Privacy Policy

1 . Purpose of our policy

1.1 CoTreat Pty Ltd ABN 92 638 604 190 (‘CoTreat’) provides the CoTreat AI, reporting and management services and associated technologies (‘Platform’).

1.2 All references to ‘us,’ ‘we’ and ‘our’ in this Privacy Policy are references to CoTreat. All references to ‘you’ and ‘your’ in this Privacy Policy are references to:

(a) the dental practitioners and employees of dental clinics who are customers, or potential customers, of our products and services (‘Clinic Representatives’);

(b) the patients of the dental clinics who use our Platform, and any other individuals who use our Platform or website to connect with a dental practitioner (‘Patients’); and

(c) our contractors and suppliers, potential employees, and any other individuals we might deal with in the course of running our business or providing our services.

1.3 This Privacy Policy explains how we will collect, use, disclose, store and protect your personal information. This Policy also describes the way in which you may access or correct the personal information we hold about you, and how to contact us if you have any complaints in relation to your privacy.

1.4 We are committed to protecting your privacy, and ensuring that the ways in which we deal with your personal information comply with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (‘Privacy Act’) and any other applicable laws relating to privacy and health records.

1.5 We may update this Privacy Policy periodically and without notice to you. If you have any questions about this Privacy Policy, please contact us using our contact details contained in section 9 below.

2. The types of Personal Information we collect

2.1 To provide our services and run our business, we need to collect personal information, being information about an individual which is reasonably capable of identifying that individual (and which might also include their health or other sensitive information) (‘Personal Information’).

2.2 Personal Information includes ‘sensitive information’, which is a particular type of Personal Information. Sensitive information includes identifying health information about you (such as details of your health and medical history or the health services you have received). Sensitive information also includes information about racial or ethnic origin, religious or philosophical beliefs.

2.3 We may collect Personal Information from you so that we can provide our services to you, or where this is otherwise necessary for our functions or activities, including provision of the Platform. In particular, we will collect the Personal Information of Clinic Representatives and Patients, to enable you to use the Platform. We collect Personal Information such as:

(a) your name, date of birth, postal address, occupation, email address and telephone numbers;

(b) your health and medical history, including your dental imaging, photos, symptoms, and any previous diagnosis and treatment given to you;

(d) your health insurance details,

(e) your payment and billing details

3. How do we collect your Personal Information

3.1 We will collect your personal information in a lawful and fair way and in a manner that is not unreasonably intrusive. We will only collect information in accordance with the law.

3.2 If you are a Patient:

(a) most Personal Information we collect about you will be received from you directly (or your dentist)

(b) we will store details of any communications or interactions you have with a dental clinic using the Platform – for example chat messages between you and your dentist.

(c) if you use or access our website or Platform, aggregated statistical information such as information about your online preferences and movements, location information, time spent on our platform, links clicked will be recorded for statistical analysis.

3.3 If you are a Clinic Representative:

(a) most Personal Information we collect about you will be received from you directly, your patients or potential patients, or the clinic which employs or otherwise engages you. However, and depending on the nature of your relationship (or potential relationship) with us, we may also collect your Personal Information from other sources such as advertising, public records, mailing lists, contractors, our staff and our business partners; and

(b) the types of Personal Information we may collect about you include but is not limited to:

First and last name
Date of birth
Gender
Phone number
Address
Email
Login details to CoTreat platform and passwords
Occupation
Payment details and financial details to transact with us
Your communication with patients, example via chat function
Information about your professional registration, indemnity and association details.

c) if you use or access our website or platform, aggregated statistical information such as information about your online preferences and movements, location information, time spent on our platform, links clicked, dental treatment planning will be recorded for statistical analysis and reporting.

3.4 If you are a contractor or supplier, potential employee, or another individual we deal with in the course of running our business who is not a Patient, we may collect Personal Information from you to enable us to work or transact with you, or which is relevant to the services we provide or procure from you. This may include Personal Information provided through proposals, contracts, or job applications. If you are such an individual, we may collect your personal information from third parties such as your referees.

4. How personal information is used and disclosed

4.1 The primary purposes for which we generally use and disclose your Personal Information are to enable and provide you with the functionality of the Platform, provide you with our services, and to support the operation of our business.

4.2 If you are a Patient:

(a) we will use your Personal Information (including your health and other sensitive information) for the primary purpose for which we collected it (for example, to assist your dentist to provide you with a dental treatment plan);

(b) we will only use your Personal Information for secondary purposes if you have provided your consent for us to do so, or if you might reasonably expect us to do so (for example to verify your identity if you have forgotten your user details for the Platform);

(c) we will maintain all Personal Information (especially health information) in strict confidence, and will only disclose it to third parties where:

(i) we are otherwise authorised or required to do so under relevant laws, such as if the disclosure is reasonably necessary due to law enforcement activities, or to lessen a serious threat to the life, health or safety of any individual.

(ii) the data is rigorously de-identified (relevant for X-Rays and images of teeth)

(d) some third parties we may disclose your Personal Information to include:

(i) the dental clinic that you have previously had, or intend to book, an appointment with; and

(ii) our information technology, network, software and cloud storage providers

(iii) any practice management software providers which your dental practitioner uses; and

(iv). our external professional advisers (such as legal advisors);

4.3 If you are a Clinic Representative:

(a) we will use your Personal Information (including your financial information) for the primary purposes of providing you with our services or enabling your use of the Platform to communicate with your patients, such as to:

(i) Treatment planning and chat function

(ii) monitor your use of the Platform or our services

(iii) enable patients to book appointments or communicate with you

(iv) verify your identity

(v) perform billing and payment activities;

(vi) communicating with you about our own marketing and promotions; or competitions, surveys and questionnaires;

(vii) investigating any issues or complaints about, or made by, you or another individual, or if we have reason to suspect that you or another individual are in breach of any of our terms and conditions or have been otherwise engaged in any unlawful activity; or

(viii) any other purposes which are required or authorised by any laws (including the Privacy Act);

(c) we maintain all Personal Information (especially health information) in strict confidence, and will only disclose it to third parties where we are otherwise permitted or required to do so by law. The types of third parties we may disclose your Personal Information to include:

(i) the types of third parties we may disclose your Personal Information to include:

(ii) our information technology, network, software and cloud storage providers, but only to the the limited extent required to enable these providers to provide their business support functions;

(iii) the practice management software provider used by the dental clinic which employs or engages you;

(iv) subscription and mailing operations with your consent;

(v) our external professional advisers, such as legal advisors or accountants.

4.4 If you are a contractor or supplier, potential employee, or another individual we deal with in the course of running our business we may use and disclose your personal information to manage our relationship with you.

4.5 The types of disclosures described in this section might also involve your Personal Information being sent to some overseas recipients (for example, to any of our service providers who are located overseas). This might include third parties which are located in the United States of America and Canada, and this may change from time to time.

4.6 We will in all cases take reasonable steps to ensure that any such recipient of your personal information does not breach the Australian Privacy Principles.

5. Direct marketing

5.1 If we intend to engage in any marketing communications, we may send you such communications in accordance with any previous consent you have provided or any marketing communication preferences that you have notified to us, and in accordance with legislation."

5.2 If you have previously agreed to receive such marketing communications, but no longer wish to receive such marketing communications you can contact us using our contact details set out below to modify your preferences, or you can simply opt-out of such communications using the instructions or opt-out link provided in the marketing communication sent to you.

6. Opting out

6.1 An individual may opt not to have us collect their Personal Information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services, including via the Platform. To opt out, please contact us by email to:

privacy@cotreat.com.au

7 Security and Breach protocols

7.1 We will take all reasonable precautions to protect your Personal Information from unauthorised access or disclosure, or misuse or loss. This includes appropriately securing our physical facilities and electronic networks.

7.2 When your personal information is no longer required to be retained under law we will take steps to securely destroy the information or to ensure that the information is permanently de-identified.

7.3 CoTreat uses standard industry encryption methods when storing and transferring Personal Information, and has implemented monitoring and access controls which regulate who can access particular information.

8. Data Breaches

8.1 We are required to comply with the mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Privacy Act. The NDB scheme applies when an ‘eligible data breach’ of Personal Information occurs.

8.2 An ‘eligible data breach’ occurs when:

(a) there is unauthorised access to or unauthorised disclosure of Personal Information, or a loss of Personal Information, that an organisation holds; and

(b) this is likely to result in serious harm to one or more individuals; an

8.3 An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.

8.4 Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner ( Commissioner) about the breach in accordance with the Privacy Act.

9 How to access, correct or update your personal information

9.1 We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up-to-date, complete and relevant. Under the Australian Privacy Principles, you have the right to request access to, or correction of, the Personal Information that we hold about you.

9.2 If you would like to make a request to access, or correct, your Personal Information which is held by us, you can:

(a) Correct your data using your 'profile' section on the platform.

(b) otherwise contact us using the details provided in section 11 of this Privacy Policy below.

9.3 In certain circumstances, we may refuse to allow you access to, or correct, your Personal Information where this is authorised by the law. If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may complain about the decision.

10 Complaints and disputes

10.1 If you have a query or complaint about our handling of your Personal Information, please contact us in writing using the details provided in section 11 below. We will aim to resolve the issue with you directly.

10.2 If you are not satisfied with our response to your complaint, you can also lodge a complaint with the Office of the Australian Information Commissioner:

(a) by phone: 1300 363 992; or

(b) online at: www.oaic.gov.au.

11. Contacting us

11.1 All questions, comments or requests regarding this Privacy Policy or the way in which we handle your Personal Information should be provided to:

email to: privacy@cotreat.com.au