Privacy Policy

Welio is committed to protecting the privacy and security of any personally identifiable information you provide to us. Personally identifiable information is information that can be linked to a specific individual, and includes, but is not limited to, your name, address, phone number, email address, date of birth, and Medicare number.

This privacy policy explains how we handle and protect your personally identifiable information. We do this in line with Privacy Act 1988 and Australian Privacy Principles which can be found at www.oaic.gov.au

Welio reserves the right to modify or amend this policy at any time and for any reason. Any material changes to this privacy policy will be posted prior to their implementation. Questions regarding this policy should be submitted to privacy@welio.com, or sent via regular mail to: The Privacy Officer, Level 1, 144 Indooroopilly Rd, Taringa Q4068.

What information does Welio collect?

Welio only records personally identifiable information and other information that is reasonably required to do business with you. On all the Welio pages that collect personally identifiable information, Welio describes what information is required in order to provide you with the product or service you request. In an effort to keep the Welio service as simple as possible, profiles are created and stored for each of its users. A unique identifier for each profile is also created for our internal use, and is not shared outside of Welio.

Welio will collect personally identifiable information when you register to fulfill the legal and technical requirements of delivering our service to you. This information is available to you when logged in under the My Profile section in both website and mobile applications.

Welio may collect personally identifiable information such as your name, email address and/or telephone number whenever you contact us.

When you visit our website site, Welio records general information about your visit for statistical purposes. These statistics do not contain any personally identifiable information.

Welio uses “cookies” to store your preferences, record session information and collect information on how you visit and access our web pages. This helps us deliver and continue to improve our services. Cookies are small pieces of information that a web page transfers to your computer’s hard disk for record-keeping purposes. Cookies make the web more useful by storing information about your preferences on a particular site.  Cookies in and of themselves do not personally identify you, only your computer. You can delete cookies from your computer at any time.

Welio uses highly secure third-party payment gateway services, which are audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, the payment gateway makes use of best-in-class security tools and practices to maintain a high level of security.

How do we use your information?

We only use your personally identifiable information for the purpose of providing our services and communicating with you in relation to our services. We send email and SMS appointment reminders unless specifically requested not to do so. We send email invoices and receipts unless specifically requested not to do so.

We may from time to time send you emails related to the services we provide, changes in this privacy policy, and other relevant matters. We may use your email address and/or telephone number(s) to contact you when you submit a suggestion, question, or inquiry.

Who do we share your information with?

We do not disclose information to anyone except the relevant Health Professional, their clinic staff and Patient.

We send personally identifiable information and encoded transaction identifiers to our third-party payment services provider to facilitate the payment transaction, which holds and handles all card data on a PCI DSS compliant hosted solution. Please refer to What information does Welio collect? for more information about payment services and PCI DSS compliance.

We may be required by law to disclose information you provide us with for the purposes of obtaining products or services. We may also disclose information about someone whose activities could cause harm to others (i.e. fraud). Other than in the circumstances outlined above the information you supply to us remains stored confidentially on our secure servers and is not shared with 3rd parties.

How can you control and access your information?

My Profile pages provide you with the ability to update your information and set notification preferences.

You are free to delete your profile at any time, however you should note that while this will render your information invisible to the general user system we are required by law to retain an audit trail.

If at any time you want to inquire about any of the personally identifiable information that we store, or to request any amendment or correction to that information, please contact us via email at privacy@welio.com, or via regular mail at Privacy Officer, Welio, Level 1, 144 Indooroopilly Rd, Taringa Q4068.

How we protect your information

Welio utilises Microsoft cloud services to store and access data and information related to providing services to its clients. Microsoft cloud services meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, such as Australia IRAP, UK G-Cloud and Singapore MTCS.

Welio also uses a third-party to provide secure voice and video calls, for which the security framework is based on the ISO 27001 Information Security Management System. ISO 27001 is a globally recognised, standards-based approach to security that outlines requirements for an organization’s information security management system (ISMS).

For some of our messages Welio uses Google’s mobile services platform which is compliant with the most stringent security and privacy requirements. All messages and images are encrypted and communicated in such a way as to prevent eavesdropping, tampering or message forgery. Messages and attachments may be hosted temporarily in a secure Australian database and permanently in our secure Microsoft database.

This policy was last updated on 30^th September, 2020.