Privacy Policy

Who we are

This web site (“the site”) and the Cubiko business are owned and operated by Cubiko Holdings Pty Ltd (ACN 624 244 140) and/or Cubiko Pty Ltd. (ACN 640 999 391) (“we,” “us”). This document describes our policy about our management of personal information. 

Currency and updates to this policy

This version of our policy is effective 1 June 2021. We may update this policy from time to time. Any updated policy will be published on the site – please check the site for updates from time-to-time. 

Our approach to information privacy

We take personal information privacy seriously, and we comply with our obligations under applicable privacy legislation. 

How your personal information is protected

We use appropriate tools and procedures to protect the confidentiality of the personal information we hold. We use a tier-one service provider for data storage and processing services. We use industry-standard encryption technologies to protect data during communication and at rest. We use access controls and audit records (among other security tools and technologies) to protect the data held and processed by us. We train our staff who handle personal information on the importance of maintaining the confidentiality of personal information and the privacy of individuals. All employee devices are secured and monitored with device management software, and employees are required to undergo regular security training. All employees must pass criminal background checks. 

We take significant additional measures in respect of personal information shared with us by our medical practice clients for the purpose of providing our analysis services to them. In particular, we store and process this data only in Australia, it remains under the control of the providing medical practice, and its use is strictly limited to being an input into the analysis services we supply back to the providing practice. 

You can choose not to provide your personal information to us, but generally the information we request from you is required in order for us to provide you the goods and services we offer. You may withdraw your consent to use or disclose your personal information at any time. To withdraw this consent please contact us at the details below. Please note that withdrawing your consent may mean that we are unable to provide you with our services.   

The kinds of personal information we collect and hold

We may collect and hold information such as contact details from our clients, contacts, suppliers and business partners, and accounting information used for our internal accounting records. 

We may process, or collect and hold, technical information arising from use of our services and this site, including internet addresses and so-called cookies, which provide us with technical details about use of the site. 

Because of the nature of our services and our clients, we may collect and process sensitive information such as health information about individuals when that data is disclosed to us by our medical practice clients for the purpose of using our services. That kind of information is strictly controlled by us and used by us only in the provision of our analysis services directly to the providing medical practice client. The steps we take to protect that kind of information is discussed in the above section on ‘how your personal information is protected.’ 

How we collect and hold personal information

We collect and store contact details such as names, addresses, email addresses and phone numbers, from our clients, contacts, suppliers and business partners in the general course of operating our business. 

We process sensitive information such as health information under contract in our capacity as an outsourced IT services provider to our medical practice clients. That information is digitally made available by our medical practice clients, at their request and under their control. That kind of information is strictly controlled by us and used by us only in the provision of our analysis services directly to the providing medical practice client. Sensitive information such as health information is not collected or used by us in any other way or for any other purpose. 

There may be circumstances when we collect personal information from someone other than the individual concerned, for example, through a referral.  We endeavour to contact and notify the individual concerned of the circumstances of such collection where it is reasonable to do so.  

If you’re someone who doesn’t have a relationship with us, but believe that a medical practice has made your personal information available to us without your consent, you’ll need to contact that medical practice for any questions you have about your personal information (including where you want to access, correct, amend, or request that the user delete, your personal information). 

The purposes for which we collect, hold, use and disclose personal information

We collect, hold and use personal information for the purpose of providing our services, communicating with our clients and potential clients, suppliers and contacts (including periodic marketing contact), and for the purpose of managing the provision of services to our clients. 

We may collect and process sensitive information such as health information for the purpose of providing our analysis services to our medical practice clients. This kind of information is strictly controlled by us.  Sensitive information such as health information is not collected or used by us in any other way or for any other purpose unless it has been aggregated and anonymised for use in analytics and other reports. Certain subscribers to our services may have the ability to opt out based on the level or type of subscription held.  This will be set in your subscription package. 

We may also use personal information where necessary in order to comply with our legal and regulatory obligations. 

Personal information will be retained for the duration of the subscription of the medical practice that disclosed the information to Cubiko. Within 60 days of the subscription lapsing and there being no reasonable likelihood of the subscription being renewed Cubiko will delete all such information. 

Who do we disclose personal information to?

Personal information disclosed to us by a medical practice is one of the inputs we use to provide analysis services back to that practice. Only authorised users of the practice can access the analysis, through a password-controlled login. 

We use tier-one service providers for hosting and processing of data (and in respect of processing of sensitive information, only providers in Australia). 

We may, from time to time, disclose information to professional advisers for the purpose of obtaining advice. We may provide information to law enforcement agencies if requested, or if we believe unlawful activity has taken place. 

Overseas recipients

In respect of sensitive information such as health information provided to us by our client medical practices, we use technical infrastructure (cloud storage and processing providers) located in Australia. We do not, as a matter of strict policy, disclose such personal information to any overseas recipients. 

Other information such as contact and accounting information, may be stored and processed by us using infrastructure providers outside Australia. 

We do not otherwise disclose personal information to any recipient outside Australia. 

The Privacy Act 1988 (Cth) (“the Act”) and corresponding Australian Privacy Principles (“APPs”) require relevant Australian entities to ensure that, before disclosing personal information overseas, reasonable steps are taken to ensure that overseas recipients do not breach the Act or the APPs (APP 8.1). It is not always possible to ensure that overseas recipients will comply.  We do not take any responsibility for the actions of overseas third party recipients of personal information.  By agreeing to this Privacy Policy you are agreeing that your personal information may be disclosed overseas and that APP 8.1 will not apply to that disclosure.  This means that you will not have recourse against us under the Act in the event that an overseas recipient of your personal information breaches the APPs. 

Direct marketing

We do not, under any circumstances, use personal information provided to us by our client medical practices for direct marketing. 

We may occasionally send product and service updates to Cubiko contacts, clients and potential clients whose contact details we hold. Individual recipients can opt-out of receiving that kind of contact at any time. 

Dealing with us anonymously

People have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. 

How to access and correct your personal information

We can be contacted by email at [email protected] to request access to or correction of personal information held by us. In accordance with applicable legislation, there may be a fee for our work-effort in providing access to the detailed personal information we hold about individuals from our internal records.

Job applicants

When you apply for a job with us, we will generally collect the personal information that you include in your application, such as your contact details, career history and education details.  We may also collect sensitive information from you, for example, medical information or criminal history, if it is relevant to the role that you are applying for. We will only collect such sensitive personal information where you have consented to us doing so. 

We may also obtain personal information about you from third parties with your consent, for example, from your previous employers or nominated referees. We collect personal information for the purpose of assessing and progressing your application. We will hold your personal information for future job opportunities with us, unless you tell us not to. 

We may disclose your personal information to our related entities , your referees and also to third party suppliers that we use to help with our recruitment processes, such as recruitment agencies and organisations that conduct competency or psychometric tests. We may also disclose your personal information to law enforcement agencies to verify whether you have a criminal record. 

Incident Response

In the event of a detected breach of data, Cubiko will notify government bodies and affected clients as per Australian Privacy Principals. Breaches will be investigated internally first and referred to external specialists if the breach may constitute damages as per recommended practices by the Office of the Australian Information Commissioner (OAIC). 

How to access and correct your personal information

We can be contacted by email at [email protected] to request access to or correction of personal information held by us. In accordance with applicable legislation, there may be a fee for our work-effort in providing access to the detailed personal information we hold about individuals from our internal records. 

How to complain about privacy and how we deal with complaints

Enquiries about our management of personal information, complaints about a breach of the applicable legislation, or feedback about the site’s privacy policy and management, should be directed initially to [email protected]. Privacy enquiries and complaints will be considered by an appropriate officer within our organisation, and we will respond to enquiries and deal with any complaints promptly and fairly, in accordance with our legal obligations. 

If you are still not satisfied you can contact the Australian Privacy Commissioner (see https://www.oaic.gov.au/about-us/contact-us/ or call 1300 363 992) 

How to contact us

We can be contacted by email at [email protected].

Cubiko

1 June 2021