Privacy Policy
Halo Connect Pty Ltd
Information Privacy Policy
Who we are
This web site (“the site”) and the Halo Connect Pty Ltd business are owned and operated by Halo Connect Pty Ltd (ABN 21 672 819 993) (“we,” “us”). This document describes our policy about our management of personal information.
What we do
Halo Connect operates on the medical practice's server through a single installation of Halo Connect and all associated modules allowing for Halo Connect to collect data and information stored within and transact with (write to) software owned by Practice Management Software vendors (PMSs) on behalf of approved third-party software integrators (Integrators). We refer to this service as the Halo Connect Services.
In respect of the Halo Connect Services, we are only the conduit for data and do not store information for longer than it takes to transfer data between the Integrator and the medical practice (or vice versa). We refer to this type of data (being all data transferred between Integrators and medical practices) as Medical Practice Data. Although Halo Connect may process personal information that is Medical Practice Data, we do not have access to this information nor do we have control over which Integrators it is disclosed to, except as instructed by the medical practice that disclosed the Medical Practice Data to us.
Currency and updates to this policy
This version of our policy is effective 10 November 2023. We may update this policy from time to time. Any updated policy will be published on the site – please check the site for updates.
Our approach to information privacy
We take personal information privacy seriously and comply with our obligations under applicable privacy legislation.
The kinds of personal information we collect and hold
As well as Medical Practice Data we may collect and hold information such as contact details from Integrators, contacts, suppliers and business partners, and accounting information used for our internal accounting records.
We may process, or collect and hold, technical information arising from use of our services and this site, including internet addresses and so-called cookies, which provide us with technical details about use of the site.
Because of the nature of the Halo Connect Services, the Medical Practice Data we collect and process may include sensitive information such as health information about individuals when that data is disclosed to us by medical practices or Integrators for the purpose of using the Halo Connect Services. The steps we take to protect that kind of information is discussed in the section below on ‘how your personal information is protected.’
How your personal information is protected
We use appropriate tools and procedures to protect the confidentiality of the personal information we process. We use a tier-one service provider for data processing services.
We use industry-standard encryption technologies to protect data during communication. We use access controls and audit records (among other security tools and technologies) to protect the data processed by us. Halo Connect does not have access to Medical Practice Data. In respect of all other personal information we may hold, we train our staff who handle personal information on the importance of maintaining the confidentiality of personal information and the privacy of individuals. All employee devices are secured and monitored with device management software, and employees are required to undergo regular security training. All employees must pass criminal background checks.
You can choose not to provide your personal information to us, but generally the information we request from you is required in order for us to provide you the goods and services we offer. You may withdraw your consent to use or disclose your personal information at any time. To withdraw this consent please contact us at the details below. Please note that withdrawing your consent may mean that we are unable to provide you with our services.
How we collect and hold personal information
We collect and store contact details such as names, addresses, email addresses and phone numbers, from our clients, potential clients, contacts, suppliers and business partners in the general course of operating our business.
We collect Medical Practice Data stored in PMSs through the installation of the Halo Connect Services on the medical practice's server. We only process Medical Practice Data that is sensitive information such as health information under contract in our capacity as an outsourced IT services provider to Integrators. That information is digitally made available by medical practices or Integrators, at their request to provide connectivity between them. Sensitive information such as health information is not collected or used by us in any other way or for any other purpose.
There may be circumstances when we collect personal information from someone other than the individual concerned, for example, through a referral. We endeavour to contact and notify the individual concerned of the circumstances of such collection where it is reasonable to do so.
If you’re someone who doesn’t have a relationship with us, but believe that a medical practice or Integrator has made your personal information available to us without your consent, you’ll need to contact that medical practice or Integrator for any questions you have about your personal information (including where you want to access, correct, amend, or request that the user delete, your personal information).
The purposes for which we collect, hold, use and disclose personal information
We collect, hold and use personal information for the purpose of providing our services, communicating with Integrator and potential Integrator, suppliers and contacts (including periodic marketing contact), and for the purpose of managing the provision of the Halo Connect Services.
We may also use personal information where necessary in order to comply with our legal and regulatory obligations.
Who do we disclose personal information to?
Personal information disclosed to us by a medical practice and/or Integrator is not stored by Halo for longer than it takes to transfer data between the Integrator and the medical practice (or vice versa).
We are not responsible for the medical practice and/or Integrator use of the data or what happens once the request is transferred from our systems.
We use tier-one service providers for orchestration and processing of data (and in respect of processing of sensitive information, only providers in Australia).
We may, from time to time, disclose information to professional advisers for the purpose of obtaining advice. We may provide information to law enforcement agencies if requested, or if we believe unlawful activity has taken place.
Overseas recipients
In respect of sensitive information such as health information provided to us by medical practices, we use technical infrastructure (cloud storage and processing providers) located in Australia. We do not, as a matter of strict policy, disclose such personal information to any overseas recipients and do not store this information.
Other information such as contact and accounting information, may be stored and processed by us using infrastructure providers outside Australia.
We do not otherwise disclose personal information to any recipient outside Australia.
The Privacy Act 1988 (Cth) (“the Act”) and corresponding Australian Privacy Principles (“APPs”) require relevant Australian entities to ensure that, before disclosing personal information overseas, reasonable steps are taken to ensure that overseas recipients do not breach the Act or the APPs (APP 8.1). It is not always possible to ensure that overseas recipients will comply. We do not take any responsibility for the actions of overseas third party recipients of personal information. By agreeing to this Privacy Policy you are agreeing that your personal information may be disclosed overseas and that APP 8.1 will not apply to that disclosure. This means that you will not have recourse against us under the Act in the event that an overseas recipient of your personal information breaches the APPs.
Direct marketing
We do not, under any circumstances, use any personal information provided to us by medical practices for direct marketing. Halo Connect does not have access to any Medical Practice Data.
We may occasionally send product and service updates to Halo Connect contacts, clients and potential clients whose contact details we hold. Individual recipients can opt-out of receiving that kind of contact at any time.
Dealing with us anonymously
People have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
Job applicants
When you apply for a job with us, we will generally collect the personal information that you include in your application, such as your contact details, career history and education details. We may also collect sensitive information from you, for example, medical information or criminal history, if it is relevant to the role that you are applying for. We will only collect such sensitive personal information where you have consented to us doing so.
We may also obtain personal information about you from third parties with your consent, for example, from your previous employers or nominated referees. We collect personal information for the purpose of assessing and progressing your application. We will hold your personal information for future job opportunities with us unless you tell us not to.
We may disclose your personal information to our related entities, your referees and also to third-party suppliers that we use to help with our recruitment processes, such as recruitment agencies and organisations that conduct competency or psychometric tests. We may also disclose your personal information to law enforcement agencies to verify whether you have a criminal record.
Incident Response
In the event of a detected breach of data, Halo Connect will notify government bodies and affected medical practices and Integrators as per Australian Privacy Principals. Breaches will be investigated internally first and referred to external specialists if the breach may constitute damages as per recommended practices by the Office of the Australian Information Commissioner (OAIC).
How to access and correct your personal information
We can be contacted by email at info@haloconnect.io to request access to or correction of personal information held by us. In accordance with applicable legislation, there may be a fee for our work effort in providing access to the detailed personal information we hold about individuals from our internal records.
How to complain about privacy and how we deal with complaints
Enquiries about our management of personal information, complaints about a breach of the applicable legislation, or feedback about the site’s privacy policy and management, should be directed initially to info@haloconnect.io. Privacy enquiries and complaints will be considered by an appropriate officer within our organisation, and we will respond to enquiries and deal with any complaints promptly and fairly, in accordance with our legal obligations.
If you are still not satisfied you can contact the Australian Privacy Commissioner (see https://www.oaic.gov.au/about-us/contact-us/ or call 1300 363 992)
How to contact us
We can be contacted by email at hello@halconnect.io
Halo Connect Pty Ltd
21 November 2023