Privacy Policy

This Privacy Policy (“Policy”) describes how Integra Medical Group Pty Ltd ACN 668 298 459 and its related bodies corporate (“we”, “us” and “our”) collect, use, and disclose information about you, and what choices you have with respect to such information. It applies to your use of our software (“Software”) and websites (“Websites”).

The first section below explains which privacy terms are applicable to you depending on what type of user you are.

If you do not agree with this Policy, do not access or use the Software, Websites, or any other of our services.

This Privacy Policy contains the following sections:

What Type of User am I and What Privacy Terms are Applicable to Me?
Privacy Terms for Subscribers
Privacy Terms for Patients
Privacy Terms for Site Visitors
Privacy Terms for all users
Your other privacy rights
Questions or complaints
Contact us

1. What Type of User am I and Which Privacy Terms Are Applicable to Me?

Depending on our products used, there are different types of users / individuals whose personal information we collect. Please see the bullets below to determine which privacy terms apply to you:

Subscribers. We call users who use the Software as part of any subscription plan “Subscribers”. Subscribers may be:
- clinicians, health care clinics, hospitals or other institutions or businesses (for the purposes of this Policy, referred to as “Clinic”);
- private individuals (who use Software that is a non-clinic-facing software).

The Software features and functionalities available to Subscribers who are employees (or other staff members) of a Clinic, are determined by the specific terms agreed to between us and a Clinic that entered into a separate agreement that governs delivery, access, and use of the Software (for purpose of this Policy, the “Clinic Agreement”). The Clinic controls its instance of the Software and is the data controller of the information collected through the Software about Subscribers, and we are a data processor of such information.

Patients. We call Clinics’ clients “Patients”. If a Patient is using a Software that is a non-clinic-facing Software, but rather a private individual-facing app, they are also considered to be a Subscriber and the terms of this Policy applicable to Subscribers, apply to them.
Site Visitors. We call users of the Websites “Site Visitors.” Site Visitors can be individuals who are simply browsing the Websites but who do not use the Software, or Site Visitors can be Subscribers or Patients who visit the Websites to seek additional information about us or our products. We are the data controller of the information collected through the Websites about Site Visitors.

2. Privacy Terms for Subscribers

This section applies only to Subscribers.

If you are a Subscriber who is an employee (or other staff member) of a Clinic, the Clinic Agreement governs the collection and processing of information collected from you through the Clinic ’s instance of the Software (for purposes of this Policy referred to as the “Workplace”), including all associated messages, attachments, files, tasks, conversations, and other content submitted through the Software (“Workplace Content”). In the event of a conflict between this Privacy Policy and the Clinic Agreement, the Clinic Agreement governs. Because the Clinic controls the Workplace used by Subscribers. If you have any questions about the Clinic’s specific Workplace settings and privacy practices, please contact the Clinic whose Workplace you use. If you are a Subscriber located in the European Union (EU), please note that the Clinic is the data controller with respect to the processing of your Workplace Content pursuant to the EU General Data Protection Regulation (“GDPR”). When processing Workplace Content of EU data subjects governed by the Clinic Agreement, we are the data processor, meaning that we collect and process such information solely on behalf of the Clinic. Please contact your Workplace owner(s) or administrator(s) to exercise any data subject rights you have under applicable local laws, including your ability to access, delete, rectify, transfer, or object under the GDPR.

Collection of Subscriber Information

This section explains the information we collect from Subscribers. We require Subscribers to provide us with information which is required to provide you with access to the Software, and other information may be collected automatically as you use the Software.

Workplace Content

Workplace Content is collected, used, and shared by us in accordance with the Clinic’s instructions, including any applicable terms in the Clinic Agreement, or as required by applicable law. The Clinic, and not us, determines its own, internal policies regarding storage, access, modification, deletion, sharing, and retention of Workplace Content which may apply to your use of the Software. For example, a Clinic may provide or remove information from the Software, manage permissions, retention and export settings, transfer or assign teams, or share projects.

Account Information

To set up your account, you (or the Clinic if you are a Clinic’s staff member) will provide us with basic information about you which may include your name, address, telephone number, email address, and password. You will then have the ability to provide optional profile information, such as a photograph or basic demographic data.

Individual Subscribers may also provide us with information listed in the “Privacy Terms for Patients” section of this Policy.

If you submit payment information in connection with your use of the Software, we utilise a third party credit card payment processing company to collect payment information; including your credit card number, billing address, and phone number. In such circumstances, the third party service provider, and not us, stores your payment information on our behalf (please see out Terms and Conditions for further information).

Service Usage Information

As you use the Software, we collect information about how you use and interact with the Software (“Service Usage Information”). Such information includes:

Device information – when you access the Software using a mobile device, we collect certain device information, including the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may also collect your MAC address and other unique device identifiers.
Log files – when you use the Software, our servers automatically record information in server log files. These log files may include information such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
Location information – we collect and process general information about the location of the device from which you are accessing the Software (e.g. approximate geographic location inferred from an IP address).
Workplace Use Metadata – when you interact with the Software, metadata is generated that provides high-level (non-content) information about the way you work in your Workplace.
Other Information – You may provide us with information when you interact with us in other ways, such as when you submit requests or questions to us via forms or email (e.g. support forms, sales forms, user research participation forms); beta testing; and requests for customer support and technical assistance (collectively, “Other Information”).

How do we use Subscriber Information?

This section explains how we use information collected from Subscribers.

Workplace Content

We may view and use Workspace Content collected from and about Subscribers only as necessary:

To maintain, provide and improve the Software
To prevent or address technical or security issues and resolve support requests
To investigate when we have a good faith belief, or have received a complaint alleging, that such Workplace Content is in violation of the Clinic Agreement or our Terms and Conditions
To comply with a valid legal subpoena, request, or other lawful process
As otherwise set forth in a Clinic Agreement or as expressly permitted in writing by the Clinic.

Account Information, Service Usage Information, and Other Information

We may use these categories of information collected from and about Subscribers to:

Maintain, provide, and improve the Software
Respond to your requests for information
Prevent or address technical or security issues and resolve support requests
Investigate in good faith alleged violations of our Terms and Conditions
Comply with a valid legal subpoena, request, or other lawful process
Help us better understand user interests and needs, and customize the Software for our users
Engage in analysis, research, and reports regarding use of the Software or in relation to data inputted in, processed through, collected or generated by the Software
Protect the Software and our users
Communicate with you via email and through the Software about important notices and updates regarding the Software, such as to inform you about changes in the Software, our service offerings, and important services-related notices, such as about security and fraud. Because these communications are an important part of the Software, you may not opt-out of them
In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about us. You can opt-out or unsubscribe from such communications.
Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smart phones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyse usage of the Software. If you wish to opt-out of the ability of one of our service providers, Google Analytics, to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

3. Privacy Terms for Patients

Collection of Patient Information

Information about Patients may be entered into a clinic-facing Software by a Clinic or, in the case of an individual-facing Software integrated with a clinic-facing Software, such information is transferred from the individual-facing Software (with the individual’s consent provided via the individual-facing Software).

The types of personal information that may be collected (the Software, in the notes section of the Software or otherwise) include name, gender, date of birth, address, email address, telephone number, emergency contact information), health conditions, , diagnosis relevant to botulinum toxin treatment, referring physician, concurrent medication and treatment effect.

How do we use Patient information?

We may use these categories of information collected from and about Patients to:

Maintain, provide, and improve the Software
Engage in analysis, research, and reports regarding use of the Software or in relation to data inputted in, processed through, collected or generated by the Software
Respond to Patient’s requests for information
Prevent or address technical or security issues and resolve support requests
Investigate in good faith alleged violations of our Terms and Conditions
Comply with a valid legal subpoena, request, or other lawful process
Help us better understand user interests and needs, and customise the Software for our users
Protect the Software and our users for emergencies.

4. Privacy Terms for Site Visitors

This section applies only to Site Visitors. If you visit the Websites, regardless of whether you are also a user of the Software or a Patient, the following rules apply to you. To eliminate any confusion, please note that the terms in this section apply only to use of the Websites, not to use of the Software. If you are a Site Visitor located in the European Union, we are the data controller with respect to the processing of your personal data pursuant to the GDPR.

Collection of Site Visitor’s information

When you use the Websites, we collect the following information about you:

Contact Information – if you submit a request for information or a question through the Websites, you may be asked to provide us with basic information including your name, email address, phone number, and postal address. We will also keep records of the communication, the question/request you raised, and how it was resolved.
Websites Usage Information – as you browse the Websites, we and our service providers (which are third-party companies that work on our behalf to provide and enhance the Websites) use a variety of technologies, including cookies and similar tools, to assist in collecting information about how you use the Websites. For example, our servers automatically record certain information in server logs. These server logs may include information such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks and how you interact with links on the Websites, domain names, landing pages, pages viewed, mobile carrier, mobile device identifiers and information about the device you are using to access the Websites, date and time stamp information and other such information.
Location Information – We collect and process general information about the location of the device from which you are accessing the Software (e.g. approximate geographic location inferred from an IP address).

How do we use Site Visitor’s Information

Cookies and Similar Technologies

To collect the Websites Usage Information discussed above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Websites.

A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to:

recognise your computer and login session;
store your preferences and settings;
understand which pages of the Websites you have visited;
enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests;
perform analytics; and
assist with security and administrative functions.

Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Websites and associated advertising, and to access user cookies.

As we adopt additional technologies, we may also gather information through other methods. Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g. Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).

Use of Information Collected from Site Visitors

We use the information collected from Site Visitors for a variety of purposes including to:

Maintain, provide, and improve the Websites and the Software
Respond to your requests for information
In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about us. You have the ability to unsubscribe from such promotional communications
Prevent or address technical or security issues
Investigate in good faith alleged violations of our Terms and Conditions
Help us better understand Site Visitor interests and needs
Engage in analysis and research regarding use of the Websites and the Software.

Website Analytics and Advertising

Website Analytics

We may use third-party web analytics services on our Websites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

Online Advertising

The Websites may integrate third-party advertising technologies that allow for the delivery of relevant content and advertising on the Websites, as well as on other websites you visit. The ads may be based on various factors such as the content of the page you are visiting, information you enter such as your age and gender, your searches, demographic data, and other information we collect from you. These ads may be based on your current activity or your activity over time and across other websites and online services and may be tailored to your interests.

Third parties, whose products or services are accessible or advertised via the Websites, may also place cookies or other tracking technologies on your computer, mobile phone, or other device to collect information about you as discussed above. We also allow other third parties (e.g. ad networks and ad servers such as Google Analytics, DoubleClick and others) to serve tailored ads to you on our Websites and other websites and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Websites. We sometimes provide Site Visitor information (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant ads when you visit other websites.

We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your device you use to access the Websites by such non-affiliated third parties.

Notice Concerning Do Not Track

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Websites for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.

5. Privacy Terms For All Users

The following additional information about our privacy practices apply to all users (Subscribers, Site Visitors and Patients).

Information received from third parties

Where necessary and, where permitted by law or with your consent, we supplement the information we receive from you with information from third party sources.

Children

Our Websites and Software are not targeted towards, nor intended for use by, anyone under the age of 18. You may only use the Websites and Software if you are at least eighteen (18) years of age and can form legally binding contracts under applicable law.

Most of our services are not directed toward children. For our services that may be used by children under 16 years of age (for instance, our migraine tracking mobile app), we comply with applicable legislation in relation to personal information of minors. If a user under 16 years of age wants to use our Services that are suitable for that age group, we ask the user to register with their first name and a unique identifier only.

To the extent we collect any information of minors under 16 years of age that is considered personal information under any applicable law, we do not and will not sell such information without affirmative authorization.

If you are a parent and have questions about our practices, please feel free to contact us using the contact information provided below.

Legal Bases

Our legal basis for collecting and using personal information will depend on the personal information concerned and the specific context in which we collect it.

However, the legal bases for using the information we collect through your use of the Websites or Software would normally be:

Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the Terms and Conditions, which you accept by browsing the Websites).
Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Software or Websites; operate our Software or Website; prevent fraud, analyse use of and improve our Software, Websites or services, and for similar purposes).
Where use of your information is necessary to comply with a legal obligation.
Where we have your consent to process data in a certain way.

Sharing of Information

We may share the information we collect via or in connection with the Software or Websites as follows:

Affiliates and Subsidiaries. We may share the information we collect with our related bodies corporate and affiliated businesses.
Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, analytics, data storage, security, fraud prevention, and other services.
Business Transactions. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Software and Websites can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as the acquiring party modifies it. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
As required by law or legal process. To the maximum extent permitted by applicable law, in response to (i) subpoenas or other legal process or if in our good faith opinion such disclosure is required or permitted by law; (ii) at the request of governmental authorities conducting an investigation.
Enforcement or our rights or for safety reasons. To defend the Terms of Service or other policies applicable to Our Service, or to protect the rights, property, life, health, security and safety of any person.
For a purpose disclosed elsewhere in this Policy.
With your consent or at your direction.

Storing of personal information

Please note that personal information may be transferred to, and stored/processed in, Australia and/or servers based in other countries around the world. Where those servers or other computing environments are operates by third party service providers, we ensure that that:

We only work with service providers which, we reasonably believe, are subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the original jurisdiction, or another valid exception applies; and/or
such service providers are contractually bound to protect personal information in accordance with the applicable privacy legislation and to destroy or de-identify personal information once it is no longer needed.

By agreeing to the terms of this Privacy Policy, you therefore expressly consent to your personal information being transferred and/or stored and/or processed in this way.

Data Retention

We will retain your information for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law, or where the Clinic Agreement requires or permits specific retention or deletion periods.

Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through Software or Websites so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and analytics, and may also share such data with any third parties, including partners, affiliates, services providers, and others.

How We Protect Your Information

We take technical and organisational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information.

Marketing Practices and Choices

If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns. You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us at the “Contact Us” section below. In commercial email messages, you can also opt-out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Policy or as required by applicable law. For example, you may not opt-out of certain operational or service-related emails, such as those reflecting our relationship or transactions with you.

How you may access and correct your personal information

You may access, review, update, correct, or delete certain of your online account information or close your account by logging in to your account. If you are unable to do so, you can contact us at privacy@bntxinteract.com, specifying the request sought with proof of identity.

We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the sensitivity of the personal information and whether you have an account with us.

We may retain cached or archived copied information about you for a certain period of time and as required by applicable law. We may also indefinitely retain information that has been de-identified. Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media or for other reasons.

Subject to applicable local legislation, we may charge you a reasonable fee to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested.

We will endeavour to respond to written requests within 30 business days after a request is received by us.

Changes To Our Privacy Policy

We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Software or Websites, or advances in technology. We will make the revised Policy accessible through the Software and Websites, so you should review the Policy periodically. If we make a material change to the Policy, we will comply with applicable legal requirements regarding providing you with notice and/or obtaining your consent.

6. Your Other Privacy Rights

Depending on your country or state of residency, you may have legal rights with respect to your personal information, including one or more of the following (each of which may be subject to certain exceptions that will be analyzed on a case-by-case basis): Right of Access / Right to Know, Right to Rectification, Right to Restrict Processing, Right of Data Portability, Right to Object or Opt-out, Right to Withdraw Consent, Right to Erasure or Deletion, Right to Non-discrimination, Right to not be Subject to Automated Decision Making, Right to Lodge a Complaint. Some of the above are facilitated though the functionality of Websites and Software.

Rights of individuals located in the European Union (EU)

In addition to the access, deletion and correction of personal information rights, individuals located in the European Union (EU) may also have other rights under the GDPR. The key obligations under the GDPR include Notice, Individual Rights, and Retention. Each user has a right of confirmation (to confirm whether or not personal information concerning the user is being processed), portability (the right to receive the personal information concerning the user, which was provided to us, in a readable format), object (the right to object the processing of the personal information concerning the user unless we can demonstrate compelling legitimate grounds for the processing which overrides the interests, rights, and freedoms of the user/data subject, or for the establishment, exercise or defence of legal claims), restriction of processing (the right to restrict processing where the accuracy of the personal information is contested by the user/data subject for a period enabling the controller to verify the accuracy of the personal information; or the processing is unlawful and the user/data subject opposes the erasure of the personal information and requests instead the restriction of their use instead; or the controller of personal information no longer needs the personal information for the purposes of the processing, but required by the user/data subject for the establishment, exercise or defence of legal claims), as set out in Articles of the GDPR.

You are enabled to exercise some of the foregoing rights via the functionality of the Platform.

California Privacy Rights

In addition to the access, deletion and correction of personal information rights (which you are enabled to exercise via functionality via functionality of the Platform, California law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined by applicable Californian law) with third parties for their direct marketing purposes. However, we do not share your personal information with third parties for their own direct marketing purposes.

7. Questions or Complaints

If you have any questions about this Policy, about the processing of your data described, or any concerns or complaints with regard to the administration of the Policy, please contact us at privacy@bntxinteract.com with a summary of the privacy concern or alleged breach and copies of any relevant documentation). We will investigate the complaint and will endeavor to respond to you within 30 business days. We will take immediate steps to redress proven privacy concerns or breaches.

If you are an Australian resident and do not receive a response from us after 30 days or if you are not satisfied with the response, you may contact the Office of the Australian Information Commissioner to make a complaint about this Policy or access information about your Privacy Rights.

8. Contact us

Integra Medical Group, Suite 12.01, Level 12, 54 Miller St North Sydney NSW 2060