Privacy Policy

This document sets out the privacy policy of Dokotela Pty Ltd ABN 22 615 628 236 (referred to in
this privacy policy as ‘we’, ‘us’, or ‘our’). At Dokotela we aim to make specialist care more
accessible by connecting patients across Australia with specialist doctors and clinicians and is
designed to facilitate collaborative care through a secure online booking and video-conferencing
platform.

We take our privacy obligations seriously and we’ve created this privacy policy to explain how we
store, maintain, use and disclose personal information.

By providing personal information (including sensitive information) to us, you consent to our storage,
maintenance, use and disclosing of personal information in accordance with this privacy policy.

We may change this privacy policy from time to time by posting an updated copy on our website and
we encourage you to check our website regularly to ensure that you are aware of our most current
privacy policy.

The personal information we collect may include the following:
(a) name;
(b) mailing or street address;
(c) email address;
(d) social media information;
(e) telephone number and other contact details;
(f) age;
(g) date of birth;
(h) credit card or other payment information;
(i) sensitive information (such as health information) as set out below in section 7;
(j) information about your business or personal circumstances;
(k) information in connection with client surveys, questionnaires and promotions;
(l) your device identity and type, I.P. address, geo-location information, page view statistics, advertising data and standard web log information;
(m) information about third parties; and
(n) any other information provided by you to us via our website or our online presence, or otherwise required by us or provided by you.

We will collect your personal information in a lawful and fair way. We will only collect your personal
information where you have consented to it, or otherwise in accordance with the law.

How we collect information from you?

We may collect personal information where you:
(a) sign up and register an account through us;
(b) upload your personal information on any applications or services operated by us;
(c) contact us through our website;
(d) receive goods or services from us;
(e) submit any of our online enquiry or feedback forms;
(f) communicate with us via email, telephone, SMS, social applications (such as Facebook)
or otherwise;
(g) participate in any of our services;
(h) interact with our website, social applications, services, content and advertising; and
(i) invest in our business or enquire as to a potential purchase in our business.

How we collect information from third parties?
Where possible, we collect your personal information directly from you. However, there may be occasions when we collect personal information (including sensitive information) about you from someone else. For example, a parent or guardian (where you are under the age of 18 years, and we determine that you do not have the capacity to consent) or where we receive a referral for our services from another health care provider.

How you provide information for someone else?
If you are providing personal and/or sensitive information on behalf of someone else, you must have the consent of that person to provide their personal and/or sensitive information to us to be collected, used, and disclosed in accordance with this privacy policy. This includes where you are a NDIS participant’s nominee, support coordinator, plan manager or representative. We reserve the right to request evidence of this consent.

If you are providing personal and/or sensitive information on behalf of someone under the age of 18(Minor), you must be that Minor’s parent or legal guardian and you must provide consent for theMinor’s personal and/or sensitive information to be collected, used and disclosed in accordance with this privacy policy.

How we collect information from cookies?
We may also collect personal information from you when you use or access our website or our social media pages. This may be done through use of web analytics tools, ‘cookies’ or other similar tracking technologies that allow us to track and analyse your website usage. Cookies are small files that store information on your computer, mobile phone or other device and enable and allow the creator of the cookie to identify when you visit different websites. If you do not wish information to be stored as a cookie, you can disable cookies in your web browser.
‍

We collect and use personal information for the following primary purposes:
‍
(a) to confirm your identity when you deal with us;
(b) provide goods, services or information to you and process payments;
(c) contacting you to make appointments or issue reminders;
(d) communicating announcements, updates, security alerts, technical notices and
administrative messages;
(e) facilitating third party communications with you (for example, by a general practitioner or
health service provider on the platform);
(f) for record keeping and administrative purposes;
(g) to provide information about you to service providers, contractors, employees, consultants,
agents or other third parties for the purpose of providing goods or services to you;
(h) to improve and optimise our service offering and customer experience;
(i) to comply with our legal obligations, resolve disputes or enforce our agreements with third
parties;
(j) to send you administrative messages, reminders, notices, updates, security alerts, and
other information requested by you; and
(k) to consider an application of employment from you.

We may also use your personal information for:
‍
(a) secondary purposes closely related to the primary purpose, in circumstances where you
would reasonably expect such use;
(b) such purposes where we reasonably believe that use of your personal information is
necessary to lessen or prevent a serious threat to the life, health or safety of any individual,
or to public health or safety, and it is unreasonable or impracticable to obtain your consent;
(c) any other purpose for which we receive consent from you; or
(d) any other purpose which is permitted or required under applicable privacy laws.

We respect your privacy, and we will take reasonable steps to keep your personal information
confidential and protected. We may disclose your personal information to:

(a) relevant staff to deliver our services to you;
(b) general or specialist practitioners and health care providers on the platform who will provide
medical and health services to you;
(c) our professional advisors such as lawyers, accountants and auditors;
(d) our related entities; or
(e) any third parties you have consented personal information to be disclosed to.

We may also disclose personal information to third party contractors as required for us to provide our
goods and services to you, such as cloud-service providers, software providers, IT professionals, marketing agencies, third party payment providers and debt collection agencies.We take care to work with such third parties who we believe maintain an acceptable standard of data security and require them not to use your personal information for any purpose except for those activities we have asked them to perform on our behalf.We may use third party service providers for disaster recovery services. To the extent necessary to receive those disaster recovery services, we will provide your data to that third party service provider. We may also use third party service providers to audit the infrastructure and applications we use to store your data. To the extent necessary to receive those audit services, we will provide your data to that third party service provider.

We’ve endeavoured to ensure that our use and collection of your data is clear and as transparent as possible, but in the interests of keeping this policy concise it’s not possible to list every circumstance in which we will use your data.We will not otherwise disclose your personal information unless:

(a) you have consented to us disclosing your personal information for particular circumstances;
(b) as needed in an emergency or in investigation suspected criminal activity;
(c) we are required to disclose under a subpoena, court order or other mandatory reporting requirements;
(d) we reasonably believe that disclosure of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent;(e) it is reasonably necessary for the establishment, exercise or defence of a legal claim; or
(f) it is otherwise authorised or required by law.

All personal information we collect is stored on servers located in Australia and, for the most part, we
do not disclose or transfer personal information overseas.

However, we may have some operational staff located overseas including in the Philippines and the
European Union who may have access to the personal information we hold on servers in Australia
to provide our goods and services to you. The cloud service providers we engage to provide us
Australian-based servers may operate overseas disaster recovery sites or have personnel overseas
who may access the personal information we hold to assist us in managing our servers.

We also may use Google Analytics to track web traffic information which is operated by Google which
stores information across multiple countries.

When you communicate with us through a social media service such as Facebook or Twitter, the
social media provider and its partners may collect and hold your personal information overseas.

We’ve endeavoured to ensure that our use and collection of your data is clear and as transparent as possible, but in the interests of keeping this policy concise it’s not possible to list every circumstance in which we will use your data.We will not otherwise disclose your personal information unless:

(a) you have consented to us disclosing your personal information for particular circumstances;
(b) as needed in an emergency or in investigation suspected criminal activity;
(c) we are required to disclose under a subpoena, court order or other mandatory reporting requirements;
(d) we reasonably believe that disclosure of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent;(e) it is reasonably necessary for the establishment, exercise or defence of a legal claim; or
(f) it is otherwise authorised or required by law.

Collection of sensitive informationWe may collect sensitive information about you during the course of providing you our goods and services. We will only collect this sensitive information where you consent to such collection and
either directly provide us with this information or it is provided by a referring health care provider with your consent. Types of sensitive information we collect.

The sensitive information we collect may include the following:

(a) health and medical information, history and reports;
(b) referring health care provider and associated referral documents;
(c) your NDIS participant details, plan goals and management of funding for goods and
services;
(d) private health fund and private health insurance cover details;
(e) Medicare number, healthcare identifiers or concession card or other entitlement details;
and
(f) any other sensitive information provided by you or a third party to us via our website or
platforms, or otherwise provided by you or a third party to us.

How we use your sensitive information?
Your sensitive information will only be used for the purpose of:
‍
(a) providing you with goods and services;
(b) complying with our legal obligations, or enforcing our agreements with you;
(c) sending you messages, reminders, notices, updates, security alerts, and other information requested by you;
(d) recording/transcription of your appointments with your consent; or
(e) any other purpose which is permitted or required under applicable privacy laws.

How we disclose your sensitive information?
Your sensitive information will only be disclosed to third parties for the purpose of:
(a) providing you with services (and other related purposes, for example liaising with other support, healthcare or medical services providers who will provide you with services);
(b) providing a referral to another health care provider; or
(c) any other purpose which is permitted or required under applicable privacy laws.

How you can withdraw consent?
‍If you wish to withdraw your consent to our collection, use or disclosure of your sensitive information, please contact us using the contact details set out below. We will deal with all such requests within a reasonable timeframe.

If you wish to complain about how we handle your personal information held by us, please contact us using the details set out below including your name and contact details. We will investigate your complaint promptly and respond to you within a reasonable timeframe.If you are still concerned, you may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give them time to respond before they will investigate.

For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.