Privacy Policy

Oexa Privacy Policy
Effective: 20 March 2022
Our Privacy Policy sets out how we collect, use, store and disclose your personal
information. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy
Principles.

In this Privacy Policy, 'us' 'we' or 'our' means Oexa Pty Ltd (ACN 640 736 910) (“Oexa”).
Personal information has the meaning given in the Privacy Act 1988 (Cth) (Privacy Act) and under that legislation includes information about an identifiable individual, including names, addresses, telephone numbers, email addresses, dates of birth, credit and banking details, details of professional memberships and if and where applicable, includes information that constitutes “sensitive information” such as health information.

Background
Oexa builds software for healthcare professionals such as pharmacists and pharmacy staff. Oexa also provides products and facilitates the lookup of ePrescription tokens via
Pharmacies, Telehealth and other vendors (“Vendors”). Oexa also provides consumers
with the ability to store ePrescription tokens and order medications at a delegated
Pharmacy.

At Oexa, we care about privacy, and we know that you care about how your information is used too. We want to ensure that we are providing you with transparency as to how we use your information including personal information . Accordingly, this Privacy Policy describes the ways in which we collect, receive, process, or store information in connection with our business operations, including the services we provide that reference this Privacy Policy (collectively, the “Services”).

The Services include:
(i) our website available at oexa.co (“Website”)
(ii) our software platforms ‘Checkpoint’ at chkpt.app. ‘Healthd’ at healthd.app
‘Managed Intermediary’ at mi.oexa.co (“Platforms”)
(iii) our application programming interfaces (“APIs”);
(iv) our mobile applications (“Apps”).

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
We may use and/or disclose your personal information:

for purposes which you consent to and in accordance with our Terms of Use
for secondary purposes related to the primary purpose, where you would reasonably
expect us to use or disclose your personal information for that secondary purpose, or
which are required or authorised to do so by law.

How do we collect your personal information?
We may collect the personal information you directly give us through some of the following means:
a. When you sign up to one of our services directly through us or through a health
professional using one of our products;
b. when you make an inquiry in relation to our Services through our Websites, email,
portals, Apps or Platforms;
c. when you fill out one of our forms;
d. when you make a booking for services through one of our platforms;
e. when you view or add ePrescriptions via our Apps, Platforms or connecting to our
managed intermediary (MI);
f. when you request or purchase pseudoephedrine;
g. when verifying your identity;
h. when you pay for subscription;
i. when you sign up to third-party programs;
j. when you receive a service through a healthcare professional;
k. when your healthcare professional accesses your health records through one of our
integrated e.g Australian Immunisation Record (AIR). Healthcare professionals and
pharmacies may also create and hold medical records in their own systems. Any
health information held by Oexa will be managed in accordance with relevant
jurisdiction;
l. in administering and performing any contracts with service providers;
m. from any correspondence with us (whether in writing or electronically);
n. through any Apps provided by Oexa;
o. while conducting customer satisfaction and market research surveys; and
p. We may also collect personal information from publicly available sources and third
parties, such as suppliers, recruitment agencies, contractors, our clients and
business partners and your relatives and representatives.

What personal information do we collect?
The type of personal information we may collect can include (but is not limited to), your
name, postal address, email address, phone numbers, date of birth, billing and shipping
information, your device ID, IP address, statistics on page views, traffic, standard web log-in information, details of the services and products you make enquiries about, and, if
applicable, employment information.

We will collect and hold sensitive health information about you, such as your height, weight and medical history and any information you provide to a pharmacist, pharmacy staff or healthcare practitioner. That information may also include your Medicare number, Individual Healthcare Identifier, health care and concession card details and health insurance details.

Sometimes your medical history and profile may also include information about sexual
orientation/activity, religious and other beliefs, ethnicity and genetics, where relevant.
Where you do not wish to provide us with your personal information, we may not be able to provide you with requested goods or services or do the other things described in the next section.

Why do we collect, use and disclose personal information?
We may collect, hold, use and disclose your personal information for the following purposes:

to enable you to access and use our Services;
to communicate with you about our Services;
to verify your identity;
to provide healthcare professionals and pharmacies who work with us or use Oexa
products so that they can communicate with you and provide services and goods to you;
to support your management of ePrescriptions;
to process, confirm and fulfil orders;
to operate, protect, improve and optimise our website and services, business and our users' experience, such as to perform analytics, conduct research and quality assurance activities, and for advertising and marketing;
to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
subject to our legal obligations and your rights to unsubscribe, to send you marketing messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
to comply with our legal obligations based on jurisdiction;
to comply with our legal obligations, exercise and defend our legal rights, resolve disputes, and perform and enforce our agreements. Some of the laws under which our obligations and rights in respect of collection of personal information arise include the Human Services (Medicare) Act, Healthcare Identifiers Act and National Health Act;
and to otherwise manage our business.

To whom do we disclose your personal information?

We may disclose personal information for the purposes described in this Privacy Policy to:

the Australian Government Department of Health, Medicare;
Authorised individuals and agencies in relation to supply of pseudoephedrine;
our employees and contractors when reasonably required to fulfil their duties;
third party suppliers and service providers, and other providers for the operation of
our websites and/or our business or in connection with providing our products and
services to you (including for the purposes of delivering goods to you);
specific third parties authorised by you to receive information held by us;
payment systems operators (e.g. merchants receiving card payments);
Healthcare professionals and pharmacies (including pharmacists and pharmacy
staff); and
other persons, including government agencies, law enforcement agencies, regulatory bodies, and or as required, authorised, or permitted by law.

Storage & security
We are committed to protecting the security of your personal information. We hold personal information in our own encrypted and secure databases. We take all reasonable steps to protect your personal information, including internal and external security.

Links
Our website may contain links to websites operated by third parties. Those links are
provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the
information below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate based on
interactions with a healthcare professional using our products, please contact them to
correct your personal information.

Making a complaint
If you think we have breached the Privacy Act, or you wish to make a complaint about the
way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

Contact Us
For further information about our Privacy Policy or practices, or to access or correct your
personal information, make a complaint or provide feedback, please contact us at
hello@oexa.co