Privacy Policy

This Privacy Policy explains how Booklify (“Booklify”, “we”, “us” or “our”) handles personal information. Booklify is an online appointment-management platform used by healthcare practices (such as medical and optometry clinics) to schedule appointments, send reminders and manage patient recalls.

We are committed to protecting your privacy and to handling personal information in accordance with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs), and — for individuals and practices in New Zealand — the Privacy Act 2020 (NZ), its Information Privacy Principles (IPPs) and the Health Information Privacy Code 2020.

1. Our role: who controls your information

Booklify operates on two levels, and our privacy obligations differ depending on the relationship:

• For healthcare practices using Booklify (our customers): we collect and hold information about the practice and its staff so we can provide the platform. For this information we are the entity primarily responsible.
• For patients of those practices: the practice decides what patient information is collected and why. The practice is the entity primarily responsible for that information (the data controller), and Booklify processes it on the practice’s behalf and on its instructions (as a data processor / service provider). If you are a patient and want to access, correct or delete your information, the quickest path is usually to contact your practice directly. You may also contact us using the details below.

2. Information we collect

Practice and staff information

• Practice name, address and contact details;
• staff account details — name, email address, role (administrator, receptionist or practitioner) and an encrypted (hashed) password;
• practice configuration such as locations, services, working hours and settings.

Patient information

• Name, email address, phone number and date of birth;
• preferred location and appointment, booking, recall and reminder history;
• communications we send or schedule on the practice’s behalf (for example appointment confirmations, reminders and recall notices) and related delivery status;
• for patients who use a practice’s online booking portal, an encrypted (hashed) password and email-verification status.

Information about a person’s health, or that they are a patient of a particular practice, is sensitive information under the Privacy Act 1988 (Cth) and health information under New Zealand’s Health Information Privacy Code, and attracts a higher level of protection. We only handle this information to provide the platform to the relevant practice.

Technical information

• Log data, device and browser information, IP address and similar information automatically generated when the platform is used, which we use for security, troubleshooting and to keep the service reliable.
• Cookies and similar technologies that are strictly necessary to keep you signed in and to operate the service. We do not use the platform for third-party advertising.

3. How we collect information

We collect information directly from practices and their staff when they register and use Booklify, and from patients when they book or register through a practice’s online booking portal. We also receive patient information from practices when staff enter or import it into the platform. Where it is reasonable and practicable, we collect personal information directly from the individual concerned.

4. Why we use information

We use personal information to:

• provide, operate, maintain and secure the Booklify platform;
• schedule, confirm, reschedule and cancel appointments, and send appointment reminders, recall notices and follow-up messages on the practice’s behalf;
• authenticate users and maintain an audit log of actions for security and accountability;
• provide customer support and respond to enquiries;
• improve the reliability, performance and security of the platform;
• comply with our legal obligations.

We do not sell personal information, and we do not use patient information for our own marketing.

5. Notifications and messages

Booklify sends transactional messages — such as appointment confirmations, reminders, recalls and follow-ups — by email and, where enabled, SMS, on behalf of the practice. These messages are part of the care and scheduling service the practice provides. If you wish to change or stop receiving them, please contact your practice, which controls these settings.

6. Disclosure of information

We may disclose personal information to:

• the healthcare practice that holds your record (for patient information);
• trusted service providers who help us operate the platform under contract — for example cloud hosting and database providers, and email and SMS delivery providers — who are only permitted to use the information to provide their service to us;
• law enforcement, regulators or others where we are required or authorised by law to do so.

7. Storage, hosting and overseas disclosure

We hold personal information in secured databases and take reasonable steps to protect it from misuse, interference, loss, and unauthorised access, modification or disclosure — including encryption of passwords, encryption of data in transit (TLS/SSL) and access controls that scope every practice’s data to that practice only.

Booklify uses reputable cloud infrastructure and sub-processors. Some of these providers may store or process information on servers located outside Australia and New Zealand. Where information is disclosed to an overseas recipient, we take reasonable steps to ensure it is handled consistently with the APPs and applicable New Zealand law.

8. Data retention

We retain personal information for as long as needed to provide the service to the relevant practice, and afterwards only as required to meet the practice’s legal and record-keeping obligations or our own. Practices are responsible for the retention periods that apply to their patient records. When information is no longer required, we take reasonable steps to delete or de-identify it.

9. Accessing and correcting your information

You have the right to request access to the personal information we hold about you and to ask us to correct it if it is inaccurate, out of date or incomplete. If you are a patient, please contact your practice first, as it controls your record; the practice can update your details directly in Booklify. For practice and staff information, or if you cannot reach the practice, contact us using the details below. We will respond within a reasonable period and may need to verify your identity first.

10. Data breaches

We maintain procedures to detect, contain and assess suspected data breaches. Where a breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme, and the Office of the Privacy Commissioner (New Zealand) where the NZ Privacy Act applies. Where we act as a service provider to a practice, we will also notify the affected practice without undue delay so it can meet its own obligations.

11. Children’s information

Practices may use Booklify to manage appointments for patients of any age, including children, where the practice has the necessary authority or consent (for example from a parent or guardian). Booklify is not directed to children as direct users.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page shows when it was last revised. Material changes will be notified through the platform or by other reasonable means.

13. How to contact us

If you have a question, request or complaint about how we handle personal information, please contact our Privacy Officer:

• Email: privacy@booklify.co.za
• Post: Privacy Officer, Booklify

We will acknowledge your complaint and aim to resolve it promptly. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) or, in New Zealand, the Office of the Privacy Commissioner.