Privacy Policy

Learn how we safeguard your personal information and ensure data security.

1. We're here to help. Get in touch.

You can get in touch with us at any time about the way we handle and safeguard your information.

If you want to:

  • ask questions
  • update your information
  • update or delete your Heidi Platform account
  • change your user preferences 
  • register a concern
  • opt out of marketing 
  • anything else…

We're just a call or a few clicks away.

If you have any questions or complaints about how we handle your information you can get in touch with us at support@heidihealth.com

2. About us

As part of our service, we provide the Heidi Platform application (Platform) to qualified medical practitioners (including their relevant medical clinic) and other health professionals (Practitioners) for patients of Practitioners.

The Platform facilitates the delivery of healthcare services including by:

  • we, our or us – we mean Heidi Health Trading Pty Limited (ABN 84 649 783 871), and our related bodies corporate identified below at section 14.
  • ‍our services – we mean the provision of the Platform to you as a Practitioner and related services that we provide.
  • you - we mean you, the reader of this policy.
  • your information – we mean your personal information that you may share with us
  • privacy laws – we mean all privacy and data protection laws that apply to us when we handle your information, including applicable health information laws

3. What information do we collect?

We collect and hold the following categories of information, including personal information, health information, payment information, device information, and general information to help us improve our services.

When you access and use our website, Platform, or other services, we collect and hold the following main categories of information as detailed in the table below. The collection of extensive data sets, including device information, is crucial for enhancing user experience, optimizing service functionality, and ensuring robust security measures. We process such information based on legitimate interests—improving our services and maintaining security—and where applicable, through explicit consent, which is transparently obtained at the point of data collection. If you choose not to provide the requested information, it may impact our ability to deliver these services to you fully.

Additionally, we may collect other types of information from you to further tailor and secure our offerings, adhering to all requirements under all relevant regulations, ensuring transparency and giving you control over your personal data.

4. How do we collect your information?

We collect your personal information when you engage with us or from third parties.

In many instances, we collect personal information directly from you. Here are some of the main ways.

We may also collect information about you from our related companies, third party service providers and other organizations that we partner with. For example:

  • when you apply for a job or position with us, we may collect information about you from any recruitment consultant, your previous employers, referees, CV checking agencies or others who may be able to provide information to assist us with our decision; and
  • where you are a Practitioner, we may collect information about your qualifications, registrations, training and education background from third party sources, for purposes which include verifying your status as a qualified medical practitioner.

5. How do we use your information?

We use your personal information to enable us to deliver and improve our products and services.

We adhere to privacy by design principles by integrating data protection from the outset of designing our systems and business practices. Our measures include robust encryption, stringent access controls, and continuous threat monitoring. Privacy impact assessments are conducted regularly to ensure potential risks are identified and mitigated, ensuring data protection is a foundational aspect of our operations.

We implement rigorous de-identification techniques to ensure personal and health data are psuedonymized, stripping identifiable markers to prevent re-identification by unauthorised actors. These processes are reinforced by stringent security protocols, including multi-layered encryption and access controls, to safeguard the integrity and confidentiality of the de-identified data.

If we use personal information already collected in a manner different from that stated within this Privacy Policy, we will notify users via an updated information notice. This notice will inform you of the new use of the data and provide you with choices regarding its use.

Unless permitted or required by law, we won't use your health information without your consent.

6. How do we use your personal information for marketing, and how do you opt out?

You can opt-out at any time from our marketing communications.

We may send you direct marketing communications and information about our services or products. This may take the form of emails or other forms of communication. We'll always conduct our marketing practices in accordance with privacy laws and other applicable laws. 

If we do send you marketing messages using your information, you'll be able to opt out at any time – either by using the unsubscribe facility in the relevant message or by contacting us (it's easy – see section 1).

We may also market our services to you generally – including via social media, advertising through our website and other digital or non-digital platforms. We'll always do this in accordance with our legal requirements.

Without your consent, we will not: 

  • use any of your health information to send you marketing communications; or
  • disclose any of your information to a third party in order for them to market to you. 

7. Do we store or share information outside of your country? 

For Australian, UK, US, EU and Canadian users, your personal information is stored in your local jurisdiction

We understand the importance of data security and privacy and we're committed to safeguarding your information. We have implemented data localization solutions for customers located in Australia, UK, US, the EU and Canada. Please note that some functionalities of our Platform depend on third-party services, whose servers may be located outside of your jurisdiction. This however does not include sensitive or identifiable health information. Whenever these third-party services are utilized, we ensure that data processing agreements are entered into. These agreements are crucial as they enforce compliance with data protection standards and legal requirements, safeguarding your personal information from unauthorized use or disclosure. This contractual measure helps maintain the integrity and confidentiality of your data while enabling us to provide enhanced functionality through external services. 

8. Who do we share your information with?

We may share your personal information with our other partners and for other reasons we tell you about in this policy, on our website, on our Platform or where we otherwise communicate this to you.

We may share your personal information with:

  • our employees and related companies;
  • third party suppliers and service providers (including providers for the operation of our Platform, websites and/or our business);
  • professional advisers, dealers and agents;
  • payment systems operators (eg, merchants receiving card payments); 
  • anyone to whom our assets or businesses (or any part of them) are transferred;
  • specific third parties authorized by you to receive information held by us, and other parties involved in the delivery of healthcare services; and/or
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorized or permitted by law.

9. Using our website and Platform 

We use cookies on our website to track your website usage and remember your preferences

Our website includes pages that use cookies which are small files that store information on your computer, mobile phone or other device. We may use them to recognize you across devices and browsing sessions.

You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. If you refuse the use of cookies in this way you may not be able to access the full functionality of our website. Please refer to your internet browser’s instructions or help screens to learn more about these functions.

We may also use third party analytics tools to help us gather and analyze information relating to your use of our website and Platform.

10. How do we protect your information?

We take a number of measures to keep your information safe. 

We generally hold personal information in our electronic databases. Our website and Platform and our working environment are built with integrated physical, electronic and managerial processes designed to safeguard your information and protect it from misuse, interference loss and unauthorized access, modification or disclosure. Here are some of the key things we do to protect your information.

11. What are your rights in relation to your information?

You have rights in relation to your personal information. You can contact us to exercise any of your rights in relation to your information.

Here are the things you can ask us to do in relation to your information at any time while you use our website, Platform or other services.

When you contact us regarding a request for access, correction, erasure, or to make a complaint, or if you wish to object to processing, withdraw consent, or request data portability, please include your name and contact details (such as email address and phone number) and clearly describe your request. We are committed to addressing your inquiries promptly and will acknowledge receipt of your correspondence swiftly. We aim to formally respond to all requests within 30 days. If we are unable to fulfill your request due to legal or other reasons, we will explain why. Verification of your identity may be required to protect your information and ensure it is not disclosed improperly.

If you are not satisfied with how we handle your query or manage your information, including our response to your requests, you have the right to lodge a complaint with your relevant Information Commissioner's Office. Additionally, for detailed information on how to exercise your rights under the UKGDPR, including requests for data portability, please refer to our GDPR Compliance Policy. This policy provides comprehensive guidelines on how you can manage your data, including how to withdraw consent effectively.

12. Employees

If you are a current or former employee and you have any questions in relation to our handling of your personal information, please contact us at hello@heidihealth.com

13. Changes to this policy

If we need to change this policy in a way that affects the way we handle your information, if you use our Platform, you'll receive an alert from us. We will also publish the changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

14. Related companies

Heidi Health Trading ABN (84 649 783 871) is located at Level 5, 24-26 Cubitt St, Cremorne VIC 3121. You can contact us via email at hello@heidihealth.com If you have any questions regarding privacy or security, please contact us via email at support@heidihealth.com

We are related to Oscer Enterprises Pty Limited (Incorporated in Australia), Heidi Health Corp (Incorporated in the State of Delaware, United States) and Heidi Health Ltd (Incorporated in the United Kingdom).

We may disclose your personal information to our related companies, including as set out in this policy. If we do disclose your personal information to our related companies they may use your information in accordance with this policy. If you access the services of our related companies, you should also consider their privacy policy as it may be different to this policy.

15. Find out more

You can find out more about the various privacy laws and other rules, regulations and standards we've mentioned in this policy by visiting the website of the Office of the Australian Information Commissioner, Office of the Information Commissioner Canada, UK Information Commissioners Office or relevant the U.S. Department of Health & Human Services Office for Civil Rights or equivalent state based Information Commissioner.

Effective: October 2024