1.1. Nimblic Pty Ltd ABN 85 600 466 091 (we, us or our) provides the Medtasker web & mobile suite of tools (Medtasker) to allow medical practitioners and administration staff (Practitioners or Users) to manage, monitor, create and edit records, report, and communicate in relation to the care and treatment of patients (Patients).
1.2. In order to achieve the above requires Practitioners to upload, create, store and edit electronic health records on the Personal and Health Information of the Patient (EHR) to Medtasker.
1.3. We have adopted this Privacy Policy to ensure that we have standards in place to protect the Personal Information that we collect about individuals that is necessary and incidental to:1.4. This Privacy Policy follows the standards of the Australian Privacy Principles set by the Australian Government for the handling of Personal Information under the Privacy Act 1988 (Cth) (Privacy Act).
1.5. By publishing this Privacy Policy we aim to make it easy for our customers and the public to understand what Personal Information we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their Personal Information in our possession.
2.1. Our Privacy Policy deals with how we handle both “personal information” and “health information” as those terms are defined in the Privacy Act (and together referred to in this Privacy Policy as Personal Information).
2.2. We handle Personal Information of adults and children in our own right and also for and on behalf of our customers and users.
2.3. Our Privacy Policy does not apply to information we collect about businesses or companies, however it does apply to information about the people in those businesses or companies which we store.
2.4. The Privacy Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
2.5. If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that:3.2. We may collect other Personal Information about an individual, which we will maintain in accordance with this Privacy Policy.
3.3. We may also collect non-Personal Information about an individual such as information regarding their computer, network and browser. This may include their IP address. Where non-Personal Information is collected the Australian Privacy Principles do not apply.
4.2. Due to the nature of Medtasker, it is not practical for us to notify all the individuals on whom Practitioners have supplied us with health information. In such cases the Practitioner is responsible to have done so in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind them.
4.3. Notwithstanding 4.2, as there are many circumstances in which we may collect information both electronically and physically, we will endeavour where appropriate to ensure that an individual is always aware of when their Personal Information is being collected.
4.4. Where we obtain Personal Information without an individual’s knowledge we will either delete/destroy the information once the Practitioner ceases using Medtasker (or as soon as practicable where we received the Personal Information by other means), or inform the individual that we hold such information, in accordance with the Australian Privacy Principles.
5.1. The primary reason Personal Information is used or disclosed is to share EHRs with Practitioners. We will never use Personal Information in Medtasker for any other purpose than making the individual’s EHR available to authorised Practitioners. We will never use the information in an EHR for any marketing or commercial purposes, and we maintain all Health Information in the strictest confidence.
5.2. In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected unless we have the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
5.3. We will retain Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
5.4. It is necessary for us to disclose an individual’s Personal Information to third parties in a manner compliant with the Australian Privacy Principles in the course of our business, which includes:5.5. We will not disclose or sell an individual’s Personal Information to unrelated third parties under any circumstances.
5.6. Information is used to enable us to operate our business, especially as it relates to an individual. This may include:5.8. We will not disclose an individual’s Personal Information to any entity outside of Australia that is in a jurisdiction that does not have a similar regime to the Australian Privacy Principles or an implemented and enforceable privacy policy similar to this Privacy Policy. We will take reasonable steps to ensure that any disclosure to an entity outside of Australia will not be made until that entity has agreed in writing with us to safeguard Personal Information as we do.
5.9. We may utilise third-pay service providers (such as Gmail from Google, Inc., and MailChimp from The Rocket Science Group LLC) to communicate with an individual and to store Personal Information about them. These service providers are located in the United States of America.
7.1. We may appoint a Privacy Officer to oversee the management of this Privacy Policy and compliance with the Australian Privacy Principles and the Privacy Act. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.
7.2. We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
7.3. A primary function of Medtasker is to enable authorised practitioners to manage patient records. To do this requires the creation of an EHR. Medtasker requires that Practitioners have a compliant privacy policy in place. The Practitioner may use or copy the Personal Information in an HER in accordance with their own privacy policy.
7.4. Medtasker uses SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
7.5. We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
7.6. If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
7.7. We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
8.1. Users of Medtasker can update their Personal Information from within Medtasker.
8.2. Subject to the Australian Privacy Principles, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information within 28 days of receiving their written request.
8.3. If an individual cannot update its own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.
8.4. It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
8.5. We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.
9.1. If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.
9.2. If we have a dispute regarding an individual’s Personal Information, we both must first attempt to resolve the issue directly between us.
9.3. If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
10.1. From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
11.1. All correspondence with regards to privacy should be addressed to:
The Privacy Officer
Nimblic Pty Ltd
Suite 4B, 104 Johnston Street
Fitzroy VIC, 3065
Australia
[email protected]
You may contact the Privacy Officer by email in the first instance.
12.1. If we decide to change this Privacy Policy, we will post the changes on our webpage at https://medtasker.com/privacy/app-privacy-policy.html. Please refer back to this Privacy Policy to review any amendments.
12.2. We may do things in addition to what is stated in this Privacy Policy to comply with the Australian Privacy Principles, and nothing in this Privacy Policy shall deem us to have not complied with the Australian Privacy Principles.