Terms and Privacy Policy

Beamtree Holdings Limited (ABN 42 627 071 121) and all subsidiaries (Beamtree Pty Ltd. (ABN 91 073 973 430); Pavilion Health Australia Pty Ltd. (ABN 42 153 183 978); Pavilion Health Technology Pty Ltd. (ABN 27 139 588 088); Pavilion Health Services Pty Ltd. (ABN 11 139 519 912); Beamtree Europe PTE Limited (Company No. 482739); Ainsoff Pty Ltd. (ABN 47 631 233 344); Potential(x) Pty Ltd. (ABN 31 625 837 970); Potential(x) Wellness Pty Ltd. (ABN 52 634 781 258); Potential(x) New Zealand Ltd. (NZBN 94 290 4842 9992); Chappell Dean Pty Ltd. (ABN 21 062 345 117); and, Beamtree UK Limited (Company No. 13606318)) (collectively referred to as Beamtree) are committed to providing quality services to you and this policy outlines our ongoing obligations to you, in respect of how we manage your Personal Information.

In this Privacy Policy, a reference to:

Beamtree Europe and Beamtree UK refers specifically to our European and UK subsidiaries respectively (company details above);
You or your means the person whose information may be collected and dealt with under this Privacy Policy;
User means any person who uses our Services; and
Services means our website (http://www.beamtree.com.au) and our software solutions and services.

Where do we operate and what laws apply to us?

Beamtree operates in Australia, New Zealand, the UK and the European Economic Area. We are required to comply with the Privacy Law in each of those locations when we collect, use, disclose, store, secure and dispose of your Personal Information. The Privacy Law is:

for Australian individuals – the Privacy Act 1989 (Cth) (Australian Privacy Act), including the Australian Privacy Principles (APPs);
for New Zealand individuals – the Privacy Act 2020 (NZ Privacy Act); and
for UK and European individuals – the General Data Protection Regulation 2016/679, UK General Data Protection Regulation and the Data protection Act 2018, as relevant (collectively, the GDPR).

We take our privacy obligations seriously and have prepared this Privacy Policy to explain how we collect, hold, use and disclose your Personal Information in compliance with the Privacy Law. It is intended to ensure the open and transparent management of your Personal Information. If you are unable to properly view or print the Privacy Policy from your web browser, we will send you a copy by regular post, if you request that from our Privacy Officer. The contact details appear at the end of this Privacy Policy.

Please note that if you are based in the UK or EU then the ‘controller’, i.e. the organisation with legal responsibility for your Personal Information, will be Beamtree UK or Beamtree Europe respectively. Contact details for those entities can be found at the bottom of this Privacy Policy.

What is “Personal Information”?

Personal Information is defined under the Australian and New Zealand to mean information, including an opinion about identified, or reasonably identifiable, individuals.

When we refer to Personal Information, we also mean “personal data”, which is defined under the GDPR to mean any information related to a natural person that can be used to directly or indirectly identify the person.

This could be anything from a name, a photo, an email address, bank details, a post on a social networking website, medical information, or a computer IP address.

What types of Personal Information do we collect?

When you access our Services, as an individual or on behalf of one of our clients, or engage with us as a contractor or on behalf of one of our service providers, we may collect some of the following information, depending on the nature of your engagement.

Name, email address, phone numbers, and other relevant contact details.
Date of birth or age, and your gender
Job title, and the organisation you work or may have worked for
Bank account, credit details and other financial information, where provided for the purposes of delivering our Services.
Country and time zone.
Record and timestamp of logins and other access to our Services
A record of which content you have accessed in our websites and other platforms
Browser information
Events you have registered for
Marketing and other platform preferences
Dietary preferences
Your usage of and data supplied to mobile, online or desktop applications.
Usage data about what you do when you access our Services. This may include which web pages you visit, what you click on and when. It may also include your IP address, location.
Records of your conversations with us or using our platforms, such as via email, contact forms or through chat rooms.
Answers to online surveys
Notes made by staff relating to client, contractor or vendor management.

How do we collect Personal Information?

Directly from you

Where reasonable and practicable to do so, we will collect your Personal Information directly from you to conduct our business.

The Personal Information we collect to run our business is obtained in multiple ways, including when you contact us to request access to our tools and Services, interviews, correspondence, by telephone and by email, through our website, mobile apps and desktop applications and through forms and other correspondence.

Indirectly from other sources

In some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

When we collect Personal Information, we will where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Personal data that we have access to on behalf of our customers is obtained and managed by the customer and made available to us under contract for the specific purpose of that contract.

For example, we may collect Personal Information in the following ways:

From third parties but only if those third parties are lawfully permitted to share your information with us.
When you visit our website via a link on another website or an email, we record information about the source that referred you to us.
From your social media page, if you interact with us on social media, for example, if you send us a tweet on Twitter.
When you access our Services, our web servers keep log files that record usage data each time a device accesses our servers.

If you provide us with unsolicited Personal Information which is not lawful for us to collect, we will as soon as practical, destroy that information.

Cookies

We use various technologies to obtain usage data, including “cookies” and similar commonly used information gathering tools. Cookies are small files placed on the User’s local device during a visit to a website to allow fast, easy and meaningful navigation around the site. These technologies may be used by us or our service providers to analyse and track how Users use our websites. Standing alone, cookies do not identify you, they only recognise your browser. When you give us information, we can also send cookies to remember Users’ settings and preferences. Beamtree uses both session-only and permanent cookies, often depending on whether the use is casual or a more complex interaction (such as by a subscriber). To the extent that we use non-essential cookies, most notably Google Analytics when you use our website, then we will only do so with your consent.

We have access to some anonymised health information data on behalf of our clients. Any health information we hold is not Personal Information, because we cannot identify any individuals from it.

Where ever possible we endeavour to avoid copying and storing data within our systems, preferring to access data within the client’s infrastructure. If storage within the Beamtree infrastructure is required, we use aggregated data wherever possible, further anonymise and encrypt data to ensure identification of individuals is not possible.

What happens if you don’t provide us with your Personal Information or do not want us to use it for a specific purpose?

You are never required to provide us with your Personal Information when you deal with us. You may also, in certain circumstances, request that we do not use your Personal Information for a particular purpose. However, this may limit the way in which we can interact with you. For example, we may not be able to provide requested Services or products without the information needed to manage those services or products.

Why do we collect Personal Information and how do we use it?

Use of Personal Information

We collect your Personal Information for the primary purpose of providing our Services to you, to communicate with you and for our internal business purposes.

For example, we use your Personal Information to:

Provide Services to you. Allow you to create an account and log in, in order to obtain access to and use the Services and customer support.
Communicate with you. Contact you about your account via email, mail or telephone to tell you about certain things, such as changes to our Services or policies.
Market to you. Send you news and information (including direct marketing) about our Services that you either request from us, or we believe may interest you. You authorise us to use any email address or other contact information you provide to us at any time for this purpose. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe or opt out instructions included in those emails. You agree and acknowledge that even if you opt out of receiving marketing material, we will still send you essential information that we are legally required to send you relating to the services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of you request to be removed.
Analyse, aggregate and report. Internally analyse user behaviour so we can improve our Services. Some of these activities include monitoring, maintaining and improving our Services and features, personalising your experience, or creating new Services or features.
Recruit. Evaluate your application if you have applied for a position with us.

Who may have access to my information? To whom we may disclose your personal information?

We will share your Personal Information with third parties only in the ways that are described in this Privacy Policy or with your consent.

To provide you with our Services we will usually need to disclose your Personal Information to our staff and external service providers. Service providers are only authorised to use your Personal Information as necessary to provide services to us.

Sometimes we may need to disclose your Personal Information to other people or organisations, including:

Affiliates or associates of Beamtree, including investors or subsidiaries as the need to disclose may arise from a legal obligation we owe that entity.
Regulators, law enforcement agencies or other organisations that may need to be notified of or protected against fraudulent activities, or if you engage in or threaten any unlawful activity.
The Australian Stock Exchange, due to Beamtree’s status as a listed company or during merger activities in the event of a sale of all or a portion of Beamtree’s assets.
Your referees, former employers if you have applied for a position with us.

If you provide a testimonial in relation to our Services, we may, with your consent, publish it on the Beamtree website together with Personal Information such as your name and title.

Overseas disclosure of Personal Information

Your Personal Information is held on our secure computer systems which are primarily located in Australia. However, in order to provide our Services to our clients we sometimes use staff located in our overseas offices and service providers located outside Australia. Overseas staff are mainly located in the United Kingdom, New Zealand and Ireland.

There may be times when your Personal Information is transferred to or accessed by our affiliates, or service providers in those countries or other countries from time to time to help us to provide our Services (e.g. providing software support services to our clients).

We take reasonable steps to ensure that the overseas recipients of your Personal Information do not breach the privacy obligations relating to your Personal Information. In the event that Personal Information is transferred from the UK or Europe to Australia in order to provide Services to a particular client then we will do so if there is an appropriate safeguard in place as per the UK or EU GDPR (as applicable). Most notably, we rely on the approved standard contractual clauses for international data transfers.

How do we keep your Personal Information secure?

It is important to us to keep your Personal Information private and confidential. We take all reasonable steps to ensure that your information is handled securely, in accordance with this Privacy Policy and the generally accepted practices for security of data.

Personal Information we collect to run our business is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. We maintain physical, electronic and administrative safeguards to protect Personal Information from loss, misuse, unauthorised access, disclosure or alteration.

Retention of Personal Information

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be kept by us for a minimum of 7 years in accordance with applicable legal and regulatory obligations.

If we must store Personal Information, we only store the minimum amount needed to meet our contractual obligations or as otherwise reasonably required in connection with our business activities. We do not store patient or clinician names or addresses, we completely separate the identifying information from the information that will be used in any analyses.

If you apply for a position with us, and if your application is not successful in the first instance, we may retain your Personal Information for a limited period so that we can consider you for other positions that may become available.

Reporting Privacy Breaches

In the event of a breach of privacy affecting Personal Information data, Beamtree follows our Privacy Breach policy which includes that we will advise the necessary regulatory authorities within 72 hours of Beamtree becoming aware of such breaches. We will also, in certain circumstances, inform affected individuals.

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing using the contact details below.

In order to protect your Personal Information, we may require identification from you before releasing the requested information.

Maintaining the Quality of your Personal Information

It is an important to us that your Personal Information is up to date. We take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable, so we can update our records and ensure we can continue to provide quality Services to you. Please note however that we will only able to rectify your Personal Information if we are satisfied that is in fact inaccurate.

You are also entitled to ask us to erase the Personal Information we hold about you, although we are only required to give effect to such a request in certain circumstances (for instance where we no longer the Personal Information for the purpose it was originally collected).

Third party sites

You should be aware that your use of social media via our websites or via links to other websites is governed by the privacy policies of the third parties who operate those websites and not this Privacy Policy; we therefore recommend that you read the privacy policy of any website you visit. Beamtree does not review, approve or make any representations or warranties in relation to the privacy practices of any third-party website, and we are not responsible for the privacy policies or the content of any third-party website.

Privacy Policy Complaints and Inquiries

If you have any questions or concerns about our Privacy Policy or how we handle your information or if you believe we have breached the Privacy Law, you can contact our Privacy Officers using the details below.

If you’re in Australia or New Zealand:

Data Protection Officer
Beamtree Holdings Ltd,
Level 1, 16 Eveleigh Street,
Redfern NSW 2016,
Australia

Tel: +61 2 8313 9990
Fax: +61 2 9475 4146
Email: dpo@beamtree.com.au

If you’re in the UK or Europe:

Data Protection Officer
Beamtree UK Limited
Eastside, Kings Cross Station
London
N1C 4AX

Email: dpo@beamtree.co.uk

We will do our best to resolve your complaint as quickly as possible. However, if you are not satisfied with the outcome, you can refer your complaint to the regulator in your jurisdiction.

If you’re in Australia

Office of the Australian Information Commissioner:

access the online privacy complaint form at oaic.gov.au
call 1300 363 992
mail GPO Box 5218, Sydney NSW 2001.

If you’re in New Zealand

Office of the Privacy Commissioner

access the online privacy complaint form

If you’re in the UK or Europe

Information Commissioner’s Office

access the online privacy complaint form
call 0303 123 1113

Policy Updates

We may update this Privacy Policy from time to time, the most current version will be posted on our website. We encourage you to regularly review the Beamtree Privacy Policy. If we make any material changes to this Privacy Policy, we will provide notice of the revised policy on our website and, depending on the nature of the changes, may seek additional consents from you, or give you the option to delete your Personal Information. Your use of any of the Services after the posting of any changes to this Privacy Policy will constitute your consent to such changes.