Lucky Health Pty Ltd (ACN 613 773 149) trading as Perx Health (‘Perx Health’, ‘we’, ‘us’, or ‘our’) is a technology company specialising in the provision of various health and wellbeing services designed to assist end users to manage and adhere to their treatment plans in a positive, effective and rewarding way (Services). The Services are delivered primarily through a mobile application (Perx App), as well as through other online platforms including our website, web applications and portals, Perx Health’s pages and accounts on third-party social media platforms and any other websites, applications or technology which we may own or operate from time to time (collectively the Perx Platforms). We have agreements in place with a number of organizations including insurers, pharmaceutical companies and medical providers (Commercial Sponsors). These Commercial Sponsors fund each program, which enables us to make the Perx App available for use by people like you for free. If you do not have a Commercial Sponsor, you may have a Perx individual membership which is self-sponsored or free. We also have arrangements with a number of third party business partners for the provision of rewards to users based on actions conducted through the Perx App or web portal (Rewards Partners).
We encourage you to read this Privacy Policy carefully so that you understand both our commitment to you and your privacy, and how you can participate in that commitment. Should you have any questions about this policy or our privacy practices, please email us at privacy@perxhealth.com.
This Privacy Policy describes the personal information and health information that we may obtain about you as well as how we collect, use, store and disclose your personal information and health information, and how we protect that information in accordance with applicable privacy and data protection laws, principles and regulations. This Privacy Policy applies to all your dealings with Perx Health in relation to your use of the Perx Platforms and our Services.
This Privacy Policy has been tailored to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA). We have Business Associate Agreements in place with all of our Commercial Sponsors in the United States of America that are Covered Entities under HIPAA and these agreements regulate the flow of protected health information between us and our Commercial Sponsors and require us to comply with the HIPAA Rules.
When used in this Privacy Policy, personal information means any information or opinion relating to an identified or identifiable natural person. Personal information includes information such as your name, age, gender, postcode and contact details. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
When used in this Privacy Policy, health information means any personal information relating to the physical or mental health of a natural person including information about the provision of health care services to a natural person. For example, health information may include information or an opinion about any health condition, your treatment plan (including any prescribed medication, physiotherapy exercises or clinical measurements), the schedule for your treatment plan, your completion of your treatment plan, implied adherence data and health insurance details.
We will need to collect certain personal information about you in order to provide our Services to you. We may collect the following types of personal information relating to you:
We may also collect certain health information about you including but not limited to:
Where possible we will collect personal information and health information directly from you, however in certain circumstances it may be necessary to collect information about you from third parties, including from Your Commercial Sponsor and your healthcare professionals. If we receive information about you from someone else, we will take reasonable steps to make you aware of the facts and circumstances of that collection.
We may collect your personal information or health information in a number of ways including:
If you have concerns about how your personal information or health information has been disclosed to us by Your Commercial Sponsor, healthcare professional or another third party, then you should direct enquiries to the relevant third party that disclosed the information to us.
You may choose to deal with us on an anonymous basis or using a pseudonym. However, you acknowledge that if you do not provide us with the information we request, or if the information you provide to us is not accurate, our ability to provide the Services, or to otherwise fulfil the purpose for which you have provided your information may be severely limited.
If we receive personal information or health information that we did not take any active steps to collect, we will determine whether we would have been permitted to collect that information as part of providing our Services in accordance with the law. We will destroy or de-identify unsolicited personal information or health information that we would not collect as part of providing our Services if it is lawful to destroy or de-identify such information. If the information is of the type that we would ordinarily collect to provide our Services, we will manage that information in accordance with this Privacy Policy.
We will generally explain at the time we collect your personal information or health information the purposes for which we will use it. We will only ever use your personal information for the purpose for which we collected it, or as otherwise set out in this Privacy Policy.
We may collect, hold, use and/or disclose your personal information or health information for the following purposes:
We may use your personal information to send you direct marketing communications and information about our services and products, and other related services and products if we have your permission or a legitimate interest in doing so. These communications may take the form of emails, SMS, mail, social media campaigns or other forms of communication, sent in accordance with applicable privacy laws and regulations.
If you do not want to receive marketing material directly from us, you may opt-out by contacting us using the details set out in the Contact Us section below or, where the marketing material is sent via email, by following the ‘unsubscribe’ instructions that appear at the bottom of all marketing emails we send to you.
We will not disclose any of your personal information to third parties for the purpose of enabling them to market their products and services to you or provide you with other unsolicited information. Perx Health does not give, sell, rent, loan or otherwise monetize your personal information to third parties for third party advertising and marketing purposes, either directly to other commercial entities, indirectly via third-party data brokers or to marketing technology companies like Facebook or Google.
We will never disclose your health information to a Rewards Partner. However, after you directly claim a reward with a Rewards Partner they may send you marketing communications. If you wish to opt out of receiving marketing communications from our Rewards Partners you should contact them directly, or follow the ‘unsubscribe’ instructions that appear in the marketing communications sent by them (if any).
Never.
We do not give, sell, rent, loan or otherwise monetize your health information to third parties either directly to other commercial entities, indirectly via third-party data brokers or to marketing technology companies like Facebook or Google.
We do not permit paid third-party advertisements and marketing on the Perx Platforms that are targeted to you based on your personal information or your health information.
We may send you offers that promote the products or services of our health, wellness and technology partners (Partner Offers). We may receive a payment from the partner for sending you a Partner Offer. Partner Offers are intended to be relevant to the program you are enrolled in and we may therefore send different Partner Offers to users depending on which program they are enrolled in. However, Partner Offers will not be targeted based on your personal information or your individual health information. We will never disclose your personal information or health information to our partners for the purpose of sending you Partner Offers. We may permit advertisements and marketing relevant to you from Your Commercial Sponsor.
The information we collect from you will be kept strictly confidential and secure at all times. Importantly, we will not sell, rent, loan or otherwise monetize any personal information or personally-identifiable health information to any third party.
We may give or disclose your personal information or health information to specific third parties where:
Any disclosure of your personal information in the above circumstances will be made in a manner that is consistent with applicable privacy and data protection laws and regulations.
You acknowledge that the Perx Community Forum that forms part of the Perx Platforms is a public forum and that any information you choose to disclose on it may be accessed, used and disclosed by third parties (including other users of the Perx Platforms) and is not subject to the same level of protection as personal information that we collect directly from you. The in-app support messaging service made available through the Perx App is intended to handle your personal information and technical support requests, but is not designed to handle sensitive health information. You acknowledge that any health information you disclose through the in-app support messaging service may not be processed in full accordance with the Privacy Act, HIPAA or be covered by a Business Associate Agreement. You should not disclose any personal or health information on the Perx Community Forum or via the in-app support messaging service. If you choose to share personal or health information via these platforms, then Perx bears no responsibility for the consequences of you doing so.
We may de-identify your personal and health information (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) and make use of the de-identified information to assist us in running our business including for marketing and advertising purposes. We may also provide de-identified information in aggregated form to third parties for research and other purposes.
When your personal information and health information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.
We may disclose your personal information and health information to Your Commercial Sponsor where they require us to provide that information for:
Our right to disclose your personal information for the above purposes is strictly limited to disclosure to Your Commercial Sponsor. We will not disclose your personal information to any Commercial Sponsor that does not have a direct relationship with you.
Pharmacovigilance refers to the practice of monitoring the effects of medicines and drugs to identify and evaluate any adverse events or reactions experienced by consumers including any additional safety problems not uncovered during clinical testing. We work with a number of Commercial Sponsors in the pharmaceutical space who are required to continually undertake pharmacovigilance activities in order to adhere with local and global regulatory obligations. To assist our Commercial Sponsors with their pharmacovigilance activities, we may be obliged to monitor your interaction with the Perx Platforms, including any communications with us, and provide written reports to our Commercial Sponsors where we identify a potential adverse event, product quality complaint or other special situation in relation to the use of a particular drug or medicine. The written report to the Commercial Sponsor will include certain de-identified personal and health information collected from you through your use of our Services. We will not share personally identifiable health information with our Commercial Sponsors for pharmacovigilance purposes without your consent. Where a Commercial Sponsor requests that identifiable personal information (such as contact details) be included in the report we will seek a separate and specific consent from you before disclosing this information to the Commercial Sponsor.
If you are accessing the Services from outside Australia then you acknowledge that your personal information and health information will be disclosed to our employees and agents in Australia for the purposes of providing you with the Services. We may disclose personal information and health information outside of Australia but only to contracted service providers that are engaged by us to act on our behalf and assist with our business functions and delivery of the Services. If we transfer your information to a contracted service provider outside Australia, we will take steps to ensure that your privacy rights continue to be protected to ensure that these contracted service providers are either covered by data privacy laws substantially similar to those in Australia or the relevant contracted service provider adheres to data privacy standards substantially similar to those in Australia.
While we do not use browsing information to identify you personally, we may record certain information about your use of the Perx Platforms, such as which pages you visit, the time and date of your visit, your interactions with the user interface and the internet protocol address assigned to your computer.
We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our website may not work as intended for you if you do so.
We may also use cookies to enable us to collect data that may include personal information. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.
We employ a variety of administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of your information and to protect it from unauthorised access, use, or disclosure. For example, we use data encryption (at rest and in transit), firewalls and other security devices for our computer systems and cloud-based services. All of your personal information and health information is stored by us on secure servers located in Australia and the United States of America which are protected by locked cages, 24/7 onsite security and surveillance and biometric access controls and all web-hosting is SSL-encrypted.
In addition, we have procedures that limit the access our employees and contractors have to your personal information and health information. Only those people with a genuine need to know will have access to such information. We educate our employees about the importance of confidentiality and privacy through standard operating procedures and internal policies on data privacy and corporate integrity.
Your information is kept while we need it to provide the Services to you and where applicable, for as long as we are required to keep it to comply with relevant statutory requirements, including pharmacovigilance and other drug safety requirements. Where we determine that it is no longer necessary to hold your personal information or health information we will securely destroy, delete or permanently de-identify that information to the extent it is possible to do so.
If we become aware of unauthorised access to or disclosure of your personal information or health information, we will take appropriate steps to rectify the data breach and notify you as soon as practicable and provide you with a description of the breach, the type of information involved and any recommended actions you can take to protect yourself.
The Perx Platforms may contain links to websites and services operated by third parties. Those links are provided for convenience only and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those links, and have no control over or rights in those links. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those links.
You can access the personal and health information we hold about you by contacting us at privacy@perxhealth.com. We will need to verify your identity before allowing you to access your personal information.
If we cannot provide you with access to your information, we will advise you of the reasons in writing.
We may refuse to allow you to access your personal information where:
If you think that any personal or health information we hold about you is inaccurate or you wish to have certain information amended, deleted or updated, please contact us and we will take reasonable steps to ensure that appropriate changes are made to the information we hold about you.
If you think we have breached this Privacy Policy or our obligations under applicable privacy law, or you wish to make a complaint about the way we have handled your personal or health information, you can contact our Privacy Officer at privacy@perxhealth.com. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time.
If you think that we have failed to resolve the complaint satisfactorily, you may refer the matter to the relevant privacy and data protection authority in your country of origin.
By using the Perx Platforms or by accepting our Terms and Conditions of Use which refer to this Privacy Policy, you are agreeing to the collection, use and disclosure of your personal information and health information in accordance with the terms of this Privacy Policy.
We may change this Privacy Policy from time to time. We will let you know that the policy has changed via a notification on the Perx Platforms. Your continued use of our Services following notification of a change to this Privacy Policy indicates that you accept those changes. Through this document we will always let you know the information we collect, how we use it, and the circumstances under which such information may be disclosed by us.
For further information about our Privacy Policy or practices, or to access or correct your personal information, or to opt-out of receiving marketing materials from us, or to make a complaint, please contact us using the details set out below:
Perx Privacy Officer