Privacy Policy

Privacy Policy for Logiqc Pty Ltd

Effective Date: July 13, 2025

This Privacy Policy describes how Logiqc Pty Ltd ("we", "us", or "our") collects, uses, stores, and discloses personal information in connection with your access to and use of our Software as a Service (SaaS) platform and related services (collectively, the "Services").

While Logiqc is not a patient record management system design specifically for the collection of private and/or sensitive information, we recognise that information about your consumers may be entered by you in the platform. For the protection of your data and that of your consumers, we commit to managing data in accordance with best practice and applicable legal requirements.

We are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and other applicable Australian laws. Where our Services are accessed by individuals in New Zealand we also strive to comply with the New Zealand Privacy Act 2020 (see addendum to this Policy).

This Privacy Policy forms part of, and is subject to the provisions of, our Usage Terms (https://knowledgebase.logiqc.com.au/logiqc-terms-of-use).

1. What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. This may include, but is not limited to, your name, email address, phone number, physical address, payment information, IP address, and other data that can identify you.

Sensitive information is a subset of personal information that is afforded a higher level of protection under the Privacy Act. This includes information about your health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal record. We do not collect sensitive information unless it is necessary for the provision of our Services and you provide your explicit consent, or as otherwise permitted by law.

2. Collection of personal information

We collect personal information in various ways, including:

Information you provide directly to us:

• When you create an account, register for our Services, or subscribe to our newsletter.
• When you contact us for customer support, technical assistance, or provide feedback.
• When you participate in surveys or other interactive features of our Services.
• When you make payments for our Services.

 Information collected automatically when you use our Services:

• Usage Data: We may collect information about how you access and use our Services, such as your IP address, browser type, operating system, pages viewed, features used, and the time and date of your visits.
• Device Information: We may collect information about the device you use to access our Services, including device type, unique device identifiers, and mobile network information.
• Cookies and Tracking Technologies: We may use cookies and similar tracking technologies to enhance your experience, analyse trends, administer the website, track users' movements around the website, and gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level.
• Information from third parties: We do not seek personal information about you from third-party service providers. In the event we receive such information (eg. from payment processors), we will only use and store it to the extent it is required by law or necessary for our services to you and where those third parties are authorised to disclose it to us.

3. Purposes for collecting, holding, using, and disclosing personal information

We collect, hold, use, and disclose your personal information for the following purposes:

• To provide and maintain our Services: This includes processing transactions, delivering core functionalities of our SaaS platform, and providing customer support.
• To improve and personalise our Services: We use information to understand how users interact with our platform, identify areas for improvement, develop new features, and tailor your experience.
• To communicate with you: This includes sending you service-related notifications, updates, security alerts, and promotional messages (where you have consented to receive them).
• For billing and payment processing: To facilitate payments for our Services and manage your subscriptions.
• For internal record keeping and administration: To manage our business operations, maintain internal records, and comply with our legal obligations.
• For marketing and promotional purposes: To send you marketing communications about our Services that may be of interest to you, where you have provided your consent or where permitted by law. You can opt-out of these communications at any time.
• To comply with legal obligations: To meet our legal, regulatory, and contractual obligations, and to respond to lawful requests from government or law enforcement authorities.
• For security and fraud prevention: To protect our Services and users from fraudulent or illegal activities, and to maintain the security and integrity of our systems.
• For research and analytics: To perform research and analysis to better understand our users and improve our Services.

 4. Disclosure of personal information

We may disclose your personal information to the following types of third parties:

• Service providers: Information such as user account name and email address is consumed by third parties for the purposes of conducting business with you and providing user support. Personal information other than user account data is strictly never shared.
• Law enforcement and government authorities: We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (eg. a court order or government agency request).
• In connection with a business transfer: In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.
• With your consent: We may disclose your personal information to other third parties with your explicit consent.
• Aggregated or de-identified data: We may share aggregated or de-identified data that cannot reasonably be used to identify you with third parties for various purposes, including research, analytics, and marketing.

You are responsible to make all necessary notifications and dealings as required laws governing you and to obtain all necessary consents required by laws governing you from, the individuals whose Personal Information you create in the Logiqc platform.

5. Cross-border disclosure of personal information

We do not store your personal information on servers located outside of Australia.

6. Security of Personal Information

We take reasonable steps to protect the personal information we hold from misuse, interference, and loss, as well as from unauthorised access, modification, or disclosure. These steps include:

• Implementing robust physical security measures for our premises and data centres.
• Employing technological security measures such as encryption, firewalls, and anti-virus software.
• Restricting access to personal information to only those employees or contractors who need to know that information to perform their duties and who are subject to confidentiality obligations.
• Regularly reviewing and updating our security practices to adapt to new threats and technologies.

While we strive to protect your personal information while noting that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

7. Accessing and Correcting Your Personal Information

You have the right to request access to the personal information we hold about you and to request that we correct any inaccuracies.

To request access to or correction of your personal information, please contact us using the details provided in the "How to Contact Us" section below. We will respond to your request within a reasonable period and will take reasonable steps to correct any information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

In some circumstances, we may refuse your request for access or correction, in which case we will provide you with written reasons for our decision.

8. Anonymity and pseudonymity

Wherever it is lawful and practicable, you have the option of dealing with us anonymously or by using a pseudonym. However, in many situations, it will not be practicable for us to provide our Services or interact with you if you do not identify yourself or provide us with the necessary personal information.

9. Notifiable data breaches scheme

In the event of an eligible data breach that is likely to result in serious harm to you, we will comply with our obligations under the Notifiable Data Breaches (NDB) scheme, which includes notifying you and the Office of the Australian Information Commissioner (OAIC).

10. Cookies policy

We may use cookies and similar tracking technologies to enhance your experience, analyse trends, administer the website, track users' movements around the website, and gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level.

11. Third-party websites

Our Services may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party websites you visit.

12. Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features of our Services. We will notify you of any material changes by posting the updated Privacy Policy on our website and, where appropriate, by sending you an email notification. We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

13. How to Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, or if you wish to make a complaint, please contact our Privacy Officer at:

Logiqc Pty Ltd, PO Box 483 Paddington Qld, Australia 4064.

Email: privacy@logiqc.com.au

We will investigate any complaint and respond to you as soon as practicable. If you are not satisfied with our response, you may have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Additional security information is available at https://logiqc.com.au/product/cloud-hosting

Addendum for the New Zealand Privacy Act 2020

At Logiqc, compliance with legal requirements and best practice principles with regards to privacy is an important part of the development and operation of our products and services.

While our customer’s data is hosted solely within Australia, we deliver services to users in New Zealand and therefore have a responsibility to provide assurance about practices and conformance with the requirements of New Zealand’s privacy laws.

We recognise that the New Zealand Privacy Act 2020 has an extra-territorial reach, meaning there are implications for overseas SaaS companies carrying on business in New Zealand.

We start from the fundamental premise that:

• as a Logiqc customer, you own your customer data and we implement stringent security measures to safeguard your data and provide you with tools and features to control it on your terms; and
• cloud software and the data stored within it, even if physically located in Australia, can be subject to New Zealand privacy laws, particularly the New Zealand Privacy Act 2020.

While Logiqc is not specifically designed with features for gathering and processing personal and sensitive patient data, we recognise that such information about your consumers may reside in the platform because of your use. For the protection of your data and that of your consumers, we commit to managing data in accordance with best practice and applicable legal requirements.

The following information highlights our approach in relation to principles expressed in the New Zealand Privacy Act 2020.

Collection, Use, and Disclosure of Personal Information	Logiqc responsibility:	Customer Responsibility:
Notice of Collection Under Principle 3, agencies must take reasonable steps to make sure that the person knows, either before the point of collection or as soon as practicable after it is collected: why it’s being collected; who will receive it; whether giving it is compulsory or voluntary; what will happen if they don’t disclose the information; and their rights to access and correction of the information.	Logiqc commits to only access or use your data to provide the services ordered by you and in accordance with the contract terms.	To ensure the personal information is collected in a lawful manner. Customers must also make disclosures about how they collect and process personal information.
Purpose Limitation Principle 1 states that organisations must only collect personal information if it is for a lawful purpose connected with their functions or activities, and the information is necessary for that purpose.	Logiqc commits to only access or use your data to provide the services ordered by you and in accordance with the terms of use. Logiqc will not use it for any other products or to serve advertising.	To ensure collection, use, or disclosure of personal information is limited to the lawful purposes specified. Customers decide what information to put into the services and which services to use, how to use them, and for what purpose.
Manner of Collection Principle 4 states that personal information must not be collected by unlawful, unfair or unreasonably intrusive means. When an organisation collects information about a person, it has to do so in a way that is fair and legal. What is reasonable under the law depends on the circumstances, such as the purpose for collection, the degree to which the collection intrudes on privacy, and the time and place it was collected.	Logiqc commits to only access or use customer data to provide the services ordered and in accordance with the terms of use.	To ensure the collection of personal information is conducted through lawful, fair, and not unreasonably intrusive means. Such information collection should at all times be fair, lawful, and be directly related to the provisioning of services.
Personal Information Disclosure Principle 11 states that an organisation may only disclose personal information in limited circumstances. For example, the agency that holds the personal information may disclose it if the disclosure is one of the purposes in connection with which the information was obtained or is directly related to the purposes in connection with which the information was obtained. An agency may also disclose information if the individual concerned has consented to such disclosure. Disclosure is also permitted under the law if it is necessary to enable an intelligence and security agency to perform any of its functions.	Logiqc commits to only access, use or disclose customer data to provide the services ordered by the customer and in accordance with the terms of use. If Logiqc receives a government request for information, we will attempt to redirect the request to the customer and only disclose if strictly necessary to comply with legal process.	To ensure the use of personal information is limited to the purposes for which it was collected.
Requests for access to personal information Principle 6 states that people have a right to ask for confirmation of whether an agency holds any personal information about them and to ask for access to their own personal information.	Customers may access customer data on Logiqc at any time. If Logiqc receives a request from an individual relating to their personal information, we will advise the requester to submit the request to the Logiqc customer. Logiqc customers can then take control for responding to these requests as per their internal procedures and requirements.	To develop procedures and capabilities to allow individuals to access their personal information.
Cross-Border Data Disclosure Principle 12 sets rules around sending personal information to organisations or people outside New Zealand. An agency may only disclose personal information to another organisation outside New Zealand if the receiving organisation: is subject to the Privacy Act because they do business in New Zealand; is subject to privacy laws that provide comparable safeguards to the Privacy Act; agrees to adequately protect the information (e.g. by using model contract clauses); or is covered by a binding scheme or is subject to the privacy laws of a country prescribed by the New Zealand Government.	Where transferring personal information to an offshore data processor (like a cloud storage provider) for storage or processing only (not for the processor's own use or disclosure) is generally not classified as a "disclosure" for the purposes of Principle 12. However, the original New Zealand entity remains responsible for that data and its compliance with all other Privacy Principles.	Customers should ensure proper consent and justification (in the event consent is not required) for cross-border transfers are in place.
Data Breach Notification The Privacy Act introduces mandatory privacy breach notification requirements for organisations when a notifiable privacy breach has occurred having affected individuals. This includes notification to the Privacy Commissioner and to affected individuals as soon as practicable after becoming aware that a notifiable privacy breach has occurred. Agencies must consider several elements when assessing whether a privacy breach is likely to cause serious harm (i.e., to determine whether the breach is “notifiable”), such as any action it took to reduce the risk of harm following the breach or whether the personal information is sensitive. Agencies can use the Privacy Commissioner’s “NotifyUs” tool to report a breach. This tool allows agencies to undertake a privacy breach self-assessment, report a notifiable privacy breach, and update a report as necessary	Logiqc not only completely automates its build processes but also prioritises substantial investments in automated monitoring, alerting, and response capabilities to proactively tackle potential issues. Our product infrastructure is equipped with instrumentation to promptly notify engineers and administrators of any anomalies. Specifically, fluctuations in error rates, instances of abuse, application attacks, and other irregularities prompt automatic responses or alerts to the relevant teams for swift investigation and resolution. Moreover, numerous automated triggers are specifically designed to promptly address abnormal situations. Actions such as traffic blocking, file quarantining, process termination, and similar functions are activated when predefined thresholds are exceeded. In the event of a data breach, the designated Primary Contact in the Logiqc platform Account page will be notified within 24 hours.	Customers should develop policies and procedures for effectively addressing data breaches, including early warning systems, effective communication protocols, and robust remediation procedures.
Retention Privacy Principle 9 states that an agency that holds personal information must not keep that information for longer than is required for the purposes for which the information may lawfully be used.	Customer data is retained for as long as you remain an active customer. Data created and stored within the platform remains the property of the client. Upon termination of subscription client data can be provided in a csv format. Former clients will have their data and backups removed from our production servers and following the termination of all customer agreements.	Customers should use the available Logiqc controls to hide or archive relevant personal information it holds once its purpose has expired.
Storage and Security Under Principle 5, organisations must ensure there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse or disclosure of personal information. This includes making sure personal information is protected from loss, accidental or unauthorised disclosure, access, use or modification or any other misuse.	Logiqc does not host your data within its corporate offices. In pursuit of maximum availability and resilience, our service is hosted on the Microsoft Azure cloud platform. Key points: 99.95% CSP uptime Backup to offsite regional data centre Tightly regulated data centre security Managed in accordance with ISO 9001 and ISO 27001 Regular independent pen testing Data encrypted in transit using TLS version 1.2 with a 2048-bit signatory key Sub-four hour RPO and six hour RTO	Customers should implement sufficient security controls to protect the personal information including proper configuration of features.
Unique Identifiers Principle 13 prescribes rules for assigning and handling personal identifiers such as a driver’s licence number, a passport number, a student ID number, or an IRD number. It states that an agency can only use unique identifiers when it is necessary and cannot assign a unique identifier to a person if that unique identifier has already been given to that person by another agency. Agencies must also take reasonable steps to protect unique identifiers from misuse.	Logiqc commits to process and protect your data in accordance with the contract terms.	Customers should assign unique identifiers only if necessary and implement procedures for the management and protection of personal identifiers.