Privacy Policy
- About Us
- We mean what we say
- What information do we collect?
- Accessibility
- Compromised Security
- Device Protection
- How do we collect your information?
- How do we use your information?
- Reporting and Analytics
- How do we use your personal information for marketing, and how do you opt out?
- Do we store or share your information outside of Australia?
- Who do we share your information with?
- Using our website and apps
- How do we protect your information?
- What are your rights in relation to your information?
- Personal Information Security
- Employees
- Changes to this policy
- Data Security
- Retention and Discarding Data
- Platform Data Monetisation
- Authority to collect, use and disclose sensitive data
- Deletion of the Platform
- Reinstallation of the Platform
- Related Companies
- Find out more
About us
As part of our service, we provide the Zali Health Platform application (Platform) to qualified medical practitioners (including their relevant medical clinic) (Practitioners) and patients of Practitioners (Patients) who have registered on the Platform.
The Platform facilitates the delivery of healthcare services by:
- enabling Patients to undertake a dynamic intake questionnaire in relation to a medical complaint or symptoms (Questionnaire);
- enabling Patients to be connected to appropriate Practitioners;
- providing Practitioners with a summary report as to potential diagnoses based on Patients’ responses to the Questionnaire; and
- arranging the delivery of a n in-person consultation, telehealth consultation, or a-synchronous chat consultation (or other types of services) to Patients by a Practitioner, which may occur inside of or outside of the Platform (as one or more is applicable).
In addition, we may provide the Platform to deliver other types of services to Patients and Practitioners. For example, facilitating the provision of electronic prescriptions or arranging for referrals of a Patient to a specialist doctor.
Protecting your privacy and ensuring that you control the way your information is used is our priority. We want to make sure you are fully informed about the way we handle your information. So in this policy we explain the different types of personal information we collect, how we may collect and use it, who we may share it with, and the rights you have over the information.
We mean what we say
In this policy, when we say:
- we, our or us – we mean Zali Health Pty Ltd ACN 659 469 182 (Zali Health) and Heidi Health Trading Pty Ltd ACN 649 783 871 (Heidi Health) together with our related bodies corporate;
- our services – we mean the provision of the Platform to you as either a Practitioner or Patient and related services that we provide;
- your information – we mean your personal information, which we describe below;
- privacy laws – we mean all privacy and data protection laws that apply to us when we handle your information, including applicable health information laws, the Australian Privacy Principles and the Australian Privacy Act 1998(Cth).
What information do we collect?
We collect and hold nine main categories of information, including personal information, health information, payment information, device information, and general information to help us improve our services.
When you access and use our website, Platform or other services, we collect and hold the following main categories of information. These are set out in the table below. If you choose not to provide the information we request from you, we may not be able to provide you with the services you require.
| Category | Details |
|---|---|
| Your general personal information | This includes information or an opinion about you that is reasonably identifiable. For example: your name, address, age or date of birth, gender, contact number and email address. Where you are a Practitioner, we may also collect information relating to your qualifications, registrations, training and educational background. |
| Payment and claim information | We may collect information from you in order to pay for services, or for us to make claims on your behalf. This may include credit card information, bank account details and Medicare card and claim details. |
| Your health information | This includes any health information that Patients or Practitioners provide when accessing or using our website, Platform or other services.We may collect health information from Patients for the purposes of facilitating the delivery of healthcare services to Patients by Practitioners. We may also collect health information of Patients from Practitioners, including where a Practitioner has treated a Patient arising out of, or in connection with the Platform. This may include information that a Practitioner provides directly to us, or otherwise makes available to us. The types of health information may include your medical history, clinical notes, test results, disease status and prescribed medications (amongst others). |
| Device information | This includes your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information. |
| Additional information you provide | This includes information you provide to us through customer surveys, directly through our website or indirectly through your use of our website or Platform or online presence or through other websites or accounts from which you permit us to collect information. |
| Information collected for our own business improvement | We may de-identify your general personal information and use it in aggregate form to conduct analysis on how our website, Platform and otherservices are being used to help us improve our services and provide benefits back to our users. When we refer to 'de-identified' information, we mean information that has undergone a process of removing all personal identifiers that can reasonably identify you so that there is no reasonable likelihood of re-identification occurring. When we use this information for the purposes of business improvement, it is always in de-identified form. |
| Health information collected for our improvement of the Platform | We may de-identify your health information and use it in aggregate form to improve the Platform and other services. In some cases, the information that we collect from your interactions on the Platform is only in de-identified form. |
| Information collected by cookies | We may collect de-identified information via cookies on our website, such as your browser type, operating systems and other websites visited. We may also collect some personal information when using cookies, such as where a cookie is linked to your account. There are more details about cookies in section 9. |
| Information collected for recruitment purposes | When you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. |
Accessibility
In the consumers best interest, the Platform is secured through multi-level authentication and biometrics to ensure your information is kept confidential and protected. You will be required to enable secure authentication methods including but not limited to passwords or a Personal Identification Number (PIN) to enable your sole access to the Platform. These methods should be carefully curated and not shared with others. Avoid the use of personal information that is attainable such as date of birth, phone number or a family member. Variations of repeating numbers should be avoided.
Rest assured if you have forgotten your password or PIN, you will be prompted to start over by re-linking your access to the Platform to your Zali Health Record.
Compromised Security
When in doubt, swap it out. If you suspect that your secure authentication method has been hacked or leaked, it is advised that you change your password or PIN immediately. You will need to start over and re-link your Zali Health Record as a preventative action to ensure your security password or PIN is not compromised.
If you have any further concerns or queries regarding the security of your personal information and password/PIN, you can contact us by email at support@zalihealth.com.au.
Device Protection
The Platform does not allow unauthorised access to your device. Therefore, protection of your computer network, system, application software, personal data or other resources such as Google or Apple services are not interfered with. Your information is kept to the highest standards of security and protection measures.
How do we collect your information?
We collect your personal information when you engage with us or from third parties.
In many instances, we collect personal information directly from you. Here are some of the main ways.
| Category | Details |
|---|---|
| Registration | When you register on our website or Platform. |
| Communication | Where you communicate with us through correspondence, questionnaires, chats, email, or when you share information with us from other services or websites. Communications may occur through the Platform. |
| Interaction | When you interact with our sites, Platform, services, content and advertising or use our Platform or services. |
Where you are a Patient, we may also collect information (including health information) about you from Practitioners (including the relevant medical clinic). For example, when you undertake a consultation with a Practitioner arising out of, or in connection with the Platform, we may collect health information about you from the Practitioner. This may include information about the diagnosis, conditions, treatment, advice or other information relating to your health, or your consultation with the Practitioner. We may also collect information about you from our related companies, third party service providers and other organisations that we partner with. For example:
- when you are referred to pharmacy or specialist, we may collect information relating to that engagement;
- when you apply for a job or position with us, we may collect information about you from any recruitment consultant, your previous employers, referees, CV checking agencies or others who may be able to provide information to assist us with our decision; and
- where you are a Practitioner, we may collect information about your qualifications, registrations, training and education background from third party sources, for purposes which include verifying your status as a qualified medical practitioner.
How do we use your information?
We use your personal information to enable us to deliver and improve our products and services.
We may collect, hold, use and disclose your personal information for the following purposes:
| Category | Details |
|---|---|
| Access | To enable you to access and use our website, Platform and other services. |
| Improvement | Design, provide, improve and manage our website, Platform and other services, business and your experience, such as to perform analytics, conduct research and for advertising and marketing. |
| De-identified information for the purposes of developing the Platform | We may de-identify and/or aggregate your personal information, including your health information, for the purposes of using that de-identified information to develop and improve the functionality of the Platform. For example, de-identified information in relation to Patients' treatments or diagnoses may be used (amongst other uses) to train and refine the Questionnaire algorithm within the Platform, and better facilitate the delivery of healthcare services to Patients by Practitioners in the future. As an example of this use, aggregated data in relation to the diagnoses made by Practitioners on presentation of certain symptoms in connection with the Platform may be used by us to improve the performance of the Questionnaire of the Platform. When we use this information for the purposes of improving the Platform, it is always in de-identified form, and is performed with the intention of improving the experience of Patients and Practitioners on the Platform, and ultimately improving health outcomes. |
| Support | Send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you. |
| Contact | Contact you when we need to tell you something important about the website, Platform and other services, or your information. |
| Marketing | Send you marketing and promotional messages and other information that may be of interest to you including information sent by, or on behalf of, our business partners that we think you may find interesting. |
| Law | Comply with laws, and assist government or law enforcement agencies where we are required and authorised to do so. |
| Employment | Consider your employment application. |
| Other purposes when de-identified and/or aggregated | We may also de-identify and/or aggregate your personal information (other than health information, which is discussed above). When we do this, we may use that de-identified information for other purposes that may not be set out in this Privacy Policy. We may also share this de-identified information with our partners for those partners other purposes, which are not set out in this Privacy Policy. This may include, for example, partners using de-identified information to assist them in marketing products and services that are likely to be relevant to your interests and preference. |
We won’t use your health information without your consent. As a Patient, your consent to use your health information will generally be obtained through the Platform.
We will always comply with the Privacy Act, and that includes dealing with your information in accordance with the general permitted situations and permitted health situations from time to time (such as to lessen or prevent a serious threat to the life, health or safety of an individual if we are required to do so). It is part of our service that we don’t otherwise use your health information (in identified form) for any purpose without your consent to use it in that way (for example, if you agree to us providing you with information to improve your health, well-being, or care).
If we ever want to use your health information for a new or different purpose, we won’t do so without first sending you a positive alert and obtaining your consent. Even once you’ve provided your consent for a particular use, you can withdraw it at any time, and we will regularly check with you to ensure your consents remain current.
As well as getting your consent, we always handle your health information in accordance with our applicable legal requirements, including our obligations when we collect your health information from Practitioners.
Before you provide your consent, you should know that we may from time to time need to respond to legal requests for information (like any company does).
Reporting and Analytics
To preserve your privacy, during the onboarding process the Platform will request your consent to de-identified data involving your device, location settings, systems and application software to the Platform.
Continual improvement is a core focus for the Platform and therefore with the use of the Platform for data reporting, the app will access the consented data for use in identifying system improvements and to generate a performance-based report. The data collected is classified by Google as ‘sensitive user data’ and is protected with Australian Government approved cryptographic algorithms using HTTPS in transit.
Monitoring the performance of the Platform requires access to sensitive user data collected by us. This data is used in accordance with the Terms of Use and no personal information is used in the analysis process. The data depicts the duration of accessing various screens within the Platform, device location and information about your device system and application software. This aids in identifying the usage between the parties of the consumer and the Platform. All data collected for the improvement of the Platform is not shared with third parties or misused. The Platform does not operate in the background collecting information.
Upon consenting to the Terms of Use on the Platform, sensitive data collected is then stored in a secure environment with the Platform. An Information Security Registered Assessors Program (IRAP) assessment is undertaken through the Australian Signals Directorate to ‘OFFICIAL: Sensitive’. As per the Australian Government Protective Security Policy Framework (PSPF) for handling of de-identified data, this exceeds their standards and requirements.
How do we use your personal information for marketing, and how do you opt out?
We may use your information for marketing purposes, but you can opt-out at any time.
We and our carefully selected business partners may send you direct marketing communications and information about our services or products. This may take the form of emails, SMS, mail or other forms of communication. We’ll always conduct our marketing practices in accordance with privacy laws and other applicable laws.
If you do expressly consent to us sending you marketing messages using your information, you’ll be able to opt out at any time – either by using the unsubscribe facility in the relevant message or by contacting us (it’s easy – see section 1).
We may also market our services to you generally – including via social media, advertising through our website or through third party websites and other digital or non-digital platforms. We’ll always do this in accordance with our legal requirements and only with our partners.
Without your consent, we will not:
- use any of your health information to send you marketing communications; or
- disclose any of your health information to a third party in order for them to market to you.
Do we store or share your information outside of Australia?
Your information is stored in Australia and will not be disclosed overseas
We store all of your information in Australia, and in accordance with all applicable laws.
Who do we share your information with?
We may share your personal information with Practitioners and Patients and our other partners and for other reasons we tell you about in this policy, on our website, on our Platform or where we otherwise communicate this to you.
We may share your personal information with:
- our employees and related companies;
- third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing the Platform and services to you);
- professional advisers, dealers and agents;
- relevant government agencies such as Services Australia;
- payment systems operators (eg, merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us, including Practitioners and Patients (as applicable) and other parties involved in the delivery of healthcare service such as pharmacies; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
We don’t share your health information without your consent. It can only be accessed by you and the people you tell us you want to share it with. As a Patient, you can choose to share your health information to certain Practitioners on the Platform.
Using our website and apps
We use cookies on our website to track your website usage and remember your preferences.
Our website includes pages that use cookies which are small files that store information on your computer, mobile phone or other device. We may use them to recognise you across devices and browsing sessions.
We may also use third party analytics tools such as Google Analytics, Meta Pixel, MixPanel or Segment to help us gather and analyse this information. [For example, our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics also uses cookies. Although these cookies do not identify you personally, they allow information about your use of our website (including your IP address and device ID) to be transmitted to Google. For more information, please see Google’s site “How Google uses data when you use our partners’ sites or apps”, located at www. google.com/policies/privacy/partners/. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.]
You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. If you refuse the use of cookies in this way you may not be able to access the full functionality of our website. Please refer to your internet browser’s instructions or help screens to learn more about these functions. Our website may contain links to websites operated by third parties. Those links are provided for your convenience and may not remain current or be maintained. We have no control over and are not responsible for any content or privacy practices of those linked websites. As the privacy policies that apply to those other websites may differ substantially from ours, we encourage you to read them before using those websites.
How do we protect your information?
We take a number of measures to keep your information safe.
We generally hold personal information in our electronic databases. Our website and Platform and our working environment are built with integrated physical, electronic and managerial processes designed to safeguard your information and protect it from misuse, interference loss and unauthorised access, modification or disclosure. Here are some of the key things we do to protect your information.
| Category | Details |
|---|---|
| Staff training | We put our staff through training about how to keep your information safe and secure at all times. |
| Secure storage and handling | We use a combination of techniques and measures to maintain the security of our website and Platform and to protect your account and your information. |
| Destroying or de-identifying your information | We only keep your information for as long as we need it or are lawfully required to keep it. |
Heidi Health will handle your personal information in accordance with their respective privacy policy.
What are your rights in relation to your information?
You have rights in relation to your personal information. You can contact us to exercise any of your rights in relation to your information.
Here are the things you can ask us to do in relation to your information at any time while you use our website, Platform or other services.
| Category | Details |
|---|---|
| Access | You can request a copy of your information. |
| Correct | You can ask us to correct or update your information. |
| Complaints | You can express your concerns or complaints to us about your privacy or the way we are handling your information. We take your concerns seriously and will seek to fix any problem as soon as possible. |
Where we are not able to fulfil your request to access, correct or delete your personal information for a legal or other reason, we will let you know why. We may also need to verify your identity when you request your personal information.
If you’re not happy with the way we handle your query or handle your information (including our response to your request to access, correct or delete your personal information), you have a right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by visiting the OAIC website.
Personal Information Security
All transactions between consumer and the Platform are made through securely encrypted channels. You can find the security features in the Zali Health Record. Your highly sensitive personal information gathered by the Platform is kept securely with their commitment to confidentiality and abundance of resources in their security assets.
Employees
| Category | Details |
|---|---|
| Your general personal information | This includes information or an opinion about you that is reasonably identifiable. For example: your name, address, age or date of birth, contact number, email address and image. |
| Educational and social information | This includes details of your education, references from your institutions of study, and information relating to your interests and extra-curricular activities. It also includes lifestyle information and social circumstances, for example ‘life events’ such as marriage, divorce, bereavement, or adoption or birth of children. |
| Sensitive information | This includes information concerning your health and medical conditions, certain criminal convictions and offences, racial or ethnic origin, religious or philosophical beliefs, sexual orientation. |
| Financial information | This includes your bank account number, tax identifier and status (including residence status), and credit checks (where required). |
| Work related information | This includes details of your work history, professional activities and interests, involvement with and membership of industry bodies and professional associations and any personal information captured in the work product(s) you create while employed by us. |
If you are a current or former employee and you have any questions in relation to our handling of your personal information, please contact us at: support@zalihealth.com.au
Changes to this policy
If we need to change this policy in a way that affects the way we handle your information, if you use our Platform, you’ll receive an alert through the Platform the next time you log in. We will also publish the changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
Data Security
The Platform stores and utilises your sensitive user data in accordance with the Australian Government approved cryptographic algorithms.
This data is used in accordance with the Terms of Use. The data depicts the duration of accessing various screens within the Platform, device location and information about your device system and application software. This aids in identifying the usage between the parties of the consumer and the Platform.
The data collected is classified by Google as ‘sensitive user data’ and is protected with Australian Government approved cryptographic algorithms using HTTPS in transit.
Retention and Discarding Data
The Platform stores and utilises your sensitive user data in accordance with the Australian Government approved cryptographic algorithms.
All data stored with the Platform including backup, retention and destruction is subject to auditing in accordance with our policies.
Sensitive data collected is then stored in a secure environment within the Platform.
Platform Data Monetisation
The Platform is unable to monetise or sell any personal or sensitive user data collected via the Platform under any circumstances. All sensitive information is protected.
Authority to collect, use and disclose sensitive data
In specific circumstances your sensitive data stored on your Zali Health Record may be disclosed to relevant parties. Under the Privacy Act the following disclosures are permitted to an Australian entity, and in rare cases an overseas entity:
- Authorised or nominated representative
- Another individual or entity with your consent
- Another individual or entity with your consent, when the purpose of usage is limited to the extent reasonable and necessary for initial purpose of collection of sensitive data
- The disclosure is in relation to a Permitted General Situation under the Privacy Act
- The disclosure is in relation to a Permitted Health Situation under the Privacy Act
- The disclosure is limited to necessary enforcement conducted by or on behalf of an enforcement body
The Platform will not disclose information regarding the device location and information about your device system and application software to another entity unless required by law.
Deletion of the Platform
At any given time, you may delete the Platform from your device without penalties including financial or data loss.
The deletion of the Platform does not affect your Zali Health Record and you can still gain access to your Zali Health Record from your device web browser. Your device does not store the interactive data between the Platform and the Zali Health Record system.
Information that has been collected, downloaded, or shared from the Platform prior to deletion, will not be recalled or deemed unable to access upon deletion of the Platform. The recipient(s) of information shared via the device will remain available.
Reinstallation of the Platform
Reinstallation of the Platform is possible at any time and available on the same device as well as alternative devices. Due to privacy and security of storage of data, there will be no records of previous usages of the deleted the Platform available.
Related Companies
We are related to Zali Services Pty Ltd ACN 659 469 744 and Oscer Enterprises Pty Ltd ABN 57 620 824 900
Find out more
You can find out more about the various privacy laws and other rules, regulations and standards we’ve mentioned in this policy by visiting the website of the Office of the Australian Information Commissioner.
