SmartHeal Privacy Policy
Last updated: March 2025
SmartHeal is a clinical wound assessment Software as a Medical Device (SaMD). This Privacy Policy describes how we collect, use, store, and disclose personal and health information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
APP 1 — Open and transparent management of personal information
We maintain this Privacy Policy and make it readily available. We will take reasonable steps to implement practices and procedures that facilitate privacy enquiries and complaints.
APP 2 — Anonymity and pseudonymity
Where practicable, we allow individuals to interact anonymously or under a pseudonym. For clinical use, identification is required for patient safety and audit compliance.
APP 3 — Collection of solicited personal information
We collect personal information only where it is reasonably necessary for our functions or activities. We collect: Clinician data: Email, full name, role, facility, for account management and audit trails. Patient data: Name, DOB, facility, wound assessments (measurements, images, tissue types), for clinical decision support and reporting. We collect health information only with consent or as permitted by law.
APP 4 — Dealing with unsolicited personal information
If we receive unsolicited personal information that we could not have collected under APP 3, we will destroy or de-identify it as soon as practicable.
APP 5 — Notification of collection
We collect personal information directly from individuals where practicable. At or before collection, we notify individuals of: Our identity and contact details, the purposes of collection, how to access and correct their information, complaints handling, and whether we disclose overseas or to third parties.
APP 6 — Use or disclosure of personal information
We use and disclose personal information only for the primary purpose of collection or a related secondary purpose that the individual would reasonably expect. We do not use or disclose personal information for marketing without consent.
APP 7 — Direct marketing
We do not use personal information for direct marketing unless we have consent or an exemption applies.
APP 8 — Cross-border disclosure
We store and process data in Australia (ap-southeast-2) where practicable. If we disclose personal information overseas, we take reasonable steps to ensure the recipient complies with the APPs or equivalent protections.
APP 9 — Adoption, use, or disclosure of government-related identifiers
We do not adopt government-related identifiers (e.g. Medicare numbers) as our own identifiers unless permitted by law.
APP 10 — Quality of personal information
We take reasonable steps to ensure personal information is accurate, up-to-date, and complete.
APP 11 — Security of personal information
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Measures include encryption, access controls, and audit logging.
APP 12 — Access to personal information
We provide access to personal information upon request, unless an exception applies. We will respond within a reasonable period.
APP 13 — Correction of personal information
We correct personal information if we are satisfied it is inaccurate, outdated, incomplete, irrelevant, or misleading. We will notify third parties of corrections where appropriate.
Contact
For privacy enquiries or complaints, contact the SmartHeal privacy officer or your facility administrator.