But first, our privacy policy

At Rosemary, your privacy comes first. We place you, and your right to control your information, at the centre of our platform.

1. We're here to help. Get in touch.

First things first – we want to let you know that you can get in touch with us at any time about the way we handle and safeguard your information.  If you want to talk to us, ask us questions, update your information, register a concern, opt out of marketing or anything else – we're just a call or a few clicks away. 

You can get in touch with us directly:

Emailhello@rosemaryhealth.com.au
Onlinewww.rosemaryhealth.com.au

2. About Rosemary

At Rosemary, securing your trust, protecting your privacy and ensuring that you control the way your information is used is our number one priority. Your consent is key. 

We mean what we say 

In this policy, when we say: 

3. What information do we collect?

When you use the Rosemary platform, we collect and hold three categories of information.

Your health informationIncludes any health information that you or your trusted carer choose to contribute directly to the Rosemary platform.
Your general personal informationInformation or an opinion about you, which identifies you or from which your identity is reasonably identifiable.

includes non-health information that you contribute directly to the Rosemary platform or that you authorise us to collect on your behalf from our trusted partners (i.e. other than your health information). For example, your name, address, contact number and email, device ID, IP address, web log-in information, details of the services you make enquiries about.
Information collected for business improvementWe may de-identify your general personal information (but not your health information without your consent, as we've described above), and use it in aggregate form to conduct analysis on how our platform is being used in order to improve our services and provide benefits back to our users.

When we refer to 'de-identified' information, we mean information that has undergone a process of removing all personal identifiers that can reasonably identify you. When we use this information for the purposes of business improvement, it is always in de-identified form.

We may also collect de-identified information via cookies on our website, such as your browser type, operating systems and other websites visited, but these do not contain any of your personal information and will not be used to link back to you individually.

4. How do we use your information?

Where it is reasonably practical to do so, we will collect your information directly from you via our website or as a result of you using our services. Our Partner Doctors or Partner Practitioners may also collect and hold your health or personal information.

We may also collect your information from publicly available sources and third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners.

If we collect information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.

Where you do not wish to provide us with your information, we may not be able to provide you with requested goods or services.


5. Do we use your information?

Your health information

At Rosemary, we pride ourselves on creating an environment that puts you in control of your health information and the ways it is used to provide safe, personalised care and other benefits to you.

For this reason, it is part of our service promise that we don't use your health information for any purpose without you to use it in that way. 

If we ever want to use your health information for a new or different purpose, we won't do so without first sending you a positive alert and obtaining your consent.  Even once you've provided your consent for use, you can withdraw it at any time. 

As well as getting your consent, we always handle your health information in accordance with our applicable legal requirements, our relevant obligations when we collect your health information from our trusted partners (with your authorisation).  

Before you provide your consent, you should know that we may need to respond to legal requests for information (like any company does). Section 10 tells you how we respond to those types of requests. 

Your general personal information 

We use your general personal information to enable you to access the Rosemary platform and to deliver and improve our products and services. Breaking this down, we use your general personal information to:

6. Do we use your health information for marketing?

If you do expressly consent to us using or disclosing your health information or your general personal information for marketing,

From time to time Rosemary will send you information to tell you about the services we offer on our platform.

We will not sell or give your information to others to market their products or services to you.

We will contact you via the preferred communication method you nominate through the Rosemary platform.  We'll always conduct our marketing practices in accordance with privacy laws and other applicable legal and ethical frameworks.  

You can opt out of marketing communications at any time - either by using the unsubscribe facility in the relevant message, updating your notification preferences in your account settings or by contacting us (it's easy – see section 1).

If you are not yet a registered Rosemary user, then we may market our services to you generally – including via social media, advertising through our website or through third party websites and other digital or non-digital platforms.  We'll always do this in accordance with our legal requirements and only with our trusted partners.


7. Where do we store your information?

We store your personal information in Australian servers and in accordance with all applicable laws.

We also store your information in servers run by Segment.io, Inc.

We retain full control over the information we store in Segment’s servers and Segment can only process the information we provide them based on our written instructions. Segment is also required to delete any information we provide to them whenever we ask them to.

Segment is based in California, which has strict protection for personal information. However, because it based overseas, Segment is not subject to the Australian Privacy Principles, in particular APP 8. 

By signing up to Rosemary, you consent to us storing your information with Segment and acknowledge that you understand that APP 8 does not apply.


8. Who do we share your information with?

We share your information with our trusted partners who help us to deliver our products and services.

Generally, these third parties are service providers we engage to assist us to deliver services to you and manage the Rosemary platform. These include (not limited to) Partner Doctors, Partner Practitioners, payment system operators.

We only share information with our trusted partners for the purposes that we collected the information for.

We also ensure that all our trusted partners protect your information from unauthorised loss or unauthorised access. 



9. How do we protect your information?

Security is paramount to the Rosemary platform. 

We have carefully crafted the Rosemary platform and our working environment with integrated physical, electronic and managerial processes designed to safeguard your information and protect it from misuse, interference loss and unauthorised access, modification or disclosure. 

We've also designed the platform within the spirit of the European General Data Protection Regulation (GDPR) – regulation that contains some of the strictest privacy and data security standards in the world.  For example, we give you the right to ask us to delete your data and we employ a dedicated Data Protection Officer, which are principles designed to respect your right to control your information and feel safe about the way we handle it.   

Here are some of the key things we do to protect your information.

Staff trainingWe put our staff through robust training, regularly, about how to keep your information safe and secure at all times.
Password protectionWe ask you to set up a secure password to use the Rosemary platform and there are no automatic log-ins without it. If you need to change your password, we use reliable authentication methods to make sure it's you.
Secure storage and handlingWe use a combination of firewall barriers, encryption techniques, data segregation techniques, backup and authentication procedures to maintain the security of the Rosemary platform and to protect your account and your information.
InteroperabilityWe comply with robust interoperability requirements that aim to protect the flow and transfer of your data.
Destroying or de-identifying informationWe only keep your information for as long as we need it or are lawfully required to keep it.
ISO 27001Our secure cloud is ISO 27001 certified, a global information security standard that provides internationally recognised requirements for information security management systems.

10. What are your rights in relation to your information?

Your health information and your general personal information is not ours. Here are the things you can ask us to do in relation to your information at any time while you use the Rosemary platform.

AccessYou can request a copy of your information, and to ask for it in a format that can be easily reused or transferred to another person or trusted healthcare provider.
CorrectYou can ask us to correct or update your information.
DeleteYou can ask us to delete your information.
ComplainYou can express your concerns or complaints to us about your privacy or the way we are handling your information. We take your concerns seriously and will seek to fix any problem as soon as possible.

Where we are not able to fulfil your request to access, correct or delete your health information or your general personal information for a legal or other reason, we will let you know why.    

If you're not happy with the way we handle your query or handle your information (including our response to your request to access, correct or delete your health information or your general personal information), you have a right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by visiting the OAIC website. Links to the OAIC websites are provided in section 13 below.

To exercise any of your rights in relation to your information, you can contact us (it's easy – see section 1).


11. Law enforcement

We want to be clear with you – from time to time, we may be compelled by a law enforcement agency to disclose your health information or your general personal information in a way that you have not expressly consented to in accordance with this policy.

We can't control the formal scope of law enforcement requests that we receive – but we can tell you exactly what we do in order to respond to them. 

Whenever we receive a request from a law enforcement agency in relation to your information, our policy is to carefully test, on a case by case basis (and with assistance from our trusted law firm) the source of power that the agency is relying on, to ensure that it is a legitimate request under law. 

If we determine that the request is legitimate, then of course we will comply with our legal requirements and grant access only to the extent necessary to satisfy the purpose of the request. Where the law permits us, we will notify you about our response to the request and where permitted, the enforcement agency to whom your information has been disclosed.  


12. Changes to this policy

We reserve the right to change the terms of this Privacy Policy from time to time, without notice to you. An up-to-date copy of our Privacy Policy is available on our Website and we encourage you to check our website periodically to make sure you are aware of our current Privacy Policy.

13. Find out more

You can find out more about the various privacy laws and other rules, regulations and standards we've mentioned in this policy by following the links below.

‍‍
Privacy Act Privacy Act 1998 (Cth): http://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/
OAIC Privacy Act page: https://www.oaic.gov.au/privacy-law/privacy-act/
OAICOAIC home: https://www.oaic.gov.au/
APP (Australian Privacy Principles) Guidelines: https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/
Contact and complaints: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint
NSW Privacy CommissionerContact and complaints: https://www.ipc.nsw.gov.au/privacy/citizens/make-complaint