PracticeMate Pty Ltd (ABN 34 697 882 278), ("we", "us", "our") takes privacy seriously. This policy explains what personal information we collect, why we collect it, who we share it with, and your rights over it.
We handle personal information in line with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
1. The most important thing to know
PracticeMate does not permanently store demographic or clinical data. We only permanently store metadata and user information. That means we never see or hold patient medical notes, diagnoses, prescriptions, test results or images. Due to the flexibility of our reporting system, PracticeMate does extract and make temporarily available to you the data which you instruct it to. These reports are stored and available for no more than 48 hours after generation.
2. Metadata
Metadata is data about data and we use this to provide functionality and to log our actions.
The Metadata we store permanently is limited to:
Patient ID
Location ID and name
Provider ID and name
Appointment type ID and name
3. Personal information we collect about you (our customer)
When you sign up and use PracticeMate as a practice or user, we collect:
- your name, email address, phone number and optionally your role and profile image;
- your practice details, including ABN, address and contact information, BPS number, Halo GUID;
- login credentials and authentication data;
- billing details (we use a third-party payment processor, so we don't store full card numbers);
- any messages, feedback or support requests you send us; and
- technical information about how you use the service.
5. How we collect personal information
We collect personal information:
- directly from you when you sign up, use the product, or contact us;
- from your authorised users when they create or update records;
- automatically when you use the service (for example, log data and analytics).
6. Why we collect it
We use personal information to:
- provide, maintain and improve PracticeMate;
- set up and manage your account;
- process payments and send invoices;
- provide customer support;
- send you important service messages (for example, security or billing notifications);
- send you product updates and marketing, where you have consented or it is otherwise permitted (you can opt out at any time);
- understand how the product is used so we can improve it; and
- meet our legal and regulatory obligations.
7. Who we share it with
We share personal information only when we need to. The main categories are:
- our trusted service providers who deliver hosting, email, analytics and payment processing under contracts that require them to protect your information;
- government or regulatory bodies where the law requires it.
We do not and will never sell any of your information.
8. Where your information is stored
We host PracticeMate on cloud infrastructure located in Australia where possible. Some of our service providers may store ephemerally or process data overseas. When that happens, we take reasonable steps to make sure your information is handled in line with the APPs.
9. How we protect it
We use a range of physical, technical and organisational measures to protect personal information, including:
- encryption in transit (TLS) and at rest;
- role-based access controls and multi-factor authentication for staff;
- regular security testing and monitoring;
- staff training and confidentiality obligations; and
- an incident response process that includes notifying you and, where required, the Office of the Australian Information Commissioner (OAIC) if there is an eligible data breach.
No system is ever 100% secure, but we take security seriously and continually improve it.
10. How long we keep it
We keep personal information for as long as we need it to provide the service to you, and to meet our legal, accounting or reporting obligations. When you cancel your account, we keep your data available for export for at least 30 days, then we delete or de-identify it from our active systems. Information may remain in routine backups for a limited period until those backups cycle out.
11. Big Data
We will never provide your data to a 3rd party. We may use metadata resulting from your use of the system to measure the system for things like performance or impact.
12. Cookies and analytics
Our website and system use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the system is used. You can control cookies through your browser settings, but turning them off may stop parts of the service from working optimally.
12. Your rights
You can:
- ask us what personal information we hold about you;
- ask us to correct information that is wrong or out of date;
- ask us to delete information, where we are not required to keep it;
- opt out of marketing at any time; and
- make a privacy complaint (see below).
To make a request, email info@practicemate.com.au. We will respond within a reasonable time, usually within 7 days.
13. Complaints
If you think we have mishandled your personal information, please tell us first by emailing info@practicemate.com.au. We take complaints seriously and will work with you to resolve them.
If you are not happy with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or on 1300 363 992.
14. Changes to this policy
We may update this policy from time to time. If we make material changes, we will let you know by email or through the product. The latest version will always be available on our website.
15. Contact us
If you have any questions about this policy, please get in touch:
PracticeMate Pty Ltd
Email: info@practicemate.com.au
Postal: C/O Building 3 Unit 6, 205 Leitchs Road Brendale QLD 4500 Australia