Welio is committed to protecting the privacy and security of any personally identifiable information you provide to us. Personally identifiable information is information that can be linked to a specific individual, and includes, but is not limited to, your name, address, phone number, email address, date of birth, and Medicare number.
What information does Welio collect?
Welio only records personally identifiable information and other information that is reasonably required to do business with you. On all the Welio pages that collect personally identifiable information, Welio describes what information is required in order to provide you with the product or service you request. In an effort to keep the Welio service as simple and easy as possible, profiles are created and stored for each of its users. A unique identifier for each profile is also created for our internal use, and is not shared outside of Welio.
Welio will collect personally identifiable information when you register to fulfil the legal and technical requirements of delivering our service to you. This information is available to you when logged in under the My Profile section in both website and mobile applications.
Welio may collect personally identifiable information such as your name, email address and/or telephone number whenever you contact us.
When you visit our website site, Welio records general information about your visit for statistical purposes. These statistics do not contain any personally identifiable information.
Welio uses “cookies” to store your preferences, record session information and collect information on how you visit and access our web pages. This helps us deliver and continue to improve our services. Cookies are small pieces of information that a web page transfers to your computer’s hard disk for record-keeping purposes. Cookies make the web more useful by storing information about your preferences on a particular site. Cookies in and of themselves do not personally identify you, only your computer. You can delete cookies from your computer at any time.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, Stripe make use of best-in-class security tools and practices to maintain a high level of security at Stripe. For more information visit https://stripe.com/docs/security/stripe
How do we use your information?
We only use your personally identifiable information for the purpose of providing our services and communicating with you in relation to our services. We send email and SMS appointment reminders unless specifically requested not to do so. We send email invoices and receipts unless specifically requested not to do so.
Who do we share your information with?
We do not disclose information to anyone except the relevant Health Professional, their clinic staff and Patient.
We send personally identifiable information and encoded transaction identifiers to our Stripe payment services provider to facilitate the payment transaction. Stripe holds and handles all the card data on their PCI DSS compliant hosted solutions. Please refer to What information does Welio collect? for more information about payment services and PCI DSS compliance.
We may be required by law to disclose information you provide us with for the purposes of obtaining products or services. We may also disclose information about someone whose activities could cause harm to others (i.e. fraud).
Other than in the circumstances outlined above the information you supply to us remains stored confidentially on our secure servers and is not shared with 3rd parties.
How can you control and access your information?
My Profile pages provide you with the ability to update your information and set notification preferences.
You are free to delete your profile at any time, however you should note that while this will render your information invisible to the general user system we are required by law to retain an audit trail.
If at any time you want to inquire about any of the personally identifiable information that we store, or to request any amendment or correction to that information, please contact us via email at email@example.com, or via regular mail at Privacy Officer, Welio, Level 1, 144 Indooroopilly Rd, Taringa Q4068.
How we protect your information
Welio utilises Microsoft Azure cloud services to store and access data and information related to providing services to its clients. Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, such as Australia IRAP, UK G-Cloud and Singapore MTCS.
We also use Twilio to provide voice and video calls. Twilio’s security framework is based on the ISO 27001 Information Security Management System. ISO 27001 is a globally recognized, standards-based approach to security that outlines requirements for an organization’s information security management system (ISMS). More information is available here – https://www.twilio.com/legal/security-overview
For some of our messages we use Firebase. Firebase is Google’s mobile platform and is compliant with the most stringent security and privacy requirements. All messages and images are encrypted and communicated in such a way as to prevent eavesdropping, tampering or message forgery. We delete the files from Firebase once they have been transferred to our secure Azure database.
More information is available here – https://firebase.google.com/support/privacy
Messages and attachments are hosted in a secure Australian Firebase database and in our secure Azure database.
This policy was last updated on 5th June, 2020.