1. We're here to help. Get in touch.
First things first – we want to let you know that you can get in touch with us at any time about the way we handle and safeguard your information. If you want to talk to us, ask us questions, update your information, register a concern, opt out of marketing or anything else – we're just a call or a few clicks away.
You can get in touch with us directly:
2. About Rosemary
At Rosemary, securing your trust, protecting your privacy and ensuring that you control the way your information is used is our number one priority. Your consent is key.
We mean what we say
In this policy, when we say:
3. What information do we collect?
When you use the Rosemary platform, we collect and hold three categories of information.
4. How do we use your information?
Where it is reasonably practical to do so, we will collect your information directly from you via our website or as a result of you using our services. Our Partner Doctors or Partner Practitioners may also collect and hold your health or personal information.
We may also collect your information from publicly available sources and third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners.
If we collect information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
Where you do not wish to provide us with your information, we may not be able to provide you with requested goods or services.
5. Do we use your information?
Your health information
At Rosemary, we pride ourselves on creating an environment that puts you in control of your health information and the ways it is used to provide safe, personalised care and other benefits to you.
For this reason, it is part of our service promise that we don't use your health information for any purpose without you to use it in that way.
If we ever want to use your health information for a new or different purpose, we won't do so without first sending you a positive alert and obtaining your consent. Even once you've provided your consent for use, you can withdraw it at any time.
As well as getting your consent, we always handle your health information in accordance with our applicable legal requirements, our relevant obligations when we collect your health information from our trusted partners (with your authorisation).
Before you provide your consent, you should know that we may need to respond to legal requests for information (like any company does). Section 10 tells you how we respond to those types of requests.
Your general personal information
We use your general personal information to enable you to access the Rosemary platform and to deliver and improve our products and services. Breaking this down, we use your general personal information to:
6. Do we use your health information for marketing?
If you do expressly consent to us using or disclosing your health information or your general personal information for marketing,
From time to time Rosemary will send you information to tell you about the services we offer on our platform.
We will not sell or give your information to others to market their products or services to you.
We will contact you via the preferred communication method you nominate through the Rosemary platform. We'll always conduct our marketing practices in accordance with privacy laws and other applicable legal and ethical frameworks.
You can opt out of marketing communications at any time - either by using the unsubscribe facility in the relevant message, updating your notification preferences in your account settings or by contacting us (it's easy – see section 1).
If you are not yet a registered Rosemary user, then we may market our services to you generally – including via social media, advertising through our website or through third party websites and other digital or non-digital platforms. We'll always do this in accordance with our legal requirements and only with our trusted partners.
7. Where do we store your information?
We store your personal information in Australian servers and in accordance with all applicable laws.
We also store your information in servers run by Segment.io, Inc.
We retain full control over the information we store in Segment’s servers and Segment can only process the information we provide them based on our written instructions. Segment is also required to delete any information we provide to them whenever we ask them to.
Segment is based in California, which has strict protection for personal information. However, because it based overseas, Segment is not subject to the Australian Privacy Principles, in particular APP 8.
By signing up to Rosemary, you consent to us storing your information with Segment and acknowledge that you understand that APP 8 does not apply.
8. Who do we share your information with?
We share your information with our trusted partners who help us to deliver our products and services.
Generally, these third parties are service providers we engage to assist us to deliver services to you and manage the Rosemary platform. These include (not limited to) Partner Doctors, Partner Practitioners, payment system operators.
We only share information with our trusted partners for the purposes that we collected the information for.
We also ensure that all our trusted partners protect your information from unauthorised loss or unauthorised access.
9. How do we protect your information?
Security is paramount to the Rosemary platform.
We have carefully crafted the Rosemary platform and our working environment with integrated physical, electronic and managerial processes designed to safeguard your information and protect it from misuse, interference loss and unauthorised access, modification or disclosure.
We've also designed the platform within the spirit of the European General Data Protection Regulation (GDPR) – regulation that contains some of the strictest privacy and data security standards in the world. For example, we give you the right to ask us to delete your data and we employ a dedicated Data Protection Officer, which are principles designed to respect your right to control your information and feel safe about the way we handle it.
Here are some of the key things we do to protect your information.
10. What are your rights in relation to your information?
Your health information and your general personal information is not ours. Here are the things you can ask us to do in relation to your information at any time while you use the Rosemary platform.
Where we are not able to fulfil your request to access, correct or delete your health information or your general personal information for a legal or other reason, we will let you know why.
If you're not happy with the way we handle your query or handle your information (including our response to your request to access, correct or delete your health information or your general personal information), you have a right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by visiting the OAIC website. Links to the OAIC websites are provided in section 13 below.
To exercise any of your rights in relation to your information, you can contact us (it's easy – see section 1).
11. Law enforcement
We want to be clear with you – from time to time, we may be compelled by a law enforcement agency to disclose your health information or your general personal information in a way that you have not expressly consented to in accordance with this policy.
We can't control the formal scope of law enforcement requests that we receive – but we can tell you exactly what we do in order to respond to them.
Whenever we receive a request from a law enforcement agency in relation to your information, our policy is to carefully test, on a case by case basis (and with assistance from our trusted law firm) the source of power that the agency is relying on, to ensure that it is a legitimate request under law.
If we determine that the request is legitimate, then of course we will comply with our legal requirements and grant access only to the extent necessary to satisfy the purpose of the request. Where the law permits us, we will notify you about our response to the request and where permitted, the enforcement agency to whom your information has been disclosed.
12. Changes to this policy
13. Find out more
You can find out more about the various privacy laws and other rules, regulations and standards we've mentioned in this policy by following the links below.