Cardio Link Privacy Policy v1.1

Effective Date: 01/10/2025

Introduction

Cardio Link Pty Ltd (“Cardio Link”, “we”, “our”, “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and store personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Purpose

This policy outlines how Cardio Link manages personal and sensitive information collected through our website, systems, and clinical partnerships. By using our website or engaging with our services, you consent to the terms of this Privacy Policy.

2. Collection of Personal Information

We collect personal information that is reasonably necessary for our business functions, including:
- Name, contact details, and professional credentials of healthcare practitioners.
- Clinic or business information when registering for the Cardio Link Practitioner Programme.
- Information submitted via contact forms, emails, or phone enquiries.
- Technical information such as IP address, browser type, and website usage statistics through cookies or analytics tools.

Where Cardio Link devices or monitoring systems are used in clinical settings, patient data may also be collected and processed securely for diagnostic or reporting purposes.

In these clinical contexts, any identifiable health information is collected only with appropriate consent and processed solely for diagnostic, reporting, or clinical review purposes. All handling of patient data complies with the Australian Privacy Principles and, where applicable, the Health Records and Information Privacy Act 2002.

3. Collection of Sensitive Information

Sensitive information, including health information, is only collected where necessary for the provision of cardiac monitoring services and only with explicit consent, in accordance with APP 3 – Collection of Sensitive Information.

4. Use of Personal Information

We use personal information to:
- Register and manage practitioner accounts.
- Deliver, support, and improve our cardiac monitoring services.
- Communicate with you about updates, training, and partnership opportunities.
- Comply with legal and regulatory obligations.
- Analyse website and service performance.

We will not use personal information for purposes other than those outlined above without consent, unless permitted or required by law.

5. Disclosure of Personal Information

We may disclose personal information to:
- Our technical and clinical support providers.
- Data hosting or IT service partners (who are bound by strict confidentiality and security obligations).
- Medical specialists who analyse and interpret cardiac monitoring results.
- Regulatory authorities where required by law.

Cardio Link does not sell or rent personal information to any third party.

6. Data Security

We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, or disclosure. Data is stored securely using encrypted systems and limited-access protocols consistent with APP 11 – Security of Personal Information.

Personal and health information is retained only for as long as necessary to fulfil the purpose for which it was collected, or as otherwise required by law or medical record-keeping obligations. Once no longer required, such information is securely deleted or de-identified in accordance with APP 11.2.

7. Storage and Cross-Border Disclosure

Where data is stored or processed using cloud infrastructure, Cardio Link ensures that any overseas recipients comply with the Australian Privacy Principles or equivalent data protection laws.

Some systems may be hosted on secure cloud servers located outside Australia. Where this occurs, Cardio Link ensures that all providers meet data protection standards equivalent to the APPs, including encryption, access controls, and regular security audits.

8. Data Breach Notification

In the unlikely event of a data breach involving personal or health information, Cardio Link will take immediate steps to contain the breach and assess its impact. Where required under the Privacy Act 1988 (Cth), affected individuals and the Office of the Australian Information Commissioner (OAIC) will be notified in accordance with the Notifiable Data Breaches scheme.

9. Access and Correction

You have the right to access and correct the personal information we hold about you, in accordance with APP 12 and APP 13. Requests can be made in writing to us (details below). We will respond within a reasonable timeframe.

10. Cookies and Website Analytics

Our website uses cookies and analytics tools to enhance user experience and monitor performance. Cookies do not personally identify you but help us understand how visitors use our site. You can disable cookies through your browser settings if you prefer.

11. Direct Marketing

We may use your contact details to send relevant information about our services, events, or updates. You can opt out of marketing communications at any time by following the unsubscribe instructions or contacting us directly.

12. Complaints and Inquiries

If you believe your privacy has been breached, please contact us. We will investigate and respond to your complaint in accordance with our internal procedures and the Privacy Act 1988 (Cth). If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

13. Contact Us

Cardio Link Pty Ltd
Email: info@cardiolink.com.au
Phone: 0438877735

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our business practices. The updated version will be published on our website with the revised effective date.