Chameleon Software is committed to protecting the privacy of your personal information. This commitment extends to the data recorded by you in the Case Manager application related to your case contacts (e.g. patients, referrers, insurers, and health professionals). This policy is intended to help you understand:
Chameleon Software collects two categories of personal information: we store personal data collected directly from you (our customer) and indirectly when you use our service (Case Manager) to record personal data about your case contacts.
This information is collected when you contact Chameleon Software about becoming a customer or request assistance from our support or sales team. We need to collect the following types of personal information from you to allow us to deliver our services:
In addition to the above, Chameleon Software collects the following information during the use of our Services via Case Manager:
We do not collect any sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Personal information is collected indirectly when you use Case Manager to enter client, patient, bill-to, referrer, and other case contact details.
This information you collect and store in Case Manager will include personal information such as:
Given some of the above data elements contain sensitive/special categories of personal data, it is important that when dealing with UK/EU citizens, that your organisation is GDPR compliant. See “UK/EU Customers” section below.
We will only use such personal information for the purposes of providing the services and products for which our customers have engaged us. You are responsible for ensuring that these individuals’ privacy is respected, including communicating to the individuals in your privacy policies who their personal information is being shared with and processed by.
We collect personal information directly from you to enable us to:
We use this information to provide you with any services you’ve requested and to manage our relationship with you. More specifically:
There are times when we need to share your personal information with third parties. The third parties that we share with are different based on data shared directly with us and data shared indirectly with us (Please see above for the differences between direct and indirect data).
We will only disclose directly collected personal data to:
We will only disclose indirectly collected personal data to:
Other than the above points, Chameleon Software will not share, sell, or rent personal information with anyone without your permission or unless ordered by a court of law.
Chameleon Software takes all reasonable steps to protect your personal information from loss, misuse or unauthorised disclosure, modification or destruction.
Chameleon Software has a Cyber Security Information Sheet detailing the security measures we have in place to secure your data which is available upon request.
Chameleon Software provides products and services to companies based in Australia, UK, and the USA. Personal information collected from your data subjects (e.g. patients) is always stored in a data centre located in that region. Personal data is not transferred outside of that region to ensure data sovereignty is maintained.
Chameleon Software recognises that different global regions operate under their own local governing data and privacy laws. Chameleon Software will take all reasonable steps to comply with local data and privacy laws, to the extent consistent with legal obligations we have under Australian law, where we are based.
GDPR (General Data Protection Regulation) is a set of rules aimed to streamline, update, simplify, and replace the many data protection policies that existed in the EU states. Since Brexit, the UK has adopted the “UK Data Protection Act 2018” (DPA 2018) which currently supplements and tailors the GDPR within the UK.
For Chameleon Software customers hosted in the UK (On-Prem or SaaS), all processing of personal information is performed in accordance with the privacy rights and regulations following the UK DPA 2018. Under DPA 2018, UK customers have certain rights around the personal information that we process about you:
Chameleon Software is the data controller for personal data directly collected from you. Chameleon Software is the data processor for indirectly collected personal data, you (the Customer) is the data controller for indirectly collected personal data.
Please note, Chameleon Software can only support the above rights for directly collected personal information from you (our customer). You are responsible for ensuring that personal data collected from your data subjects is done so in accordance with all relevant laws and regulations. You are also responsible for responding to any access requests from your data subjects that may wish to access, correct or delete their personal data. Chameleon Software can provide reasonable assistance to you in responding to those requests.
If you wish to exercise any of the above-mentioned rights, please email our data protection officer (DPO) with the details: firstname.lastname@example.org
The length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
Chameleon Software complies with its legal obligations in relation to notifiable data breaches and has an updated plan to ensure compliance with those requirements, including notification to the Australian Information Commissioner and any other relevant supervisory authority, and affected individuals of certain types of data breaches, and is able to promptly respond to any suspected data breaches.
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
We do not sell our services to children and the website is not intended for or directed at children under the age of 13 years. As such, our websites are designed for adult user interaction. We do not intentionally collect personally identifiable information from children under the age of 13.