LYMBASE PRIVACY POLICY

1. ABOUT THIS POLICY

1.1 This Policy should be read in conjunction with Lymbase’s terms and conditions.

1.2 Your privacy and trust are important to us and this Privacy Policy provides important information about how Lymbase handles Personal Information.

2. DEFINITIONS

2.1 The following definitions apply to this Policy:

2.1.1 Clinician means a clinician trained and registrable to treat Lymphoedema.
2.1.2 Lymbase means Lymbase Pty Ltd A.C.N. 637 071 393.
2.1.3 Lymbase Application means the software platform developed by Lymbase.
2.1.4 Lymphoedema is a swelling of part of the body present for more than three months.
2.1.5 Patient Consent Form means the patient consent form required to be obtained from patients prior to any Clinician using the Lymbase Application.
2.1.6 Personal Information means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
2.1.7 Privacy Laws means:
(a) In Australia, Privacy Act 1988 (Cth) and the Australian Privacy Principles;
(b) In the United Kingdom the Data Protection Act 2018;
(b) In Europe, the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679; and/or
(c) In any other jurisdiction, the relevant laws governing Personal Information.
2.1.8 Service means the https://app.lymbase.com application website and/or the https://lymbase.com website operated by Lymbase and includes the website/s, the Lymbase Application, product, software or service that links to the website/s.

3. PERSONAL INFORMATION

3.1 Lymbase is committed to the responsible handling and protection of personal information.

3.2 We collect, use, disclose, transfer, and store Personal Information when needed to provide our Services and for our operational and business purposes as described in this Policy.

4. THE TYPES OF PERSONAL INFORMATION WE COLLECT

4.1 We collect Personal Information from you within the Lymbase Application.

4.2 Obtaining your consent is a pre-requisite to the collection of your Personal Information by a Clinician.

4.3 If you do not consent to having your Clinician collect your Personal Information to be stored in the Lymbase Application, then you should not provide your Personal Information to your Clinician.

4.4 If you believe your Personal Information has been collected without your consent and is stored in the Lymbase application, please Contact Us immediately.

4.5 The Personal Information collected and stored within the Lymbase Application would be considered to be ‘sensitive’ Personal Information, since it includes information about your health.

4.6 Sensitive personal information is a subset of personal information and is generally defined as any information related to racial/ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, and other medical information including biometric and genetic data, or sexual life or preferences. In some instances, sensitive personal information may also include criminal allegations or convictions, precise geolocation information, financial and bank account numbers, or unique identifiers such as government-issued national insurance numbers, driver’s license, and passport numbers.

5. HOW WE USE PERSONAL INFORMATION

5.1 We process certain Person Information as follows:

5.1.1 Account setup and administration: We use personal information such as your name, email address, phone number, and information about your device to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription, and Service information.
5.1.2 Hosted services: Some of our Services provide data and document storage as an integral part of the product or solution offering. Any information stored by or on behalf of our customers is controlled and managed by and only made accessible to those customers or others our customers may authorise from time to time. Our access to this information is limited to Lymbase personnel with a business reason to use it, such as technical support, software engineering, testing or troubleshooting.
5.1.3 Legal obligations: We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons.

6. WHEN WE SHARE PERSONAL INFORMATION

6.1 Lymbase shares or discloses personal information when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements.

6.2 Lymbase provides summarised de-identified data for the purposes of research which aims to improve outcomes for patients with Lymphoedema. Data sets used for research do not include any personally identifiable data.

6.3 We may occasionally share non-personal, anonymised, and statistical data with third parties:

6.3.1 Personal Information will be made available to personnel if necessary for the provision of the Lymbase application, account administration, sales and marketing, customer and technical support, and business development and product engineering, for instance.
6.3.2 We may partner with and be supported by service providers around the world. Personal information will be made available to these parties only when necessary to fulfill the services they provide to us, such as software, system, and platform support; cloud hosting services; advertising; data analytics; and order fulfillment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.

6.4 We will share personal information when we believe it is required, such as:

6.4.1 To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence.
6.4.2 In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings)
6.4.3 To protect our rights, users, systems, and services.

7. WHERE WE STORE AND PROCESS PERSONAL INFORMATION

7.1 Your Personal Information will be stored and processed inside your home country. We take steps to ensure that the information we collect is processed according to this Privacy Statement and the requirements of applicable law wherever the data is collected and stored.

7.2 Lymbase may have networks, databases, servers, systems, support, and help desks located throughout our offices around the world. We collaborate with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of our business, workforce, and customers. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to transfer your personal information within Lymbase or to third parties in areas outside of your home country.

8. HOW WE SECURE PERSONAL INFORMATION

8.1 Lymbase takes data security seriously, and we use appropriate technologies and procedures to protect personal information.

8.2 Lymbase has been developed with the requirements of European (GDPR), American (FDA) and local data security requirements in mind.

8.3 Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

9. HOW LONG WE KEEP PERSONAL INFORMATION

9.1 We retain personal information for as long as we reasonably require it for legal or business purposes. In determining data retention periods, Lymbase takes into consideration local laws, contractual obligations, and the expectations and requirements of our customers. When we no longer need personal information, we securely delete or destroy it.

9.2 We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.

9.3 If you request access to your personal information, we will comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee for providing you with a copy of your data (except where this is not permissible under local law).

9.4 In some jurisdictions, you have the right to correct or amend your personal information if it is inaccurate or requires updating. You may also have the right to request deletion of your personal information; however, this is not always possible due to legal requirements and other obligations and factors. Remember that you can update your account information by using the “Contact Us” form on our website.

9.5 If you are not satisfied with how Lymbase manages your personal data, you have the right to make a complaint to a data protection regulator.

10. COOKIES AND SIMILAR TECHNOLOGIES

10.1 A cookie is a small text file that is placed on a computer or other device and is used to identify the user or device and to collect information. Cookies are typically assigned to one of four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.

(a) Absolutely necessary cookies: These cookies are essential to enable you to move around a website and use its features. Without these cookies, services you have asked for, like adding items to an online shopping cart, cannot be provided.
(b) Performance cookies: These cookies collect information about how you use our websites. Information collected includes, for example, the Internet browsers and operating systems used, the domain name of the website previously visited, the number of visits, average duration of visit, and pages viewed. These cookies don’t collect information that personally identifies you and only collect aggregated and anonymous information. Performance cookies are used to improve the user-friendliness of a website and enhance your experience.
(c) Functionality cookies: These cookies allow the website to remember choices you make (such as your username or ID, language preference, or the area or region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts, and other customizable parts of web pages. They may also be used to provide services you have asked for, such as watching a video or commenting on a blog. The information these cookies collect may be anonymised, and they cannot track your browsing activity on other websites.
(d) Targeting and advertising cookies: These cookies track browsing habits and are used to deliver targeted (interest-based) advertising. They are also used to limit the number of times you see an ad and to measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations, such as advertisers.

10.2 Cookies can be managed in your browser settings, and you always have the choice to change these settings by accepting, rejecting, or deleting cookies. If you choose to change your settings, you may find that certain functions and features will not work as intended. All browser settings are slightly different, so to manage cookies, you should refer to the relevant settings within your browser.

10.3 We understand that you may want to know more about cookies. Here are some useful resources that provide detailed information about types of cookies, how they are used, and how you can manage your cookie preferences: www.aboutcookies.org or www.allaboutcookies.org.

11. LINKS AND CONNECTIONS TO THIRD-PARTY SERVICES

11.1 The Lymbase application may contain links to and may be used by you in conjunction with third-party apps, services, tools, and websites that are not affiliated with, controlled, or managed by us. The privacy practices of these third parties will be governed by the parties’ own Privacy Statements. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to these third-party services.

12. CHILDREN’S PRIVACY

12.1 Lymbase provides software solutions for clinicians, and our Services are generally not aimed at children. If, however, we collect and use information about children, such as to develop an educational resource, we will comply with industry guidelines and applicable laws.

13. NOTIFICATION OF DATA BREACHES

13.1 If we have reasonable grounds to suspect that a data breach has occurred, we will:

13.1.1 complete an assessment of the suspected data breach within 30 days;
13.1.2 if appropriate, take remedial action to address any potential harm to individuals that may arise due to a relevant data breach before any serious harm is caused to individuals to whom the information relates; and
13.1.3 we will otherwise comply with privacy data breach notification requirements, including notifying affected individuals and the Office of the Australian Information Commissioner as applicable.

14. HOW TO CONTACT US

14.1 Please contact us via our Contact Page: https://lymbase.com/contact/ or via support@lymbase.com.