Privacy Policy

1. Rosemary Platform

1.1. We, Rosemary Technologies Pty Ltd (ACN 619 254 125) , own and operate the Rosemary digital health clinic (Platform) and the website (Website).

1.2. The Platform facilitates confidential access to digital health services, including consultations with registered specialist general practitioners (Partner Doctors) and other registered health providers, such as nurses, pharmacists and pathology providers (Partner Providers).

1.3. We are committed to protecting your privacy and ensuring that you control the way your information is used. Your consent is key; we take your privacy seriously.

1.4. This privacy policy explains what information we collect about you, how we may use it, and the steps we take to ensure that it is kept secure.

1.5. You can contact our privacy officer using the following details:

Contact PersonThe Privacy Officer
Phone Number1800 519 607
Postal AddressLevel 8, 11 York Street, Sydney NSW 2000

1.6. The Website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained.  We are only responsible for the privacy practices and security of our Website. We recommend that you check the privacy and security policies and procedures of other websites that you visit.

2. Information we collect

2.1. We collect personal information about you from our interactions with you including through our Website, Platform, telephone conversations with us, e-mails and written and verbal communications.

2.2. When you use the Platform, we collect and hold three categories of information:

Personal Health InformationThis means information about your past, present or future health; the provision of healthcare to you; or the payment for the provision of healthcare to you.

This may be information you provide to us via the Platform or information provided by a Partner Doctor or Partner Provider through the Platform in the course of delivering services to you.
General Personal InformationThis means any information or opinion about you, which identifies you or from which your identity is reasonably identifiable but does not include any Personal Health Information.

This includes non-health information that you contribute directly to the Platform or that you authorise us to collect on your behalf from third-parties (e.g. your name, address, contact number and email, device ID, IP address, web log-in information, details of the services you make enquiries about).
De-Identified InformationThis means information about you that has undergone a process of removing all personal identifiers that can reasonably identify you.

We may de-identify your General Personal Information and your Personal Health Information to conduct analysis on how the Platform is being used. We do this to improve the Platform and provide benefits back to our users. All information used by us for the purposes of business improvement is always in de-identified form.

We may also collect de-identified information via cookies on the Website. This information includes your browser type, operating systems and other websites visited. This information does not include any of your personal information and will not be used to link back to you individually.

2.3. We primarily collect information about you from:

a) you, when you use the Platform and/or the Website;

b) you, when you contact us (whether by telephone, email or through the Platform or Website);

c) any person who, on your behalf and with your consent, provides information about you; and

d) any healthcare provider or pharmacist from whom you obtain services through the Platform.

2.4. We may also collect information about you from publicly available sources and third parties. If we do so, we will, where appropriate, request that the third party inform you that we hold such information, how we will use and disclose that information, and how you may contact us to gain access to, correct and/or update that information. This information will not include Personal Health Information unless it comes from a healthcare provider or pharmacist nominated by you.

3. Use of your information

3.1. Your General Personal Information collected by us and De-Identified Information collected or generated by us may be used or disclosed:

a) to communicate with you;

b) for record keeping purposes;

c) as required to provide to you the functionality of the Website and the Platform (e.g. to connect you to a healthcare provider or pharmacist through our Platform);

d) to enable a Partner Doctor or Partner Provider who is providing services to you through the Platform to provide those services;

e) as required for delivery of the service provided through our Platform (but not by us) to you, including sharing of your address and phone number with third-party providers for the purposes of parcel delivery and tracking;

f) as required for the ordinary operation of our Platform and Website;

g) to manage our relationship with you, and improve our service to you and your experience with us;

h) to inform you about important matters relating to the Platform, the Website or your information;

i) for market research;

j) to enable us to comply with laws and assist government or law enforcement agencies where we are required and authorised to do so;

k) where there is a serious and imminent threat to an individual’s life, health, or safety; or a serious threat to public health or public safety; and

l) for any purpose disclosed to you at the time the information is collected.

3.2. Your Personal Health Information collected by us will only be used or disclosed:

a) to enable a Partner Doctor or Partner Provider who is providing services to you through the Platform to provide those services;

b) as required for delivery of the service provided through our Platform (but not by us) to you

c) to those who work for us (whether as an employee or a contractor), our officers and related bodies corporate;

d) to any relevant government authority, where we reasonably believe that such disclosure is necessary to enforce our rights;

e) to any entity with which we merge (or proposed to merge) or by which we are acquired (or proposed to be acquired);

f) to enable us to comply with laws and assist government or law enforcement agencies where we are required and authorised to do so; and

g) where there is a serious and imminent threat to an individual’s life, health, or safety; or a serious threat to public health or public safety.

3.3. We may use or disclose your General Personal Information but not your Personal Health Information for quality assurance, training, billing, and as may be required by our insurers.

3.4. If you do not provide us with information about you that we request, we may not be able to provide you with the services you request and the healthcare providers and/or pharmacists who provide services to you through the Platform may not be able to provide those services.

3.5. We may also use and retain De-Identified Information (including de-identified Personal Health Information and/or General Personal Information but excluding any eScript data) for the purpose of developing and enhancing our Platform and services.

4. Information sharing

4.1. We share your personal information with our related bodies corporate (as defined in the Corporations Act 2001 (Cth)) to enable us to conduct our business and provide the Platform and Website.

4.2. We also share your information with third-parties, including healthcare providers and/or pharmacists who provide services to you through the Platform, to enable them to deliver the products and services that you request from those third-parties through the Platform.

4.3. We may from time to time share general information about you to third parties (including social media platforms) for marketing purposes. This is done in a way that is compliant to local data protection or privacy laws, as well as self-regulatory or industry codes that may apply.

4.4. We do not share your information with other healthcare providers or pharmacists who are unconnected to the Platform, without your explicit consent.

4.5. For the purpose of complying with our financial audit obligations, we are required to divulge limited information about you to our financial auditors. Wherever possible, information used for the purpose of our financial audit is anonymised.

4.6. We require healthcare providers and/or pharmacists who provide services to you through the Platform to take steps to protect your information from unauthorised loss or unauthorised access. Those health providers and pharmacists may be required to take further steps to protect your information under the professional regulations applicable to them.

4.7. You acknowledge and agree that, should we sell, merge or otherwise change control of our business, our company, the Platform or the Website to a third party, we shall be permitted to disclose your information to the third party without giving notice or seeking prior consent from you. We shall also be entitled to assign the benefit of any agreements we have with you to the third party.

4.8. The online nature of the Platform necessarily relies upon using electronic forms of communication and post. There are inherent vulnerabilities in using such forms of communication and we are therefore unable to give a guarantee that a third party unrelated to us will not intercept communications.

5. Storage of Information

5.1. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

5.2. We store the information we collect online and uses Transport Layer Security (TSL) to provide users secure and private access. Personal Health Information and General Personal Information collected by us is primarily stored on servers located in Australia. By using the Platform, you consent to our storing your information in this manner.

5.3. From time to time, we may engage an overseas recipient, including from Europe and the United States, to provide services to us. Those overseas service providers may store information that we provide to them on servers that are not in Australia. By using the Platform and the Website, you consent to the storage of such information on overseas servers and acknowledge that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under the Privacy Act.

5.4. We take steps to protect your information, including by:

Staff trainingWe put our staff through robust training, regularly, about how to keep your information safe and secure at all times.
Password protectionYou are required to set up a secure password to use the Platform. The Platform does not permit automatic log-ins without that password. If you need to change your password, we use reliable authentication methods to make sure it is you.
Secure storage and handlingWe use a combination of firewall barriers, encryption techniques, data segregation techniques, backup and authentication procedures to maintain the security of the Platform and to protect your account and your information.
InteroperabilityWe comply with robust interoperability requirements that aim to protect the flow and transfer of your data.
Destroying or de-identifying informationWe only keep your information for as long as we need it or are lawfully required to keep it.
ISO 27001Our secure cloud is ISO 27001 certified, a global information security standard that provides internationally recognised requirements for information security management systems.

6. Cookies and tracking technology

6.1. In common with many other website operators, we may use a standard technology called ‘cookies’ on site. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive and they are used to record how you navigate this website on each visit.

6.2. Cookies that are used in any part of our website will not be utilised for collecting personally identifiable information and will only be used for internal management purposes.

6.3. Most browsers automatically accept cookies, but you can usually change your browser to prevent cookies being stored. Please note, if you do turn cookies off this will limit the service that we are able to provide to you. 

7. Marketing and Promotions

7.1. When you sign up to use the Platform, we request your express consent to use and disclose your information for our marketing and promotion purposes.

7.2. If you consent to us using your information for these purposes, we may, from time to time, send you information to tell you about the services we offer on the Platform. We will contact you via the preferred communication method you nominate through the Platform.

7.3. We do not sell or disclose your information to third-parties to market their products or services to you.

7.4. You can opt out of marketing communications at any time, either by using the unsubscribe facility in the relevant message, updating your notification preferences in your account settings or by contacting us.

8. Your rights

8.1. Your rights in relation to the information held by us about you include:

AccessYou can request a copy of your information, and to ask for it in a format that can be easily reused or transferred to another person or trusted healthcare provider.
CorrectYou can ask us to correct or update your information.
DeleteYou can ask us to delete your information.
ComplainYou can express your concerns or complaints to us about your privacy or the way we are handling your information. We take your concerns seriously and will seek to fix any problem as soon as possible.

8.2. If we are not able to fulfil your request to access, correct or delete your Personal Health Information or your General Personal Information, we will inform you about the reason that we cannot do so.

8.3. If you are not satisfied with the way we handle your query or handles your information (including our response to your request to access, correct or delete your Personal Health Information or your General Personal Information), you have a right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by visiting the OAIC website.

8.4.To exercise any of your rights in relation to your information, please contact us using the details provided in this privacy policy.

8.5. If you provide information to us about a third party (such as your directors, employees or someone you have business dealing with) you must ensure that you are allowed to give us that information to us.

9. General

9.1. We reserve the right to modify the Website, the Platform, and this Privacy Policy without notice. Your continued use of the Website and the Platform after changes are posted constitutes your acceptance of the modified terms of this Privacy Policy.

9.2. The Website, Platform and the content (excluding any content uploaded by you) within the Website and Platform are the property of us and/or our suppliers and remain the property of us (or our suppliers).

9.3. If any of these terms are held to be invalid or unenforceable, then the validity and enforceability of the remaining provisions will not be affected.

9.4. These Terms are governed by the laws of the State of New South Wales. Each party submits to the non-exclusive jurisdiction of courts exercising jurisdiction there in connection with all matters concerning these Terms.