machine learning algorithms) to function as intended;
■ to verify identity and determine eligibility to access and use our Platform;
■ to provide technical and operational support;
■ to monitor usage of our website and our Platform;
■ to facilitate communication (between us and those with whom we interact);
■ to improve the operation and functionality of our Platform;
■ to undertake research on an anonymised basis; and
■ to meet legal, contractual or regulatory obligations;
■ to provide communications about our services, including new Platform features/upgrades and Platform maintenance;
■ to respond to questions, requests or instructions; and
■ for our internal operational, record keeping or administrative purposes.Specific Personal Information stored on our Platform will be accessed and used by the applicable Care Provider responsible for the applicable Direct Care Recipient or Indirect Care Recipient.

Disclosure

Personal information held by us may be disclosed by us to:
■ Our suppliers - where necessary or desirable to allow them, (only to the extent necessary) to provide services to us to enable the continued operation and/or maintain our Platform;
■ Those who work for us (whether as an employee, contractor or officer) only to the extent to enable them to perform their role in our organisation;
■ Our related bodies corporate;
■ Any entity with which we merge (or proposed to merge) or by which we are acquired (or proposed to be acquired); or
■ Any relevant government authority or other person where required or permitted by any law.We will permit use of your personal information (including Specific Personal information) stored on our Platform by the Care Provider who stored it on our Platform.

Note:
■ A Care Provider’s access and use of your personal information (including Specific Personal information), stored on our Platform by them, is governed by their privacy policy and the Act.
■ A Care Provider will generally provide some or all of their staff with access to Specific Personal Information for the purposes of providing services to you.
■ A Care Provider may also share Specific Personal Information with a third party. If you would like to find out more about data sharing by a Care Provider, please contact the Care Provider directly or refer to its privacy policy.

Tracking and Analytics

We may use cookies or web beacons on our Platform and website.

Cookies are small pieces of information that are stored by your browser on your computer’s hard drive, and they are used to record how you navigate our Platform or website when you visit.

Cookies that are used in any part of our Platform and/or website will not be utilised for collecting personally identifiable information and will only be used for internal management purposes.

Most browsers automatically accept cookies, but you can usually change your browser to prevent cookies being stored. Please note, if you do turn cookies off, this will limit the functionality of our Platform and website.

We may use products/services (such as Google Analytics) to collect, review and analyse the audience statistics relating to our social media engagement and the operation of our Platform or website.

Storage and Security

Our website and SaaS products are hosted in the cloud from a location in Australia operated by a service provider pursuant to terms under which the service provider takes responsibility for the physical and electronic security of its environment.

We have also implemented our own measures to secure personal information held by us, including:
■ Our software applications use secure-HTTP for all communication between client applications and back-end;
■ Access to our cloud-hosted software applications can be restricted to particular IP addresses on request;
■ We offer our customers the ability to access our products via a VPN;
■ Offering appropriate role-based access control mechanisms within our products where applicable; on some product tiers those access control mechanisms can be customised according to our customer needs;
■ User identification is stored separately within the software applications; and
■ Where a product stores information about care recipients, the care recipient identification is stored separately within the software applications where possible.We require our customers to take responsibility for the following:
■ Controlling the use of devices through which relevant data is transmitted;
■ Setting and enforcing policies for strong authentication factors;
■ Educating users about the importance of information security;
■ Mitigating the risk of loss or damage to their devices;
■ The security of their corporate networks (whether wired or wireless); and
■ Ensuring effective malware detection and removal measures are in place for all client devices.

Direct Marketing

We do not and will not use personal information, stored on our Platform by Care Providers, for any marketing.

We may use information we collected about our customers to notify them of services that we offer from time to time but will allow them to opt out at any time.

We do not provide personal information to any other person for the purpose of direct marketing.

Changes to Privacy Policy
We may modify this privacy policy at any time, at our sole discretion.
Any modifications will be effective immediately upon our posting of the modifications on our website and/or our Platform.

Updating and Correcting

To access, update or correct your personal information that we hold:
■ If you are a Direct or Indirect Care Recipient, please refer to the privacy policy of the applicable Care Provider and contact them, as we will not be able to assist; and
■ In other cases, please email us at privacy@humanetix.com.au. We will assist our Care Providers to meet their obligations under the Act where your personal data is stored on our Platform.

Right of Access

If you are a person who has provided your personal information:
■ To us directly - you have the right to request access to that personal information; and may contact us to do so.
■ To one of our Care Providers - you have the right to request access to that personal information and should contact the applicable Care Provider to do so.

You will need to prove your identity before access can be granted. We will assist our Care Providers to meet their obligations to you under the Act where your personal data has been stored by it on our Platform.

Contacting Us

If:
■ You are not satisfied with a response you have received from one of our Care Providers;
■ You would like any further information about our management of personal information we have collected from you; or
■ You have any questions or comments about our privacy policy, please contact us — either by email at privacy@humanetix.com.au or by phone on 1300 727 048.

++++++++++++
If you have a complaint in relation to the management of your personal information, you can contact the Privacy Commissioner at https://www.oaic.gov.au/privacy/privacy-complaints.

You can also view a copy of this statement on our website at www.humanetix.com.au/privacy.