Privacy Policy

1. Purpose

This Privacy Policy outlines how PAPERSGP Pty Ltd collects, uses, stores, and discloses personal and health information in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).

2. Scope

This policy applies to all personal information collected via PapersGP's digital health applications and services, including information from patients, clinicians, and third-party integrations.

3. What Information We Collect

We collect personal and sensitive information including names, contact details, Medicare details, medical histories, medication information, care plans, and other health data required for clinical purposes.

4. Why We Collect It

We collect this information to:

• Provide clinical decision support tools and generate personalised care plans
• Facilitate accurate medical documentation
• Ensure continuity of care between clinicians
• Support platform security, quality improvement, and privacy-preserving data analysis

5. How We Store and Protect Information

All data is stored securely in Australian-based AWS infrastructure and MongoDB Atlas. Access is restricted using role-based permissions and multi-factor authentication. Data is encrypted in transit and at rest.

6. Access and Correction (APP 12 & 13)

You have the right to access and request correction of your personal and health information. Requests can be made via your clinician or by contacting PAPERSGP Pty Ltd directly at support@papersgp.com.

7. Transfer and Portability

Patients have full control over transferring their records to another practitioner. Upon request, we will securely export and transmit a structured summary in a clinically acceptable format, subject to identity verification and consent.

8. Use of Deidentified Data

We may use deidentified information (i.e., information that cannot reasonably be re-identified) to:

• Improve our tools and services
• Support quality and safety monitoring
• Conduct ethically approved research
• Generate practice-level insights
• Share with peak health bodies to improve patient care outcomes

9. Disclosure to Third Parties

We do not sell or disclose personal information to unrelated third parties. Disclosure may occur:

• With your consent
• When required by law
• To your treating practitioner
• To trusted vendors under strict data handling agreements (e.g., for system hosting and analytics)
• In deidentified form for research and system improvement purposes

10. Retention and Disposal

We retain personal information in accordance with legal and clinical recordkeeping obligations. When no longer required, information is securely deleted or deidentified following best practice.

11. Complaints and Contact

If you have any concerns about how your data is handled, please contact our Privacy Officer at privacy@papersgp.com. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) GPO Box 5288, Sydney NSW 2001.