Australian Privacy Principles Compliance

PratixBI maintains a clearly expressed and up-to-date Privacy Policy that is freely available on our website. This APPs Compliance statement supplements our Privacy Policy and describes, in plain language, how we handle personal information and meet our APP obligations.

We have appointed a Privacy Officer responsible for overseeing our privacy framework. Privacy enquiries can be directed to privacy@pratixbi.com.

We only collect personal information that is reasonably necessary for one or more of our functions or activities. The personal information we collect includes:

• Names and email addresses of practice administrators and authorised users
• Practice name, address, and practice type
• Billing and subscription information (processed by our payment provider)
• Usage data relating to platform interactions (pages visited, features used)

We collect this information directly from individuals when they register for or use the platform. Practice performance metrics are derived from practice management system (PMS) integrations authorised by the practice administrator. These metrics are handled in aggregated or de-identified form and do not constitute individually identifiable health information under the Privacy Act.

We do not collect sensitive information (as defined under the Privacy Act) unless specifically required and with explicit consent.

At or before the time we collect personal information (or as soon as reasonably practicable after), we notify individuals of:

• Our identity and contact details
• The purposes for which we collect the information
• The types of entities to whom we might disclose the information
• Whether disclosure to overseas recipients is likely
• How to access and correct their personal information
• How to make a privacy complaint

This notification is provided through our Privacy Policy (linked at account registration) and, where appropriate, at collection points within the platform.

We use personal information only for the primary purpose for which it was collected, or for a related secondary purpose that the individual would reasonably expect. Specifically:

• User names and email addresses are used to manage accounts, provide platform access, and communicate service-related information
• Practice performance data is used solely to generate the reports and dashboards requested by the practice
• We do not sell personal information to third parties
• We do not use personal information for advertising or profiling purposes

We may disclose personal information to third-party service providers (such as cloud infrastructure providers and payment processors) who assist us in operating the platform. These providers are bound by confidentiality obligations and are not permitted to use personal information for their own purposes.

We may use contact information to send product updates, feature announcements, and educational content related to practice performance. All marketing communications include a clear and functional unsubscribe mechanism.

We do not use personal information obtained from third parties for direct marketing. We do not use sensitive information for direct marketing purposes. If you wish to opt out of marketing communications, you may do so via the unsubscribe link in any communication or by contacting us at privacy@pratixbi.com.

PratixBI stores all customer data in Australian data centres (Amazon Web Services, Sydney region). We do not routinely transfer personal information outside Australia.

Certain third-party sub-processors (such as transactional email providers) may process limited contact information outside Australia. Where this occurs, we take reasonable steps to ensure those recipients handle personal information in a manner that is consistent with the APPs, including through contractual privacy protections.

Our current list of sub-processors and their processing locations is available on request.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

When personal information is no longer needed for any purpose for which it may be used or disclosed, we take reasonable steps to destroy or de-identify it. For more detail, see our Security page.

Individuals have the right to request access to the personal information PratixBI holds about them. To make an access request:

1. Email privacy@pratixbi.com with your full name, email address, and the information you wish to access
2. We will verify your identity before releasing any information
3. We will respond within 30 days of receiving a valid request

We will provide access free of charge unless the request is complex or voluminous, in which case we will advise you of any applicable fee before proceeding. We may refuse access in limited circumstances permitted by the Privacy Act, and will provide written reasons for any refusal.

If you believe personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will take reasonable steps to correct the information within 30 days.

Most user profile information can be updated directly within the PratixBI platform. For corrections that cannot be made self-service, contact us at privacy@pratixbi.com.