1.2. Please read the Privacy and Cookies Policy carefully to understand our views and practices regarding your personal data and how we will treat it. By using our online properties including our site located at https://burst.co and purchasing our products and services you agree to the use we make in accordance with this Policy of all personal data you provide to us or we collect from you. If you do not agree with any term in this Policy, please do not use our online properties.
2. The Company
2. https://burst.co is a website and service operated by Burst Health ("We"/"Us"). Our registered office is located at Level 26, 1 Bligh St Sydney NSW 2000 Australia. We are committed to protecting and respecting your privacy.
2.1. For the purpose of the Data Protection Act 2018 (the “Act”), the data controller is Burst Health.
2.2. Our nominated representative for the purpose of the Act is James Middleton.
3. This Policy explains:
3.1. What information we may collect from you.
3.2. The types of cookies we use and how you can reject these cookies.
3.3. Where we store your personal data.
3.4. The ways with which we keep your information secure.
3.5. What we do with the data we collect.
3.6. Uses we make of your data.
3.7. The third parties we may disclose your data to.
3.8. Your rights.
4. Information we may collect from you
4.1. In this Policy your "data" means information or pieces of information relating to you or that could allow you to be directly or indirectly identified.
5. Information you voluntarily provide
5.1. All the information you provide by filling out our online consultation questionnaires. This also includes information you include when you sign up to our services.
5.2. If you contact us via email or phone, we may keep a record of that correspondence.
5.3. We sometimes ask you to complete surveys that we use for research purposes. These are however not mandatory
5.4. Details of transactions you carry out through our online properties and of the fulfilment of your orders.
5.5. The information we collect from the device you are using to access our services.
5.6. We, and other third-party service providers, may also use various different technologies to automatically collect information about how you use and access our services. These may include:but are not limited to:
6. Device information
6.1. the type of device you use;
6.2. a unique device identifier (for example, your device's IMEI number or the MAC address of the device's wireless network interface);
6.3. network information;
6.4. your operating system;
6.5. your IP address;
6.6. your login information;
6.7. the browser you are using and what version it is;
6.8. your time zone setting.
7. Other information
7.1. The full Uniform Resource Locators (URL) clickstream to, through and from our online properties (including date and time);
7.2. The different types of services/products you viewed or searched for;
7.3. page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;
7.4. any phone number used to call our customer service number.
8. Information we may receive from third-parties
8.1. Our business relies on the collaboration with third-parties (such as our dispensing pharmacy, payment and delivery services, analytics providers, search information providers, identity verification providers).
8.2. We may therefore receive information about you from them.
9. Cookies, pixels and other similar technologies
9.1. Cookies are small pieces of data that are stored on your computer, mobile phone or other device. Pixels are small blocks of code on web pages that do things like allow another server to measure viewing of a webpage and often are used in connection with cookies.
9.2. We use the following cookies:
9.2.1. Operationally necessary cookies. These are cookies that are required for the operation of our online services. For instance, cookies to enable you to log in to access our services, or cookies that are needed to take advantage of our e-billing services.
9.2.1. Performance cookies. These cookies allow us to track how our users use our service, the number of visits on each page, and behavior on each page. This helps us optimise our platform so you can find the things you are looking for and have the best experience possible.
9.2.1. Functionality cookies. These cookies allows us to recognise you by name and create a more personalized experience for you.
9.2.1. Targeting cookies. These cookies record your visit to our platform, the pages you have visited and the links you may have clicked. We will use this information to curate services and content based on your needs. This information may also be shared with third-party providers.
9.3. Cookies are essential to the improvement of our services and platform.
9.4. They enable us:
9.4.1. To estimate the size of our audience and their behaviours.
9.4.2. To customise our site according to your individual interests.
9.4.3. To speed up your searches.
9.4.4. To recognise you when you return to our site.
9.6. For more information about cookies or if you would like to learn how to remove cookies set on your device, visit: http://www.aboutcookies.org.
10. Where we store your personal data
10.1. The data that we collect from you may be transferred to, and stored at, a destination outside Australia, including to countries that do not offer the same level of protection with respect to personal data as required in Australia.
10.2. It may also be processed by staff operating outside Australia who work for us or for one of our suppliers.
10.3. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of services.
11. Information security
11.1. We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data.
11.2. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorised access to systems where we store personal data.
11.3. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
11.4. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our online properties, you are responsible for keeping this password confidential. You should not share this password with anyone.
11.5. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
12. Uses made of your data
We use information held about you in the following ways:
12.1.1. To ensure that our content is presented to you in the most effective manner.
12.1.2. To provide you with information, products or services that you request from us or which we feel may interest you. We will contact you for such purposes if you have explicitly given us your consent to do so.
12.1.3. To carry out our obligations arising from any contracts entered into between you and us. You understand that in order to provide our services to you we need to share your personal data (including sensitive medical data) with doctors and non-medical staff working at or with Burst Health as well as with pharmacies (including but not limited to our partner pharmacy superpharmacy). We ensure that any personal data we disclose in accordance with our Policy is kept to the minimum required to allow the safe and effective delivery of services to you, and will never share with non GDPR compliant third parties.
12.1.4. To facilitate the delivery of your order to you. You also understand and agree, that we will use third party delivery companies, such as Australia Post and other delivery service companies (“Delivery Providers”), to deliver medicines to you.
12.1.5. To evaluate the performance of our business at a granular level. You understand that in order to evaluate the performance of our service we may occasionally send data to validated third parties for the purposes of evaluating ongoing performance. We ensure that any personal data we disclose in accordance with our Policy is kept to the minimum required to allow the safe and effective delivery of services to you, and will never share with non GDPR compliant third parties.
12.1.6. To notify you about changes to our services.
12.3. Currently, Burst Health works with the following third party service providers:
12.3.1. superpharmacy - to fulfil our services and enable you to receive any prescribed medication; (https://www.superpharmacy.com.au/privacy);
12.3.2. Onfido - to help Burst Health verify customer’s identity and comply with regulations (https://onfido.com/privacy);
12.3.3. Mailchimp & Mandrill - to send email communications to customers. (http://mailchimp.com/legal/privacy/)
12.3.4. Trustpilot - to solicit, collate & display reviews of products & services. (http://legal.trustpilot.com/end-user-privacy-terms)
12.3.5. Crazy Egg - to help us analyse how people use its websites and identify improvements. (http://www.crazyegg.com/privacy)
12.3.6. Optimizely - to test and evaluate website improvements. (https://www.optimizely.com/privacy/)
12.3.7. Zendesk - to provide communication and customer service tools to better service customers and their requests. (https://www.zendesk.com/company/customers-partners/privacy-policy);
12.3.8. Google Analytics - to help us analyse how people use its websites and identify improvements (https://www.google.com/policies/privacy/)
12.3.9. Facebook - to help us understand how users find our site and identify improvements to the way we advertise our services. (https://facebook.com/policies/ads);
12.3.1. Twitter - to help us understand how users find our site and identify improvements to the way we advertise our services (https://twitter.com/privacy)
12.3.10. Taboola - to help us understand how users find our site and identify improvements to the way we advertise our services (https://www.taboola.com/privacy-policy)
12.3.11. Outbrain - to help us understand how users find our site and identify improvements to the way we advertise our services (https://www.outbrain.com/legal/)
12.3.12. Snapchat - to help us understand how users find our site and identify improvements to the way we advertise our services (https://www.snap.com//privacy/privacy-policy)
12.3.13. Google Stack - to help us understand how users find our site and identify improvements to the way we advertise our services, and help us optimize our site to help users find the information they are looking for (https://policies.google.com/privacy?hl=en)
12.3.14. Youtube - to help us understand how users find our site and identify improvements to the way we advertise our services (https://www.youtube.com/intl//yt/about/policies/)
12.3.15. Bing Ads - to help us analyse how people use of our websites and identify improvements; to measure the effectiveness of advertisements and communications; to provide relevant advertisements and communications to users (https://privacy.microsoft.com/privacystatement)
12.3.16. Baremetrics - to allow us to evaluate & manage the ongoing subscription status of customers and provide basic reports on business effectiveness
12.3.17. Mixpanel - to allow us to evaluate & improve subscriptions and onsite usage by customers and visitors
12.3.18. Drip - to send more personalised emails to customers or email opted in visitors
12.4. If you do not wish to receive non-order related information from us, then you can untick the ‘Newsletter’ box in the ‘Settings’ box when you sign up, any time in your account account, or on the unsubscribe link on any marketing emails you would have received. You’ll also be able to click the the unsubscribe link that you will find at the bottom of every email we send to you.
13. Disclosure of your information
13.1. If you order a product or service from us, we may share your personal data with our suppliers (including partner pharmacies) and other third parties to allow delivery of the products and services you have ordered. Any such suppliers or third parties are not authorised by us to use your personal data in any other way and will be required by us to implement measures to protect your personal data.
13.2. We may disclose your personal information to third parties:
13.3.1. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
13.3.2. If Burst Health or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
13.3.3. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms & Conditions and other agreements; or to protect the rights, property, or safety of Burst Health, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
13.3.4. In order to detect, prevent or otherwise address fraud, security or technical issues.
14. Your rights
14.2. When you use our services, we make good faith efforts to provide you with access to your personal information and either to correct this data if it is inaccurate or to delete such data at your request, if it is not otherwise required to be retained by law or for legitimate business purposes. You can ask us to suspend the account you created by contacting us at firstname.lastname@example.org.
14.3. If you would like to stop using Burst please email as at email@example.com. Your account will become inactive with immediate effect and you will not be able to access it, or your patient records (consultations and prescriptions). This action cannot be undone. You acknowledge and agree that Burst is required by law to archive electronic patient records including your personal information, communication and treatments for a minimum of 10 years.
15. Access to information
15.1. The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. We will require you to prove your identity with supporting approved identification documents in order to process your request. You can exercise the right at any time by contacting us at firstname.lastname@example.org.
16. Changes to our Policy
16.1. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email.
17.1. Questions, comments and requests regarding this Policy are welcomed and should be addressed to Burst Healthcare, Level 26, 1 Bligh St Sydney NSW 2000 Australia or via email at email@example.com.