We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of the Personal Information you provide us.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information you may provide us while using SimpleClinic include:
- your name, address, email address, phone numbers.
This Personal Information is obtained when you as a patient accesses our public pages and provides personal information to us as part of an online booking, form submission, or invoice payment.
The Personal Information we collect from you is collected as part of us providing our services to your healthcare practitioner, our registered user, and is used purely in the provision of services to your healthcare practitioner. Personal Information you provide us is not used for our own marketing, or advertising purposes.
Personal Information you provide using public elements of our platform, such as online booking, form submission, or invoice payment, may be used for capacity planning purposes. The information used for this purpose is restricted to technical information and includes: the method of connection to the internet, device type, screen dimensions, operating system, and browser details. This information is anonymised and not linked directly to your patient record in SimpleClinic.
Sensitive Information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive Information you may provide us with while using the SimpleClinic platform include:
- your health history information.
Your healthcare practitioner may also provide Sensitive Information about you while providing their services to you.
The Sensitive Information provided by you, or your healthcare practitioner, is used only for the provision of our services to your healthcare practitioner.
Personal Information and Sensitive Information stored within SimpleClinic is collected from you as a patient or your healthcare practitioner.
We do not collect Personal Information or Sensitive Information about your patients from third parties.
Disclosure of Personal Information and Sensitive Information
The Personal Information you store within SimpleClinic may be disclosed in a number of circumstances including the following:
- Third parties where your healthcare practitioner has chosen to integration with third party services. These include: payment gateway providers, email service provides, financial and accounting providers (Xero), our upstream communications providers (Mailgun, Twilio, and FoneDynamics), and external calendar providers (Cronofy, Google, Apple, Microsoft).
- In certain circumstances we may also be required by law to disclose the Personal Information you have provided to us.
Security of Personal Information and Sensitive Information
The Personal Information you provide while using SimpleClinic is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. We utilise a number of safeguards to protect Personal Information including:
- Username and password access to the SimpleClinic platform.
- Encryption of all Sensitive Information at rest using AES-256 bit encryption.
- Encryption of all Sensitive Information in transit using 256 bit SSL encryption.
- Encryption of all Personal Information in transit using 256 bit SSL encryption.
- Access logging and auditing of requests to access and modify Personal Information and Sensitive Information.
- Firewall and IP traffic monitoring for suspicious or malicious traffic.
When the Personal Information and Sensitive Information you, or your healthcare practitioner, provided us with is no longer needed for our provision of services to our registered user, we will take reasonable steps to destroy or permanently de-identify your Personal Information and Sensitive Information.
Access to your Personal Information and Sensitive Information
To access the Personal Information and Sensitive Information you, or your healthcare practitioner, have provided us with contact your healthcare practitioner.
Disposal of your Personal Information and Sensitive Information
When the Personal Information and Sensitive Information you provided us with is no longer needed for our provision of services to your healthcare practitioner, we will take reasonable steps to destroy or permanently de-identify your Personal Information and Sensitive Information.
After termination of your healthcare practitioners services with SimpleClinic the Personal Information and Sensitive Information you have provided us is removed from our production environment within 90 days. Personal Information and Sensitive Information may still be stored in secured and encrypted backups until a full backup rotation has occurred. This may take up to 12 months after your account termination.
SimpleClinic utilises cookies on our public pages. When you consent to cookies we use these to do the following:
- Deliver our core services to you including online booking, forms, invoice payments etc.
- Monitor page performance and network capacity.
We do not utilise cookies for marketing or advertising purposes.
This Policy may change from time to time and is available by emailing email@example.com
65 Grand Plaza Drive
Browns Plains QLD 4118
(07) 3040 0385