1. Gensolve’s Privacy Policy

This privacy policy sets out how Gensolve Pty Ltd, Australian Company Number 082 024 815, and its subsidiaries and related parties, and any of their branches, in the UK, Australia and New Zealand (together referred to as “Gensolve” or “we”), manage and processes personal information of our website visitors and customers. Please note that this privacy policy is not an exclusive description of how Gensolve processes the personal information of individuals.

We respect the confidentiality of our customers’ personal information and take privacy seriously. We set out in this privacy policy:

• How we collect personal information
• What types of personal information we collect
• How we use personal information
• Information for marketing purposes
• Grounds for processing
• How we make sure personal information remains safe and secure
• How we share personal information
• International transfer of personal data
• Retention of personal information
• Your rights with regard to your personal information
• Third parties
• Compliance with privacy laws
• Changes to this policy
• Other information we collect that is not personal information
• Contact details

If you use Gensolve’s software service, Gensolve Practice Manager (from this point referred to as “GPM”), further information will be provided as part of the engagement process and in our terms of service or end user licence agreement.

If you are an employee, worker or job applicant of Gensolve, the information about how we handle your personal information as an employee will have been notified to you separately.

2. How we collect personal information

We only collect and store personal information when you interact with our website or, as a customer, request our products or services or during the course of establishing or maintaining our service provider relationship with customers. We collect personal information in writing, by telephone, by e-mail and by online applications.

Gensolve collects personal information directly from the individual to whom it relates, except where that individual has consented to Gensolve collecting the personal information from a third party or the law otherwise permits Gensolve to do so.

3. What types of personal information we collect

Personal information is any information which could identify or be used to establish an individual’s identity, either directly or indirectly.

The personal information we collect may include your name, postal address, phone number, email address, your job title and your IP address. If you are a customer, we may also collect additional personal information including your function/job title within a company and your work email address and/or phone number, your company’s name, company and/or VAT or other tax number and bank account details.

If you are a customer, by using GPM and agreeing to our terms of service or our end user licence agreement you consent to this privacy policy.

Please distinguish the personal information we collect for the purposes of providing the GPM service from personal information that users of GPM may collect about their patients. We do not play any part in the collection of personal information by users of GPM about their patients which is the responsibility of the relevant health practice. Patients of users of GPM are directed to consult with their health practice on the personal information collected and how that health practice may use and disclose such personal information.

4. How we use personal information

We will use your personal data and may share your personal data with other parties acting on our behalf for one or more of the following purposes:

1. To establish and maintain a relationship with customers and prospective customers. Collecting personal information about our customers allows us to provide the full level of service.
2. If you are a customer, to carry out our contract with you.
3. To conduct research about the quality of our software and services.
4. To conduct research about the use of our website.
5. For market research purposes.
6. For our own administrative purposes, including training our staff, conducting internal audits or transferring asses as part of a sale, purchase, investment in or reorganisation of the business.
7. To assess and respond to a complaint you might make to us.
8. To comply with Gensolve’s regulatory and legal obligations.

We will not sell your personal information to third parties.

If we wish to use your personal information for a purpose beyond those set out above, we will ask for your consent or seek to rely on another valid legal ground to process your personal information in accordance with the applicable law.

5. Information for marketing purposes

Where you have consented to us using your personal data for marketing purposes, we may use your information to conduct marketing and data analysis or to send you updates and news concerning Gensolve and its business partners.

If at any time after you have consented to us using your information for marketing purposes and you wish us to stop using your information for these purposes, please email us at the address set out in section 16 below.

6. Grounds for processing

To process your data lawfully we need to rely on one or more valid legal grounds. The grounds we may rely upon include:

1. Your consent to particular processing activities. For example, where you have consented to us using your information for marketing purposes.
2. Our legitimate interests as a business (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use your data to prevent or detect fraud or abuses of our website.
3. Our compliance with a legal obligation to which Gensolve is subject. For example, we have a duty to investigate and respond to complaints made against us and may need to process your personal information as part of such investigation.
4. If you are a customer, because processing your personal data is necessary for the performance of a contract.

7. How we make sure personal information remains safe and secure

We store all personal information disclosed to and collected by us in electronic form in a secure storage facility operated by a third party. We have taken thorough steps to ensure the storage facilities are secure, including encrypting communications to and from the storage facilities. We also maintain physical, electronic and procedural safeguards to protect personal information from misuse, unauthorized access or disclosure and loss or corruption by computer viruses and other sources of harm. We restrict access to personal information to those staff members and third parties who need to know that information for the purposes set out in this privacy policy and we provide strict instructions for those staff who handle personal information to ensure they protect the confidentiality of personal information.

8. How we share personal information

We will only disclose personal information we have collected with your consent, where we are compelled to do so for legal or compliance reasons or for our related business purposes, in each case in accordance with the applicable law and for the purposes listed above. Examples of disclosures of personal information we have collected include disclosures to:

1. Our subsidiaries or associated branches and their staff
2. Our outsourced third party service providers or suppliers to facilitate the provision of our services, for example, the disclosure to our data centre provider for the safe keeping of your personal data and the disclosure to third parties that conduct specialised activities such as high volume email mail-outs or supply specialised products such as value-added service offerings.
3. Third party organisations for the purposes of providing marketing services on our behalf or to distribute notifications regarding events we hold.
4. To another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganization, change of legal form, dissolution or similar event. In the case of a merger or sale your personal data will be permanently transferred to a successor company.
5. Our professional advisors (such as accountants and lawyers) who may require such information.
6. Public authorities where we are required by law to do so.
7. Any other third party where you have provided your consent.

We also may de-identify personal information we have collected for use and disclosure to organisations outside of Gensolve for the purposes of analysing our service quality and timeliness, market research, marketing and compilation or analysis of statistics comprised of, or related to, the information you provide us. De-identified information may also be used internally for business analysis and educational purposes.

9. International transfer of personal data

We may transfer your personal data to a third party in countries outside of the EU for further processing in accordance with the purposes set out in the policy. In particular, your personal data may be transferred throughout the Gensolve group and to out outsourced service providers located abroad. In these circumstances, we will not disclose personal information unless we have taken steps to confirm, as required by applicable law, that your privacy rights are adequately protected by appropriate technical, organisational, contractual or other lawful means. Please contact Gensolve using the contact information set out in section 16 below if you would like details about the safeguards we have put in place to protect your personal data and privacy rights in these circumstances.

We may disclose your information to any person as required by law and specifically to any government agency if we believe in good faith that we must do so to comply with the law or that doing so is required to prevent, detect, investigate or remedy improper conduct potentially affecting Gensolve.

10. Retention of personal information

Your personal information will be retained for as long as it is necessary to carry out the purposes set out in this privacy policy (unless longer retention is required by the applicable law). However, we will not retain any of your personal information beyond this period and the retention of your personal information will be subject to periodic review. We may keep an anonymised form of your personal information, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

11. Your rights with regards to your personal information

Data protection law provides individuals with certain rights, including the right to: access, rectify, withdraw consent, erase, restrict, transport, and object to the processing of, their personal information. Individuals also have the right to lodge a complaint with the relevant information protection authority if they believe that their personal information is not being processed in accordance with the law. Further information about your rights is set out below:

Right of obtain a copy of your personal information. You have the right to obtain a copy of the personal information we hold about you. If you would like to obtain a copy of this information please email us at the address set out in section 16 below. You may be required to submit a proof of your identity.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. In certain other circumstances Gensolve may also refuse you access to your personal information in whole or in part, for example where the information relates to legal proceedings or we are required by law not to disclose the information.

Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete personal information. If we disagree and believe the information to be accurate and complete, we will advise you and include a notation on the record that you dispute the information’s accuracy. Requests for corrections or supplements to all other personal information should be made to the address set out in section 16 below. We will respond to your request to correct or supplement your personal information within a reasonable time period and, in any event, within any time period specified in relevant laws.

Right to withdraw consent. You may, as permitted by law, withdraw your consent to the processing of your personal information at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit from certain service features for which the processing of your personal information is essential.

Right to object to processing. You may, as permitted by law, request that we stop processing your personal information.

Right to erasure. You may request that we erase your personal information and we will comply, unless there is a lawful reason for not doing so.

Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal information. However, you do have the right to contact the relevant supervisory authority in the relevant country directly.

12. Third parties

Where you submit information on behalf of another person, you confirm that you have made that person aware of how we may collect, use and disclose their information, the reason you have provided it, how they can contact us, the terms of this policy and that they have consented to such collection, use and disclosure.

13. Compliance with privacy laws

Gensolve complies with the data protection and privacy laws to which it is subject. You should satisfy yourself that you are familiar with those laws, including any exceptions which may apply under them. You should also be aware that privacy laws in various jurisdictions may change from time to time.

Except to the extent expressly stated otherwise in this policy, Gensolve accepts no obligations with respect to the handling of personal information other than those mandated by law in the country which has, or counties which have jurisdiction over Gensolve in any given circumstances.

14. Changes to this policy

As we strive to improve our practices, we may review this policy from time to time. We reserve the right to change this policy at any time and to notify you of those changes by posting an updated version of this policy on our website. It is your responsibility to check our policy each time before you access our website for any changes.

15. Other information we collect that is not personal information

To monitor and improve our service we collect information on website activity such as the number of users who visit our website, dates and times of visits, number of pages viewed, navigation patterns and systems used to access our site and when entering our site from another site, the address of that site. This information does not identify an individual but it does provide Gensolve with statistics that we can use to analyse and improve our website.

16. Contact details

If you require further information about this privacy policy, if you have any concerns about personal information we may hold or if you would like to seek to correct any personal information we may hold please contact us on:

Email: support@gensolve.com

Phone: +61 1300 654 484

Fax: +61 1300 653 484

Mail: PO Box 1102, Maroochydore QLD 4220, Australia

For any queries relating to the General Data Protection Regulation, you may address the query to the attention of our Data Protection Officer.