Privacy Policy

1. Purpose

This Privacy Policy explains how ConsentED collects, stores, uses, and discloses your personal information when you use our platform. It is incorporated by reference into our End User Licence Agreement (EULA) and is intended to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

2. Information We Collect

We collect the following categories of personal information:

  • Identity Data: Full name, email address, phone number

  • Health Information: Associated medical practice, estimated date of procedure, answers to clinical and consent knowledge reviews

  • Usage Data: Log-in timestamps, navigation patterns, content engagement

  • Technical Data: Browser type, IP address, and device identifiers

We may collect this information directly from you, or indirectly via your healthcare provider or clinician if you are using ConsentED in a clinical setting.

3. How We Use Your Information

We use personal information to:

  • Provide and improve the ConsentED platform

  • Document the informed consent process

  • Analyse anonymised data for quality assurance and research

  • Comply with legal obligations or respond to lawful requests

4. Disclosure of Information

We do not sell or rent your personal data.

We may disclose your personal information:

  • To your treating clinicians or hospital

  • To third-party service providers (including insurers) under strict confidentiality agreements

  • When required by law, court order, or regulatory authority

Where data is stored with third-party processors (e.g. cloud providers), it will be hosted in Australia or in jurisdictions that meet comparable privacy standards.

5. Data Security

We take reasonable steps to protect your personal information, including:

  • End-to-end encryption of data in transit and at rest

  • Role-based access controls (RBAC)

  • Regular audits and logging of access

  • Secure hosting environments that comply with ISO 27001 or equivalent standards

6. Data Retention

We retain personal information:

  • For the duration required to document informed consent (usually up to 7 years, unless otherwise required by law)

  • As required for audit, legal defence, or research (anonymised where possible)

You may request that we deidentify your personal information, subject to our legal and contractual obligations.

7. Your Rights

Under the Privacy Act 1988, you have the right to:

  • Access your personal information

  • Request correction of inaccurate or incomplete data

  • Lodge a complaint with the OAIC (Office of the Australian Information Commissioner)

Please contact us at privacy@consented.health to make such a request.

8. Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on our website and linked from within the platform. Continued use of ConsentED after updates implies acceptance of the revised policy.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact:

ConsentED Privacy Officer
Email: privacy@consented.health
Postal: PO Box 123, Sydney NSW 2000, Australia

info@consented.health

© 2025. All rights reserved.

Imladris Information Technology Pty. Ltd.