Information Privacy Policy

doctors bag

Cubiko – Information Privacy Policy

Who we are

Currency and updates to this policy

Our approach to information privacy

How your personal information is protected

The kinds of personal information we collect and hold

How we collect and hold personal information

The purposes for which we collect, hold, use and disclose personal information

Who do we disclose personal information to?

Overseas recipients

Direct marketing

How to access and correct your personal information

How to complain about privacy and how we deal with complaints

How to contact us

Who we are

This web site (“the site”) and the Cubiko business are owned and operated by Cubiko Pty Ltd (ACN 624 244 140) (“we,” “us”). This document describes our policy about our management of personal information.

Currency and updates to this policy

This version of our policy is effective 27 September 2019. We may update this policy from time to time. Any updated policy will be published on the site – please check the site for updates from time-to-time.

Our approach to information privacy

We take personal information privacy seriously, and we comply with our obligations under applicable privacy legislation.

How your personal information is protected

We use appropriate tools and procedures to protect the confidentiality of the personal information we hold. We use a tier-one service provider for data storage and processing services. We use industry-standard encryption technologies to protect data during communication and at rest. We use access controls and audit records (among other security tools and technologies) to protect the data held and processed by us.

We take significant additional measures in respect of personal information shared with us by our medical practice clients for the purpose of providing our analysis services to them. In particular, we store and process this data only in Australia, it remains under the control of the providing medical practice, and its use is strictly limited to being an input into the analysis services we supply back to the providing practice.

The kinds of personal information we collect and hold

We may collect and hold information such as contact details from our clients, contacts, suppliers and business partners, and accounting information used for our internal accounting records.

We may process, or collect and hold, technical information arising from use of our services and this site, including internet addresses and so-called cookies, which provide us with technical details about use of the site.

Because of the nature of our services and our clients, we may collect and process sensitive information such as health information about individuals when that data is uploaded to us by our medical practice clients for the purpose of using our services. That kind of information is strictly controlled by us and used by us only in the provision of our analysis services directly to the providing medical practice client. The steps we take to protect that kind of information is discussed in the above section on ‘how your personal information is protected.’

How we collect and hold personal information

We collect and store contact details such as names, addresses, email addresses and phone numbers, from our clients, contacts, suppliers and business partners in the general course of operating our business.

We process sensitive information such as health information under contract in our capacity as an outsourced IT services provider to our medical practice clients. That information is digitally uploaded by our medical practice clients, at their request and under their control. That kind of information is strictly controlled by us and used by us only in the provision of our analysis services directly to the providing medical practice client. Sensitive information such as health information is not collected or used by us in any other way or for any other purpose.

The purposes for which we collect, hold, use and disclose personal information

We collect, hold and use personal information for the purpose of providing our services, communicating with our clients and potential clients, suppliers and contacts (including periodic marketing contact), and for the purpose of managing the provision of services to our clients.

We may collect and process sensitive information such as health information for the purpose of providing our analysis services to our medical practice clients. That kind of information is strictly controlled by us and used by us only in the provision of our services directly to the providing medical practice client. Sensitive information such as health information is not collected or used by us in any other way or for any other purpose.

We may use some of the non-health personal information data we process, on an aggregated, de-identified basis, for business analysis purposes. We do not resell benchmarking data or provide benchmarking data across medical practice clients.

We may also use personal information where necessary in order to comply with our legal and regulatory obligations.

Who do we disclose personal information to?

Personal information provided to us by a medical practice is one of the inputs we use to provide analysis services back to that practice. Only authorised users of the practice can access the analysis, through a password-controlled login.

We use tier-one service providers for hosting and processing of data (and in respect of processing of sensitive information, only providers in Australia).

We may, from time to time, disclose information to professional advisers for the purpose of obtaining advice. We may provide information to law enforcement agencies if requested, or if we believe unlawful activity has taken place.

Overseas recipients

In respect of sensitive information such as health information provided to us by our client medical practices, we use technical infrastructure (cloud storage and processing providers) located in Australia. We do not, as a matter of strict policy, disclose such personal information to any overseas recipients.

Other information such as contact and accounting information, may be stored and processed by us using infrastructure providers outside Australia.

We do not otherwise disclose personal information to any recipient outside Australia.

Direct marketing

We do not, under any circumstances, use personal information provided to us by our client medical practices for direct marketing.

We may occasionally send product and service updates to Cubiko contacts, clients and potential clients whose contact details we hold. Individual recipients can opt-out of receiving that kind of contact at any time.

How to access and correct your personal information

We can be contacted by email at info@cubiko.com.au to request access to or correction of personal information held by us. In accordance with applicable legislation, there may be a fee for our work-effort in providing access to the detailed personal information we hold about individuals from our internal records.

How to complain about privacy and how we deal with complaints

Enquiries about our management of personal information, complaints about a breach of the applicable legislation, or feedback about the site’s privacy policy and management, should be directed initially to info@cubiko.com.au. Privacy enquiries and complaints will be considered by an appropriate officer within our organisation, and we will respond to enquiries and deal with any complaints promptly and fairly, in accordance with our legal obligations.

How to contact us

We can be contacted by email at info@cubiko.com.au.

Cubiko
27 September 2019