Your information, as a subscriber of Prac2Pro software, is stored electronically and securely. No payment details are retained, and all purchasing information is done third-party via secure site, MoonClerk. Information about your clinic, practises and business are kept confidential, and only shared with third-party businesses providing contracting services to Prac2Pro in order to complete the integration of your software onto your website, where applicable. All information relating to your business is promptly destroyed after integration.
STATE OF HEALTH RESULTS
The clinic that the questionnaire is completed through will also receive a copy of the results submitted through the Prac2Pro software, as will the customer completing the State of Health questionnaire. It is the responsibility of the health professional receiving a copy of the results to securely store them, in accordance with governing Privacy Acts which the health professional should already be complying with in the practise of receiving sensitive health information. Prac2Pro is not responsible for any breaches you, as a health professional, may be committing by receiving sensitive health information which is not in accordance with governing Privacy Acts in your state and country. For further information about governing Privacy Acts in your area, please contact your local government.
Last updated: February 2019
We know how important security and privacy is to you. They are at the heart of Prac2Pro and as such we strive to make things as safe and clear as possible for everyone involved.
a) the Privacy Act 1988 (Cth, Australia);
b) (b) the Privacy Act 1993 (New Zealand);
c) the Personal Data Protection and Electronic Documents Act, SC 2000, c5 (federal, Canada);
d) the Personal Data Protection Act (Alberta, Canada);
e) the Personal Data Protection Act (British Columbia, Canada);
f) all applicable United States federal and state privacy laws, including, but not limited to, the California Online Privacy Protection Act (CalOPPA), Early Learning Personal Data Protection Act (ELPIPA);
g) the General Data Protection Regulation (EU);
h) the Data Protection Act 2018 (UK);
i) any other applicable privacy legislation.
(the above collectively referred to as “Data Protection Laws”)
3. Collection of Personal Data
We may collect the following categories of Personal Data in in the following situations:
(a) Personal Data you voluntarily provide to us:
This includes Personal Data provided by the User directly via the State of Health software in the form of a questionnaire, when you enter information into the State of Health software you are voluntarily giving us the Personal Data that we collect.
Categories of Personal Data: The Personal Data we may collect includes your name, age, weight, physical address, email address, phone number, sensitive medical information, feedback and suggestions for the Service.
(b) Our email marketing list: The business, whose site is providing you access to the State of Health software, may use your name, email address and contact number, if provided, to contact you for marketing purposes.
Categories of Personal Data: The Personal Data we may collect includes your IP address, your operating system, your browser ID, time, date, your interaction with the Service.
(c) Statistical information: We may collect statistical (non-personal) information about your use of the Service to improve the features and overall user experience. This may include statistical information such as pages accessed on the Service, search terms, links that are clicked on, and Service visit times, browsers and operating systems, IP address, and cookies.
(d) Cookies and tracking: We may use various technologies to collect and store information when you use our Service, and this may include using cookies and similar tracking technologies.
4. Use of Personal Data
We process Personal Data for the following purposes:
(a) to provide a personalised service that assists businesses, whose site is providing you access to the State of Health software, to more effectively provide you helpful educational information and share their products or services which may be of assistance to you;
(b) to respond to enquiries, feedback or complaints received from you;
(c) to analyse and evaluate our User’s use of the Service.
(e) to enable the business who is providing you with our Service the ability to directly market to you (including by email, post, other means, or through functionality within the Service);
(f) on an aggregated non-identifiable basis, to:
(i) help Prac2Pro understand its market position;
(ii) assist with marketing our Service to others, including in respect of any online advertising; and
(iii) deliver a statistical result to help with general Prac2Pro announcements;
(iv) analyse and create statistical information, including reports, regarding health trends pursuant to the sensitive medical information collected
(g) to protect our legal interests and fulfil our regulatory obligations (if and to the extent necessary);
(h) in other circumstances, provided we comply with applicable Data Protection Laws.
5. Lawful Basis for Processing
Performance of a contract: You acknowledge and agree that the processing identified below is necessary for the performance of a contract to which the Personal Data is central.
(a) to manage and deliver the Service; and
(b) to manage any disputes (including disputes over invoices or delivery of Service).
6. Direct marketing
All those with whom we interact have the option to opt-out of receiving direct marketing communications from the business whose site is providing you access to the State of Health software. If you do not wish to continue to receive direct marketing communications from them, you should contact the clinic offering our Service.
7. Retention and deletion of Personal Data
We will retain your Personal Data for as long as Prac2Pro needs to provide you with our Service.
We take steps to regularly destroy Personal Data, however we may:
(a) in some cases, retain a copy of your Personal Data to comply with our legal obligations, resolve disputes, enforce our agreements and to comply with our trust and safety obligations. Personal Data retained for this purpose will be archived and stored in a secure manner and will not be accessed unless required for any of these reasons; and
(b) retain Personal Data in an aggregated, de-identified or otherwise anonymous form, such that there is no reliable way of identifying you from the information.
(c) retain Personal Data in order to create statistical information, including reports, about health trends pursuant to the sensitive medical information you have provided.
8. Disclosure of Personal Data
Prac2Pro may at its discretion use other third parties to provide essential services. We may share your details as necessary for the third party to provide that service.
We limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services and associated purposes. We deal with third parties that are required to meet the privacy standards required by law in handling your Personal Data and use your Personal Data only for the purposes that we give it to them.
9. Trans-border Personal Data flows
Prac2Pro is a global service, based in Australia, therefore, Prac2Pro stores and processes the information gathered on servers located in other countries.
Some of your personal information may be disclosed to overseas recipients. Where we transfer your personal information to related entities outside Australia, we believe that the recipients of such information are subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are similar in all material respects to the APPs outlined in the Privacy Act.
10. Security of Personal Data
Personal Data stored in our system is protected by electronic and procedural safeguards. We take reasonable precautions to protect Personal Data (and other content) from accidental loss and theft by storing it in secure data centres and offline hardware.
We take all reasonable steps to protect Personal Data, including through internal and external security, restricting access to Personal Data to those who have a need to know, maintaining technological products to prevent unauthorised computer access and regularly reviewing our technology to maintain security. We choose technology partners based on their security and privacy policies and practices.
Given internet transmissions cannot be guaranteed to be entirely secure, you acknowledge and agree that you use the Service at your own risk.
In case of a Security incident or any other breach of security safeguards, such as unauthorised disclosure of Personal Data under Prac2Pro’s control, we will notify you within 48 hours of any breach to security and respond in accordance with applicable Data Protection Laws.
11. Your Rights
You have the right to:
(a) access and correct your Personal Data that is held by us;
(b) request the erasure of any or all of your Personal Data;
(c) restrict or object to the processing of any or all of your Personal Data; and
(d) withdraw any consent to processing that you have previously given in respect of any or all of your Personal Data.
Please note that where we are not, or are no longer, in a position to identify you within the information we hold (including because of any de-identification techniques we may have employed), then your rights as described above shall not apply.
We will respond to any request made in respect of the above in accordance with the applicable Data Protection Laws.
We will respond to any request made in respect of the above without delay, but in any case within one (1) month of a request, or two (2) months where the requests are complex or numerous (in which case, we will inform you of such delay).
Part B: Your Responsibilities
12. Uploading and transferring other people’s Personal Data through the Service
By accessing and using the Service to upload and transfer other people’s Personal Data, you agree that you:
(a) Comply with all Data Protection Laws: will comply with your obligations under all applicable Data Protection Laws;
(b) Obtain consent: have obtained (or shall obtain) all consents necessary under Data Protection Laws, for Prac2Pro to process the Personal Data through the Service as you direct, and that such consent is obtained from the correct person.
(c) Withdrawn consent or objection to processing: must notify us without undue delay if any User withdraws their consent, or any part of their consent, or objects to any processing of Personal Data through the Service. This shall include any withdrawal of consent.
(d) Security breach: upon becoming aware of a security incident, or any other breach, or suspected breach, of your security safeguards, must notify us without undue delay and shall provide timely information relating to the security incident as it becomes known or as is reasonably requested by us;
(e) Evaluation of the Service: are responsible for reviewing the information made available by Prac2Pro relating to data security and making an independent determination as to whether the Service meets your requirements and legal obligations under Data Protection Laws.
13. Questions and Comments
If you have any questions or comments, or want to access, update, or delete the Personal Data we hold about you, or have a privacy concern please contact us at:
The Privacy Officer
Please provide sufficient detail about the information in question to help us locate it. We will respond to any privacy request in compliance with the applicable Data Protection Law.