streamline-iconstreamline-icon

Contact our Sales Team at

sales@evidentli.com

Contact us
Book a demo

Privacy Policy

Version 1.0 - 1 August 2023

1. About this Privacy Policy

1.1
We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth).

1.2
If we decide to change this Privacy Policy, we will post the updated version on this webpage so that you will always know what personal information we gather, how we might use that information, where we store it and whether we will disclose it to anyone. Our policy is to be open and transparent about our privacy practices.

1.3
This Privacy Policy only applies to personal information that we collect in the course of licensing, supporting and maintaining our software platform known as Piano. It also applies to personal information about prospective customers that is supplied to us via forms on our website at evidentli.com or otherwise when a prospective customer requests information about Piano.

1.4
For the purposes of this Privacy Policy, personal information has the meaning given to it in the Privacy Act 1988 (Cth).

2. End user and data subject personal information


Piano is a software platform that can be used by our customers to manage and standardise complex healthcare data.

2.2
Our customers are Australian and overseas companies. We licence our customers to use Piano.2.1

3. In this Privacy Policy, we refer to our customers’ personnel who use Piano as “end users”. We also refer to third parties whose health information may be held in or processed by a customer via Piano as “data subjects”. Our customers can host Piano in their own hosting environments and in third party cloud environments. We do not host Piano for our customers, other than for the purposes of Piano evaluations.

4. Customer responsibility for end user and data subject privacy

4.1
As a business that provides software that is designed to process large amounts of health information, we take our responsibilities in relation to data privacy very seriously.

4.2
We rely on our customers to obtain all relevant privacy consents and authorisations from all data subjects as required by applicable law in order for the personal information that is provided or made available to us by customers to be collected, disclosed and otherwise processed by us. We also rely on our customers to ensure that all of their end users’ and data subjects’ personal information that is accessed by us is accurate, up to date, complete, relevant and not misleading.

4.3
We encourage our customers to ensure that end users and data subjects are familiar with the applicable customer’s privacy policy, so that their end users and data subjects understand how they collect, use and otherwise process personal information about them whether via Piano or otherwise.

5. The types of personal information we collect and hold

5.1
We collect the following types of personal information:

  1. Information collected via forms completed on our website at evidentli.com: We collect contact details of potential customers who enquire about our products and services via our website at evidentli.com.

  2. Information collected when licensing Piano to a customer: We collect contact details of customer personnel including names and contact information of customer personnel who will become end users of Piano, when entering into an agreement with a customer for the customer to licence Piano from us.

  3. Information about data subjects uploaded to Piano: We collect personal information and sensitive information including health information about data subjects when end users upload this information to Piano, but only if we host Piano during a customer evaluation of Piano.

  4. Information collected during support and maintenance: In the course of providing our support and maintenance services to a customer we may access the customer’s copy of Piano (remotely or on site) or an evaluation version (including where hosted by us). The Piano database includes personal information about end users and data subjects, including health information about data subjects.

6. How we collect personal information

6.1
Our policy is to be completely transparent about how and why we collect personal information and not to collect personal information by means that are unfair or unreasonably intrusive.

6.2
We collect personal information in the manner set out above in clause 5.

6.3
We also collect personal information about our customers’ personnel and about prospective customers’ personnel in one or more of the following ways:

  1. when they contact us with enquiries about our services, whether by email, via our website or via telephone;

  2. during the preparation, negotiation and performance of our contracts that we enter into with customers and for billing purposes; or

  3. when it is voluntarily disclosed to us (including, but not limited to via telephone, e-mail and online forms).

7. How we use personal information

7.1
We use personal information about customers’ end users and data subjects to enforce our legal rights, comply with our legal obligations and as otherwise set out in the following table:

Category

Category

How we use and process that personal information

Personal information about prospective customers’ personnel

  • We use this information to notify prospective customers about our products and services and to follow up with them in response to requests that they may make to us via our website at evidentli.com or when they otherwise contact us to enquire about our products and services.

  • Necessary for our legitimate interests (in order to operate, administer and grow our businesses).

Personal information about customer end users

  • To set up an evaluation version of Piano for a customer.

  • To improve Piano.

  • For statistical purposes and to carry out data analytics.

  • To provide support and maintenance services to customers, including telephone and email support and to login to a customer’s server or computer to support and maintain the customer’s copy of Piano.

  • To communicate with customers about their current and prospective use of Piano, including to discuss and implement their software development requirements where applicable.

  • To provide customers with technical support and maintenance services including by responding to help desk tickets, scheduling upgrades and configuring their copies of Piano.

  • To send out billing information and notices and process payments.

  • In order to identify a customer when they contact us for technical support.

  • To administer our contractual relationships with a customer (and to enforce our contractual rights).

  • To handle complaints.

  • Necessary for our legitimate
    interests (in order to operate, administer and grow our businesses including to provide support and maintenance to customers who have licensed Piano from us, to provide access to evaluation versions of Piano that we host, to improve Piano and carry out data analytics and to ensure the successful delivery of our services).

  • Performance and enforcement of our contracts with our customers.

  • Compliance with our legal and statutory obligations.

Personal information about data subjects

  • To host evaluation versions of Piano for customers.

  • To improve Piano.

  • After de-identifying the information, for statistical purposes and to carry out data analytics.

  • To provide support and maintenance services to customers, including telephone and email support and to login to a customer’s server or computer to support and maintain the customer’s copy of Piano.

  • Necessary for our legitimate interests (in order to operate, administer and grow our businesses, provide support and maintenance to customers who have licensed Piano from us, to improve Piano, for statistical purposes and to carry out data analytics and in order for Piano to be evaluated by customers).

  • Performance and enforcement of our contracts with our customers

  • Compliance with our legal and statutory obligations.

8. How we hold and secure personal information

8.1
As noted above, we do not copy any data subject personal information from a customer’s copy of Piano to provide support or maintenance services, except where the customer provides us with their prior written consent to do so.

8.2
Where we hold or store personal information set out above in clause 5, we will hold the information in our offices, computer systems and third party owned and operated hosting facilities (when we are hosting Piano). In particular:

  1. we use hosting facilities operated by reputable hosting providers such as HubSpot to hold end user information and data subject personal information;

  2. personal information that is provided to us via email is held on our servers or those of our cloud-based email providers which have restricted access security protocols;

  3. we use third party owned cloud-based customer relationship management (CRM) and marketing platform providers to hold personal information about current and prospective customers (but not data subject personal information);

  4. personal information is held on computers and other electronic devices in our offices and at the premises of our personnel; and

  5. we hold personal information that is provided to us in hard copy in files and folders in secure locations.

8.3
We take reasonable steps to protect personal information that we hold set out above in clause 5 using such security safeguards as are reasonable in the circumstances to take, against loss, unauthorised access, modification and disclosure and other misuse, and we implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.

8.4
For example, we:

  1. perform security testing and maintain other electronic (e-security) measures for the purposes of securing personal information, such as passwords, anti-virus management and firewalls;

  2. maintain physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);

  3. require all of our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment contracts and subcontractor agreements that we enter into with them;

  4. implement passwords and access control procedures into our computer systems; and

  5. we hold personal information that is provided to us in hard copy in files and folders in secure locations.

  6. with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely de-identified (where permitted by law) or destroyed.

9. Disclosure of personal information

1.1
We only disclose personal information set out above in clause 5 to third parties as follows:

  1. where such disclosure is required in order for us to provide the services that a customer engages us to provide and the customer provides its consent to us in respect of the disclosure;

  2. when performing contracts, we may outsource certain obligations to third party contractors in accordance with our contractual rights. For example, where we agree to host Piano in connection with a customer’s evaluation, we will outsource the hosting to a third party hosting provider. In addition, professional services carried out by our third party contractors may require access to an individual’s personal information. We ensure that all staff and contractors are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations that apply to personal information that we provide to them;

  3. we may outsource the marketing of our products and services to third parties. In order for them to provide such services on our behalf we may provide them with the contact details of prospective customers’ personnel so that they can contact them to market and promote our products and services;

  4. when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we request their representation in relation to a legal dispute;

  5. where a person provides written consent to the disclosure of their personal information;

  6. where it is brought to our attention that specific personal information needs to be disclosed to protect the safety or vital interests of any person;

  7. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation);

  8. when we de-identify personal information and then use it for research or statistical purposes including improving Piano and carrying out data analytics;

  9. where required in connection with a merger, sale or corporate reorganisation;

  10. in the event of a merger, dissolution, reorganisation or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity, and in such case all such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set out in this Privacy Policy;

  11. when required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas;

  12. where otherwise required by law; or

  13. to our service providers and personnel who may be located overseas as set out below in clause

10. Third party websites

1.2
Our website may include links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection laws. Customers and their end users should consider the privacy policies of any relevant third party website prior to sending personal information to them.

11. Interacting with us without disclosing personal information

1.3
If a person does not provide us with their personal information, they can only have limited interaction with us. For example, a person can browse our public facing website at evidentli.com without providing us with personal information such as the pages that generally describe the services that we make available. However, when a person submits a form on our website or an organisation enters into a contract with us, we need to collect personal information for identification purposes, so that we can provide them with our support and maintenance services, and for the other purposes described in this Privacy Policy.

1.4
Any person has the option of not identifying themselves or using a pseudonym when contacting us to enquire about our services.

12. Offshore disclosure

1.5
As a supplier of information technology services, including cloud services, we retain personal information on servers that may be located in a number of overseas countries. We may disclose personal information to our offshore service providers and personnel (our personnel are located in Australia, the United States and United Kingdom) who assist us with providing software support and maintenance services that we are engaged to provide to our customers. We may use hosting providers who host that personal information in Australia or overseas. We will take reasonable steps to ensure that such overseas recipients do not breach the Australian Privacy Principles in relation to personal information.

13. How to access and correct personal information held by us

13.1
Subject to verification of your identity, you can contact us directly to access and correct personal information that we hold about you.

13.2
We will handle all requests for access to personal information in accordance with our statutory obligations. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law.

14. Retention and de-identification of personal information

14.1
For the purposes of the Privacy Act 1988 (Cth), we may take such steps as are reasonable in the circumstances to de-identify the personal information that we hold about an individual where we no longer need it for any purpose for which it was collected and/or used, if the information is not contained in a Commonwealth record and we are not required by Australian law (or a court or tribunal order) to retain it. For the purposes of improving Piano and for statistical purposes and to carry out data analytics, we take all necessary steps to de-identify the personal information and sensitive information of data subjects and end users that we collect.

15. Opt-out for direct marketing

15.1
You may opt out at any time from the use of your personal information for direct marketing purposes by emailing us or by clicking on the “Unsubscribe” link located on the bottom of any of our marketing emails.

16. Contact details

6.1
Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or to make a privacy complaint, may contact us using the following details: Privacy Representative Evidentli Pty Ltd privacy@evidentli.com

16.2
We will use our best endeavours to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.

16.3
If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:

Office of the Australian Information Commissioner
Telephone: 1300 363 992
Online Enquiries: https://www.oaic.gov.au/about-us/contact-us
Online Privacy Complaint Form: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us

Address: GPO Box 5288, Sydney NSW 2001, Australia

Questions?

We're happy to help.

Contact usBook a demo
Book a Demo
Evidentli-Logo
Address

Suite 516, 50 Holt Street
Surry Hills NSW 2010
Australia

Contact

info@evidentli.com

Book a Demo

©2022 by Evidentli.