Privacy Policy – Patient

1. We respect your privacy

Metabolic Health Solutions Pty Ltd (MHS) respects your right to privacy and is committed to safeguarding the privacy of our customers and software application users. We adhere to the Australian Privacy Principles (APPs) established under the Privacy Act 1988 (Cth). This policy sets out how we collect and treat your personal information. Personal Information means information we hold which is identifiable as being about you. Client means a patient or user of digital health metabolic services as requested by a health professional. Practitioner means a clinician, practitioner, or other health professional or health practice manager who creates a Client profile in the METS_iQ system.

2. Collection of Client Personal Information

Metabolic Health Solutions Pty Ltd will, from time to time, receive and store Personal Information that you as a Client enters directly onto our METS_iQ digital health system, that your Practitioner provides on your behalf, that comes from authorised third party digital health systems, or that you give to us in other forms. You or your Practitioner may provide us with basic information such as your name, phone number, address and email address to enable your Practitioner to receive or send to you information and provide you with a metabolic health consultation. We may collect additional information at other times, including but not limited to, information provided or requested by your Practitioner, or if you have the need to communicate directly with us. You or your Practitioner may provide health information related to you including, but not limited to, medications, medical conditions, your lifestyle, Medicare, and health insurance details. Additionally, we may also collect any other information you provide while interacting with us or your Practitioner.

3. How we collect your Client Personal Information

MHS collects Personal Information from you in a variety of ways, including when you directly interact with us electronically or in person, when you or your Practitioner accesses our web site, our software applications or related internet forms and when we provide our services to you directly or indirectly through your Practitioner. We may receive personal information from third parties. If we do, we will protect it as set out in this Privacy Policy.

4. Use of your Client Personal Information

MHS may use Client Personal Information for your practitioner to provide you with health services. We may use your personal information to improve our products and services and better understand your needs. We will only use or disclose your de- identified information for third-party academic research purposes after receiving your explicit, opt-in consent to do so. MHS will only contact you in circumstances where we need to contact you about your information that we hold and your rights, and in that case we may contact you by a variety of measures including, but not limited to telephone, email, SMS or mail.

5. Disclosure of your Personal Information

We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Policy. Personal Information is only used internally or supplied to a third party when it is required for the delivery of our services and where de-identified information is unsuitable or impractical for use.

We may from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.

We may also use your Personal Information to protect the copyright, trademarks, legal rights, property or safety of MHS, its application, website and customers or third parties.

Personal Information that we collect is only stored, processed, and transferred on third party services that are contracted to be in Australian data centres supplied by third parties that are Australian and international.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.

By providing us with Personal Information, you consent to the terms of this Privacy Policy and the types of disclosure covered by this Policy. Where we disclose your Personal Information to third parties, we will request that the third party follow this Policy regarding handling your Personal Information.

We retain your Personal Information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. As our records form part of a health record, we will retain your Personal Information for a minimum of seven (7) years from the date of your last interaction with our service. In the case of information collected while you were under the age of 18, your data will be retained until you have turned 25 years of age. After this mandatory retention period, we will securely delete or permanently de-identify your data when it is no longer needed.

We may share your de-identified information with service providers, analytics partners, and to improve our services and user experience. These third parties are contractually obligated to protect your data and use it only for specified purposes. You may opt-out of certain data sharing by contacting our Privacy Officer.

We may transfer your Personal Information to countries outside Australia, including the United States and European Union. Such transfers are protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and in accordance with Australian law. Where we disclose personal or de-identified information to overseas entities, we take reasonable steps to ensure those recipients handle information in a way that is consistent with the APPs. You may request a copy of these safeguards by contacting our Privacy Officer.

6. Security of your personal information

MHS is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

We implement industry-standard security measures, including encryption, access controls, and regular security audits, to protect your personal information. In the event of a data breach, we will notify affected users and relevant authorities within 72 hours, as required by OAIC's Notifiable Data Breaches scheme.

7. Access to your personal information

As your primary care provider, your Practitioner retains a direct relationship with you and holds the complete record of your health information. Therefore, you should first address any requests for access to, or correction of, your personal information directly with your Practitioner.

If your Practitioner is unable to fulfil your request, or if you believe information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading and you cannot resolve this with your Practitioner, please email our Privacy Officer at [email protected]. We will respond to your request within 30 days, as required by the Privacy Act. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act.

8. Complaints about privacy

We take your privacy concerns seriously. In line with your healthcare relationship, we request that you first address any concerns or complaints about the handling of your data with your Practitioner.

If you are not satisfied with their response, or if your complaint is directly related to our platform's privacy practices, please send details of your complaint in writing to our Privacy Officer at [email protected] or via mail to Unit 7, 12 Brodie Hall Drive, Bentley, Western Australia, 6102.

We will investigate your complaint and respond to you in writing. If you are not satisfied with our response, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (OAIC). You can contact the OAIC at www.oaic.gov.au or by calling 1300 363 992.

9. Opt out right

We do not continue to collect information from you unless you continue to use our services via a Practitioner. You may opt out by resolving with your practitioner whether you need our service prior to any further use of our service.

10. Changes to Privacy Policy

Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy.

11. Software Application and Web Forms

11.1. When you use our Application or Web Forms

When you come to our application we may collect certain information such as mobile unique device ID, the IP address of your mobile device, mobile operating system, the type of mobile internet browsers you use, and information about the way you use the Application or Web Form. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.

11.2. Cookies

We may from time to time use cookies on our software application. Cookies are very small files which a website uses to identify you when you come back to the application and to store details about your use of the application. Cookies are not malicious programs that access or damage your computer, tablet or smartphone. Most devices automatically accept cookies however you can manage cookie preferences in your browser settings. However, this may prevent you from taking full advantage of our application. We do not use tracking cookies without your consent.

11.3. Automatic collection

The software Application may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application.

11.4. Third parties

Our software application may from time to time have links to other applications or websites not owned or controlled by us. These links are meant for your convenience only. Links to third party applications and websites do not constitute sponsorship or endorsement or approval of these third parties. Please be aware that MHS is not responsible for the privacy practises of other such applications or websites. We encourage our users to be aware, when they leave our application or website, to read the privacy statements of each and every application or website that collects personal identifiable information.

11.5. Geo-location

We may use GPS technology (or other similar technology) to determine your current location in connection with our services. We will not share your current location with other users or partners.