PRIVACY POLICY
1. INTRODUCTION
This document sets out the privacy policy of Scrypt Ventures Pty Ltd ABN 45 627 644 759 (referred to in this privacy policy as ‘we’, ‘us’, or ‘our’).
The Privacy Act 1988 (Cth) (Privacy Act) requires entities bound by the Australian Privacy Principles to have a privacy policy. We take our privacy obligations seriously and we’ve created this privacy policy to explain how we handle personal information.
By providing personal information (including sensitive information) to us, you consent to our collection, storage, maintenance, use and disclosing of personal information in accordance with this privacy policy.
We may change this privacy policy from time to time by posting an updated copy on our website and we encourage you to check our website regularly to ensure that you are aware of our most current privacy policy.
2. APPLICATION OF THIS PRIVACY POLICY
Most of this privacy policy applies to all personal information we collect and to our website and full suite of platforms, including ScryptHQ, ScryptCloud, ScryptMobile and ScryptPay.
However, some of our privacy practices may differ slightly for information collected by a particular product or as it relates to particular types of information (like sensitive information). Where this is the case, we have outlined that particular practice in its own section within this privacy policy and, to the extent of any inconsistency, that section supersedes the general practices outlined in the rest of this privacy policy.
As the provider of cloud storage services and customer relationship management software, the majority of the personal information we hold on behalf of our users as a data processor. As a result, for much of the personal information we handle we act on behalf of our users. We are not responsible for the privacy or security practices of our users which may differ from the practices outlined in this privacy policy, including for any breaches of the Privacy Act or the Spam Act 2003 (Cth) (Spam Act).
3. TYPES OF PERSONAL INFORMATION WE COLLECT
The personal information we collect may include the following:
(a) name;
(b) mailing or street address;
(c) email address;
(d) social media information;
(e) telephone number and other contact details;
(f) age;
(g) date of birth;
(h) communications between users of our platforms on our platforms;
(i) credit card or other payment information;
(j) sensitive information (such as health information) as set out below;
(k) information about your business or personal circumstances;
(l) information in connection with client surveys, questionnaires and promotions;
(m) your device identity and type, I.P. address, geo-location information, page view statistics, advertising data and standard web log information;
(n) information about third parties; and
(o) any other personal information provided by you or a third party to us via our website or platforms, or otherwise provided by you or a third party to us.
4. HOW WE COLLECT PERSONAL INFORMATION
We will collect your personal information in a lawful and fair way. We will only collect your personal information where you have consented, or otherwise in accordance with the law.
4.2 COLLECTION FROM YOU
We may collect personal information from you where you:
(a) contact us through our website;
(b) receive goods or services from us;
(c) download or use any of our platforms;
(d) submit any of our online sign up forms;
(e) communicate with us via email, telephone, SMS, social applications (such as LinkedIn, Facebook or Twitter) or otherwise;
(f) interact with our website, social applications, services, content and advertising; or
(g) invest in our business or enquire as to a potential purchase in our business.
4.3 COLLECTION FROM THIRD PARTIES
Whenever possible, we collect your personal information directly from you. However, there may be occasions when we collect personal information about you from someone else. For example where:
(a) you receive goods or services from a pharmacy which uses our platforms;
(b) you communicate with or otherwise provide your details to a pharmacy which uses our platforms; or
(c) your employer uploads your details to our platforms or otherwise provides it to us.
4.4 COLLECTION FROM COOKIES
We may also collect personal information from you when you use or access our website or our social media pages. This may be done through use of web analytics tools, ‘cookies’ or other similar tracking technologies that allow us to track and analyse your website usage. Cookies are small files that store information on your computer, mobile phone or other device and enable and allow the creator of the cookie to identify when you visit different websites.
Your web browser can choose whether or not to accept cookies. Most web browser software is initially set up to accept them. If you do not want your browser to use cookies, you can manage and control their use through your browser settings.
5. USE OF YOUR PERSONAL INFORMATION
We collect and use personal information for the primary purposes of:
(a) providing our goods and services to you, including our platforms;
(b) allowing pharmacies to use our platforms to manage their customers and business and to improve and optimise their goods and service offerings and customer experience;
(c) allowing pharmacy customers to manage their prescriptions and pharmacy-related needs;
(d) record keeping and administration of our business;
(e) providing information about you to our contractors, employees, consultants, agents or other third parties for the purpose of providing our goods or services to you;
(f) improving and optimising our goods and service offerings and customer experience;
(g) complying with our legal obligations, resolving disputes or enforcing our agreements with you;
(h) providing support for our goods and services;
(i) sending you marketing and promotional messages and other information that may be of interest to you and for the purpose of direct marketing;
(j) responding to any queries or complaints;
(k) sending you administrative messages, reminders, notices, updates, security alerts, and other information requested by you; and
(l) considering an application of employment from you.
We may also use your personal information for:
(a) any purpose for which we receive consent from you for;
(b) secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use;
(c) such purposes where we reasonably believe that use of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent; or
(d) any other purpose which is permitted or required under applicable privacy laws.
6. MARKETING
We may at times send you marketing communications which will be done in accordance with the Spam Act.
In this regard, we may use email, SMS, social media, phone or mail to send you direct marketing communications.
Where consent is needed, we will ask you for your consent before sending you marketing communications, except where you:
(a) have explicitly opted-in to receiving email marketing from us in the past; or
(b) were given the option to opt-out of email marketing when you initially signed up for one of our platforms and you did not do so.You can, at any time, opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link on emails we send you) or by contacting us via the details provided at the end of this privacy policy. We will implement such a request as soon as possible, however, cannot guarantee that such a response will be immediate.
7. DISCLOSURE
7.1 GENERAL
We respect the privacy of your personal information and we will take reasonable steps to keep it confidential and protected.
We may disclose your personal information to:
(a) pharmacies, which utilise our platforms, that you have received goods or services from or have otherwise connected to via our platforms;
(b) our professional advisors such as lawyers, accountants and auditors;
(c) our related entities; or
(d) any third parties you have consented personal information to be disclosed to.We may also disclose personal information to third party contractors as required for us to provide our goods and services to you, such as cloud-service providers, IT professionals, marketing agencies and debt collection agencies. We take care to work with such third parties who we believe maintain an acceptable standard of data security and require them not to use your personal information for any purpose except for those activities we have asked them to perform on our behalf.
We will not otherwise disclose your personal information unless:
(a) you have consented to us disclosing your personal information for particular circumstances;
(b) as needed in an emergency or in investigation suspected criminal activity;
(c) we are required to disclose under a subpoena, court order or other mandatory reporting requirements;
(d) we reasonably believe that disclosure of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent;
(e) it is reasonably necessary for the establishment, exercise or defence of a legal claim; or
(f) otherwise authorised or required by law
7.2 OVERSEAS DISCLOSURE
All personal information we collect is stored on servers located in Australia and, for the most part, we do not disclose or transfer personal information overseas.
However, the cloud service provider we engage to provide us Australian based servers may operate overseas disaster recovery sites or have personnel overseas who may access the personal information we hold to assist us in managing our servers.
We also use Google Analytics to track web traffic information which is operated by Google which stores information across multiple countries.
When you communicate with us through a social media service such as Facebook or Twitter, the social media provider and its partners may collect and hold your personal information overseas.
8. SCRYPTMOBILE and SCRYPTPAY
We operate a pharmacy customer management mobile application known as ScryptMobile which allows users to connect with pharmacies and manage their medication prescriptions and other goods and services they receive from pharmacies. This mobile application also includes the ability to complete financial transactions via the SCRYPTPAY service.
(Information shared with pharmacies) In using ScryptMobile, users can use a unique invitation or input a unique code that has been provided to them by a pharmacy which utilises our pharmacy management software known as ScryptHQ. By using the invitation or inputting the code into ScryptMobile, a user’s ScryptMobile account will be connected with the relevant pharmacy and personal information (including sensitive information) will be passed automatically between the user and the pharmacy to facilitate the goods and services a user receives from the pharmacy. This means that any personal information (including sensitive information) a user inputs into ScryptMobile will be shared with a connected pharmacy.
(ScryptMobile Intermediary) Where you use ScryptMobile to access and/or store an electronic prescription token (ePrescription Token), the ScryptMobile application programming interface (ScryptMobile Intermediary) will access your associated prescription information on your behalf via Australian Digital Health Agency conformant registries. ScryptMobile and the ScryptMobile Intermediary accesses your ePrescription Token and associated prescription information in accordance with the conformance requirements set by the Australian Digital Health Agency.
9. SENSITIVE INFORMATION
(Collection of sensitive information) We may collect sensitive information about you during the course of providing you our goods and services. We will only collect this sensitive information where you consent to such collection and directly provide us with this information.
(Types of sensitive information) The sensitive information we collect may include the following:
(a) medication history;
(b) prescribing health care professional;
(c) private health fund and private health insurance cover details
(d) Medicare number, concession card or other entitlement details;
(e) Services Australia healthcare identifiers such as Individual Health Identifier numbers;
(f) any other sensitive information provided by you or a third party to us via our website or platforms, or otherwise provided by you or a third party to us.Use of sensitive information) Your sensitive information will only be used for the purpose of:
(a) providing you with our goods and services, including our platforms;
(b) allowing pharmacies to use our platforms to manage their customers and business and to improve and optimise their goods and service offerings and customer experience; assisting you with any queries or complaints relating to our goods and services;
(c) improving and optimising our goods and service offering and customer experience;
(d) complying with our legal obligations, resolving disputes or enforcing our agreements with you;
(e) sending you administrative messages, reminders, notices, updates, security alerts, and other information requested by you; or
(f) any other purpose which is permitted or required under applicable privacy laws.(Disclosure of sensitive information) Your sensitive information will only be disclosed to third parties for the purpose of:
(a) providing our goods and services to you, such as to our IT service providers to develop and maintain our platforms;
(b) providing our goods and services to pharmacies, which utilise our platforms, that you have received goods or services from or have otherwise connected to via our platforms;
(c) determining your eligibility for a good or service prior to sending you any marketing information related to that good or service; or
(d) any other purpose which is permitted or required under applicable privacy laws.(Withdrawing consent) If you wish to withdraw your consent to our collection, use or disclosure of your sensitive information, please contact us using the contact details set out below. We will deal with all such requests within a reasonable timeframe.
10. DE-IDENTIFIED INFORMATION
The data we collect may have analytical value to us, our customers, our business partners and our related entities. Where we have de-identified the data we have collected, we reserve the right to process and distribute the data we collect through our goods and services.
11. DATA BREACHES
We are required to comply with mandatory ‘notifiable data breach’ scheme (NDB scheme) under the Privacy Act. The NDB scheme applies where an ‘eligible data breach’ of personal information occurs.
Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be undertaken), we will promptly notify affected individuals and the Office of the Australian Information Commissioner about the breach in accordance with the Privacy Act.
12. SECURITY
Our servers are located in Australia and are managed by us and our service providers. We take reasonable steps to ensure your personal information is secure and protected from misuse or unauthorised access. Our information technology systems are password protected, and we use a range of administrative and technical measures to protect these systems. However, we cannot guarantee the security of your personal information.
13. LINKS
Our website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.
14. REQUESTING ACCESS OR CORRECTING YOUR PERSONAL INFORMATION
If you wish to request access to the personal information we hold about you, please contact us using the contact details set out below including your name and contact details. We may need to verify your identity before providing you with your personal information. In some cases, we may be unable to provide you with access to all your personal information and where this occurs, we will explain why. We will deal with all requests for access to personal information within a reasonable timeframe.
If you think that any personal information we hold about you is inaccurate, please contact us using the contact details set out below and we will take reasonable steps to ensure that it is corrected.
15. COMPLAINTS
If you wish to complain about how we handle your personal information held by us, please contact us using the details set out below including your name and contact details. We will investigate your complaint promptly and respond to you within a reasonable timeframe.
16. CONTACT US
For further information about our privacy policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:
Name: Scrypt Support
Email: [email protected]
Phone: 1800 727 978
Address: 8/710 Hunter St, Newcastle NSW 2300
Our privacy policy was last updated on 25 January, 2024