Best Practice Software

Privacy Statement

This statement defines our approach to the collection and use of your personal information and outlines your options for interaction with us.

Background

At Best Practice Software (Bp), we regard your privacy as important.

Bp has specific obligations under the Privacy Act 1988 (Cth), various State and Territory privacy and data protection legislation in Australia (to the extent applicable) and the Privacy Act 1993 (NZ) regulating the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal (Privacy Obligations).

This Privacy Statement outlines the information collection and handling policies of Bp and our related bodies corporate, as that term is defined in the Corporations Act 2001 (Cth) (Affiliates), and describes the processes we implement in order to comply with our Privacy Obligations. By providing your personal information, you consent to Bp collecting, using, disclosing and otherwise handling that information in accordance with this Privacy Statement.

Scope

This statement applies to how Bp collects, holds, uses, discloses and otherwise processes the Personal Information of the following groups of individuals:

1. Medical and health care practitioners of medical clinics (Medical Clinics) who are customers or potential customers for Bp’s products and services (Medical Practitioners).
2. Directors, officers and employees of Medical Clinics (Medical Staff).
3. Current or potential patients of Medical Clinics who are customers of Bp’s products and services including, but not limited to, users of Bp’s mobile applications such as Best Health App, Best Health Connect and Best Health Booking (Bp Apps) in order to connect with their Medical Practitioner or Medical Clinic and to otherwise communicate or engage with Medical Staff (Patient);
4. Individuals who are directors, officers, employees or otherwise engaged by entities that participate in Bp’s partner program (Partner Staff); and
5. Other individuals who do not fit into any of the previous categories (Other individuals).

What is Personal Information?

Personal information in Australia is information or an opinion, in any form and whether true or not, about an identified (or reasonably identifiable) individual, and in New Zealand is information about an identifiable individual. Personal information might include an individual’s name, telephone number, postal or e-mail address.

Where applicable, special provisions apply to the collection of personal information which is sensitive, including health information. Sensitive information is a type of personal information and includes information or an opinion about an individual’s race, political opinion, religious beliefs, sexual orientation, criminal record, membership of a trade union or health information. Health information is a type of sensitive information and includes information or an opinion about the health or disability of an individual, an individual’s wishes about the future provision of health services to him or her and the health services provided to an individual. Bp does not solicit any health or sensitive information. Where health or sensitive information is disclosed to Bp, it will be dealt with in accordance with Bp’s obligations under its Privacy Obligations.

Generally, Bp collects different types of personal information from individuals, depending on which category (or categories) to which the individual belongs. For each category, this privacy statement describes in detail how Bp collects personal information, the purposes for which Bp collects personal information and the usual recipients of disclosure by Bp of personal information. Please note that it is

possible that an individual may fit within more than one of the categories addressed in this privacy statement; if this is your situation, then you should carefully read all of the sections that apply to you.

Bp generally only collects personal information from individuals directly from the individual (unless otherwise noted in this privacy statement).

Under applicable laws, where it is lawful and reasonable to do so, you have the right to deal with Bp on an anonymous or pseudonymous basis. Subject to the following, Bp will give individuals the option of not identifying themselves when dealing with Bp, or of using a pseudonym when dealing with Bp. However, if you choose to interact with Bp in an anonymous or pseudonymous fashion, or you do not provide Bp with personal information when requested, then Bp may be unable to provide you with the products or services that you request.

Bp generally collects personal information only when Bp specifically requests the information or when Bp takes active steps to collect that information. However, from time to time, personal information may be volunteered to Bp without Bp specifically requesting the information or without Bp taking active steps to collect the information. Further, Bp may receive unsolicited personal information when Bp requests that certain information is provided and the individual provides more information than requested. Where Bp receives unsolicited personal information, Bp will determine whether it could lawfully have collected the information had Bp sought the information. If Bp determines that it could not lawfully have collected the information, unless Bp is authorised or required by law to retain the information, then Bp will take reasonable steps to destroy or to de-identify that information.

How Bp collects, uses, discloses and otherwise handles personal information collected from Medical Practitioners and Medical Staff

What personal information does Bp collect from Medical Practitioners and Medical Staff?

Bp collects personal information from you (in your capacity as a Medical Practitioner or Medical Staff member) such as your name, street, delivery and email addresses, contact telephone number, contact facsimile number, the name of your employer, and bank account details or credit card details (as required). Bp may also collect information about the financial situation, credit history and/or other types of credit-related information about you when you or your organisation apply for finance or credit arrangements.

How does Bp collect personal information from Medical Practitioners or Medical Staff?

Bp may collect personal information from you (in your capacity as a Medical Practitioner or Medical Staff member) in a variety of ways. Bp may collect personal information from you in the following scenarios:

• When you register to participate in and when you post to the online user forum.
• When you express an interest in becoming a customer for any of Bp’s products or services, including by completing an online enquiry form or telephoning Bp with an inquiry that can only be answered in a manner that requires the collection of your personal information.
• When you send mail correspondence, emails and communications by other electronic means.
• Via publicly available sources of information.
• When you request that Bp prepares and submits a quote for the provision of any products or services, Bp may collect personal information in order to assist in the preparation and submission of the quote.
• When you purchase Bp products or services.
• When you complete and submit your personalised response to a survey (including an online survey) conducted by or on behalf of Bp.
• When you participate in a promotional offer or in a competition conducted by Bp.
• When you subscribe to a newsletter or mailing list in relation to any product or service offered or supplied by Bp.

Bp may also collect personal information from you when you contact Bp in order to submit an inquiry or to request that Bp provides support or other services related to any product or service supplied by Bp, or when you wish to complain or dispute an invoice submitted by Bp to you or to your organisation.

From time to time, Bp may collect personal information from you when you interact with Bp through a third party social media service and/or when you access and interact with Bp’s website. Please see below the section in this privacy statement dealing with cookies for further information.

Why does Bp collect personal information from Medical Practitioners and Medical Staff?

Bp collects, uses and discloses personal information where it is reasonably necessary for Bp to carry out its functions and activities. In particular, Bp collects personal information from you (in your capacity as a Medical Practitioner or Medical Staff member) for any one or more of the following purposes:

• To enable Bp to provide you or your Medical Clinic with our products and services;
• To facilitate the creation of an account with Bp in order to enable you or your Medical Clinic to access and to use any of Bp’s products and services supplied to you or to your organisation;
• To process transactions and to administer accounts (including by processing of invoices, bills, statements of accounts and related financial matters necessary to enable Bp to provide products and/or services to you or to your Medical Clinic);
• To send invoices or statements to you or to your Medical Clinic and to collect payments from you or your organisation;
• To address your queries and to resolve your complaints;
• To send you or your organisation information updates, marketing materials and newsletters (unless you have notified Bp that you no longer wish to receive such marketing materials);
• For quality assurance purposes, including to improve the quality of the products and services provided to you or to your Medical Clinic;
• To undertake statistical collation and analysis in relation to your use and/or your Medical Clinic’s use of the products or services you or your organisation acquire from Bp;
• When you apply to register to join Bp’s online user forum community, then Bp may also use the information in order to verify your contact details in order to enable your participation in and engagement in Bp’s online user forum community; and
• To comply with Bp’s contractual obligations owed to you or to your organisation and to enforce the rights that Bp may have under contract or at law.

Bp may also use personal information collected from you in order to carry out checks for credit- worthiness and for fraud and to insure your or your Medical Clinic’s account with a trade credit insurer to establish, administer and otherwise generally to manage a commercial credit trading account, including billing and collecting payments.

Bp may use a third-party independent contractor to conduct services which we are unable to, such as internet traffic measurement, website hosting, drug data information, and patient information materials. Use of such services may involve coding being placed on web pages on the Bp website to enable the collection and analysis of site visitor numbers, length of visit and pages visited. The contractor may collect and collate aggregate and non-personal information which is then provided to Bp to assist Bp to provide a product or service you have requested (either on your own behalf or on behalf of your organisation), and to provide you and/or your organisation with a better user experience.

Sometimes the information Bp collects may include de-identified demographic information such as age, gender, location, occupation, or interests, which is not personal information. Bp may use such information for our own internal business purposes or to improve our products and services. Bp may also disclose such de-identified information to third parties including consultants, suppliers, partners, customers or potential customers. If you do not wish for Bp to collect or use de-identified data from you in this way, please contact one of Bp’s Privacy Officers, whose contact details are set out below.

To whom does Bp disclose personal information collected from Medical Practitioners or Medical Staff?

Bp may disclose your personal information to:
1. Any of Bp’s Affiliates;
2. Parties that you authorise Bp to disclose your personal information;
3. Bp’s partners, suppliers, contractors and consultants, assisting Bp in the provision of the products and services to you or your Medical Clinic, such as call centre, billing, credit collection,

drug data information, patient information materials, help desk and support services providers, subject to them being required to protect your personal information in the same manner that Bp commits to your privacy protection under this Privacy Statement; and
4. Any of Bp’s professional advisers, insurers and auditors.

Where Bp has agreed with you or with your organisation on prepayment for the provision of products and/or services to you, or using credit card pre-authorisation, then Bp may disclose your credit card details to a secure payment processing provider in order to process the payment.

Bp may disclose personal information to a number of complementary service providers, including responses to surveys or questionnaires that Bp has conducted, but only if Bp has your permission to do so.

Bp may disclose your personal information to any law enforcement agency or to a court or governmental agency where Bp considers (in good faith) that Bp is obliged or compelled to do so.

Disclosure to credit reporting bodies

Bp may disclose your personal information to the following Australian and New Zealand credit reporting bodies (CRBs). Information disclosed to CRBs (including default information) will be held by each CRB on its system accessed by the customers of the credit reporting database and used to provide its credit reporting services (including the maintenance of credit information files and supplying the information to other customers of the relevant CRB). You can obtain copies of each CRB’s privacy policy which deals with how they may use your personal data from their website:

• Veda Advantage Limited – (www.veda.com.au);
• illion Australia Pty Ltd – (www.illion.com.au); and
• Experian – (www.experian.com.au).

If you fail to make a payment obligation to Bp, as and when due, or commit a serious credit infringement, Bp may disclose details of such events to CRBs. A CRB may use such information (and other personal information provided to them by Bp) in reports given to other credit providers to help assess your credit worthiness. You may have certain rights to request that CRBs do not use credit reporting information about you if you believe on reasonable grounds you have been or are likely to be a victim of fraud.

How Bp collects, uses, discloses and otherwise handles personal information collected from Patients

What personal information does Bp collect from Patients?

Bp collects personal information from you (in your capacity as a Patient and/or user of Bp Apps) such as your name, street, delivery and email addresses and contact telephone number. Bp collects other personal information from you, including your date of birth and your gender.

Bp may also collect health information concerning your current health, including notes of any symptoms, the details of your appointment (including the Medical Practitioner or Medical Clinic that you wish to attend), your prescriptions, your genetic information and your healthcare identifier (including, but not limited to, your Medicare number and/or details of your private health insurance fund, such as the name of your fund and your membership number).

How does Bp collect personal information from Patients?

Bp may collect personal information from you (in your capacity as a Patient) in a variety of ways. Bp may collect personal information from you in the following scenarios:

• When you register to access and to use any one or more of the Bp Apps.
• When you register to access and to participate in our online user forum and when you post to the online user forum.
• When you complete and submit your personalised response to a survey (including an online survey) conducted by or on behalf of Bp.

• When you participate in a promotional offer or in a competition conducted by Bp.
• When you subscribe to our newsletter or mailing list in relation to Bp Apps.

From time to time, Bp may collect personal information from you when you interact with Bp through a third party social media service and/or when you access and interact with Bp’s website. Please see below the section in this privacy statement dealing with cookies for further information.
Sometimes the information Bp collects may include de-identified demographic information such as age, gender, location, occupation, or interests, which is not personal information. Bp may use such information for its own internal business purposes or to improve its products and services. Bp may also disclose such de-identified information to third parties including consultants, suppliers, partners, customers or potential customers. If you do not wish for Bp to collect or use de-identified data from you in this way, please contact one of Bp’s Privacy Officers, whose contact details are set out below.

Why does Bp collect personal information from Patients?

Bp collects, uses and discloses personal information where it is reasonably necessary for Bp to carry out its functions and activities. In particular, Bp only collects personal information from you (in your capacity as a Patient) for any one or more of the following purposes:

• To enable Bp to provide you with our products and services, including booking, telehealth and other products, information or services that you have requested using the Bp Apps;
• To facilitate the creation of an account with Bp in order to enable you to access and use Bp Apps;
• To process transactions and to administer accounts (including by processing of invoices, bills, statements of accounts and related financial matters necessary to enable Bp to provide products and/or services to you);
• To send invoices or statements to you and to collect payments from you;
• To address your queries and to resolve your complaints;
• To send you information updates, marketing materials and newsletters (unless you have notified Bp that you no longer wish to receive such marketing materials);
• For quality assurance purposes, including to improve the quality of the products and services provided to you;
• To undertake statistical collation and analysis in relation to your use of the products or services you or your organisation acquire from Bp;
• When you apply to register to join Bp’s online user forum community, Bp may use the information in order to verify your contact details in order to enable your participation in and engagement in Bp’s online user forum community; and
• To comply with Bp’s contractual obligations owed to you and to enforce the rights that Bp may have under contract or at law.

To whom does Bp disclose personal information collected from Patients?

Bp may disclose your personal information to:
1. Any of Bp’s Affiliates;
2. Parties that you authorise Bp to disclose your personal information (including general practitioners and medical clinics with whom you have used Bp’s products or services to book appointments);
3. Bp’s partners, suppliers, contractors and consultants, assisting Bp in the provision of the products and services to you, such as call centre, billing, credit collection, drug data information, patient information materials, help desk and support services providers, subject to them being required to protect your personal information in the same manner that Bp commits to your privacy protection under this Privacy Statement; and
4. Any of Bp’s professional advisers, insurers and auditors.

Where Bp has agreed with you on prepayment for the provision of products and/or services to you, or using credit card pre-authorisation, then Bp may disclose your credit card details to a secure payment processing provider in order to process the payment.

Bp may disclose personal information to a number of complementary service providers, including responses to surveys or questionnaires that Bp has conducted, but only if Bp has your permission to do so.

Bp may disclose your personal information to any law enforcement agency or to a court or governmental agency where Bp considers (in good faith) that Bp is obliged or compelled to do so.

How Bp collects, uses, discloses and otherwise handles personal information collected from Partner Staff

What personal information does Bp collect from Partner Staff?

Bp collects personal information from you (in your capacity as a member of Partner Staff) such as your name, street address and email address and contact telephone number.

How does Bp collect personal information from Partner Staff?

Bp may collect personal information from you (in your capacity as a member of Partner Staff) in a variety of ways. Bp may collect personal information from you in the following scenarios:

• When you, on behalf of your organisation, express an interest in becoming a partner of Bp.
• When Bp and you discuss arrangements in respect of you or your organisation becoming a partner of Bp.
• In the course of pursuing the arrangements made between Bp and you or your organisation.
• When you complete and submit your personalised response to a survey (including an online survey) conducted by or on behalf of Bp.
• When you participate in a promotional offer or in a competition conducted by Bp.
• When you subscribe to our newsletter or mailing list in relation to any of the products and/or services offered by Bp.

Bp may also collect personal information from you when you contact Bp in order to submit an inquiry or to request that Bp provides support or other services related to any product or service supplied by Bp, or when you wish to complain or dispute an invoice submitted by Bp to you or to your organisation.

From time to time, Bp may collect personal information from you when you interact with Bp through a third party social media service and/or when you access and interact with Bp’s website. Please see below the section in this privacy statement dealing with cookies for further information.

Why does Bp collect personal information from Partner Staff?

Bp collects, uses and discloses personal information where it is reasonably necessary for Bp to carry out its functions and activities. In particular, Bp only collects personal information from you (in your capacity as a Partner Staff member) for any one or more of the following purposes:

• To enable Bp to provide you or your organisation with our products and services or to arrange for your or your organisation’s participation in Bp’s partner program;
• To facilitate the creation of an account with Bp in order to enable you or your organisation in order to take advantage of your or your organisation’s participation in Bp’s partner program;
• To process transactions and to administer accounts (including by processing of invoices, bills, statements of accounts and related financial matters necessary to enable Bp to provide products and/or services to you or to your organisation or which must be paid by you or your organisation to continue your or your organisation’s participation in Bp’s partner program);
• To send invoices or statements to you or to your organisation, and to collect payments from you or your organisation;
• To address your queries and to resolve your complaints;
• To send you information updates, marketing materials and newsletters (unless you have notified Bp that you no longer wish to receive such marketing materials);

• For quality assurance purposes, including to improve the quality of the products and services provided to you or to your organisation;
• To undertake statistical collation and analysis in relation to your use of the products or services you or your organisation acquire from Bp;
• When you apply to register to join Bp’s online user forum community, then Bp may also use the information in order to verify your contact details in order to enable your participation in and engagement in Bp’s online user forum community; and
• To comply with Bp’s contractual obligations owed to you and to enforce the rights that Bp may have under contract or at law.

To whom does Bp disclose personal information collected from Partner Staff?

Bp may disclose your personal information to:
1. Bp’s suppliers, contractors and consultants, assisting Bp in the provision of the products and services to you, such as software development, software integration and partner support services providers, subject to them being required to protect your personal information in the same manner that Bp commits to your privacy protection under this Privacy Statement; and
2. Any of Bp’s professional advisers, insurers and auditors.

Bp may disclose your personal information to any law enforcement agency or to a court or governmental agency where Bp considers (in good faith) that Bp is obliged or compelled to do so.

How Bp collects, uses, discloses and otherwise handles personal information collected from Other individuals

What personal information does Bp collect from Other individuals?

Bp may collect a variety of personal information from individuals who do not fit into one or more of the previous categories. The information that Bp may collect from you include:

• Identity information (such as your name);
• Contact information (such as your street address, your postal address, your delivery address, your telephone number, your facsimile number and your email address);
• Copies of your identification documents (such as your driver’s licence); and
• Details of your financial accounts (including bank account and/or credit card details).

Additionally, Bp may collect information if you access Bp’s website or social media presence, including your user ID and/or user name associated with the social media service used to access Bp’s social media presence, any information or content that you have permitted the third party social media service to share (such as your profile picture, email address, followers or friends lists, and any other information that you have disclosed in connection with that social media service). Bp does not collect your passwords. When you access Bp through third party social media services, you acknowledge that you authorise Bp to collect, store, use and disclose such information and content in accordance with this privacy statement.

How does Bp collect personal information from Other individuals?

Bp may collect personal information from you (in your capacity as an individual who does not belong to any of the previous categories) in a variety of ways. Bp may collect personal information from you in the following scenarios:

• When you complete and submit a form (either physical or online) to Bp.
• When you telephone or email Bp, or interact with Bp through social media or other electronic means (including by interacting with Bp via Bp’s website, the use of the ‘contact us’ form on Bp’s website and the use of any social media channels controlled by Bp).
• When you send mail to Bp.
• Through publicly available sources of information.
• From job applicants.

• Direct contact in the course of Bp providing its products and services.
• From current and prospective suppliers of products and/or services to Bp.

Bp may also collect personal information from you when you contact Bp in order to submit an inquiry or to request that Bp provides support or other services related to any product or service supplied by Bp, or when you wish to complain or dispute an invoice submitted by Bp to you or to your organisation.

From time to time, Bp may collect personal information from you when you interact with Bp through a third party social media service and/or when you access and interact with Bp’s website. Please see below the section in this privacy statement dealing with cookies for further information.

Sometimes the information Bp collects may include de-identified demographic information such as age, gender, location, occupation, or interests, which is not personal information. Bp may use such information for our own internal business purposes or to improve our products and services. Bp may also disclose such de-identified information to third parties including consultants, suppliers, partners, customers or potential customers. If you do not wish for Bp to collect or use de-identified data from you in this way, please contact one of Bp’s Privacy Officers, whose contact details are set out below.

Why does Bp collect personal information from Other individuals?

Bp collects, uses and discloses personal information where it is reasonably necessary for Bp to carry out its functions and activities. In particular, Bp only collects personal information from you (when you do not fit into any of the other categories contemplated in this privacy statement) for any one or more of the following purposes:

• To enable Bp to provide you or your organisation with our products and services or to arrange for your or your organisation’s participation in Bp’s partner program;
• To process transactions and to administer accounts (including by sending and processing of invoices, bills, statements of accounts and related financial matters necessary to enable Bp to provide products and/or services to you or to your organisation or which must be paid by you or your organisation, and by collecting and processing payments received from you or your organisation);
• To address your queries and to resolve your complaints;
• To send you information updates, marketing materials and newsletters (unless you have notified Bp that you no longer wish to receive such marketing materials);
• For quality assurance purposes, including to improve the quality of the products and services provided to you or to your organisation;
• To undertake statistical collation and analysis in relation to your use of the products or services you or your organisation acquire from Bp;
• When you apply to register to join Bp’s online user forum community, then Bp may also use the information in order to verify your contact details in order to enable your participation in and engagement in Bp’s online user forum community;
• To manage the supply of products and/or services to Bp or any of its Affiliates; and
• To comply with Bp’s contractual obligations owed to you and to enforce the rights that Bp may have under contract or at law.

Bp may also disclose and use the personal information collected from you to assess your application for employment with Bp or any of its Affiliates, or to assess you or your organisation’s capacity to provide products and/or services to Bp or any of its Affiliates. Bp may use and/or disclose the personal information collected from you to maintain a safe working environment for Bp’s staff and contractors.

To whom does Bp disclose personal information collected from Other individuals?

Bp may disclose your personal information to:
1. Any of Bp’s Affiliates;
2. Parties that you authorise Bp to disclose your personal information (including general practitioners and medical clinics with whom you have used Bp’s products or services to book appointments);

3. Bp’s partners, suppliers, contractors and consultants, subject to them being required to protect your personal information in the same manner that Bp commits to your privacy protection under this Privacy Statement; and
4. Any of Bp’s professional advisers, insurers and auditors.

Where Bp has agreed with you or your organisation on prepayment for the provision of products and/or services to you or your organisation, or to deal with your or your organisation’s participation in Bp’s partner program, or using credit card pre-authorisation, then Bp may disclose your credit card details to a secure payment processing provider in order to process the payment.

Bp may disclose personal information to a number of complementary service providers, including responses to surveys or questionnaires that Bp has conducted, but only if Bp has your permission to do so.

Bp may disclose your personal information to any law enforcement agency or to a court or governmental agency where Bp considers (in good faith) that Bp is obliged or compelled to do so.

Cookies and Web Logs

Bp may use cookies and web logs on its website to improve its functionality.

Cookies are a small text file that our websites may place on your computer, and collect information such as your Internet Protocol address, your computer’s operating system, browser type and traffic patterns, and your user name or email address. You may adjust your Internet browser to disable cookies, or inform you when one is being used. If you choose to disable cookies, you may be unable to access certain areas of our website.

Sometimes Bp’s website contains links to other websites for your convenience and information. When you access a website other than Bp’s website, you acknowledge and agree that Bp is not responsible for the privacy practices of that site. We don’t provide any of your personal information to these sites nor does any such information automatically pass to them with the linkage. Before you disclose any personal information for that other site you should read the terms of use and privacy policy for that site. You should also be aware that the Internet is not a secure environment, and transmission of personal information over the Internet is at your own risk.

Use and transfer of information received from Google APIs will adhere to Google API Services User Data Policy | Google for Developers including the limited use requirements.

How Bp holds and stores Personal Information

Regardless from whom Bp collected the personal information, Bp takes reasonable steps to ensure the personal information Bp holds is secured from such risks as loss or unauthorised access, destruction, use, modification or disclosure.

Bp’s ICT systems are password protected and comply with Bp’s applicable security standards, and if personal information is held on paper files, it is stored in locked files on secure premises. Bp only permits personal information to be accessed by authorised personnel, and Bp’s employees, agents and contractors are required to comply with Bp’s privacy policies and respect the confidentiality of any personal information held by Bp. In this instance, any agent or contractor who has access to personal information Bp hold is required to protect this information in a manner that is consistent with our policy by, for example, not using the information for any purpose other than to carry out the service they are performing for Bp. Bp takes reasonable steps to develop and implement appropriate measures to safeguard the personal information Bp holds against unauthorised use or disclosure.

Bp uses two levels of encryption when facilitating the exchange of information (via secure HTTPS) between the Medical Clinic and the current or potential patient of the Medical Practitioner or the Medical Clinic who use the Bp Apps.

You should be aware that, when using Bp’s products and services, no data transmission over the Internet can be guaranteed as completely secure. Bp does not warrant the security of any information you transmit to Bp over the internet and you do so at your own risk.

 

Access to and correction of Personal Information

Bp takes reasonable steps to make sure that the personal information Bp collects, uses and/or discloses is accurate, complete and up-to-date. However, the accuracy, completeness and the currency of the information Bp holds largely depends on the accuracy of the information you supply to Bp. If at any time you discover that any information held about you is inaccurate, incomplete, outdated, irrelevant or misleading, you may contact one of Bp’s Privacy Officers to rectify it.

You have certain rights of access to, and correction of, your personal information under applicable laws, you may in some instances be able to access the information Bp holds about you. If you would like to access your personal information, please contact one of Bp’s Privacy Officers, who will explain how Bp will handle your access request, and whether there will be any associated fee. We will assume (unless you tell us otherwise) that your request for access relates to our current records about you.

A fee will not apply to making a request for access or update your personal information. A fee may apply and be charged for providing the information to you. The fee covers the cost Bp incurs in collating, copying and providing certain information to you. Bp will only charge this fee where it is lawful for us to do so.

In some circumstances, Bp may not permit access to your personal information, or may refuse to correct your personal information, including, but not limited to, where:
1. giving access would have an unreasonable impact on the privacy of others;
2. the information relates to existing or anticipated legal proceedings and the information would not be discoverable in those proceedings;
3. giving access would be unlawful;
4. denying access is otherwise required or authorised by law; or
5. the request for access is frivolous or vexatious.

If Bp refuses to provide you with access to or correct your personal information, we will provide you with reasons for this decision in writing. In some circumstances where we correct a record, we may still require the retention of the original record.

Please note that, since Bp does not wish to interfere with the privacy of individuals, Bp reserves the right to verify your identity prior to releasing your personal information to you and/or correcting any personal information you assert is incomplete, inaccurate or outdated. Further, Bp reserves the right to redact the personal information of other individuals which may be collected and held by Bp and which would be otherwise subject to your access request.

Overseas disclosure of Personal Information

Bp may disclose your personal information between its Affiliates in Australia and New Zealand (where required). However, Bp does not routinely disclose personal information to other overseas recipients. You consent to such overseas disclosure between Bp and its Affiliates and acknowledge APP 8.1 (where applicable) will not apply to such disclosure.

If it is necessary for Bp to disclose personal information outside Australia or New Zealand (whichever applies) in order to provide you with Bp’s products or services, Bp will request your specific consent or will, before disclosing personal information overseas, take reasonable steps to ensure that the overseas recipient does not breach the Privacy Obligations.

Destruction and De-identification

Bp will continue to store and hold your personal information indefinitely, until such time as Bp no longer needs the information for any purpose for which the information may be used or disclosed under this Privacy Statement or for any other lawful purpose under applicable privacy or data protection laws or (if earlier, and subject to the next paragraph) a reasonable time after you ask Bp to delete it.

Bp uses secure methods to destroy or to permanently de-identify personal information within a reasonable time after the end of the period mentioned in the previous paragraph (unless we are required to retain by any applicable privacy or data protection laws) or if Bp determines that the personal

information received is required to be destroyed or permanently de-identified in accordance with any applicable privacy or data protection laws.

Complaints and Concerns

If you have any questions or comments about this Privacy Statement, or if you wish to complain about how Bp has handled personal information (including, where applicable, credit-related information) about you, please contact one of the Privacy Officers as follows:

Australia:
Privacy Officer
Best Practice Software Pty Ltd PO Box 1911
Bundaberg Queensland 4670, Australia Telephone: 1300 40 1111
Email: bp.privacy@bpsoftware.net

New Zealand:
Privacy Officer
Best Practice Software New Zealand Limited PO Box 1459
Hamilton 3240, New Zealand Telephone: 0800 40 1111
Email: bp.privacy@bpsoftware.net

We ask that any complaint should be made in writing to us in the initial instance. We will then respond to your complaint in writing and in accordance with any timeframes required by law. We may request you to provide further information about your complaint to duly assess your complaint. If for any reason you do not wish to complain to us initially or if we are unable to resolve your complaint to your satisfaction, a complaint may also be made to the Office of the Australian Information Commissioner (http://www.oaic.gov.au), or telephone 1300 363 992 or the Office of the Privacy Commissioner, New Zealand (http://www.privacy.org.nz), or telephone 0800 803 909.

Changes to this Privacy Statement

This Privacy Statement may change from time to time and you should check regularly for updates. This Privacy Statement was last updated on 21 November 2023.