Privacy Policy and Data Protection for Australian Customers

Effective Date: 18 September 2025

Prescribe Digital Australia Pty Ltd ACN 678 764 835, its subsidiaries and Related Body Corporates (as defined in the Corporations Act 2001 (Cth)) (Prescribe Group, we, our and us) is committed to complying with the Australian Privacy Principles as contained in the Privacy Act 1988 (Cth) (Privacy Act).

The purpose of this policy is to inform individuals about the manner in which Prescribe Group collects, discloses and manages personal information. This policy appears on our website and we will also provide a copy of this policy to anyone who makes a request, free of charge.

  1. About Us

    Prescribe Digital is an internationally recognised group operating in Australia, the United Kingdom, New Zealand, Ireland, Hong Kong, and the Philippines. We provide healthcare technology solutions tailored to regional needs.

    Our Australian operations are supported by Microsoft Azure data centres (New South Wales).

  2. What is Personal Information

    Personal information is defined in the Privacy Act to mean information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

    Personal information can include sensitive information.  Sensitive information is defined in the Privacy Act as information or an opinion about a person's race, ethnic origin, political opinions, membership of political associations and trade associations, religious or philosophical beliefs, sexual orientation or practices, criminal record, health information, genetic information about an individual that is not otherwise health information, biometric information that is used for the purpose of automated biometric verification or biometric identification and biometric templates.

  3. Information We Collect

    We may collect, hold and process the following personal and organisational data:

    • identification information – name, job title, date of birth, current or previous address; 

    • organisation name / trade references – name of entity, ABN, contact name, telephone number, fax number, email address, years trading with you;

    • business contact details (email address, phone number, address);

    • account login details and authentication information;

    • data submitted via our website (e.g., enquiry forms, job applications);

    • uploaded audio recordings and dictations relating to clinical notes, summaries, treatment plans etc;

    • information contained within the notes and summaries relating to clinical documentation and patient specific information;

    • information relevant to your account or application, such as CVs or interview notes; and

    • technical information such as IP addresses, browser types, and usage logs (see section on Cookies).Not all information that we collect from you is personal information.  Information that we collect from you that is de-identified or aggregated is not regulated by the Australian Privacy Principles

  4. How we collect personal information

    While we will usually collect information directly from you, personal information may be collected in a number of different ways including:

    • information which you have uploaded to the platform;

    • documentation provided to us;

    • interviews;

    • our website or applications;

    • emails and written correspondence that you send us;

    • our mailing lists;

    • third party service providers that provide commercial financial information and market research organisations;

    • your representatives; and

    • from publicly available sources.

If you supply us with information about another person, you should ensure you are authorised to do so. You must inform that person who we are, that we will use and disclose their personal information as outlined in this Privacy Policy from time to time.

5.How We Use Your Information

We only collect personal information that is necessary for us to provide our products and services to you, to develop and promote our products and services, to manage our business and to assist us with complying with our legal and regulatory obligations. This includes:

  • contacting and communicating with you;

  • as a necessary part of providing the products or services (e.g., audio-to-text transcription) that you have requested;

  • administering and managing the supply of our products and services including customer support and service improvement;

  • assessing your suitability for employment where you are a job applicant;

  • enabling our related entities and contractors to assist you with related services as required;

  • researching, developing and enhancing our products and services;

  • maintaining and developing our business systems;

  • internal record-keeping and account management;

If we do not collect personal information from you, or if the information provided is incomplete or inaccurate, we may not be able to provide our products or services, or our products or services may be compromised.  As well as using your personal information for the primary purposes for which you provided it to us, we may also use your personal information for related secondary purposes, although we will endeavour to contact you for your express consent should the secondary purpose be one which we consider you may not reasonably expect.

With your consent or where permitted by law, we may also send promotional communications related to our products or services.

6. Direct Marketing

We will never use or disclose any sensitive information for marketing or advertising purposes.

We may use and disclose your personal information (other than sensitive information) to provide you with information about products or services offered by us.

If at any time you do not wish to receive marketing communications from us or you do not want your personal information disclosed for marketing or advertising purposes, please contact us and we will remove your details from our marketing database.

7. Disclosure of your Personal Information

The people/organisations to which we may disclose your personal information to include:

  •  other companies in the Prescribe Group;

  • our staff members;

  • third parties that provide services to us or through us, or who assist us provide, manage or administer our products or services;

  • our website host or software application providers;

  • personnel involved with the operation of our website including sales, marketing and system administration;

  • our related entities, agents, associates and business partners;

  • our lawyers, accountants and other professional advisers;

  • contractors and outsourced service providers including but not limited to:

    • information technology service providers; and

    • market research organisations;

    • your authorised representatives;

    • our professional advisers, including our accountants, and auditors;

    • government and regulatory authorities and other similar organisations; and

    • other parties as required or authorised by law.

Please note, we will not sell personal information, except as a part of the sale of our business. Subject to the permitted disclosure exceptions in the Privacy Act, we will request your consent prior to disclosing any sensitive information.

8. Disclosure Overseas

We are generally unlikely to disclose your personal information overseas, to a party which is not part of the Prescribe Group. In relation to disclosures to members of the Prescribe Group outside of Australia, the members will store and process your data in accordance with the security and privacy controls outlined in section 11.

Further, you consent to any disclosure of your personal information by us overseas on the understanding that if the overseas recipient handles the personal information in breach of the Australian Privacy Principles, the recipient will not be accountable under the Act, and you will not be able to seek redress under the Act.  The overseas recipient may not be subject to privacy obligations or any principles similar to the Australian Privacy Principles.  Individuals may not be able to seek redress in some overseas jurisdictions, and overseas recipients may be subject to a foreign law that could compel the disclosure of personal information to a third party such as an overseas authority.

We do not disclose any credit information to entities that do not have an Australian link.

9. Government Related Identifiers

We do not use any government related identifiers, such as Medicare, driver's licence or passport numbers, as its own identifier of any individual.  We will not use or disclose any government related identifiers other than in accordance with the Privacy Act.

10. Data Integrity

We endeavour to ensure that all personal information that we hold is accurate, complete and up-to-date.  To assist us with this, individuals should contact us if any of their contact details or other personal information changes, or if they believe that the personal information that we have is not accurate or complete.

When personal information that we collect is no longer required by us, we will destroy or de-identify that personal information unless we are required by a law or a court/tribunal to retain the personal information.

We may retain personal information for so long as it is required for any of our business purposes, for the prevention of fraud, for insurance, legal and governance purposes and in our IT back up.

11. International Data Transfers

Your data may be stored and processed in the following territories, with robust security and privacy controls:

  • United Kingdom: GDPR compliant; ISO 27001 and ISO 9001 accredited; NHS Data Security and Protection Toolkit compliant; Data Centres: ISO 27001, G-Cloud approved Tier III and IV; Registered with the ICO (Z9717899); Cyber Essentials Plus certified

  • Australia: Compliant with the Australian Privacy Principles (Privacy Act 1988); ISO 27001, 14001, and 9001 certified data centres; Azure-hosted; Registered company: ABN 77 678 764 835

  • New Zealand: Privacy Act 2020 compliant; ISO 27002 accredited data centres in Auckland

  • Philippines: Compliant with the Data Privacy Act of 2012; Registered with the Philippine National Privacy Commission; No client data stored in local servers.

12. Cookies

Our website may use "cookies" or similar technologies to collect data, to enhance your browsing experience, analyse traffic, and deliver relevant content.

A cookie is a small file downloaded on to a device when you access our website or applications.  Cookies can collect the following information from users:

  • internet service provider;

  • your server address;

  • your top level domain name (for example, .com, .gov, .au etc);

  • the date and time of your visit to the site;

  • the pages you accessed;

  • the previous site you have visited;

  • the type of browser you are using; and

  • if you have visited our website before.

You can manage your cookie preferences via your browser settings.

13. Security Measures

We implement technical and organisational measures to protect your personal data, including :

  • Encrypted data storage and transmission (TLS/SSL);

  • Firewalls, access controls, and multi-factor authentication;

  • Regular third-party penetration testing;

  • Ongoing employee data protection training; and

  • Continuous monitoring for threats or breaches.

While we take reasonable steps to protect the personal information that we hold from misuse, loss, unauthorised access, modification or disclosure, you should be aware that no system is completely secure against cyber attack.

In addition, the open nature of the internet is such that information exchanged via the internet may be accessed and used by people other than those for whom the data is intended.  Any information sent via the internet is sent at the sender's risk.

You should contact us immediately if you believe that there has been unauthorised access or disclosure with respect to any personal information that we hold about you.

14. Access and Correction

Individuals have a right to request access to their personal information and to request its correction.  To do so, please contact our Privacy Officer.  Contact details are provided below.

We encourage individuals to advise us if your personal information requires correction or updating.  Prescribe Group does not impose any charge with respect to requests for correction or updates. However, we may charge for reasonable administrative costs incurred in providing access.

Before correcting or providing access to personal information in response to a request, Prescribe Group will require your identity to be confirmed.

We will respond to your request for access to your personal information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request (in the manner requested by you, providing it is reasonable to do so).  If we deny your request, we will provide you with a written notice detailing the reasons for the refusal and the process for making a complaint about the refusal to grant your request.

We will accept your request for correction of your personal information where we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading.

Upon accepting a request for correction of your personal information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your personal information.

15. Automated Decision Making Systems

No personal information collected by us will be used by us in conjunction with the operation of a computer program or artificial intelligence to make, or do a thing that is substantially and directly related to making, a decision that could reasonably be expected to significantly affect the rights or interests of an individual.

16. Complaints

If you believe that we have breached this policy or the Privacy Act you may make a complaint.  A written complaint can be emailed or posted to our us using the contact details set out below.  Please include contact details for us to contact you regarding your complaint.

Our office will consider your complaint and respond as soon as reasonably possible, but not more than 30 days from receiving the complaint.

If you are unsatisfied with the outcome of your complaint you may refer your complaint to the Office of the Australian Information Commissioner, details provided below:

Office of the Australian Information Commissioner
GPO Box 5218
SYDNEY  NSW  2001
Telephone:  1300 363 992
Fax:  02 9284 9666
Website:  www.oaic.gov.au

17. Contact Us

If you wish to:

  • gain access to your personal information;

  • correct or update your personal information;

  • make a complaint about a breach of your privacy;

  • contact us with a query about how your personal information is collected, held, used or disclosed; or

  • contact us regarding any other matter concerning this policy,

You can speak directly with our staff who will do their best to try to resolve your issue as simply as possible.  Alternatively, you can write to or send an email to our Privacy Officer.  We will respond to you as soon as reasonably possible.  Our Privacy Officer's contact details are as follows:

Email: dataprotection@prescribe-digital.com

Mail: Prescribe Digital Australia Pty Ltd, Level 36, Gateway, 1 Macquarie Place, Sydney, NSW 2000

Attention: "Privacy Officer".

18. Changes to this Policy

From time to time, it may become necessary for us to review or amend this policy. Any changes will be made as and when required, and we will advise you of any changes by posting an updated version of our policy on our website, https://www.prescribe-digital.com/. An up-to-date copy of this policy will be available in hard copy at all times at our office.