Effective Date: 24 January 2024
Our Privacy Commitment to You
Perx Health Holdings, Inc and its related entities is a technology company specialising in the provision of various health and wellbeing services designed to assist end users to manage and adhere to their treatment plans in a positive, effective and rewarding way (Services). The Services are delivered primarily through a mobile application (Perx App), as well as through other online platforms including our website, web applications and portals, Perx Health’s pages and accounts on third-party social media platforms and any other websites, applications or technology which we may own or operate from time to time (collectively the Perx Platforms). We have agreements in place with a number of organizations including insurers, pharmaceutical companies and medical providers (Commercial Sponsors). These Commercial Sponsors fund each program, which enables us to make the Perx App available for use by people like you for free. Eligibility for a Commercial Sponsor-funded membership and its duration are determined by your Commercial Sponsor. Should the term of your Commercial Sponsor-funded membership come to an end, you may instead be eligible for Perx Basic membership which is free. We also have arrangements with a number of third-party business partners for the provision of rewards to users based on actions conducted through the Perx App or web portal (Rewards Partners).
Where required, Perx operates as a Business Associate to certain Covered Entities under Health Insurance Portability and Accountability Act (HIPAA). Accordingly, we have the requisite Business Associate Agreements in place with all of our Commercial Sponsors in the United States of America that are Covered Entities under HIPAA. HIPAA and these agreements regulate the flow of protected health information between us and our Commercial Sponsors and require us to comply with the HIPAA Rules.
What is your personal information?
What is your health information?
What personal information do we collect?
We will need to collect certain personal information about you in order to provide our Services to you. We may collect the following types of personal information relating to you:
- mailing or street address;
- email address;
- telephone number and other contact details;
- age and/or date of birth;
- insurance and/or pharmacy details or such other identifier or signup code as is provided by the relevant Commercial Sponsor that authorises your access to our services (where your access to our services is provided through your membership or affiliation with an entity that is a Commercial Sponsor of ours) (Your Commercial Sponsor);
- standard web log information including location data and IP address;
- any additional information relating to you that you provide to us directly or indirectly through the Perx Platforms or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys; or
- any other personal information that we require in order to facilitate your dealings with us.
What health information do we collect?
We may also collect certain health information about you including but not limited to:
- your medical conditions;
- your medication brand names, drug names, dosage and other relevant information;
- your physiotherapy exercises, daily activity and other health activities;
- your medical and health improvements, results and outcomes;
- the timing and regularity of your medication schedule;
- your completion of your treatment plan, both verified and self-reported via the Perx App or web portal;
- photos, including photos of your medication, physiotherapy plans or medical documents as uploaded into the Perx App or web portal by you from time to time;
- your prescription scripts both issued and dispensed;
- your healthcare professionals’ names and practice details;
- your insurance provider;
- your insurance membership number;
- your insurance policy type;
- your medical appointments and bookings;
- the pharmacy locations you have visited; and
- any other health information that we require in order to facilitate your dealings with us.
How do we collect your information?
We only collect personal information and health information by lawful and fair means. Where possible we will collect personal information and health information directly from you, however in certain circumstances it may be necessary to collect information about you from third parties, including from Your Commercial Sponsor and your healthcare professionals. If we receive information about you from someone else, we will take reasonable steps to make you aware of the facts and circumstances of that collection.
We may collect your personal information or health information in a number of ways including:
- when you use any of the Perx Platforms;
- when you communicate with us through post, telephone, chats, email, or when you share information with us from other social media applications, services or websites;
- when you interact with our site, Services, content and advertising;
- through Your Commercial Sponsor;
- with your consent, through your healthcare professionals;
- with your consent, through your pharmacy dispensing records;
- with your consent, through medical information systems such as government health records, systems used by healthcare professionals, pharmacy management systems and other similar systems; or
- while conducting customer satisfaction and market research surveys.
If you have concerns about how your personal information or health information has been disclosed to us by Your Commercial Sponsor, healthcare professional or another third party, then you should direct enquiries to the relevant third party that disclosed the information to us.
The processing of certain personal information is necessary for us to provide you with our Services. If you choose to opt out of certain personal information collection we may not be able to provide you with our service. You may choose to deal with us on an anonymous basis or using a pseudonym. However, you acknowledge that if you do not provide us with the information we request, or if the information you provide to us is not accurate, our ability to provide the Services, or to otherwise fulfil the purpose for which you have provided your information may be severely limited.
What happens if we receive unsolicited personal information and/or health information?
Why do we collect your personal and/or health information?
We may collect, hold, use and/or disclose your personal information or health information for the following purposes:
- to enable you to access and use the Perx Platforms;
- to share information with our related entities in order to operate our business;
- to improve our Services (including the Perx Platforms) via internal research and development;
- to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and any other information requested by you;
- to administer and establish your eligibility for rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
- to deal with Your Commercial Sponsor;
- to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties;
- to carry out our obligations to you under our Terms and Conditions of Use;
- for record-keeping and administrative purposes, and to consider applications for employment with us;
- for fraud, loss and other crime prevention purposes; and
- for the purpose of advertising and marketing as detailed below.
When will Perx Health send you direct marketing communications?
We may use your personal information to send you direct marketing communications and information about our services and products, and other related services and products if we have your permission or a legitimate interest in doing so. These communications may take the form of emails, SMS, mail, social media campaigns or other forms of communication, sent in accordance with applicable privacy laws and regulations. Your text messaging originator opt-in data and consent information will not be shared with any third parties.
If you do not want to receive marketing material directly from us, you may opt-out by contacting us using the details set out in the Contact Us section below or, where the marketing material is sent via email, by following the ‘unsubscribe’ instructions that appear at the bottom of all marketing emails we send to you.
When will we disclose your personal information for marketing purposes?
We will not disclose any of your personal information to third parties for the purpose of enabling them to market their products and services to you or provide you with other unsolicited information. Perx Health does not give, sell, rent, loan or otherwise monetize your personal information to third parties for third party advertising and marketing purposes, either directly to other commercial entities, or indirectly via third-party data brokers or to marketing technology companies like Facebook or Google.
We will never disclose your health information to a Rewards Partner. However, after you directly claim a reward with a Rewards Partner they may send you marketing communications. If you wish to opt out of receiving marketing communications from our Rewards Partners you should contact them directly, or follow the ‘unsubscribe’ instructions that appear in the marketing communications sent by them (if any).
When will we disclose your health information for marketing purposes?
We do not give, sell, rent, loan or otherwise monetize your health information to third parties either directly to other commercial entities, indirectly via third-party data brokers or to marketing technology companies like Facebook or Google.
Do we permit paid advertisements and marketing on the Perx platforms?
We do not permit paid third-party advertisements and marketing on the Perx Platforms that are targeted to you based on your personal information or your health information.
We may send you offers that promote the products or services of our health, wellness and technology partners (Partner Offers). We may receive a payment from the partner for sending you a Partner Offer. Partner Offers are intended to be relevant to the program you are enrolled in and we may therefore send different Partner Offers to users depending on which program they are enrolled in. However, Partner Offers will not be targeted based on your personal information or your individual health information. We will never disclose your personal information or health information to our partners for the purpose of sending you Partner Offers. We may permit advertisements and marketing relevant to you from Your Commercial Sponsor.
Are there any circumstances under which we disclose your personal information and/or health information to third parties?
The information we collect from you will be kept strictly confidential and secure at all times. Importantly, we will not sell, rent, loan or otherwise monetize any personal information or personally-identifiable health information to any third party.
We may give or disclose your personal information or health information to specific third parties where:
- we are required by law or regulation to supply your personal information to a specific third party, for example, in response to a subpoena, court order or other legal process;
- you have explicitly authorised us to disclose your information to a specific third party, such as where you have invited a particular healthcare professional or another third party to monitor your use of the Perx App and your adherence to your treatment plan through the Perx Enterprise Portal;
- you have explicitly authorised us to disclose your information to a specific third party for the purpose of integrating that third party’s service into the Services we provide to you through the Perx Platforms;
- you would reasonably expect us to disclose the information to a specific third party in the course of providing the Services or the Perx App to you;
- we need to enforce or apply our Terms and Conditions of Use to which you have agreed (or other terms that have been agreed to apply to our relationship with you);
- it is necessary to disclose your personal information to a specific third party in order to protect against an immediate threat to the property or safety of Perx Health, you, other users of the Perx Platforms or another individual;
- we are required to provide your personal information to Your Commercial Sponsor for one of the purposes specified below under the heading ‘Disclosure to Your Commercial Sponsor’;
- it is necessary to disclose your health information for pharmacovigilance purposes as specified below under the heading ‘Pharmacovigilance Reporting’;
- our related entities, agents or contractors who assist us in providing the Services require such information, but only to the extent necessary to perform their functions, such as receiving and sending communications, providing support services and completing other tasks from time to time;
- Perx Health, or any single business unit within Perx Health, merges with, is acquired by, or is otherwise transferred to, another entity, in which case your information may be transferred to that other entity so that it can continue to provide the Services to you;
- we must disclose or use such information in order to establish or to exercise our legal rights, to enforce our contractual rights (including under our Terms and Conditions of Use) or if we believe that such disclosure is necessary to investigate, prevent or to take other action regarding actual or suspected illegal or fraudulent activities;
- it is necessary to disclose some or all of your personal information to our professional advisers (including to our lawyers, insurers and accountants) for the purpose of our receiving their advice; or
- we need to disclose your personal information for another purpose authorised or required by law.
Any disclosure of your personal information in the above circumstances will be made in a manner that is consistent with applicable privacy and data protection laws and regulations.
You acknowledge that the Perx Community Forum that forms part of the Perx Platforms is a public forum and that any information you choose to disclose on it may be accessed, used and disclosed by third parties (including other users of the Perx Platforms) and is not subject to the same level of protection as personal information that we collect directly from you. The in-app support messaging service made available through the Perx App is intended to handle your personal information and technical support requests, but is not designed to handle sensitive health information. You acknowledge that any health information you disclose through the in-app support messaging service may not be processed in full accordance with the Privacy Act, HIPAA or be covered by a Business Associate Agreement. You should not disclose any personal or health information on the Perx Community Forum or via the in-app support messaging service. If you choose to share personal or health information via these platforms, then Perx bears no responsibility for the consequences of you doing so.
We may de-identify your personal and health information (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) and make use of the de-identified information to assist us in running our business including for marketing and advertising purposes. We may also provide de-identified information in aggregated form to third parties for research and other purposes.
When your personal information and health information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.
Our use and disclosure of de-identified information is not subject to this policy.
Disclosure to your commercial sponsor
We may disclose your personal information and health information to Your Commercial Sponsor where they require us to provide that information for:
- the purpose of assessing the effectiveness of our programs and Services, including to undertake data analytics and research and compare and combine any personal information or health information we hold about you with information in their own database;
- payment and invoicing purposes; and
- any other purpose that is related (and in the case of health information, that is directly related) to your use of the Services as a customer of Your Commercial Sponsor.
Our right to disclose your personal information for the above purposes is strictly limited to disclosure to Your Commercial Sponsor. We will not disclose your personal information to any Commercial Sponsor that does not have a direct relationship with you.
Pharmacovigilance refers to the practice of monitoring the effects of medicines and drugs to identify and evaluate any adverse events or reactions experienced by consumers including any additional safety problems not uncovered during clinical testing. We work with a number of Commercial Sponsors in the pharmaceutical space who are required to continually undertake pharmacovigilance activities in order to adhere with local and global regulatory obligations. To assist our Commercial Sponsors with their pharmacovigilance activities, we may be obliged to monitor your interaction with the Perx Platforms, including any communications with us, and provide written reports to our Commercial Sponsors where we identify a potential adverse event, product quality complaint or other special situation in relation to the use of a particular drug or medicine. The written report to the Commercial Sponsor will include certain de-identified personal and health information collected from you through your use of our Services. We will not share personally identifiable health information with our Commercial Sponsors for pharmacovigilance purposes without your consent. Where a Commercial Sponsor requests that identifiable personal information (such as contact details) be included in the report we will seek a separate and specific consent from you before disclosing this information to the Commercial Sponsor.
Cross-border disclosure of information
We collect information globally and may transfer, process and store your personal and health information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it.
To facilitate our global operations, we may disclose personal and health information globally and allow access to that information from countries in which the Perx owned or operated companies have operations for the purposes described in this policy. As at the effective date of this policy, Perx operates in the United States of America and Australia. If you are accessing the Services from outside of the countries in which we operate then you acknowledge that your personal information and health information will be disclosed to our employees and agents in the United States of America and Australia for the purposes of providing you with the Services. From time to time, we may disclose personal information and health information across borders but only to contracted service providers that are engaged by us to act on our behalf and assist with our business functions and delivery of the Services. If we transfer your information to a contracted service provider across borders, we will take steps to ensure that your privacy rights continue to be protected to ensure that these contracted service providers are either covered by data privacy laws substantially similar to those in the United States of America and Australia or the relevant contracted service provider adheres to data privacy standards substantially similar to those in the United States of America and Australia.
If you communicate with us via email, through a social network or social media service or through some other electronic process, the communication may be routed through servers that are located outside the United States of America or Australia and, in relation to a message sent to us through a social network or social media service (e.g., Twitter or Facebook), the provider and its partners may collect, hold and process personal information derived from the message in a jurisdiction outside the United States of America or Australia.
Using our Perx platforms, cookies and tracking
While we do not use browsing information to identify you personally, we may record certain information about your use of the Perx Platforms, such as which pages you visit, the time and date of your visit, your interactions with the user interface and the internet protocol address assigned to your computer.
We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. Such technologies help us to keep track of your interactions with our Website, the pages you view, the links you click, and other actions you take, within our advertising, email or newsletter content, to provide you with a better user experience. You can disable cookies through your internet browser but our website may not work as intended for you if you do so.
To find more information about cookies and for instructions on how to disable them please visit www.allaboutcookies.org or visit the help section of your browser. Most browsers are initially set to allow cookies, but also offer the option to restrict cookies or warn you of their use.
Do Not Track Notice: Because there are not yet common, industry accepted “do not track” standards and systems, our website does not respond to Do Not Track signals. In addition, we may allow third parties to collect personal Information from your activity on our website, as described in the “Information Collection and Use” section above.
How is your personal information protected and how long is it kept?
We employ a variety of administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of your information and to protect it from unauthorised access, use, or disclosure. For example, we use data encryption (at rest and in transit), firewalls and other security devices for our computer systems and cloud-based services. All of your personal information and health information is stored by us on secure servers located in Australia and the United States of America which are protected by locked cages, 24/7 onsite security and surveillance and biometric access controls and all web-hosting is SSL-encrypted.
In addition, we have procedures that limit the access our employees and contractors have to your personal information and health information. Only those people with a genuine need to know will have access to such information. We educate our employees about the importance of confidentiality and privacy through standard operating procedures and internal policies on data privacy and corporate integrity.
Your information is kept while we need it to provide the Services to you and where applicable, for as long as we are required to keep it to comply with relevant statutory requirements, including pharmacovigilance and other drug safety requirements. Where we determine that it is no longer necessary to hold your personal information or health information we will securely destroy, delete or permanently de-identify that information to the extent it is possible to do so.
If we become aware of unauthorised access to or disclosure of your personal information or health information, we will take appropriate steps to rectify the data breach and notify you as soon as practicable and provide you with a description of the breach, the type of information involved and any recommended actions you can take to protect yourself.
Accessing, correcting or deleting your personal information
The Perx Platforms give you the ability to access and update certain information about you from within the Platforms. You can update some information within your settings and modify content that contains personal information and health information about you using the editing tools associated with that content or functionality.
You can access the personal and health information we hold about you by contacting us at email@example.com. We will need to verify your identity before allowing you to access your personal information.
If we cannot provide you with access to your information, we will advise you of the reasons in writing.
We may refuse to allow you to access your personal information where:
- access would pose a serious threat to the life or health of an individual;
- access would have an unreasonable impact on the privacy of others;
- the request is frivolous or vexatious;
- the information relates to a commercially sensitive decision-making process;
- access would be unlawful;
- access would prejudice enforcement activities relating to criminal activities and other breaches of law;
- access relates to existing or anticipated legal proceedings; or
- denying access is required or authorised by or under law.
If you think that any personal or health information we hold about you is inaccurate or you wish to have certain information amended, deleted or updated, please contact us and we will take reasonable steps to ensure that appropriate changes are made to the information we hold about you.
While we will not charge a fee for making an access or correction request, we reserve the right to charge a fee in order to cover our reasonable costs incurred in providing or granting access to your personal information.
We will handle all requests for access to or correction of personal information in a reasonable period of time following our receipt of your request (generally, within 30 days of the date of our receipt of the request).
If you wish to have your personal information deleted, please contact our Privacy Officer at firstname.lastname@example.org. Provided that the information is no longer required for the purpose(s) for which the information was collected, and we are not required by law to retain such information (including for legal or auditing purposes) we will take reasonable steps to delete or de-identify the information as soon as reasonably practicable.
Making a complaint
Please note that we reserve the right to verify the identity of the complainant and to seek (where appropriate or reasonable) further information about the circumstances of the complaint. We reserve the right to refuse to investigate or to otherwise deal with a complaint where permitted by law. For example, we may refuse to investigate or to otherwise deal with a complaint if we reasonably believe the complaint is vexatious or frivolous.
If you think that we have failed to resolve the complaint satisfactorily, you may refer the matter to the relevant privacy and data protection authority in your country of origin. In Australia, the relevant authority is the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.
Contact preferences; opt-in and opt-out
We would like to keep in touch with you in ways that you find beneficial. If you don’t want us to use your contact information to communicate with you, please tell us when you provide your contact information. You can also let us know your preference later by contacting us as specified in the “Contact Us” section below or by following the instructions to unsubscribe in various communications that we may send you. Keep in mind that these particular preferences do not mean that we might not contact you for other reasons, such as those related to a matter you initiated on your account, a legally required notice and so on.
Perx Privacy Officer