Privacy Policy

Global Medics Australia Pty. Ltd.
(trading as GlobalMedics.Ai Virtual Hospital)

1. We respect your privacy

(a) Global Medics Australia Pty. Ltd. respects your right to privacy and is committed to safeguarding the privacy of our customers, patients, healthcare providers, and website visitors. This policy sets out how we collect, use, disclose, and protect your personal information, including health information and information processed by artificial intelligence systems.

(b) We handle personal information in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles. Where we process digital personal data in connection with offering goods or services to individuals in India, we also comply with the Digital Personal Data Protection Act, 2023 (India) and applicable rules. Where another privacy law applies to a particular service or individual, we will also comply with that law to the extent required.

(c) “Personal information” is information we hold which is identifiable as being about you. This includes your name, email address, phone number, identification number, health information, medical records, biometric data, voice recordings, and any other information that can reasonably identify an individual either directly or indirectly, including inferences generated by automated or AI systems.

2. What personal information is collected

(a) In addition to basic contact and account information, we may collect health and clinical information, consultation notes, symptoms, diagnoses, prescriptions, treatment information, uploaded documents, images, audio recordings, voice transcripts, device identifiers, usage logs, API-supplied information from third-party systems, and data received from connected medical devices or healthcare providers.

(b) We may also generate and store derived information such as summaries, transcriptions, classifications, recommendations, coding suggestions, and other outputs created by our software, including outputs generated with the assistance of AI systems.

(c) We may collect additional information at other times, including but not limited to, when you provide feedback, when you provide information about your personal or business affairs, change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.

3. How we collect your personal information

(a) We collect personal information when you use our website, app, or services; create an account; fill in forms; upload documents; speak to the system; connect third-party systems or medical devices; communicate with us; or otherwise provide information directly or through authorised third parties such as healthcare providers, hospitals, laboratories, device manufacturers, insurers, or integration partners.

(b) Where required by applicable law, we provide notice describing the personal data collected, the purpose of processing, how you may exercise your rights, and how you may raise a complaint. For individuals in India, consent requests and notices will be presented in clear and plain language, with language options as required by law.

4. How we use your personal information

(a) We use personal information to provide and support our services, create and manage user accounts, enable clinical and administrative workflows, receive and process data from connected systems and devices, respond to enquiries, investigate complaints, comply with legal obligations, and improve the reliability, safety, and performance of our services.

(b) We may use personal information to transcribe speech, summarise records, extract structured data from documents, assist with coding, support triage and prioritisation, generate draft communications or reports, and provide other AI-assisted features within the service.

(c) We may process personal information using a combination of third-party OEM AI providers, hosted open-source models, and models run in our own controlled environments or on-device, depending on the feature, deployment model, customer configuration, and technical requirements.

(d) We do not use personal information for a new purpose that is incompatible with the purpose notified at the time of collection unless we have a lawful basis, or your consent, to do so.

5. AI and automated processing

(a) We use artificial intelligence, machine learning, speech processing, and rules-based automation in some parts of our services. These technologies may use personal information such as uploaded documents, health records, voice inputs, transcripts, manually entered information, device data, and integration data to generate outputs or support workflows.

(b) Depending on the feature, AI or automated processing may be used to support transcription, summarisation, information extraction, coding support, triage support, record organisation, workflow routing, anomaly detection, safety monitoring, and draft content generation.

(c) Where required under Australian and Indian laws, this policy describes the kinds of personal information used in automated decision-making technology, the kinds of decisions made solely by automated means, and the kinds of decisions for which automated processing is substantially and directly related to the decision-making process.

(d) If your deployment includes on-device processing, some processing may occur locally on your device or managed hardware. If your deployment includes cloud-based AI features, relevant inputs may be transmitted to approved service providers or infrastructure used to operate those features.

(e) We do not use solely automated processing to make final clinical diagnosis or treatment decisions without appropriate human review.

6 a. Disclosure of your personal information

(a) Global Medics Australia Pty. Ltd. may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy.

(b) If we do disclose your personal information to a third party, we will protect it in accordance with this privacy policy.

6 b. Additional information for individuals in India

(a) If the DPDPA applies to our processing of your digital personal data, we will process your personal data for a lawful purpose based on your consent or another basis permitted by law. Where consent is required, it will be sought through clear affirmative action and will be free, specific, informed, unconditional, and unambiguous, and limited to personal data necessary for the specified purpose.

(b) You may withdraw consent at any time with ease comparable to the manner in which consent was given. Withdrawal will not affect processing already carried out lawfully before withdrawal, and some services may no longer be available if the relevant processing is necessary to provide them.

(c) Subject to applicable law, you may request a summary of the personal data we process about you, request correction, completion, updating or erasure, use our grievance mechanism, and nominate another person to exercise your rights in the event of your death or incapacity.

(d) If we are designated as a Significant Data Fiduciary under Indian law, we will appoint a Data Protection Officer based in India and comply with the additional obligations applicable to Significant Data Fiduciaries.

6 c. General Data Protection Regulation (GDPR) for the European Union (EU)

(a) Global Medics Australia Pty. Ltd. will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

(b) We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

(c) We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

(d) We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

(e) We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

(f) We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

(g) You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

7. Your rights under the GDPR

(a) If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Global Medics Australia Pty. Ltd. complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU

(b) Except as otherwise provided in the GDPR, you have the following rights:

(i) to be informed how your personal information is being used;

(ii) access your personal information (we will provide you with a free copy of it);

(iii) to correct your personal information if it is inaccurate or incomplete;

(iv) to delete your personal information (also known as “the right to be forgotten”);

(v) to restrict processing of your personal information;

(vi) to retain and reuse your personal information for your own purposes;

(vii) to object to your personal information being used; and

(viii) to object against automated decision making and profiling.

(d) We may ask you to verify your identity before acting on any of your requests.

8. Hosting and International Data Transfers

(a) We may offer customer configurations under which the primary hosting location for service data is Australia or India. If your service is provisioned with Australian data residency, we will ordinarily store that service data at rest in Australia and process it there for routine service delivery. If your service is provisioned with Indian data residency, we will ordinarily store that service data at rest in India and process it there for routine service delivery.

(b) Limited cross-border access, disclosure or processing may still occur where reasonably necessary for customer-requested support, security operations, abuse prevention, business continuity, disaster recovery, encrypted backup, email or messaging delivery, system monitoring, or the use of approved subprocessors and integrated services.

(c) Where we disclose personal information overseas, we will take the steps required by applicable law. For Australian personal information, this includes the steps required under APP 8. For digital personal data subject to the DPDPA, cross-border transfers will be handled subject to any restrictions notified by the Government of India and any commitments we make in our customer terms.

(d) Because the internet is global, limited technical routing or remote administrative access may involve countries outside your chosen hosting region even where your primary data residency location remains Australia or India.

9. Security of your personal information

(a) We implement technical and organisational measures designed to protect personal information against unauthorised access, misuse, interference, loss, modification, and disclosure. These measures may include role-based access controls, encryption in transit and at rest, logging, monitoring, environment segregation, vendor due diligence, and contractual controls with service providers.

(b) We remain responsible for personal information processed on our behalf and require processors and subprocessors to implement appropriate safeguards consistent with applicable law and our contractual requirements.

(c) If a personal data breach occurs, we will take the steps required by applicable law, including notifications where legally required.

(d) The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

10. Access to your personal information

(a) You may request access to, or correction of, personal information we hold about you, subject to applicable law. If you are in India and the DPDPA applies, you may also exercise the rights made available under that law, including grievance redressal and, where applicable, erasure and nomination rights. Please contact us at Legal@GlobalMedics.ai.

(b) We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.

(c) If you have a privacy complaint or grievance, please contact us at Legal@GlobalMedics.ai. We will investigate and respond in accordance with applicable law and our internal grievance-handling process.

11. Complaints about privacy

(a) If you have any complaints about our privacy practices, please feel free to send in details of your complaints to Legal@GlobalMedics.ai. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.

12. Changes to Privacy Policy

(a) Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy.

13. Website

(a) When you use our website or app, we may automatically collect technical and usage information such as device type, browser type, operating system, IP address, timestamps, referral URLs, and interaction data. We use this information for security, performance, analytics, troubleshooting, and service improvement.

(b) We may use cookies and similar technologies to operate the website, remember preferences, analyse traffic, and improve user experience. Where required, you can manage cookie preferences through your browser settings or any cookie tools we make available on the website.

(c) Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Global Medics Australia Pty. Ltd. is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.

14. Effective date

This policy is effective from 1st November 2022.