GERTRUDE BIOMEDICAL PTY LTD PRIVACY POLICY

Gertrude Biomedical Pty Ltd endeavours to comply with:

• the Australian state and commonwealth privacy laws including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (if the User is not an EU Entity); and
• the GDPR (if an EU Entity),

(collectively, “Privacy Laws”)

Gertrude is committed to the privacy of its website users and to continue providing products in a confidential and safe manner.

This Privacy Policy summarises how Gertrude handles personal information with respect to:

• any official Gertrude website, web/cloud-based application (“Website”) including any forms on the Website;
• any software used to provide the Website; and
• any services provided by or to a User through the Website or the App,

(collectively, “Platform”).

Gertrude will respect and keep secure all personal and sensitive information provided to Gertrude by users and clients of its Platform (individually and collectively, “User/s”) in accordance with applicable privacy laws and this Privacy Policy.

By downloading, installing or continuing to use the Platform, a User:

• acknowledges acceptance of; and
• consents to the collect, use, store, process and disclose a User’s personal information,

in accordance with this Privacy Policy as updated from time to time.

Information Gertrude collects and holds

Personal Information

Definition [non-EU]

If the User is not an EU Entity, “personal information” is defined by the Privacy Act 1988 (Cth) as “information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.”

Definition [EU-only]

If the User is an EU Entity, “personal information” is defined as “any data that can be used to identify a living person directly or indirectly”.

From time to time, Gertrude may collect certain of a User’s personal information.  Gertrude only collects that personal information that is reasonably necessary for or related to Gertrude’s business or to facilitate the use of the Platform by Users.

The kind of information Gertrude collects will depend on a User’s relationship with Gertrude (e.g. as a Platform user, customer, business partner, employee or contractor).

Generally, the only personal information Gertrude collects about a User is that information which a User choose to disclose to Gertrude or which a User authorises Gertrude to obtain.

The type of information Gertrude collect may include a User/User’s:

• name and contact information (including telephone and mobile number, email address and residential and postal address);
• individual information (including age, gender, race, ethnicity, place of birth, language(s) spoken, personality type, disabilities, photographic identification, criminal history record and drug toxicology reports, membership or affiliation with an industry union);
• social media information (including Instagram, Facebook, websites and other like services)
• related business/company name and contact information (including ABN/ACN, business name, company contact, telephone and fax number, email address and registered, postal and business address);
• residential/work address
• photographs
• geographic location
• hardware/browser/software used to access the Platform
• IP addresses
• search terms and pages visited on our website
• date and time when pages were accessed
• downloads, time spent on page, and bounce rate
• referring domain and out link if applicable
• device screen size
• other information as reasonably required for any purpose in connection with [CLEINT]’s business (including information contained in communications between a User and Gertrude or forms or other documents provided to Gertrude by a User and any information Gertrude or required to collected by law)

Sensitive Information

Sensitive information is a special category of the most sensitive personal information including racial or ethnic origin, political opinion, police record, health and disability information etc.

Gertrude does not collect sensitive information

Indirect collection

In the course of handling and resolving a complaint, data breach notification, review or an investigation, Gertrude may collect personal information (including sensitive information) about a User indirectly from publicly available sources or from third parties such as:

• a User’s authorised representative, if the User has one
• applicants, complainants, respondents to a complaint, investigation, application or data breach notification or the third parties’ employees and witnesses.

Gertrude may also collect personal information from publicly available sources to enable us to contact stakeholders who may be interested in Gertrude’s business.

Social networking services

Gertrude may use social media services such as LinkedIn, Twitter, Facebook and YouTube to communicate with the public about Gertrude’s business.

When a User communicate with Gertrude using social media services Gertrude may collect such User’s personal information, but Gertrude only use it to help us to communicate with the User and the public.

The social media service will also handle a User’s personal information for its own purposes. These services have their own privacy policies.

How Gertrude collects and holds personal information

Where possible, Gertrude will collect a User’s personal information directly from a User, but information may also be collected via:

• IP loggers;
• IP addresses;
• cookies
• social media;
• wi-fi routers; and
• GPS devices

Personal and sensitive information may be collected from a User when a User provides it to Gertrude directly.

Gertrude has established appropriate physical, electronic and managerial procedures to safeguard any information Gertrude collects. This helps prevent unauthorised access, maintains data accuracy and ensures that the information is used correctly.

All data transferred to and from Gertrude’s servers is encrypted and a firewall is in place to prevent intrusion.  All data stored within Gertrude’s systems is designed to only be able to be accessed by authorised Gertrude officers, employees, contractors and the relevant hosting facility.

The purposes for which Gertrude collects, holds, uses and discloses personal information.

Gertrude collects personal information that Gertrude considers relevant for the purpose of providing Gertrude’s services or the Platform.

Gertrude will not use or disclose personal information collected about an individual for the purposes of direct marketing unless the individual has given Gertrude consent to do so.

Gertrude will not disclose any personal information to any third-party overseas recipients unless the individual has given Gertrude consent to do so.

Some of the ways Gertrude uses personal information includes to:

• communicate with a User and others as part of Gertrude’s business
• enable Gertrude to provide a product
• personalise a User’s Gertrude user experience
• send a User information regarding changes to Gertrude’s policies, other terms and conditions, on-line services and other administrative issues
• manage accounts and perform other administrative and operational tasks (including risk management, systems development and testing, credit scoring and staff training, collecting debts and market or client satisfaction research)
• prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks
• verify information given to Gertrude
• to identify a User when the User contacts us
• carry out market research and analysis, including satisfaction surveys
• provide marketing information to a User (including information about other products and services offered by selected third party partners) in preferences a User have expressed
• manage Gertrude’s infrastructure and business operations and comply with internal policies and procedures, including those relating to auditing accounting billing and collections IT systems data and website hosting business continuity and records, document and print management
• process payments, refunds, replacements and repairs
• resolve complaints and handle requests for data access or correction
• comply with applicable laws and regulatory obligations (including laws outside a User’s country of residence), such as those relating to anti-money laundering, sanctions and anti-terrorism
• comply with legal process and respond to requests from public and governmental authorities (in outside a User’s country of residence)
• establish and defend legal rights protect Gertrude’s operations or those of any of Gertrude’ group companies or insurance business partners, Gertrude’s rights or property and/or that of Gertrude’ group companies, a User or others and pursue available remedies or limit Gertrude’ damages

To whom does Gertrude disclose a User’s personal information?

Gertrude may disclose a User’s personal information to:

• the User
• government authorities (where required by law including workers compensation laws)
• third parties involved in court action (where required by law)
• other parties that provide support services to Gertrude including support services, merchant services, marketing programs for the purposes of marketing Gertrude products only
• third party professional advisers
• potential business partners or purchasers
• any other persons contemplated by this Privacy Policy

What happens if a User doesn’t provide personal or sensitive information?

If a User does not provide some or all of the information requested, Gertrude may not be able to provide Gertrude’s products, permit a User to open or use a user account or give a User access to the Platform.

Using a pseudonym or engaging with Gertrude anonymously

Where practicable, a User will be given the opportunity to engage with Gertrude on an anonymous basis or using a pseudonym. Due to the nature of Gertrude’s services, in most cases, the use of a pseudonym anonymity will not be possible.

Miscellaneous

Website cookies and usage information

When a User accesses Gertrude’s Platform, Gertrude may use software embedded in Gertrude’s Platform and Gertrude may place small data files (or cookies) on a User’s computer or other device to collect information about which pages a User’s view, how a User reach those pages, what a User does when a User visits a page, the length of time a User remains on the page and how Gertrude performs in providing content to a User. A cookie does not identify individuals personally, but it does identify computers.

A User can set a User’s browser to notify a User when a User receive a cookie and this will provide a User with an opportunity to either accept or reject it in each instance. Gertrude may gather a User’s IP address as part of Gertrude’s business activities and to assist with any operational difficulties or support issues with Gertrude’s services. This information does not identify a User personally.

External links

The Platform may contain links to other websites. When a User accesses these links, Gertrude recommends that a User read the website owner’s privacy statement before disclosing a User’s personal information. Gertrude does not accept responsibility for inappropriate use, collection, storage or disclosure of a User’s personal information collected outside Gertrude’s Platform.

Storage

Gertrude will take reasonable steps to protect a User’s personal information and to protect such information from loss, misuse, and unauthorised access, use, modification, disclosure, alteration, or destruction.

However, electronic transmission of information is never completely secure or error-free. As a result, Gertrude cannot ensure or warrant the security of any information electronically transmitted by a User and a User provides their personal information at their own risk. To the maximum extent provided by the relevant laws, Gertrude is not responsible or liable for the electronic transmission of personal information to Gertrude or to third parties.

Cross-border disclosures of a User’s personal information

Gertrude does currently use off-shore service providers with regard to storage of personal information data including email services, support service and telephonic services. Gertrude reserves the right to use data hosting facilities and third-party service providers both in Australia and overseas to assist Gertrude with providing our goods and services.

Right to opt out of personal information use

Gertrude will comply with any request from a User to process or cease using their personal information data as soon as practicable.

Unless a User specifically opts-out of use of personal information for marketing purposes, Gertrude will assume Gertrude has a User’s implied consent to receive similar information and communications in the future.

Right to rectification

Gertrude has obligations to take reasonable steps to correct personal information held by Gertrude if Gertrude is satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purpose for which it is held.

Gertrude will comply with any request from a User to update and/or correct their personal information data within 28 days.

Gertrude may take reasonable steps to verify a User’s identity before making any such changes.

In cases where the information was provided by a third party, Gertrude may not be able to correct information and a User may have to contact the third-party that gave information to Gertrude.

Right of access [EU only]

If the User is an EU Entity, Gertrude will comply with any request from a User to access their personal information data erased within 28 days.

Right to erasure [EU only]

If the User is an EU Entity, Gertrude will comply with any request from a User to object to have their personal information data erased within 28 days.

Right to data portability [EU only]

If the User is an EU Entity, Gertrude will comply with any request from a User to obtain and/or use their personal information data for their own purposes within 28 days.

Policy changes

Gertrude may revise this Privacy Policy from time to time by updating this page. The revised Privacy Policy will take effect when it is posted on Gertrude’s Website, implemented in the Platform or otherwise communicated to a User. Gertrude suggests that a User review Gertrude’s Privacy Policy regularly.

Applicable law

This agreement is governed by and construed in accordance with the laws of Victoria, Australia.

The User irrevocably and unconditionally submit to the non-exclusive jurisdiction of the courts of Victoria, Australia.

If any provision of this agreement is found to be invalid or unenforceable by a court of law, such invalidity or unenforceability will not affect the remainder of this agreement, which will continue in full force and effect.

Definitions

In this Privacy Policy:

“Gertrude” means GERTRUDE BIOMEDICAL PTY LTD [ACN 634 074 678] and any “Related Body Corporate” within the meaning of the Section 50 of the Corporations Act 2001 (Cth).

“EU Entity” means a User that:
a. is incorporated; or
b. ordinarily resides (wholly or partly),
in a European Union member state from time to time.

“GDPR” means the EU General Data Protection Regulation.

Contacting Gertrude

To exercise a right under this Privacy Policy, make further inquiries or to complain about a breach of the law (including the Australian Privacy Principles or a registered Australian Privacy Principles code, if applicable) a User should contact Gertrude as follows:

The Privacy Officer

c/- Acorn Consulting

Level 6, 12/20 Flinders Ln

Melbourne VIC 3000

Email: office@gertrudebiomed.com

Gertrude takes all complaints regarding privacy of information seriously. Gertrude will respond to any inquiries in a reasonable time.