For Businesses

Privacy PolicyCookie PolicyHIPAA Privacy and Security Policy
View Legal Page
 
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Privacy Policy

This privacy notice for Upvio (“we”, “us”, or “our”) describes how and why we collect, store, use and share your personal data when you use our software technology and services (together, the “Services”).  It also explains your rights in relation to your personal data and how to contact us or supervisory authorities should you have a complaint.

We collect, use and are responsible for certain personal data about you. Upvio is a “controller” of your personal data. This is a legal term, and it means that we make decisions about how and why we use your personal data, and who has access to it. We are responsible for making sure your personal data is used in accordance with data protection laws. 

Organisation’s that use, access, store, and transmit your personal data are defined as “processors”. We will therefore be a controller and a processor of your personal data. Anyone we share your personal data with have responsibilities under data protection laws as well as contractual obligations under terms that we will have put in place with them. We are responsible for the secure treatment of your personal data, and that at all times, anyone who accesses it does so in accordance with data protection laws. 

When we collect your personal data, we will need to ensure that we comply with the data protection laws that apply in the country in which we provide you with our Services. Details about your rights and the laws that apply to our collection and processing of your personal data are set out in Schedule 1. 

In summary…

  • We collect and use your personal data strictly in adherence with data protection laws and only in order to provide you with our Services. This can include customer communications, complying with  legal obligations, and to improve and monitor the performance of our software, apps, and Services as set out in Schedule 3
  • You have a number of rights in relation to your personal data as set out in Schedule 1 under ‘Your rights’
  • We comply with data protection laws that apply to the country in which you reside and where we provide our Services as set out in Schedule 1 under ‘Applicable data protection laws’
  • We have appointed a data protection officer to monitor compliance of our practices. Please see Schedule 2 ‘Our Data Protection Officer’ for their contract details.
  • We may disclose some of your personal data, to third parties in order to provide the Services to you. 
  • We do not routinely disclose sensitive data, called ‘special category personal data’ to third parties unless it is necessary to provide our Services to you. 
  • We have measures in place to safeguard your personal data when we transfer it to different parts of the world
  • We take steps to minimise the amount of personal data we hold about you and to keep it secure
  • We do not intend to collect and process any personal data of any person who is considered a child, and in all circumstances, where a person is under the age of 13 years of age.
  • We delete your personal data when we no longer need it, and we have policies in place to govern when that is
  • We are happy to answer your questions about any of the above – please send them to privacy@upvio.com

Key terms

It would be helpful to start by explaining some key terms used in this policy:

{{key_terms}}

Data Protection Officer

We are required to appoint a data protection officer to monitor our compliance with data protection laws in the countries where we collect personal data. We have appointed a data protection officer to ensure that our compliance with country specific data protection laws is maintained. 

The details of our appointed data protection officer are set out in Schedule 2.

What types of personal data do we collect and where do we get it from?

We have developed and provide access to healthcare providers throughout the world our software known as Upvio, our software known as FaceVitals, and our mobile app. There may also be other Services we provide that are not listed here but where we do so, the provisions contained within this policy shall apply to our collection and use of your personal data. 

We collect, use, store and transfer different kinds of personal data about you which is vital for us to provide you with our Services. For further information about the types of personal data we collect and where we obtain it from, please see Schedule 3.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we will not be able to provide our Services to you. 

We will make it clear to you where disclosure of your personal data is optional. The provisions of this Privacy Policy apply when we obtain your personal information from other people or organizations (such as from public sources, or third-party service providers). 

If any of the personal information that you have provided to us changes, please inform us by contacting privacy@upvio.com 

Children’s personal data

Our Services are not intended for children, and we do not knowingly collect personal information relating to children.

If you have provided us with information relating to children, please contact us so that we can review the circumstances of such collection (or processing, as applicable). 

How we use your personal data

We will only use your personal data when the law allows us to. We have set out the different purposes for which we process your personal data in Schedule 3 under ‘Legal purpose for processing personal data’.

Where our processing is based on your consent, you can withdraw your consent at any time by contacting privacy@upvio.com. Please note that if you do this, it won’t affect any of the processing we have already done prior to the withdrawal of your consent. 

We also process certain categories of personal data where  we have a lawful legitimate interest for doing so. Legitimate interest processing occurs when we have a business or commercial reason to use your personal data, you’re your interests and fundamental rights do not override those interests. 

Special category personal data

We ensure that we comply with the applicable data protection laws within the jurisdiction in which such data is collected. As data protection laws differ country-to-country, we have outlined the specific rules that apply to you below, according to the country in which you receive our Services in Schedule 1. We have also outlined the types of special category personal data we collect in Schedule 3. 

Use of the camera on any telecommunications device or mobile telephone

Permission will be requested to use the camera on your device or the device of your patients or the device in which you consume our Services in order to enable the biometric features on our software or app.

You may disable the app’s access to the camera on your device, although that will mean that the biometric features are no longer available.


The personal data we gather by using the camera is collected under your explicit consent, which you have given, by using our biometric features.

 

You may withdraw your consent at any time, by disabling the camera and also, by contacting privacy@upvio.com


You can also request that we do not store or process your biometric data, or request a copy of such by contacting privacy@upvio.com

What marketing activities do you carry out?

We do not use personal data of your customers or your end users to carry out any marketing. 

If you are one of our business customers, we may use your personal data to send you updates by email, text message, telephone, or post about our Services, including exclusive offers, promotions, or new Services

We have a legitimate interest in using your personal data for marketing purposes. This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by:

  • contacting us at privacy@upvio.com, or
  • using the ‘unsubscribe’ link in our emails if one is provided.

We may ask you to confirm or update your marketing preferences if you ask us to provide further Services in the future, or if there are changes in data protection laws or regulation within the country that you reside. We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.

Who we share your personal data with?

We only share personal data in accordance with data protection laws. We do not share special category personal data unless we have a lawful basis for doing so, or where such transfer is permitted under applicable data protection law. 

We share personal data with:

  • Companies within the Upvio group
  • Our professional advisors (such as lawyers or auditors) and in each case, only where such disclosure is subject to the highest level of security and confidentiality
  • Third parties we use to help deliver our Services to you, such as healthcare providers and hospitals that provide Services to you
  • Law enforcement agencies, courts, tribunals, and regulatory bodies where we are compelled to do so to comply with our legal and regulatory obligations
  • Our bank, insurers, and brokers, but only where it is absolutely necessary and required in order for us to continue providing Services to you

We will not share your personal data with organizations unless  we are satisfied they take appropriate measures to protect your personal data. We impose contractual obligations (including standard contractual clauses or clauses designated by jurisdictional supervisory authorities) on organizations to ensure they protect your personal data.  We will not share your personal data with any other third party who has not signed an agreement with us to protect your personal data.

Who we share your personal data with—in more detail

In providing the Services to you, we may share your personal data with the following who are subject to strict contractual obligations to ensure confidentiality and security:

  • Amazon Web Services 410 Terry Avenue North, Seattle, WA 98109-5210, USA
  • Heroku, 415 Mission Street, Suite 300, San Francisco, CA 94105, USA
  • Cloudflare, 101 Townsend St, San Francisco USA
  • Tawk.to Inc., 187 East Warm Springs Rd, SB298 Las Vegas, NV, 89119, USA
  • Matomo, 150 Willis, Wellington, 6011, New Zealand
  • InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand
  • Auth0 (Okta, Inc.), 10800 NE 8th St, Bellevue, USA
  • Google Inc., 1600 Amphitheatre Parkway in Mountain View, California, USA
  • Stripe Inc., 354 Oyster Point Blvd South San Francisco, CA 94080, USA
  • Hotjar Ltd, Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta 
  • Plivo, 601 S Congress Ave, Austin, USA
  • Mailgun Technologies Inc., 112 E Pecan St. #1135 San Antonio Texas 78205 USA
  • Bugsnag, 110 Sutter St, Suite 1000. San Francisco, CA 94104 USA
  • Mongo DB, Paramount Plaza, 1633 Broadway 38th Floor, New York, USA
  • Pipedrive Ireland Limited, 4th Floor, 7/8 Wilton Terrace, Dublin, Ireland
  • Webflow, 398 11th Street, Floor 2, San Francisco, CA 94103, USA
  • Papertrai Inc., 625 Broadway Suite 20-4242, Seattle, USA
  • Advanced Health Intelligence Limited, 71-73 South Perth Esplanade Unit 5 South Perth, Western Australia 6151

Where do we hold or store your personal data?

Your personal data is securely held at our dedicated data servers, which are located according to your preference, or depending on your location. If you would like more information regarding where your personal data is stored, please contact us. 

How long will we keep your personal data?

We do not keep your personal data for longer than we need it for the purpose for which it is used. 

Different retention periods apply for different types of personal data. For further information about the periods we retain your personal data, please see our Retention Policy. 

Following the end of the of the relevant retention period, we will securely delete or anonymise your personal data.

Where in the world is your personal data transferred to?

We do not routinely transfer your personal data to anyone else once we have collected it unless it is necessary for us to provide our Services to you. In such circumstances, we  transfer your personal data to recipients that are established in countries other than your own. 

If you reside in the EU or the UK and it is necessary  to transfer your personal data outside of the EU or the UK, we will not make the disclosure unless the following apply:

  • The country to which the personal data is to be transferred ensures an adequate level of protection of your personal data
  • We have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient alongside any additional documents (such as standard contractual clauses, international data transfer agreement, or an addendum, as applicable)
  • The transfer is necessary for one of the reasons specified under data protection laws that apply, such as the performance of a contract between us and you
  • You explicitly consent to the transfer.

A list of the organizations that we disclose personal data to in order to provide our Services is set out in the section ‘Who we share your personal data with—in more detail’ above.

If you would like further information about data transferred outside of the country we provided our Services to you, please contact us at privacy@upvio.com

What are your rights and how can you exercise them?

We have set out your rights in Schedule 1 under ‘Your rights’. You have these rights, and they apply as soon as we collect any of your personal information. Should you wish to exercise any of your rights, please contact us at  privacy@upvio.org

How do we keep your personal data secure?

We have appropriate security measures in place to prevent personal data from being used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it and apply encryption to any special category personal data. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality. 

We also have procedures to deal with any suspected or actual data security breach. In certain circumstances, we will notify you and any applicable regulator of a suspected or actual data security breach where we are legally required to do so.

How to raise a complaint

Please contact us if you have any queries or concerns about our use of your personal data.

You have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data according to where you reside:

  • Australia: Office of the Australian Information Commissioner (OAIC)
  • United States: The relevant authority depends on the state in which you reside. Please contact us should you be unsure which data protection authority applies to you.
  • United Kingdom: The Information Commissioner's Office (ICO)
  • European Union: The relevant data protection authorities in each EU member state, with the lead authority being the one in the country where the main establishment of the data controller is located. The European Data Protection Board have oversight of each authority. Please contact us should you be unsure which data protection authority applies to you.
  • New Zealand: Office of the Privacy Commissioner
  • Singapore: Personal Data Protection Commission (PDPC)

Updates to this privacy notice

We may update this privacy notice from time to time to reflect changes to our processes, procedures, and categories of personal data. When we make material changes we will update you via email and we will publish revised versions of this notice on our website https://www.upvio.com  

Do you need extra help?

If you would like this notice in another format (for example audio, large print, braille) please contact us at privacy@upvio.com.

SCHEDULE 1

Applicable data protection laws

The below table outlines the data protection laws that apply according to the country in which you reside, and includes any successor legislation, and all other legislation and regulatory requirements in force from time to time in your country. 

{{schedule_1}}

*consisting of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxemburg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.

Your rights 

If you would like to exercise any of the rights applicable to you as set out in the table below, please contract privacy@upvio.com. Please note that your rights may be subject to limitations and conditions, as set out in the data protection laws within your jurisdiction. 

{{schedule_1-1}}

SCHEDULE 2

Our Data Protection Officer

We are required under data protection laws to appoint a Data Protection Office. We have set out the details of our nominated Data Protection Officer in the table below. 

{{schedule_2}}

Term

We, us, our

Meaning

Upvio Healthtech Pty Ltd of 56 Corinthian Rd W, Shelly WA 6148, Australia with company number ACN 657 030 192

Personal data

Any information relating to an identified or identifiable individual

Special category personal data

Personal data revealing:

  1. racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership
  2. Genetic data
  3. Biometric data (where used for identification purposes)
  4. Data concerning health, sex life or sexual orientation

Data subject

The individual who the personal data relates to

The country in which you reside

Australia

Applicable data protection laws
  • Privacy Act 1988
  • The Australian Privacy Principles (“AAPs”)

New Zealand

  • Privacy Act 1993

United States

  • Health Insurance Portability and Accountability Act 1996 (“HIPAA”)
  • Health Information Technology for Economic and Clinical Health Act 2009 (“HITECH”)
  • California Consumer Privacy Act 2018

European Union*

  • General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the fee movement of such data (“GDPR”)
  • Privacy and Electronic Communications Regulations 2003 (“PECR”)

United Kingdom

  • The retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”)
  • Data Protection Act 2018
  • The retained EU law version of the Privacy and Electronic Communications Regulations 2003 (“UK PECR”)

Singapore

  • Personal Data Protection Act 2012 (“PDPA”)

Rest of the world

  • The applicable local and international data protection laws in effect from time to time in the country that you reside.
The country in which you reside

Australia

Your rights 
  • The right to access your personal information
  • The right to correct your personal information
  • The right to request deletion of your personal information:
  • The right to complain about a privacy breach
  • The right to opt-out of direct marketing
  • The right to seek compensation for a privacy breach

New Zealand

  • The right to access your personal information
  • The right to correct your information
  • The right to complain to the Privacy Commissioner
  • The right to protection from discrimination
  • The right to opt-out of direct marketing
  • The right to privacy in accordance with the provisions of the Privacy Act.

United States

  • The right to access your personal information
  • The right to correct your information
  • The right to receive your information in a machine-readable format so you can share it
  • The right to have your data deleted
  • The right to opt-out of data collection and sharing
  • The right to be informed about a data breach

European Union*

  • The right to be informed
  • The right of access to your information
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • The right to not be subject to automated decision-making

United Kingdom

  • The right to be informed
  • The right of access to your information
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • The right to not be subject to automated decision-making

Singapore

  • The right to access personal data
  • The right to correction
  • The right to withdraw consent
  • The right to limit the use and disclosure of personal data
  • The right to opt-out of marketing
  • The right to information about the third-party recipient
  • The right to receive your information in a machine-readable format so you can share it

Rest of the world

Your rights may differ depending on the country in which you reside, and we will abide by the rights afforded to you in your country under applicable data protection law.

Data Protection Officer

Name

Boris Gefter

Address

56 Corinthian Rd W, Shelley WA 6148, Australia

Email address

privacy@upvio.com

Privacy Policy

Up the Ante with Upvio

Book DemoTalk to us
FAQsContact UsAffiliates
CompanyVisionMissionPurposeSenior TeamProudly Global
Social Networks
Instagram
Facebook
Twitter
LinkedIn
YouTube
TikTok
© 2023 Upvio
Terms and Conditions
PrivacyUpvio Status