Privacy Policy

1. Overview

Thank you for using the Updoc platform provided by Venture Startups Pty Ltd (Updoc), a platform that connects individuals with (a) health practitioners for the purposes of the health practitioner running telehealth consultations and, if appropriate, providing other health services and (b) partner pharmacies enabling individuals to have some prescriptions filled and delivered to them. Your privacy is important to us and we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act), which includes the Australian Privacy Principles (APPs) and any related privacy codes.

This Policy outlines how we collect, use, disclose and store your personal information and lets you know how you can access that information. This Policy applies to our obligations when handling information in Australia.

Please read this Policy carefully and contact us using the details below if you have questions.

2. Consent

By providing personal information, you consent to us collecting, using, storing and disclosing your personal information in accordance with this Policy or as required or permitted by law. If you continue using our services, then we will treat your use as your consent to us handling your personal information in accordance with this Policy.

We will generally obtain consent from the owner of personal information to collect their personal information. Consent will usually be provided in writing; however, sometimes it may be provided orally or may be implied through a person’s conduct. We endeavour to only ask for your personal information if it is reasonably necessary for the activities that you are seeking to be involved in.

3. What personal information do we collect and why do we collect it?

About our users

Information Collected	Why we collect it	How we collect it
Your name, address, and contact details. Date of birth. Gender. Any photos or records that you upload, such as a medical record. Your device ID, device type and information, geo-location information, Internet Protocol (IP) address, standard web log information, browser session data, device and network information, statistics on page views, acquisition sources, search queries, browsing behaviour and information gathered through internet cookies. Information contained in any communications between you and us.	For the purpose for which the personal information was originally collected. To identify and interact with you. To perform administrative and operational functions, including training and quality assurance. To comply with any legal requirements, including any purpose authorised or required by an Australian law, court or tribunal. For any other purpose for which you give your consent.	Directly from you when you: use our services; provide information to us on our platform; set up a profile with us; interact or share personal information with us via our social media; and communicate with us. Through our third party service providers Through audio-visual recordings of the consultations with health practitioners for quality and training purposes.

About our general users that may not have subscribed to our Service but interact with us

Information Collected	Why we collect it	How we collect it
Information you have provided in communications we have with you. Information you have provided in the platform before you submit it to us, such as through cart abandonment. Information about your access and use of our website, including browser session data, device and network information, statistics on page views, acquisition sources, search queries, browsing behaviour and information gathered through internet cookies.	To identify and interact with you. To perform administrative and operational functions.

About contractors or prospective staff members (including health practitioners)

Information Collected	Why we collect it	How we collect it
Your name, address, contact details (including email address and phone number) and date of birth. Your nationality and which countries you hold citizenship of. Educational details, such as schools you have attended, any qualifications you have received, transcripts and/or English language test results. Employment details, such as a CV, qualifications attained or examples of work. Any licences with relevant regulatory boards and/or other bodies, councils or authorities.	To enable us to carry out our recruitment functions. To correspond with you. To fulfil the terms of any contractual relationship. To ensure that you can perform your duties.

About partner pharmacies or prospective partner pharmacies and their representatives

Information Collected	Why we collect it	How we collect it
Your name, address, contact details (including email address and phone number) and date of birth. The name of your business and registration details. Any licences with relevant regulatory boards and/or other bodies, councils or authorities.	To assess potential contractual relationships. To correspond with you. To fulfil the terms of any contractual relationship. To ensure that you can perform your duties.

If you choose not to provide information as requested, we may not be able to service your needs. For example, it will not be possible for us to provide you with our service if you want to remain anonymous or use a pseudonym.

We sometimes receive unsolicited personal information. In circumstances where we receive unsolicited personal information we will usually destroy or de-identify the information as soon as practicable if it is lawful and reasonable to do so unless the unsolicited personal information is reasonably necessary for, or directly related to, our functions or activities.

4. Sensitive information

We may collect sensitive information from you. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

The types of sensitive information we may collect about you includes:

details regarding your medical history, symptoms, or any health information contained in any documents you upload. If you consent to providing us with this information, we will only use it for facilitating our provision of services and to enable you to use our platform. We may use a recording of the consultation for training and quality assurance purposes; and
personal identifying details such as your Medicare card number and details of any concession cards that you may hold.

You provide us with your sensitive information when you enter it onto our platform or have a consultation with a health practitioner. When you enter your health information, you are consenting to Updoc:

collecting and handling it in accordance with this Privacy Policy;
sharing it with the health practitioners and partner pharmacies who have agreed to our terms for the purpose of providing our services to you and the health practitioners, and to facilitate the health practitioner’s provision of their services to you, and for ongoing continuity of care; and
sharing it with our partner pharmacies if you elect to have your prescriptions filled by them for the purpose of dispensing and delivering your prescription medicines

If you do not agree to this, you should not provide us with your sensitive information.

5. Disclosing your personal information

We may disclose your personal information to the following third parties:

our business or commercial partners;
the health practitioners who have agreed to our terms;
the partner pharmacies who have agreed to our terms;
our professional advisers, dealers and agents;
third parties and contractors who provide services to us, including customer enquiries and support services, IT service providers, data storage, webhosting and server providers, marketing and advertising organisations, payment processing service providers;
payment system operators and debt-recovery functions;
third parties to collect and process data, such as Amazon Web Services, Microsoft Azure, Hotjar, Google Analytics, Airtable, Zapier or other third parties; and
any third parties authorised by you to receive information held by us.

We may also disclose your personal information if we are required, authorised or permitted by law.

Google Analytics: We have enabled Google Analytics Advertising Features including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, Google Display Network Impression reporting etc. We and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device

Overseas disclosure: We may send information to third parties that are located outside of Australia for the purposes of providing our services. These third parties are located in the United Kingdom and the European Union, although this list may change from time to time. Disclosure is made to the extent that it is necessary to perform our functions or activities.

6. Using your personal information for direct marketing

From time to time, and in support of our future development and growth, we may use your personal information to contact you to promote and market our products and services.

You can opt-out from being contacted for direct marketing purposes by contacting us at contact@updoc.com.au or by using the unsubscribe facility included in each direct marketing communication we send. Once we receive a request to opt out from receiving marketing information, we will stop sending such information within a reasonable amount of time.

7. Security

We take all reasonable steps to protect personal information under our control from misuse, interference and loss, and from unauthorised access, modification or disclosure. We hold your personal information electronically in secure databases operated by our third-party service providers.

We protect the personal information we hold through a number of different layers including:

encrypted browsing through HTTPS;
storing authentication details, such as passwords, in hashed or non-reversible formats;
actively monitoring errors and logs using industry level tooling;
operating within a secure cloud environment; and
relying on TLS security to interact with the databases.

Our servers are hosted with Amazon Web Services and Microsoft Azure and we use the provided security functionality and monitoring to detect and prevent persistent access to rogue services. Server access and deployment are limited to revocable access keys that can only be regenerated on a master account. Access to servers can only be gained by using industry standard encryption keys that are generated and regularly updated, including when employees leave Updoc.

User logs redact certain types of information, such as passwords, before they are logged to prevent user information leaking to third parties.

Servers and databases are limited to internal access only to prevent database access to the public, unless it relates to certain whitelisted services or for monitoring and troubleshooting.

While we take reasonable steps to ensure your personal information is protected from loss, misuse and unauthorised access, modification or disclosure, security measures over the internet can never be guaranteed. The transmission and exchange of information is carried out at your own risk.

We encourage you to play an important role in keeping your personal information secure, by maintaining the confidentiality of any passwords and account details used on our website.

8. Accessing or correcting your personal information

If you would like to access your personal information, please contact us using the details below. In certain circumstances, we may not be able to give you access to your personal information, in which case we will write to you to explain why we cannot comply with your request.

We try to ensure any personal information we hold about you is accurate, up-to-date, complete and relevant. If you believe the personal information we hold about you should be updated, please contact us using the details below and we will take reasonable steps to ensure it is corrected if appropriate. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

9. Destroying or de-identifying personal information

We destroy or de-identify personal and sensitive information when we no longer need it unless we are otherwise required or authorised by law to retain the information. This includes adhering to any applicable National or State laws that require the retention of personal and sensitive information, including but not limited to health information.

10. Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

11. Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

12. Making a complaint

If you believe your privacy has been breached or you have a complaint about our handling of your personal information, please contact us using the details below.

We take privacy complaints seriously. If you make a complaint, we will respond within 5 days to acknowledge your complaint. We will try to resolve your complaint within 30 days. When this is not reasonably possible, we will contact you within that time to let you know how long we will take to resolve your complaint.

We will investigate your complaint and write to you to explain our decision as soon as practicable.

If you are not satisfied with our decision, you can refer your complaint to the Office of the Australian Information Commissioner by phone on 1300 363 992 or online at www.oaic.gov.au.

13. Changes

We may, from time to time, amend this Policy. We will notify you of any changes to this Policy and any changes to this Policy will be effective immediately upon the posting of the revised Policy on our website. By continuing to use the services following any changes, you will be deemed to have agreed to such changes.

14. Contact us

All questions or queries about this Policy and complaints should be directed to:

Privacy Officer
Email: privacy@updoc.com.au

This Policy was last updated in June 2023.