We align with both the Australian Privacy Principles (APPs) and New Zealand Information Privacy Principles (NZ IPPs), ensuring we respect and protect individual privacy rights in both countries through compliant handling of personal information

Try Heidi - it’s free
Heidi Compliance Hero Image

Secure your customers' health data

White dots
Open and Transparent Management of Personal Information

We manage personal information in an open and transparent way. This includes having a clearly defined privacy policy that outlines how we collect, use, disclose, and store personal information.

Anonymity and Pseudonymity

Wherever practicable, we give individuals the option of not identifying themselves, or using a pseudonym, when dealing with us.

Collection of Solicited Personal Information

We only collect personal information that is reasonably necessary for our functions or activities. We do so by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.

Dealing with Unsolicited Personal Information

If we receive personal information that we did not solicit, we determine whether we could have lawfully collected that information. If not, we destroy or de-identify it, as appropriate.

Notification of the Collection of Personal Information

At or before the time of collection, or as soon thereafter as practicable, we notify individuals about the collection of their personal information, including the purposes of collection, the types of organisations to which we may disclose the information, and any relevant consequences if the information is not provided.

Use or Disclosure of Personal Information

We only use or disclose personal information for the purpose for which it was collected, unless the individual consents to other uses or disclosures, or certain exceptions apply as provided by the Privacy Act.

Direct Marketing

We comply with the APPs’ specific provisions regarding direct marketing, ensuring individuals can opt-out of receiving direct marketing communications from us.

Cross-Border Disclosure of Personal Information

Before disclosing personal information to overseas recipients, we take reasonable steps to ensure that the overseas recipients do not breach the APPs in relation to the information.

Adoption, Use or Disclosure of Government Related Identifiers

We do not use government-related identifiers as our own identifiers of individuals and only use or disclose them as required by law or specified in the APPs.

Quality of Personal Information

We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete. Similarly, we ensure that the personal information we use or disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete, and relevant.

Security of Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. We also have procedures in place to destroy or de-identify personal information when it is no longer needed for any lawful purpose.

Access to and Correction of Personal Information

We provide individuals with access to their personal information and allow them to request the correction of their personal information to ensure it is accurate, up-to-date, complete, relevant, and not misleading.

Locally hosted data

We prioritise data sovereignty by ensuring all our data is locally hosted within Australia. This practice enhances data security and speeds, while also ensuring compliance with Australian data protection regulations.