Contact our Sales Team at

sales@evidentli.com

Privacy Policy

Version 1.0 - 1 August 2023

1. About this Privacy Policy

1.1
We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth).

1.2
If we decide to change this Privacy Policy, we will post the updated version on this webpage so that you will always know what personal information we gather, how we might use that information, where we store it and whether we will disclose it to anyone. Our policy is to be open and transparent about our privacy practices.

1.3
This Privacy Policy only applies to personal information that we collect in the course of licensing, supporting and maintaining our software platform known as Piano. It also applies to personal information about prospective customers that is supplied to us via forms on our website at evidentli.com or otherwise when a prospective customer requests information about Piano.

1.4
For the purposes of this Privacy Policy, personal information has the meaning given to it in the Privacy Act 1988 (Cth).

2. End user and data subject personal information

Piano is a software platform that can be used by our customers to manage and standardise complex healthcare data.
‍
2.2
Our customers are Australian and overseas companies. We licence our customers to use Piano.2.1

3. In this Privacy Policy, we refer to our customers’ personnel who use Piano as “end users”. We also refer to third parties whose health information may be held in or processed by a customer via Piano as “data subjects”. Our customers can host Piano in their own hosting environments and in third party cloud environments. We do not host Piano for our customers, other than for the purposes of Piano evaluations.

4. Customer responsibility for end user and data subject privacy

4.1
As a business that provides software that is designed to process large amounts of health information, we take our responsibilities in relation to data privacy very seriously.

4.2
We rely on our customers to obtain all relevant privacy consents and authorisations from all data subjects as required by applicable law in order for the personal information that is provided or made available to us by customers to be collected, disclosed and otherwise processed by us. We also rely on our customers to ensure that all of their end users’ and data subjects’ personal information that is accessed by us is accurate, up to date, complete, relevant and not misleading.

4.3
We encourage our customers to ensure that end users and data subjects are familiar with the applicable customer’s privacy policy, so that their end users and data subjects understand how they collect, use and otherwise process personal information about them whether via Piano or otherwise.

5. The types of personal information we collect and hold

5.1
We collect the following types of personal information:

Information collected via forms completed on our website at evidentli.com: We collect contact details of potential customers who enquire about our products and services via our website at evidentli.com.
Information collected when licensing Piano to a customer: We collect contact details of customer personnel including names and contact information of customer personnel who will become end users of Piano, when entering into an agreement with a customer for the customer to licence Piano from us.
Information about data subjects uploaded to Piano: We collect personal information and sensitive information including health information about data subjects when end users upload this information to Piano, but only if we host Piano during a customer evaluation of Piano.
Information collected during support and maintenance: In the course of providing our support and maintenance services to a customer we may access the customer’s copy of Piano (remotely or on site) or an evaluation version (including where hosted by us). The Piano database includes personal information about end users and data subjects, including health information about data subjects.

6. How we collect personal information

6.1
Our policy is to be completely transparent about how and why we collect personal information and not to collect personal information by means that are unfair or unreasonably intrusive.

6.2
We collect personal information in the manner set out above in clause 5.

6.3
We also collect personal information about our customers’ personnel and about prospective customers’ personnel in one or more of the following ways:

when they contact us with enquiries about our services, whether by email, via our website or via telephone;
during the preparation, negotiation and performance of our contracts that we enter into with customers and for billing purposes; or
when it is voluntarily disclosed to us (including, but not limited to via telephone, e-mail and online forms).

7. How we use personal information

7.1

We use personal information about customers’ end users and data subjects to enforce our legal rights, comply with our legal obligations and as otherwise set out in the following table:

Category	How We Use and Process Personal Information	Legal Basis
Personal information about prospective customers’ personnel	Notify prospective customers about our products and services. Follow up on requests submitted through evidentli.com or other enquiries regarding our products and services.	Necessary for our legitimate interests in operating, administering, and growing our business.
Personal information about customer end users	Set up evaluation versions of Piano for customers. Improve Piano. Carry out statistical analysis and data analytics. Provide support and maintenance services, including telephone and email support. Login to customer servers or computers to support and maintain Piano. Communicate with customers about current and prospective use of Piano. Discuss and implement software development requirements where applicable. Respond to help desk tickets, schedule upgrades, and configure customer copies of Piano. Send billing notices and process payments. Identify customers when they contact us for technical support. Administer contractual relationships and enforce contractual rights. Handle complaints.	Necessary for our legitimate interests in operating, administering, and growing our business. Performance and enforcement of contracts with customers. Compliance with legal and statutory obligations.
Personal information about data subjects	Host evaluation versions of Piano for customers. Improve Piano. After de-identification, use information for statistical purposes and data analytics. Provide support and maintenance services to customers. Login to customer servers or computers to support and maintain customer copies of Piano.	Necessary for our legitimate interests in operating, administering, and growing our business. Performance and enforcement of contracts with customers. Compliance with legal and statutory obligations.

8. How We Hold and Secure Personal Information

8.1

As noted above, we do not copy any data subject personal information from a customer’s copy of Piano to provide support or maintenance services, except where the customer provides us with prior written consent to do so.

8.2

Where we hold or store personal information referred to in Section 5, we may hold the information in our:

offices;
computer systems; and
third-party owned and operated hosting facilities (when we are hosting Piano).

In particular:

Hosting Providers

We use hosting facilities operated by reputable hosting providers, such as HubSpot, to hold end user information and data subject personal information.

Email Communications

Personal information provided to us via email is held on our servers or those of our cloud-based email providers, which have restricted access security protocols.

CRM and Marketing Platforms

We use third-party cloud-based customer relationship management (CRM) and marketing platform providers to hold personal information about current and prospective customers (but not data subject personal information).

Electronic Devices

Personal information is held on computers and other electronic devices in our offices and at the premises of our personnel.

Hard Copy Records

We hold personal information provided to us in hard copy in files and folders stored in secure locations.

8.3

We take reasonable steps to protect the personal information we hold using security safeguards appropriate to the circumstances against:

loss;
unauthorised access;
modification;
disclosure; and
other misuse.

We also implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful:

destruction;
loss;
alteration;
unauthorised disclosure; or
access to personal information transmitted, stored, or otherwise processed by us.

8.4

For example, we:

perform security testing and maintain electronic security measures such as passwords, anti-virus management, and firewalls;
maintain physical security measures in our buildings and offices, including locks, visitor access management, cabinet locks, surveillance systems, and alarms;
require all employees, agents, and contractors to comply with privacy and confidentiality obligations in their employment contracts and subcontractor agreements;
implement passwords and access control procedures across our computer systems; and
store hard copy personal information securely in files and folders.

Where we no longer require personal information, or where we are otherwise required to destroy it under applicable law, we ensure that such information is securely de-identified (where permitted by law) or destroyed.

9. Disclosure of Personal Information

9.1

We only disclose personal information referred to in Section 5 to third parties in the following circumstances:

Service Delivery

Where disclosure is required in order for us to provide services engaged by a customer, and the customer has consented to the disclosure.

Third-Party Contractors

When performing contracts, we may outsource certain obligations to third-party contractors in accordance with our contractual rights.

For example:

where we agree to host Piano during a customer evaluation, we may outsource hosting to a third-party hosting provider; and
professional services provided by contractors may require access to personal information.

We ensure that all staff and contractors:

are aware of their information security responsibilities;
receive appropriate training; and
enter into agreements requiring compliance with privacy and confidentiality obligations.

Marketing Services

We may outsource marketing activities to third parties. To enable them to perform these services on our behalf, we may provide contact details of prospective customers’ personnel.

Professional Advisors

We may disclose personal information to:

legal, accounting, or financial advisors;
insurers; or
debt collectors,

where necessary for advice, representation, or debt collection purposes.

Consent

Where a person has provided written consent to the disclosure of their personal information.

Protection of Vital Interests

Where disclosure is necessary to protect the safety or vital interests of any person.

Legal Proceedings

For proceedings before any court or tribunal that have commenced or are reasonably contemplated.

Research and Analytics

When we de-identify personal information and use it for:

research purposes;
statistical purposes;
improving Piano; or
carrying out data analytics.

Corporate Transactions

Where required in connection with:

a merger;
sale;
dissolution;
reorganisation; or
similar corporate event.

In such circumstances, personal information may be transferred to the surviving or acquiring entity, subject to the commitments in this Privacy Policy.

Legal and Regulatory Requirements

Where disclosure is required:

in response to lawful requests by public authorities;
for national security or law enforcement purposes;
under court orders or subpoenas; or
otherwise by law or regulation.

Overseas Service Providers

To our service providers and personnel who may be located overseas, as described in Section 12.

10. Third-Party Websites

10.1

Our website may include links to third-party websites.

Providing links to those websites does not mean that we endorse or recommend them.

We do not warrant or represent that any third-party website operator complies with applicable data protection laws.

Customers and end users should review the privacy policies of relevant third-party websites before providing personal information to them.

11. Interacting With Us Without Disclosing Personal Information

11.1

If a person does not provide us with personal information, they may only have limited interaction with us.

For example, a person may browse the public-facing areas of our website at evidentli.com without providing personal information.

However, when a person:

submits a form on our website; or
enters into a contract with us,

we need to collect personal information for identification purposes, service delivery, support and maintenance services, and the other purposes described in this Privacy Policy.

11.2

Any person has the option of not identifying themselves or using a pseudonym when contacting us to enquire about our services.

12. Offshore Disclosure

12.1

As a supplier of information technology services, including cloud services, we may retain personal information on servers located in various overseas countries.

We may disclose personal information to offshore service providers and personnel located in:

Australia;
the United States; and
the United Kingdom,

who assist us in providing software support and maintenance services to customers.

We may also use hosting providers that host personal information in Australia or overseas.

We will take reasonable steps to ensure that overseas recipients do not breach the Australian Privacy Principles in relation to personal information.

13. How to Access and Correct Personal Information Held by Us

13.1

Subject to verification of identity, individuals may contact us directly to access or correct personal information we hold about them.

13.2

We will handle all requests for access to personal information in accordance with our statutory obligations.

We may require payment of a reasonable fee for access requests, except where charging such a fee would be contrary to applicable law.

14. Retention and De-Identification of Personal Information

14.1

For the purposes of the Privacy Act 1988 (Cth), we may take reasonable steps to de-identify personal information where:

we no longer need it for the purpose for which it was collected or used;
the information is not contained in a Commonwealth record; and
we are not otherwise required by law, court order, or tribunal order to retain it.

For the purposes of:

improving Piano;
statistical analysis; and
data analytics,

we take all necessary steps to de-identify personal information and sensitive information relating to data subjects and end users.

15. Opt-Out for Direct Marketing

15.1

You may opt out at any time from the use of your personal information for direct marketing purposes by:

emailing us; or
clicking the “Unsubscribe” link included in our marketing emails.

16. Contact Details

16.1

Any person wishing to contact us regarding:

our privacy practices;
personal information we hold about them; or
a privacy complaint,

may contact us using the following details:

Privacy Representative

Evidentli Pty Ltd
privacy@evidentli.com

16.2

We will use our best endeavours to resolve privacy complaints within a reasonable timeframe, taking into account the circumstances.

This may include working collaboratively with the complainant to resolve the issue.

16.3

If a complainant is not satisfied with the outcome of a complaint, or wishes to make a complaint regarding a breach of the Australian Privacy Principles, they may contact the following authority:

Office of the Australian Information Commissioner

Telephone: 1300 363 992

Online Enquiries:
https://www.oaic.gov.au/about-us/contact-us

Online Privacy Complaint Form:
https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us

Address:
GPO Box 5288
Sydney NSW 2001
Australia

‍