This statement defines our approach to the collection and use of your personal information, and outlines your options for interaction with us.
Last updated: 12th December 2018
Who are ‘we’?
Who are ‘we’? When we refer to ‘we’ (or ‘our’ or ‘us’), that means KPI Reporting Pty Ltd & Up Keeping Pty Ltd (ABN 54 889 902 059) trading as C-Suite Reporting and all its wholly owned subsidiaries. Our headquarters are in Melbourne, Australia and our Address details for our offices are available on our Contact us page. We provide an easy-to-use online reporting platform for medical practices and their advisors. If you want to find out more about what we do, see the Home C-Suite Reporting page.
What is Personal Information?
The Privacy Act 1988 (Privacy Act) regulates how personal information is handled. The Privacy Act defines personal information as:
…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.
The Privacy Act includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian and Norfolk Island Government agencies. These are collectively referred to as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.
C-Suite Reporting understands the importance of protecting your privacy and we are committed to dealing with your personal information and sensitive information responsibly, and in accordance with the Privacy Act, the Australian Privacy Principles, and any other applicable privacy and health data protection laws.
What Personal Information we collect and hold
C-Suite Reporting designs, develops, markets and supports medical practice management software throughout Australia. We collect and use personal information in order to provide our products and services to customers and to assist our customers’ and relevant stakeholders in the understanding of their medical practice. Personal information may include, but is not limited to:
- your contact details including your name, billing and delivery address, e-mail address, contact phone and fax numbers, date of birth, your signature, and your elected user name and password;
- where you or your organisation is a customer, your financial information;
- where you or your organisation is a customer, we may also collect information about your financial situation, credit history or other types of credit related information about you;
- any other personal information you provide to us in relation to the Services.
How we collect your Personal Information
Generally, all personal information C-Suite Reporting collects is collected directly from you, with your consent or, where permitted by law from relevant third parties. Our policy is to collect only the personal information that we reasonably need for a particular purpose.
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:
Information you provide to us directly: When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up for a free demonstration, respond to a job application or an email offer, participate in community forums, join us on social media, take part in training and events, contact us with questions or request support. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.
Information we collect automatically: We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see).
Some of this information is collected using cookies and similar tracking technologies. Cookies are a small text file that our websites may place on your computer, and collect information such as your Internet Protocol address, your computer’s operating system, browser type and traffic patterns, and your user name or email address. You may adjust your Internet browser to disable cookies, or inform you when one is being used. If you choose to disable cookies, you may be unable to access certain areas of our website.
Information we get from third parties: The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.
Where we collect personal data, we’ll only process it:
- to perform a contract with you, or
- where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your consent.
If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you.
If you’re someone who doesn’t have a relationship with us, but believe that a C-Suite Reporting subscriber has entered your personal data into our websites or services, you’ll need to contact that C-Suite Reporting subscriber for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).
How we hold and store Personal Information
We take reasonable steps to ensure the personal information held by us is secured from such risks as loss or unauthorised access, destruction, use, modification or disclosure.
Our systems are password protected and comply with our security standards, and if personal information is held on paper files, it is stored in locked files on secure premises. We only permit personal information to be accessed by authorised personnel, and our employees, agents and contractors are required to comply with our privacy policies and respect the confidentiality of any personal information held by us. In this instance, any agent or contractor who has access to personal information we hold is required to protect this information in a manner that is consistent with our policy by, for example, not using the information for any purpose other than to carry out the service they are performing for us. We endeavour to develop and implement appropriate measures to safeguard the personal information we hold against unauthorised use or disclosure.
You should be aware that, when using our products and services, no data transmission over the Internet can be guaranteed as completely secure. We do not warrant the security of any information you transmit to us over the Internet and you do so at your own risk.
Access to and correction of Personal Information
We take reasonable steps to make sure that the personal information we collect, use and disclose is accurate, complete and up-to-date.
You may in some instances be able to access the information we hold about you. If you would like to access your personal information, please contact one of our Privacy Officers, who will explain how we will handle your access request. We will assume (unless you tell us otherwise) that your request for access relates to our current records about you.
In some circumstances, we may not permit access to your personal information, or may refuse to correct your personal information, including, but not limited to, where:
- giving access would have an unreasonable impact on the privacy of others;
- the information relates to existing or anticipated legal proceedings and the information would not be discoverable in those proceedings;
- giving access would be unlawful;
- denying access is otherwise required or authorised by law; or
- the request for access is frivolous or vexatious.
If we refuse to provide you with access to or correct your personal information, we will provide you with reasons for this decision in writing. In some circumstances where we correct a record, we may still require the retention of the original record.
Complaints and Concerns
If you have any questions or comments about this Privacy Statement, or if you wish to complain about how we have handled personal information about you, please contact one of our Privacy Officers as follows:
Lvl 1, 190 Queen St, Melbourne 3000
We ask that any complaint should be made in writing to us in the initial instance. We will then respond to your complaint in writing and in accordance with any timeframes required by law. We may request you to provide further information about your complaint to duly assess your complaint. If for any reason you do not wish to complain to us initially or if we are unable to resolve your complaint to your satisfaction, a complaint may also be made to the Office of the Australian Information Commissioner (http://www.oaic.gov.au).