Privacy Policy

Osara Health” is the trading name of CancerAid Pty Ltd (ABN 75 607 610 257) and its subsidiaries, including Osara Health, Inc. (”we”, ”us”, ”our”).

At Osara Health, we understand that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us when providing:

(together, our Services).

This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) (the Australian Privacy Act) and the Australian Privacy Principles in Schedule 1 of the Privacy Act and the New Zealand Privacy Act 2020 (NZ Privacy Act) as applicable. The handling of your information, such as your health information, may also be subject to other Australian or New Zealand privacy laws, such as state and territory health record laws in New South Wales, Victoria and the Australian Capital Territory or the Health Information Privacy Code 2020 in New Zealand (together, Health Privacy Laws).

By using our Services, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. Beyond the Privacy Policy, your use of our Services is also subject to our Terms of Service, and may also be subject to any program Terms and Conditions or Mobile Application Terms and Conditions (collectively, “Terms”).

Categories of personal information we collect

We collect the following categories of personal information. (You can learn more about the specific types of personal Information that we collect below.)

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

Sensitive information: is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

Health information : is a sub-set of sensitive information under the Australian Privacy Act and is also used under Health Privacy Laws. For the purposes of our Services, health information is information or an opinion about your health, your expressed wishes about the future provision of health services to you, a health service provided, or to be provided, to you that is also personal information; as well as any other personal information collected to provide, or in providing, a health service to you.

Throughout this Privacy Policy, where we refer to “personal information” this includes sensitive information and health information. However, we also specifically refer to sensitive information and health information where relevant.

The people we collect personal information about

We may collect personal information about the following types of people:

How we collect personal information

We collect personal information in a variety of ways, including:

(1) Directly through sign-up for the Osara Health App: During the sign-up process for the Osara Health App you may provide personal information directly to us.

(2) Directly through a self-referral for an Osara Health Program: When you self-refer as a Participant for an Osara Health Program you will provide personal information directly to us.

(3) Directly through communication with you: When you request our assistance, such as via email or over the telephone you may provide personal information directly to us. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services.

(4) Directly through our careers page: When you apply for a job with us, you may submit your contact information and your resume online. We will collect the information you choose to provide on your resume, such as your education and employment experience. You may also apply through LinkedIn. If you do so, we will collect the information you make available to us on LinkedIn.

(5) Through your use of our website, App or program booking system: When you use our website, in your enquiries, when you are using the Osara Health App or an Osara Health Program booking system we may directly or indirectly collect personal information about you.

(6) From Organisations: (1) When you are referred to us by an Organisation as a Participant for an Osara Health Program we will collect personal information about you from the Organisation, and (2) When you, as Organisation Personnel, have your contact details shared with us by your Organisation for the purpose of communicating with you about the Osara Health Program(s) and/or the Organisation Services.

(7) From cookies: We and our third-party partners collect information using cookies, pixel tags, or similar technologies. Our third-party partners, such as analytics providers, may use these technologies to collect information about your online activities over time and across different services. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential.

(8) From your device: We receive information about the device and software you use to access our Services.

(9) From your usage of our Services: To help us understand how you use our Services and to help us improve them, we automatically receive information about your interactions with our Services.

Note : If we collect personal information about you from a third party, we will use and share it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have the required authority (i.e. you are their parent or legal guardian) or such person’s consent to provide the personal information to us, in accordance with applicable laws or regulations (including notifying the individual concerned of all the information required for collection under the applicable Health Privacy Law), and that our use in accordance with this Privacy Policy of the personal information provided by you will not infringe any rights of the relevant individual or violate any applicable laws or regulations.

The personal information we collect

Personal information: We collect personal information for the purposes described below that are connected with a function of our business or the performance of our Services. The types of personal information we may collect about you include:

As an Osara Health App User:

(1) your email address;

(2) as a Patient, any health information you enter into the Osara Health App such as symptom data and medication information;

(3) details of any technical support requests made by you, and the assistance provided by us;

(4) details of products and services we have provided to you and/or that you have enquired about, and our response to you;

(5) your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;

(6) information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;

(7) additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and

(8) any other personal information provided by you or by a third party on your behalf.

As an Osara Health Program Participant:

(1) your full name;

(2) your contact details, including your email addresses (personal and work) and telephone number;

(3) your date of birth;

(4) your state or region;

(5) your date of illness or injury;

(6) your insurance claim number;

(8) information about your health whether provided to us by you or provided by the relevant Organisation;

(9) the dates and times of bookings with our coaches;

(10) records of your Osara Health Program sessions, including notes about what was discussed;

(11) details of any technical support requests made by you, and the assistance provided by us;

(12) your preferences and/or opinions with respect to our Services;

(13) information you provide to us through feedback, enquiries or customer surveys;

(14) details of products and services we have provided to you and/or that you have enquired about, and our response to you;

(15) when you use an online aspect of an Osara Health Program,

(16) any other personal information provided by you or by a third party or on your behalf.

As Organisation Personnel:

(1) your name;

(2) your contact details, including email address and/or telephone number;

(3) the Organisation you work for;

(5) your job title;

(5) your preferences and/or opinions about our Services;

(6) information you provide to us through feedback, enquires or customer surveys;

(7) details of products and services we have provided to you (including things like training or workshops) and/or that you have enquired about, and our response to you; and

(8) any other personal information provided by you or by a third party on your behalf.

As a Website Visitor:

(1) your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;

(2) information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;

(3) additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and

(4) any other personal information provided by you or by a third party on your behalf.

As a user of Aware:

(1) we do not collect any personal information when you use our Aware questionnaire. All information provided by you when participating in the Aware questionnaire is only utilised to prepare the Aware questionnaire response, and is immediately deleted. In any event, the information collected is not identifiable.

(2) once you leave the Aware webpage to book an appointment with SwiftDoc, you acknowledge you will be subject to SwiftDoc’s Privacy Policy, available on their website: https://swiftdoc.com/.

Purposes for the collection, use and disclosure of personal information

If we are providing the Services on behalf of an Organisation (such as your employer, health plan, or health care provider) who has paid (in whole or in part) for you to use the Services, we will abide by the terms of our agreement with that third-party partner related to the use of the personal information we collect. Otherwise, we may collect, hold, use and disclose personal information for the following purposes:

(1) to companies in the Osara Health Group (CancerAid Pty Ltd and Osara Health Inc).

(2) to provide our Services to you, including to:

(3) to contact and communicate with you about our Services, including to

(4) To send you text messages and push notifications;

(5) To personalize your experience on our Services such as by providing tailored content and recommendations;

(6) for internal record keeping, administrative, invoicing and billing purposes;

(7) for analytics, market research and business development, including to operate and improve our Services and associated applications and to develop new products, services, features, and functionality;

(8) to generate anonymized, aggregate data containing only de-identified, non-personal information that we may use to publish reports;

(9) at your request, to refer you to a third party provider;

(10) to comply with our legal obligations and resolve any disputes that we may have, including enforcing our Terms or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency;

(11) to find and prevent fraud, and respond to trust and safety issues that may arise;

(12) if you have applied for employment with us, to consider your employment application;

(13) if otherwise required or authorised by law; and

(14)for other purposes for which we provide specific notice at the time the information is collected.

Sensitive information + Health Information: We only collect, hold, use and disclose sensitive information, including health information, for the following purposes:

(1) where you are an Osara Health Participant and your provider funds your participation in the Osara Health Program, they may require that we provide information back to them about your participation in the Osara Health Program so that they can assess your engagement in the program and identify additional services that may be of benefit to you. Please check the privacy collection notice provided to you and/or the terms and conditions for your particular Osara Health Program to see if we are required to disclose your information to the Provider;

(2) any purpose you consent to, for example where you as a Osara Health Program Participant consent to us disclosing your personal information or outcomes from your Osara Health Program sessions with the relevant Organisation funding your participation in the Osara Health Program;

(3) the primary purpose for which it is collected, which may be as follows:

(4) secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary for or directly related to the purpose for which it was collected;

(5) to contact emergency services, or to speak with relevant authorities, employers, providers, your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent; and

(6) if otherwise required or authorised by law.

Disclosure of personal information to third parties

We will only disclose personal information to a third party where we are permitted or required to do so by law or you have consented. The types of third parties that we may disclose personal information to, include:

(1) third party service providers for the purpose of enabling them to provide their services, to us, including (without limitation):

(2) third party service providers for the purpose of obtaining medical opinions at your request;

(3) third party affiliates and partners for the purposes of conducting research, which may result in scientific publications, presentations, and other research dissemination activities (“Research”), notwithstanding that any published Research must not include identifiable personal information;

(4) our employees, contractors and/or related entities;

(5) our existing agents or business partners;

(6) sponsors or promoters of any promotions or competition we run (this does not include health information);

(7)service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. The use of your information following any of these events will be governed by the provisions of this Privacy Policy in effect at the time the applicable information was collected;

(8) courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights, including any right to payment;

(9) third parties to collect and process data, such as Google Analytics (please see below for further information), and/or other relevant analytics businesses;

(10 third parties, with your consent; and

(11) any other third parties as required or permitted by law, such as where we receive a subpoena.

Marketing: We do not rent, sell, or share information about you with nonaffiliated companies for their direct marketing purposes, unless we have your permission.

Overseas disclosure: Where we disclose your personal information to third parties listed above, these third parties may store, transfer or access personal information outside of Australia including but not limited to, the United States of America.

We will only disclose your personal information to countries with laws which protect your personal information in a way which is substantially similar to the privacy laws we are obliged to comply with or we will take such steps as are reasonable in the circumstances to ensure that those third parties protect and handle the personal information in a manner that is consistent with the principles contained in the Australian or New Zealand privacy laws applicable to our handling of your personal information.

Analytics Partners : We use analytics services such as Google Analytics, LinkedIn Analytics, and Hotjar to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/. To help us understand how you use our Services and to help us improve them, we automatically receive information about your interactions with our Services, like the pages or other content you view, the searches you conduct, purchases you make, your comments, any content you post, and the dates and times of your visits.

Google Analytics Advertising Features: We have enabled Google Analytics Advertising Features. We and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.

Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the contact details provided below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to charge a fee for access or to withhold access to your personal information.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. You also have the right to contact the relevant privacy authority.

Exercising your Rights: Unless otherwise noted above, to exercise any of your rights described in this Privacy Policy, please contact us using the contact details provided below.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, to the fullest extent permitted by law we do not guarantee the security of any information that is transmitted to or by us over the Internet, and the transmission and exchange of information is carried out at your own risk.

We will retain personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

Children’s Privacy

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of our Service(s) is directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at contact@canceraid.com.

Our Services may contain links to other websites, products, and services that we do not own or operate. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy. We encourage you to read their privacy policies before providing any information to them.

Update your information

Osara Health App Users and Osara Health Program Participants can update their account and profile information or close their account through their profile settings or via their health coach.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website at www.osarahealth.com. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy. If we materially change the ways in which we use or share personal information previously collected from you through the Services, we will notify you through the Services, by email, or other communication.

For any questions or notices, please contact our Privacy Officer at:

Address:

Email: contact@osarahealth.com

Last update: 14 February 2023