20
%

Privacy Policy

Last updated: October 21, 2024

Overview

At Leafy Labs, we prioritise your privacy and the security of any personal, professional, and business information we collect. This Privacy Policy details how we gather, use, disclose, and protect your information when you interact with us or use our services. We are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and other relevant legal frameworks.

Our Commitment

We adhere to strict privacy and security standards, ensuring that all information is handled in accordance with the APPs and other applicable legislation. This policy outlines our procedures to manage and protect personal, business, and professional information responsibly.

Information We Collect

We collect various types of information to facilitate business operations, ensure regulatory compliance, and deliver our services effectively. This includes:

Business Information:

  • Company names and Australian Business Numbers (ABNs)
  • Business addresses and contact details
  • Professional registrations and licenses
  • Payment and transaction details
  • Business-related correspondence

Professional Information:

  • Healthcare provider credentials
  • Professional registrations
  • Licensing and compliance documentation
  • Professional history and qualifications

Technical Information:

  • IP addresses and device identifiers
  • Login data and authentication records
  • System performance and usage data
  • Security monitoring and access logs

How We Collect Information

We collect information through various means, ensuring transparency and compliance with legal requirements:

Direct Collection:

  • During registration, account creation, or subscription to services
  • Through business transactions and correspondence
  • Submission of documentation for compliance checks
  • During professional or regulatory verification processes

Automated Collection:

  • Website and system usage data, including cookies and tracking technologies
  • Security monitoring and access logs
  • Transaction and compliance verification records

Third-Party Sources:

  • Professional registers and industry bodies
  • Regulatory and compliance agencies
  • Credit reporting and verification agencies
  • Publicly accessible records and databases

Use of Your Information

Your information is used strictly for legitimate business, legal, and operational purposes. These include:

Primary Business Purposes:

  • Processing transactions and service delivery
  • Verifying credentials and maintaining professional standards
  • Managing accounts and business relationships
  • Ensuring legal and regulatory compliance
  • Conducting quality assurance and audit processes

Regulatory Compliance:

  • Meeting legal obligations and reporting to authorities
  • Maintaining necessary records for audits, investigations, or legal purposes
  • Monitoring safety and adhering to industry regulations

Business Operations:

  • Improving services and developing new products
  • Risk management, fraud prevention, and security enhancements
  • Business planning and operational efficiency

Information Security

We implement stringent security measures to protect the data we collect, store, and process:

Data Protection:

  • Enterprise-grade encryption technologies
  • Secure data centres with physical and digital access controls
  • Regular security audits and vulnerability assessments
  • Incident response protocols and data recovery plans

Security Measures:

  • Firewalls, encryption software, and security patches
  • Multi-factor authentication (MFA) for authorised access
  • Regular system updates and penetration testing
  • Continuous security monitoring and threat detection

Staff Requirements:

  • Confidentiality agreements signed by all staff
  • Regular security and compliance training
  • Restricted access to sensitive data on a need-to-know basis
  • Internal audits and policy compliance checks

Information Sharing

We will only share your information under the following conditions:

  • When required by law or a legal authority
  • When necessary for providing services, processing transactions, or fulfilling a contract
  • When authorised or consented to by you
  • As part of our operational processes or compliance with professional or regulatory requirements

Information may be shared with:

  • Regulatory authorities and enforcement agencies
  • Professional licensing bodies
  • Service providers and business partners
  • Legal or compliance advisors

Data Storage and Retention

We store data securely and retain it only for as long as necessary to fulfil legal, business, and regulatory obligations:

Storage Protocols:

  • Data is stored on secure Australian-based servers
  • Facilities are compliant with the highest security standards
  • Systems are encrypted, with regular backups and disaster recovery protocols in place

Retention Periods:

  • Information is retained for a minimum of seven years for legal and regulatory purposes
  • Retention aligns with business needs, industry standards, and compliance requirements

Your Rights

You have rights regarding your personal and professional information, including:

Access Rights:

  • Request access to your data
  • Update or correct inaccurate information
  • Request data portability
  • Review your account history and transaction records

Control Options:

  • Manage your communication preferences and marketing subscriptions
  • Control how your information is shared and used
  • Adjust your privacy settings within your account

International Data Transfers

We limit the transfer of data outside Australia. However, in limited circumstances where international transfers are necessary:

  • We ensure security and privacy protections are in place through data transfer agreements
  • Compliance with Australian data protection laws is always maintained
  • Data is safeguarded with secure transfer protocols

Data Breach Response

In the event of a data breach, we will take swift and decisive action:

  • Immediate assessment of the breach and containment of affected data
  • Notification to impacted parties and regulatory bodies, as required
  • Implementation of recovery procedures and preventative measures to avoid future breaches

Marketing Communications

Our approach to marketing communications is straightforward:

  • We only send communications on an opt-in basis
  • Clear identification and purpose of each communication
  • Options to unsubscribe or adjust preferences are provided in every communication
  • Compliance with all relevant marketing regulations

Website Analytics

We use analytics to improve our services and monitor performance:

  • We collect data on user behaviour, system performance, and error tracking
  • This data helps us enhance website functionality and resolve issues

Changes to This Policy

We regularly review and update this Privacy Policy to ensure compliance with legal requirements and industry standards:

  • Updates may reflect regulatory changes, operational needs, or advances in technology
  • Significant changes will be communicated via our website

Complaints and Concerns

If you have any concerns or complaints about how we handle your personal or business information, you can contact us:

Resolution Process:

  • Submit your complaint in writing to our Privacy Officer
  • We will acknowledge your complaint within 48 hours
  • Our team will investigate and provide a resolution within a reasonable timeframe
  • If you are unsatisfied, you may escalate the issue as per our appeal process

Special Categories

For any healthcare-related information, we apply additional protections to ensure privacy and compliance with professional standards:

  • Strict access controls and security measures for sensitive health information
  • Compliance with all relevant health information legislation

Contact Us

For any questions or concerns regarding this policy, or to exercise your rights, please contact our Privacy Officer:

Privacy Officer
Leafy Labs
9/204 Alice Street
Brisbane QLD 4000
Email: hello@leafylabs.com.au

Regulatory Framework

We are fully compliant with the following laws and regulations:

  • Privacy Act 1988 (Cth)
  • Australian Privacy Principles
  • Health Records Act
  • Applicable state and territory privacy laws
  • Relevant industry-specific regulations

Definitions

This policy uses the following definitions:

  • Personal Information: Any information about an individual that identifies them or could reasonably identify them
  • Business Information: Information related to an organisation or business entity
  • Sensitive Information: Personal information that includes health, racial, or other sensitive data
  • Health Information: Information related to the health or medical status of an individual
  • Technical Data: Information collected from devices, networks, and systems, including IP addresses, usage logs, and security records

Acknowledgment

Your use of our services constitutes acceptance of this Privacy Policy. We reserve the right to modify this policy at any time, and the updated version will be posted on our webs