Halaxy Pty Ltd ACN 633 220 612 ('we', 'us' or 'our') collect personal information about you in order to provide you with services relating to health records of you or your patients and for purposes otherwise set out in our Privacy Policy.
The information you provide will be collected by or on behalf of us and may be disclosed to third parties, including those that help us deliver our services (including information technology suppliers, communication suppliers and our business partners) or as required by law. If you do not provide this information, we may not be able to provide all our services to you. Your data is stored in Australia, and we may disclose your personal information to recipients that are located outside of Australia, for example, to Xero (which stores data in the USA) if Halaxy practitioner accounts are integrated to Xero.
Our Privacy Policy explains: (i) how we store and use, and how you may access and correct your personal information; (ii) how you can lodge a complaint regarding the handling of your personal information; and (iii) how we will handle any complaint. If you would like any further information about our privacy policies or practices, please contact us at privacy@halaxy.com. By providing your personal information to us, you consent to the collection, use, storage and disclosure of that information as described in the Privacy Policy and this Collection Notice.
In this Privacy Policy, 'us' 'we' or 'our' means Halaxy Pty Ltd ACN 633 220 612and our related bodies corporate. We are committed to respecting your privacy. Our Privacy Policy sets outs out how we collect, use, store and disclose your personal information. We are bound by the Australian Privacy Principles contained in the Privacy Act.
This policy applies to practitioners and consumers alike, and practitioners’ patients are required to get their patients’ consent to their data being stored in Halaxy and covered by this Privacy Policy and the Terms.
By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
Personal Information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit/debit card and/or bank account information.
In addition to this Privacy Policy, we comply with various privacy legislation, including:
This section covers our collection, use and disclosure of different types of data and personal information.
If you do (or your practitioner) does any of these things | We might obtain these types of information from you | And we might do these things with that information |
---|---|---|
register on our website communicate with us in person, by phone, via mail, through correspondence, chats, email, online, or when you or your practitioner shares information with us from other social applications, services or websites, or when we contact you or your practitioner through any means interact with our sites, services, content and advertising or when you or your practitioner register, log in for and use services offered by us invest in our business or enquire as to a potential purchase in our business | your name, address, telephone and email contact details if you are a practitioner, your areas of focus and contact details | to enable you or your practitioner to access and use our website and our services to operate, protect, improve and optimise our website and our services, business and our users’ experience, such as to perform analytics, and conduct research for practitioners - to provide your contact details and areas of focus to patients and the public and to other practitioners so that they can contact you via the website. For practitioners – for advertising and marketing (which you can opt out of) |
when you or your practitioner use our services to bill you, or to process a payment or to obtain a rebate or equivalent from a funding body | your billing details, your bank account or credit/debit card information Government related identifiers, including your Medicare number | to process payments or to facilitate a practitioner’s billing system or to process payments to us by practitioners, including that information going to third parties such as Medicare or Xero accounting software |
upload information relating to your health into our system | health information recorded in our system including the treatment you have received, including date, service type, description of the service, which practitioner treated you, test results, current and past medical history, data uploaded by any of your connected health devices, your gender, date of birth or age and marital status your name, address, telephone and email contact details | to enable you or your practitioner to access and use our website and our services; to share information between practitioner users, between practitioner users and patients and practitioner to public communications, with your permission; to conduct research or compile or analyse statistics using reasonable steps to not personally identify you, and only on an aggregated and de-identified basis: to access and aggregate data we have collected from you using reasonable steps to use your personal information in a way it does not personally identify you. We may access and aggregate this data for our own use or for use by third parties:
We will never sell patients’ or consumers’ identifiable personal information to third parties. We have never done so and will never do so. |
if you are a practitioner user | details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries | to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners We and/or our carefully selected business partners may send you direct marketing communications and information about our services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg an unsubscribe link). |
if you browse our website and use our services but without signing up to Halaxy | your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information; | to enable you or your practitioner to access and use our website and our services to operate, protect, improve and optimise our website and our services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing (e.g. through automatic remarketing) |
if you take a survey | information that you provide to us in a survey | to access and aggregate data we have collected from you using reasonable steps to use your personal information in a way it does not personally identify you. We may access and aggregate this data for our own use or for use by third parties:
|
apply for a job with us | when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. | to consider your employment application (Note: This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.) |
We will never sell patients’ or consumers’ identifiable personal information to third parties. We have never done so and will never do so.
If we send your information outside of Australia, we will require that the recipient of the information complies with local privacy laws and contractual obligations to maintain the security of the data.
Through your use of our services or website, we may also collect information from you about someone else (ie if you are a practitioner). If you provide us with personal information about someone else (ie your patients), you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use and disclose such information for the purposes described in this Privacy Policy. This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Privacy Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, our identity, and how to contact us. Where requested to do so by us, you must also assist us with any requests by the individual to access or update the personal information you have collected from them and entered into our website.
For practitioners: It is impracticable for us to permit practitioners to use our services without identifying themselves and so anonymisation and pseudonymisation is not available for practitioner users.
For consumers: You may register to use our services under a pseudonym, however, if you are sharing information with a practitioner of your choosing, that practitioner might have their own requirements about identification. You should discuss this with your practitioners.
We may collect personal information about you when you use and access our website.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions.
You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.
You are responsible for transfer of your data to third-party applications
Our services may allow you, or others within the relevant subscription to our services to transfer Data, including your personal information, electronically to and from third-party applications and services. We have no control over, and take no responsibility for, the privacy practices or content of these applications or for their data storage processes. You are responsible for checking the privacy policy of any such applications so that you can be informed of how they will handle personal information.
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. However, we cannot guarantee the security of your personal information.
Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.
To be able to deliver our services, we use third-parties (known as sub-processors in the context of the GDPR). A list of these third-parties is set out below and we maintain this list regularly:
Entity | Corporate Location | Activities |
---|---|---|
Amazon Web Services,Inc (AWS) | United States | Web hosting |
Twilio | United States | SMS messages, video telehealth, phone telehealth |
Google LLC | United States | Analytics |
Braintree | United States | Processing user payments |
PayPal | United States | Processing user payments |
Mailchimp | United States | Email sending |
Entity | Corporate Location | Activities |
---|---|---|
Sentry | United States | Application performance monitoring |
NewRelic | United States | Application performance monitoring |
Logz.io | United States | Application performance monitoring |
HotJar | United States | Application performance monitoring and user experience insight |
UserPilot | United States | Application performance monitoring and user experience insight |
Entity | Corporate Location | Activities |
---|---|---|
Security Metrics | United States | Independent audit monitoring |
Rapid7 | United States | Independent audit monitoring |
We manage a range of optional integrations you can choose to enable from your Halaxy account. We provide only the data providers require to perform their services. The list of these sub-processors is below:
Entity | Corporate Location | Activities |
---|---|---|
Xero | New Zealand | Accounting integration |
Reckon | United States | Accounting integration |
Quickbooks | United States | Accounting integration |
Entity | Corporate Location | Activities |
---|---|---|
Physitrack | United Kingdom | Client exercise prescriptions |
Validic | United States | Health device tracking |
Entity | Corporate Location | Activities |
---|---|---|
Twilio | United States | Phone and SMS integration |
Cronofy | United States | Integrated Calendar syncing |
MailChimp | United States | Emails |
Coviu | Australia | Online consultations |
ReferralNet | Australia | Secure Messaging |
Argus | Australia | Secure Messaging |
GoLogic | Australia | Fax Integration |
Entity | Corporate Location | Activities |
---|---|---|
Medicare Australia and Department of Veteran Affairs | Australia | Claims and payments submitted under Medicare and DVA |
Stripe | United States | Client payments |
Braintree | United States | Client and debit card payments |
PayPal | United States | Client PayPal payments |
Medipass | Australia | Client Private Health payments |
Tyro | Australia | Client Private Health and EFT payments |
WorkSafe Queensland | Australia | Client insurance payments |
HICAPS | Australia | Client insurance payments |
HyperWallet | EU | Client payments |
As required under the Australian Privacy Principles, you can access the personal information we hold about you by contacting us at privacy@halaxy.com. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why.
We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us at privacy@halaxy.com. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below: privacy@halaxy.com.