Privacy Policy

Last updated: January 06, 2023

Privacy Policy

This Privacy Policy applies to all personal information collected by HEALTHRECEPTIONIST.AI PTY LTD (we, us, or our) via our virtual receptionist AI service and related platforms (the Service). This document explains how we collect, use, store, and disclose your personal information.

What Information Do We Collect?

The type of personal information we collect depends on how you use our Service. The information we collect and hold about you may include:

1.1 Personal Information

  • Name
  • Phone Number
  • Email Address
  • Address
  • Date of Birth

1.2 Booking Information

  • Appointment Date & Time
  • Preferred GP or Healthcare Provider

1.3 Health Information (Sensitive Data)

  • Medical History (only if relevant to appointment booking)

1.4 Conversation Transcripts

  • When you interact with our Service via voice or chat, we maintain text records of these conversations. For voice interactions, we transcribe conversations in real time. These transcripts are used to ensure booking accuracy and to improve our service.

Types of Information

Under the Privacy Act 1998 (Cth), information is classified into two main categories:

  • Personal Information:
    Information or an opinion about an identified individual or an individual who is reasonably identifiable, regardless of whether the information is true or recorded in a material form. Information that does not disclose your identity or enable your identity to be ascertained is generally not classified as Personal Information.

  • Sensitive Information:
    This includes details about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or professional body, criminal record, or health information. Sensitive Information will be used only:

    • For the primary purpose for which it was obtained;
    • For a secondary purpose directly related to the primary purpose;
    • For service improvement and analysis in an aggregated, de-identified form;
    • To contact emergency services or notify a family member, partner, or support person if there is a serious risk to life, health, or safety and consent cannot be obtained; and
    • With your consent or as required or authorised by law.

How We Collect Your Personal Information

We collect your personal information through several methods:

  • Direct Interactions:
    Information provided during voice or chat conversations, text messages, or when making and managing healthcare appointments.

  • Automated Collection:
    Data gathered via voice-to-text transcription, chat interactions, and other automated processes that help us improve our Service.

  • Third-Party Sources:
    Information obtained from healthcare providers when confirming appointments, from your existing medical records (with your consent), or from authorised representatives booking on your behalf.

Purpose of Collection

We collect your personal information to:

  • Provide and improve our Service.
  • Communicate with you about relevant service updates and developments.
  • Operate and maintain the Service by sharing necessary information with service providers and support personnel.

Direct Marketing

By using our Service, you consent to receiving direct marketing communications. We use your personal information for direct marketing only if it is of a type you would reasonably expect from us. Sensitive personal information is never used for direct marketing. You can manage your marketing preferences via your account settings or by contacting our Privacy Officer. We process opt-out requests within 7 business days, and marketing communications will not exceed 4 messages per month.

Conversation Transcripts

We store conversation transcripts as part of our service delivery to maintain booking records and ensure service quality. Transcripts are retained for 2 years. While there are no user-manageable settings for transcripts, you may request deletion of transcript data by contacting our Privacy Officer, subject to our legal obligations to retain booking records.

Security, Access, and Correction

We take reasonable steps to protect your personal information from unauthorised access, misuse, modification, or disclosure. When your personal information is no longer required for its original purpose, we will take steps to destroy, anonymise, or de-identify it. Most records are retained for a maximum of 7 years to meet our record-keeping obligations.

Our security measures include industry-standard practices such as:

  • Encryption
  • Access Controls
  • Secure Data Centres

For digital records, active data is retained for 90 days and archived data for 7 years, after which automated protocols permanently delete the information. Conversation transcripts are stored in encrypted format for 7 years in segregated, access-controlled systems with detailed audit logging.

Australian Privacy Principles

The Australian Privacy Principles grant you the right to access the personal information we hold about you (APP 12) and to correct inaccurate personal information (APP 13), subject to certain exceptions. To request access or correction, please contact us using the details provided below.

Complaint Procedure

If you have any concerns about how we manage your personal information, please contact our Privacy Officer. We will review your complaint and, if it is found to be well founded, take appropriate steps to address it. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

Documentation and Response Timeline

  • We will acknowledge receipt of your complaint within 5 business days and provide a reference number.
  • Our privacy team will investigate your complaint and maintain detailed records of all communications and findings.
  • We aim to resolve all complaints within 30 business days. If additional time is required, we will notify you in writing.
  • Complaint documentation will be retained for 12 months following resolution.
  • In escalated cases, our Privacy Officer will review your case within 10 business days of the escalation request.

Overseas Transfer

We may transfer your personal information to recipients in the United States for data processing purposes only. Although processing occurs in the United States, no personal or sensitive information is stored there. The United States does not have a single, national privacy law equivalent to the Australian Privacy Act; however, we ensure your personal information is protected in accordance with the Australian Privacy Principles (APPs) by:

  • Using reputable third-party service providers that comply with industry security standards (e.g., ISO 27001, SOC 2).
  • Implementing contractual safeguards such as Standard Contractual Clauses (SCCs) or Data Processing Agreements (DPAs).
  • Encrypting personal information in transit and at rest.

By using our Service, you consent to the processing (but not storage) of your personal information by overseas recipients as described above.

How to Contact Us About Privacy

If you have any questions, need access to your personal information, or wish to make a complaint about our privacy practices, please contact us at: