1. Why we have this policy
1.1 At Bruno Health, we take privacy very seriously. This Policy sets out the manner in which we collect, use, disclose and manage your personal information. By using the Bruno Health Platform (being the Bruno Health website, the Bruno Health web app, the Bruno Health iPhone, iPad or Android application and all parts and pages of the same) and registering for services in relation to the Bruno Health Platform or accepting our User terms and conditions or Provider terms and conditions with us, you are taken to have read, and agreed to the collection, use, disclosure and handling of your personal information in accordance with this Policy. We encourage you to read this Policy carefully. It will help you make informed decisions about sharing your personal information with us.
2. Definitions in this policy
2.1 In this policy:
(a) health information means information or an opinion about your health or any disability you may have now or previously, your expressed wishes about the future provision of health services to you, other personal information collected to allow a registered provider to better provide a health service to you (including Medicare numbers).
(b) Bruno Health Services means the services available to use on the Bruno Health Platform.
(c) Privacy Act means the Privacy Act 1988 (Cth)
(d) personal information means information about an individual, from which their identity is apparent or can reasonably be determined. This information can include names, dates of birth, email addresses, home and work addresses, telephone numbers, photographs and health information.
(e) sensitive information means information or an opinion about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information and genetic information other than health information.
(f) User means a user of the Bruno Health Platform (including each service user and service provider).
(g) We, our, or us means Bruno Health Pty Ltd ABN 58 638 940 646 of 6/204 Hampden Road, Nedlands, Western Australia 6009 Australia.
(h) You or your means users, relatives of users, employees, service providers, contractors, prospective contractors, students on work placement with us, volunteers, job applicants and any other individuals who we come into contact with.
3. What do we collect
3.1 The Bruno Health Platform is a web-based platform that enables the connection of users and providers for health-related services. This service involves the storage of data about a company or individual.
3.2 That data can include personal information.
3.3 Bruno Health will only collect or monitor any personal information about you with your consent including as provided in this Policy or if it is otherwise lawful to do so. The only personal information collected by us is what has been provided to us in accordance with this Policy or has been provided to us lawfully by third parties, including our Users. Personal information collected through utilities such as email must be handled in accordance with this Policy. You can always choose not to provide your personal information to Bruno Health, but it may mean that we are unable to provide you with the services available on the Bruno Health Platform.
3.4 In collecting and handling personal information, we are bound by the Privacy Act, including the Australian Privacy Principles and applicable privacy regulations.
4. How do we collect personal information?
4.1 Bruno Health may collect personal information about you from a variety of sources including, but not limited to:
(a) registering to use the Bruno Health Platform or parts of the Bruno Health Platform through a registered account;
(b) logging in to use the Bruno Health Platform;
(c) subscribing to receive alerts/newsletters/offers and filling in forms, applications, surveys or research, participating in promotions on the Bruno Health Platform or on websites of registered service providers accessed through the Bruno Health Platform;
(d) contacting us or service providers registered on the Bruno Health Platform for any reason including, but not limited to, requesting services or seeking our assistance;
(e) posting or contributing material on our Bruno Health Platform including comments and ratings or participating in the instant messaging system available on the Bruno Health Platform;
(f) using the Bruno Health Services; or
(g) applying for an employment opportunity with us directly, via an SNS site (e.g. Seek or LinkedIn), through a recruiter or through your nominated referees.
5. Personal information received from third parties
5.1 Bruno Health may receive personal information from you about others through your use of the Bruno Health Services. Bruno Health may also collect information from you about someone else. If you provide Bruno Health with personal information about someone else, you must ensure that you are authorised to disclose that information to us and that Bruno Health is not required to take any further steps applicable to data protection or privacy laws. Bruno Health may collect, use and disclose such information for the purposes described in this Policy. This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, Bruno Health’s identity, and how to contact Bruno Health. Where requested to do so by Bruno Health, you must also assist Bruno Health with any requests by the individual to access or update the personal information you have collected from them and entered onto the Bruno Health Platform.
6. Why do we collect your personal information?
6.1 Bruno Health collects your personal information so that we can provide you with the Bruno Health Services and any related services you may request. In doing so, Bruno Health may use the personal information we have collected from you for purposes related to the Bruno Health Services including to:
(a) Verify your identity;
(b) Administer the Bruno Health Services;
(c) Collect payments in respect of the Bruno Health Services;
(d) Notify you of new or changed services offered in relation to the Bruno Health Services;
(e) Provide other Users with your information where you have requested services or products directly from them;
(f) Assist with the resolution of technical support issues or other issues relating to the Bruno Health Services;
(g) Comply with laws and regulations in applicable jurisdictions;
(h) Communicate with you including in respect of any message or comment you have made on the Bruno Health Platform; and
(i) In the case of all personal information (except health information), carry out marketing or training relating to the Bruno Health Services.
7.1 In relation to marketing, Bruno Health will not use or disclose Personal Information for the purpose of directly marketing to you unless:
(a) You have consented to receive direct marketing; and
(b) In the case of all personal information (except health information):
(i) you would reasonably expect us to use your personal details for the marketing; or
(ii) we believe you may be interested in the material but it is impractical for us to obtain your consent.
7.2 You may opt out of any marketing materials we send to you through an unsubscribe mechanism or by contacting Bruno Health directly. If you have requested not to receive further direct marketing messages, Bruno Health may continue to provide you with messages that are not regarded as “direct marketing” under the Privacy Act, including changes to our terms, system alerts, and other information related to your account.
8. Sensitive information
8.1 We will only collect sensitive information with your consent. Where you provide us with any sensitive information we will only use this information for the purposes stated in the request for consent.
9. How do we secure your personal information?
9.1 Bruno Health will only use your personal information for the purposes described in this Policy or with your express permission. We have established safeguards and use reasonable security measures to protect your personal information from unauthorised access, modification and disclosure. Our employees, contractors, agents and service providers who provide services related to our information systems, are obliged to respect the confidentiality of any personal information held by us.
9.2 The Bruno Health Platform is protected by a secure and encrypted password that each User must choose themselves. Users should never share their passwords. Bruno Health is not responsible for any loss of data or breach of privacy if a User shares their password with someone else. We do not store your password on our servers. It is your responsibility to keep your password to the Bruno Health Platform safe. You should notify us as soon as possible if you become aware of any misuse of your password, and immediately change your password within the Bruno Health Platform or via the “Forgotten Password” process.
9.3 We will advise you at the first reasonable opportunity upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.
10. Disclosure of your personal information
10.1 Disclosure of your personal information will only occur in accordance with this Policy (for example in the “Why do we collect your personal information” section above) however Bruno Health may also be required to disclose your personal information without your consent:
(a) to entities outside of Bruno Health if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of the Bruno Health Services;
(b) in order to comply with any court orders, subpoenas, or other legal process or investigation, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information; or
(c) to any relevant public, government or regulatory authorities, our legal representatives or other concerned parties, in special situations where we have reason to believe that disclosing your personal information is necessary to help identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users or anyone else who could be harmed by such activities.
(d) If You access services from a Provider who is an employee or member of a Provider network Bruno Health may also be required to disclose personal information regarding Services provided to You (including appointment notes) to other Providers in that network who provide Services to You to ensure they have the appropriate information to carry out the Services.
11. Your rights to access your personal information
11.1 You may request access to your personal information, subject to certain exceptions provided for by law. To request access to your personal information, please contact us at firstname.lastname@example.org. Before we provide you with any personal information, you will be required to verify your identity to the extent required under the Australian Privacy Principles.
11.2 It is your responsibility to ensure that the personal information you provide to us is accurate, complete and up-to-date. You may request that we update or correct any personal information we hold about you, by logging into your account on the Bruno Health Platform or by setting out your request in writing and sending it to us at email@example.com.
12. How long do we keep your personal information?
12.1 We’ll only keep your personal information for as long as we require it, for the purposes of providing you with the Bruno Health Services. However, we may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to provision of health services.
13. Non-personal information
13.1 We may also collect non-personal information about you including, but not limited to, data relating to your activities on the Bruno Health Platform (including IP addresses) via tracking technologies such as cookies and measurement software or data relating to survey responses.
13.2 By using the Bruno Health Services, you agree that Bruno Health can access, aggregate and use non-personally identifiable data Bruno Health has collected from you. This data will in no way identify you or any other individual. Bruno Health may use this aggregated non-personally identifiable data to:
(a) assist us to better understand how Users are using the Bruno Health Services;
(b) provide our Users with further information regarding the uses and benefits of the Bruno Health Services;
(c) enhance small business productivity, including by creating useful business insights from that aggregated data and allowing you to benchmark your business’ performance against that aggregated data, and
(d) otherwise to improve the Bruno Health Platform.
14.1 Bruno Health utilises “cookies” on the Bruno Health Platform. A cookie is a small text file that is stored on your computer for record-keeping purposes. A cookie does not identify you personally or contain any other information about you but it does identify your computer. Bruno Health and certain of its third-party service providers may use a combination of cookies and information collected through the cookies on the Bruno Health Platform with other information (including information collected by third parties using their own cookies and providing our cookies and information to third parties) and use analytics services to track overall site usage, and track and report on your use and interaction with ad impressions and ad services. You can set your browser to notify you when you receive a cookie so that you will have an opportunity to either accept or reject it in each instance. However, you should note that refusing cookies may have a negative impact on the functionality and usability of the Website.
15. Storage of data outside of Australia
15.1 Bruno Health is committed to ensuring your personal information is stored and disposed of in a secure manner. Personal information, including banking information, is stored electronically on servers located in Australia. If the location of our servers changes in the future, we will update this Policy. You should review our Policy regularly to keep informed of any updates.
15.2 While personal information will be stored in Australia in the manner set out above, You should note that information communicated via the instant messaging application available on the Bruno Health Platform is stored with a third party service provider who may have servers located overseas.
16.1 You can opt-out of any email communications Bruno Health sends which may relate to product information, Bruno Health Service updates and Bruno Health Service notifications sent to you via email. Our emails will contain clear and obvious instructions describing how you can choose to be removed from any mailing list not essential to using the Bruno Health Platform.
17. Privacy complaints
17.1 Bruno Health has a privacy complaints process if you wish to complain about how we have handled your personal information. Please provide our Privacy Officer with full details of your complaint and any supporting documentation:
(a) by e-mail at firstname.lastname@example.org; or
(b) by letter to the Privacy Officer, Bruno Health Pty Ltd, 6/204 Hampden Road, Nedlands, Western Australia 6009 Australia.
18. Amendments to this Policy
18.1 This policy may be updated from time to time. Bruno Health reserves the right to change this Policy at any time, and any amended Policy is effective upon posting to the Bruno Health Platform. Your continued use of the Bruno Health Platform will be deemed acceptance of any amended Policy.
For more information about privacy issues in Australia and protecting your privacy, visit the Office of the Australian Information Commissioner’s website at https://www.oaic.gov.au.