Information Privacy Policy

doctors bag
This web site (“the site”) and the Cubiko business are owned and operated by Cubiko Pty Ltd (ACN 624 244
140) (“we,” “us”). This document describes our policy about our management of personal information.
This version of our policy is effective 15 May 2018. We may update this policy from time to time. Any
updated policy will be published on the site – please check the site for updates from time-to-time.
We take personal information privacy seriously, and we comply with our obligations under applicable
privacy legislation.

We process personal information from various sources in the course of our operations. We process personal
information from our clients, on their behalf and under their control, when they upload data for use with our
services. We may collect personal information such as contact details from our contacts, suppliers and
business partners in the course of communicating with and transacting with them. We process or collect
technical information arising from use of our services and this site, including internet addresses and so-called
cookies, which provide us with technical details about use of the site.

Because of the nature of our services and our clients, we may process sensitive information such as health
information about individuals if that data is uploaded by our clients for the purpose of using our services.
We process that kind of information under contract as an outsourced IT services provider, at our clients’
request and under our clients’ control. That kind of information is strictly managed by us and used by us
only in the provision of services to our clients.

We hold and use other personal information we collect for the purpose of providing our services,
communicating with our clients and potential clients, suppliers and contacts (including periodic marketing
contacts), and for the purpose of managing the provision of services to our clients. We may also use
personal information to investigate complaints, and in order to comply with our legal and regulatory

We may disclose personal information to our suppliers and subcontractors for operational purposes. We may
use some of the data we process, on an aggregated, de-identified basis, for business analysis purposes. We
may provide information to law enforcement agencies if requested, or if we believe unlawful activity has
taken place. We use technical infrastructure (data centres and cloud services providers) located in Australia.
We are very unlikely to disclose personal information to overseas recipients.

We use appropriate tools and procedures to protect the confidentiality of the personal information we hold.
While we believe the risk of loss or unauthorised disclosure is very low, we cannot and do not guarantee the
durability or security the personal information we collect. We have no liability to clients or any other person
as a result of any loss or unauthorised disclosure of personal information.

We can be contacted by email on the address given below to request access to or correction of personal
information held by us. In accordance with applicable legislation, there may be a fee for our work-effort in
providing access to the detailed personal information we hold about individuals from our internal records.

Any further enquiries about our management of personal information, complaints about a breach of the
applicable legislation, or feedback about the site’s privacy policy and management should be directed
initially to Privacy enquiries and complaints will be considered by an appropriate

officer within our organisation, and we will respond to enquiries and deal with any complaints promptly and
fairly, in accordance with our legal obligations.

15 May 2018