Thanks for visiting our website or downloading and using our app. As much as we are committed to improving the working lives of our healthcare professionals, we are equally committed to ensuring that we respect your privacy, only collect the information necessary for you to use the platform safely and easily, and that we are transparent in the way we handle your data.
What personal information do we collect?
We only collect what we need for you to use our platform safely, easily and to allow hospitals and customers to verify the people that are using their accounts. Here is a list of the personal information we collect:
- First and last name
- This is so that your hospital knows who you are and can approve your access and send you critical and useful information through our app. You can always enter in a pseudonym instead of your actual name, but this may make it more difficult for your hospital admin team to know who you are.
- Phone number
- This is our ‘unique identifier’, it stops fake accounts being setup and helps to secure you access via two-factor authentication during registration. It also lets you recover your registered email via text to help in resetting your password if needed.
- Email address
- This is so that we can confirm your successful registration and is the way to reset your password. If you are having trouble accessing or using our app it also lets the support team get in contact with you.
In some circumstances we will also ask you to select or confirm your role within the hospital or customer site (e.g. Intern, Registrar etc.) this ensures you see the most relevant content and communications.
You can keep your personal information up to date directly through the relevant profile section on our mobile app.
How do we get this information & opting out of a user invite?
User Registration – anyone can download from the App Store or Google Play and register an account. When you register you need to enter the information we set out above so that you can be verified as a genuine user and give you access to the features and functionality of the app.
User Invites (and opting out) – when a hospital or other customer is using the platform to onboard their users they can send out invitations directly to those users via SMS and email. To do this they enter the information set out above which will then send a unique link. It is just like the user registration method, except that the hospital or facility prefills the details for you. Your hospital or facility will have your details on record through their normal employment processes and you will be invited because the app and the content is relevant to your role at that hospital or facility.
You can always choose not to accept, or opt-out of, the invitation by not confirming your registration (doing nothing). We would recommend getting in touch with your hospital admin to ask about how the platform is being used at your hospital and whether it is helpful for you to have access. If you choose not to accept the invitation (doing nothing) your invitation data will be removed from the platform after 1 month unless your hospital or facility has specifically requested otherwise.
Remember: This does not stop you from being invited at a later date by another hospital or facility that you might work at. Or if your current hospital or facility changes its policy on how they wish to use the platform and needs to re-add you. In both cases you will receive another invitation by SMS and email to join your hospital’s account on Med App.
Dashboard & Website Queries – We also have the ability for people to ask queries via our website live chat. Both on our normal website and our dashboard. In the case of admin users, you will have registered via one of the methods above. If you are visiting our public website we may ask you for an email address and name so that we can make sure you are a real person and get back to you about your query.
We also use a third party analytics service to help understand the usage of our website and respond to support queries. When visiting our website this means that cookies are used to track use and behaviour so we can provide better service and support.
Other information that we collect
We do collect usage data about what people look at on the app, dashboard or website. This includes things like which pages get the most views, which messages are looked at the most, when messages are seen and what gets clicked on.
On the app, this data is anonymised so that we cannot identify a person and the pages they have looked at. This is very important to us as we never want you to feel like someone is checking up on what you are looking at. You should feel comfortable to look at whatever you like in our apps, regardless of whether it is wellbeing help and support information or how to claim overtime.
The anonymised, aggregated usage data for a specific hospital or account (e.g. how many views page X has had) is shared with managers at that site so that they can continually improve the content in the app and only put up information that is relevant and useful.
When viewing our public website or using our manager dashboard we may track actions on those websites. This is for the purpose of logging changes to content through the dashboard and ensuring an audit log of changes, announcements and other notifications sent through the platform.
How we use personal information
In the language of privacy principles, we only use your personal information for necessary and related purposes. Specifically for us, this means:
- We use it to give you access to our apps and make sure you are who you say you are. This includes sending you registration emails and texts, two-factor authentication texts or messages from your hospital via the admin dashboard.
- We use it to log and respond to support queries when users are having issues with the dashboard, mobile app or website so that you don’t get stuck if an error happens while using the app and make sure you have a good experience with our platform.
- We use it to respond to feedback about our apps and try to improve the platform and services we make available to you.
Your personal information will also be visible to managers at hospital accounts that you have access to. These people are responsible for maintaining the platform content for the hospital account, managing user access and communicating with you (e.g. Medical Education Unit or Medical Administration). If you have queries about your own organisation’s privacy and disclosure policies you should get in touch with them via their privacy contact.
You never ‘have to’ provide personal information to us, however it will make it difficult to use our platform and all its features if you don’t. We only collect the minimum information needed to give you a safe and user-friendly experience.
We do not:
- Share your personal information for advertising or marketing purposes
- Send marketing emails or text messages
- Keep or process your personal information for any other commercial purpose
Third party services
We do use some third-party services to help run our platform and provide support. We only use trusted and well-known services to handle any of our app’s data, and only some of these services handle personal information. These services are required to handle your information in accordance with appropriate privacy rules and obligations and maintain relevant privacy and security certifications. Some of these providers may be located in Australia, the UK and the USA.
In some cases law enforcement, government authorities, or your employer may have personal information disclosed to them when it is necessary to comply with:
- A law, regulation or enforcement request
- Detect, prevent or address a fraud, security or safety issue relating to the app or other products
- Protect against harm to our users or organisation
We may also disclose your personal information to other third parties in circumstances where you have consented to that disclosure.
The following is a list of third parties authorised to receive personal information:
- Auth0: User authentication
- Twilio: Sending system SMS
- Sendgrid: Sending system emails
- Intercom: For logging and communicating user help and support queries
- AWS (Australia): Cloud infrastructure provider
We take all reasonable steps to make sure that the personal information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. We will hold personal information in electronic forms in secure databases on secure premises, accessible only by authorised staff.
Access and deletion of personal information
Yes, we can do it. If you would like to access or change the personal information we hold about you, you can always check and update your personal information via the mobile app. Go to the ‘more’ tab in the bottom right, then click ‘Edit Profile’.
You can also delete your account from the app directly by going to the ‘more’ tab, then click ‘Settings’, then click ‘Delete My Account’.
If you would like more information, get in touch with us through [email protected].
If you would like to request a further review of any personal information, we will need to double and triple check you are who you say you are so we might ask you some questions to prove your identity.
We will take all reasonable steps to provide access and/or deletion of all personal information within 30 days from your request. In less complex cases, we will attempt to provide this service within 14 days. If your case is more complex and providing this service requires a detailed retrieval of the information, a small fee may be charged for the time required by one of our team members to retrieve and supply that information.
Some information may be retained after your account has been deleted. This may include:
- Event attendance logs: Where you have logged your attendance for an education or training event through the app. The register of attendance will continue to record your details against that event. It may be a condition of accreditation for a hospital that these records are kept for a minimum amount of time. A site may choose to delete the event or attendance record, in which case your details will be removed.
- System and database backups: Our platform is backed up regularly to aid in disaster recovery, incident management and to prevent data loss. As a result of a system or database backup your details may be recorded. These records are kept for 30 days, after which they will be deleted or superseded.
- Historic error logs: Where your account has had an error or other issue that has been recorded in our logging system, your details may continue to be recorded after the deletion of your account. These logs are deleted or superseded after 30 days.
How to contact us
If you would like some additional information or have a specific question about the policy or the data we use, feel free to send us an email at [email protected].
If you do have any feedback we are always looking to improve our systems so please send an email to the above address and we will get back to you as soon as possible. We treat all feedback and queries seriously and will always deal with them confidentially.
Last update: 31 July 2023