Piccolo Health Pty Ltd ACN 641 565 031
We collect Personal Information in the ordinary course of our business, which is the provision of goods and services relating to our echocardiography reporting platform. Personal Information is collected when you:
The types of Personal Information we collect include:
Where you contact us on behalf of your employer, the information you provide often contains information about your employment, position and employers contact details. In those circumstances, certain employment information is collected.
We collect your Personal Information for the primary purpose of providing our goods and services to you. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
Examples of when we may use your Personal Information include:
Where you provide us with consent to do so (e.g. if you have subscribed to our email lists or have indicated that you are interested in receiving offers or information from us), we may send you marketing communications by email about products and services that we feel may be of interest to you.
We (or an appointed third party) may also conduct surveys or market research and may seek other information from you on a periodic basis. These surveys will provide us with information that allows improvement in the type, quality and the manner in which our goods and services are offered to you.
You can opt-out of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
The data we collect may have analytical value to us, our business partners and our related entities. We reserve the right to process, distribute or sell information we collect through our services. However, we will only distribute data which has been de-identified or otherwise to our associates in accordance with this Policy.
Cookies are small text files that are placed on your computer by the websites you visit. They are processed and stored by your web browser. When you visit a website or engage with a business through social media, certain information is collected by cookies. This is generally anonymous information and it does not reveal your identity. In and of themselves, cookies are harmless and serve crucial functions. They are widely used in order to make websites work more efficiently and improve the user experience, as well as to provide information about the use of a website.
By storing and using information about your use of our website, including preferences and habits, we are able to make your visit to our website more productive. For example, some cookies remember your language or preferences so that you do not have to repeatedly make these choices.
Generally, we store your Personal Information using secure servers protected from unauthorised access, modification and disclosure. However, like most businesses, we hold some information on our staff’s computers (such as emails from you) and where necessary as hard copy files (such as printed invoices).
Our systems are located in Australia and Singapore, where we make use of Google’s Cloud Healthcare API. Google’s Cloud Healthcare API boasts it is backed by Google Cloud’s privacy and security features, supports HIPAA compliance, and is in scope for Google Cloud’s ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018 certifications. In addition, Google Cloud claims to be HITRUST CSF certified. Further information about Google’s Healthcare solutions can be reviewed at https://cloud.google.com/healthcare.
Our systems are managed by us, Google and a number of smaller service providers who perform discrete tasks such as pdf conversions and deal with other administrative tasks. Personal Information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption (such as SSL) where appropriate.
In our dealings with third party service providers, we take care to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
We retain your Personal Information for as long as is necessary to provide our goods and services to you, as required for our internal business operations, and to comply with our legal obligations.
If we hold Personal Information about you, and we do not need that information for any purpose, we will take reasonable steps to destroy or de-identify that information, in accordance with the Australian Privacy Principles (APP), unless we are prevented from doing so by law.
Under Australian law, financial records, such as those relating to financial transactions, must be retained for 7 years after the transactions associated with those records are completed.
Your Personal Information may be disclosed to:
We will not disclose your Personal Information other than in accordance with this Policy without your consent.
We may disclose your Personal Information to third party contractors, service providers and suppliers with whom we have a business association who operate in Singapore and France.
While we do not otherwise actively disclose your Personal Information to overseas entities, our engagement of service providers, such as those who operate cloud services, may have international data centres and disaster recovery sites. Consequently, these providers may have access to your information offshore. We rely solely on reputable organisations for such cloud services.
If you contact us with a general enquiry, we may interact with you anonymously or through the use of pseudonyms. However, you are required to provide true and accurate details when requesting the supply of goods or provision of services. You agree you will provide accurate information if we require it.
We endeavour to only hold Personal Information that is accurate, complete and up-to-date. You have the right to make a request to access Personal Information which we hold about you and to request corrections of any errors in that data. To make an access or correction request, contact us using the contact details provided at the end of this Policy.
If you have an account with us, you can access some of the Personal Information that we collect about you. By logging into your account, you can update or correct certain information.
In order to protect your Personal Information, when you contact us, we may require identification from you before releasing the requested information or making the correction.
Your privacy is important to us. If you have any complaints, concerns or questions about our handling of your Personal Information, we ask that you first contact our privacy officer whose contact details are listed below. We will investigate your complaint and reply to you in writing if you provide us with contact details and request us to do so.
Post: Suite 12, Gold Coast Private Hospital, 14 Hill St, Southport 4215
If, after we have conducted our investigations you are still not satisfied, then we ask you to consult with the Office of the Australian Information Commissioner:
Telephone: 1300 363 992 (from overseas +61 2 9284 9749)
Post: GPO Box 5218 Sydney NSW 2001
We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on this page.
This policy was last updated on 23 September 2020.