myBeepr commitment to privacy and security
JRB Technologies Pty Ltd (myBeepr, we, us or our) are committed to always protecting the privacy of personal information. This is one of the foundational pillars of our company philosophy and embedded in our DNA on how we operate and build our technology.
1. WHAT INFORMATION DO WE COLLECT AND WHY?
When you register with myBeepr, we collect information that personally identifies you, such as your name, address, mobile telephone number, email addresses and other information that you provide to us or that you include in any myBeepr profile or account.
The decision to provide this information is of course voluntary. However, if you choose not to provide this type of information, you may not be able to use certain features.
We automatically collect usage information that informs us on how users’ access and use the Services (“Usage Data”). For example, when you download and use Services such as myBeepr secure messaging, we automatically collect information on meta data regarding messages sent and or received.
We do not automatically collect information on the type of device you use and the device identifier (or “UDID”) unless you provide us with this type of information.
In addition, each time you use our Services, like most internet service providers, we automatically collect information regarding the type of web browser you use, your operating system, your Internet Service Provider, your IP address, the pages you view on our Site, the time and duration of your visits to the Site, crash logs and other information relating to your use of the Services.
We use this information to analyse trends, administer the Services, troubleshoot any user problems, and to enhance and update the Services.
We collect the information in your myBeepr messages “Message Data” for analytics purposes. All messages are end-to-end encrypted and therefore no unauthorised person including myBeepr can see it.
All messages are automatically deleted from your device 30 days after being sent.
After its destruction from your device, Message Data is permanently deleted and cannot be retrieved by myBeepr except for archived data with respect to those clients who have paid separately for us to archive such Message Data (for example your hospital organisation). In this instance, only the hospital administrator has access to the archives.
Why do we collect this information?
We use the information we collect for internal purposes only. myBeepr may use Personal information to contact you in regarding the provision of our service.
We collect, hold, use and disclose personal information for these reasons:
to provide customer support including troubleshooting;
to contact users of the service;
to maintain, protect and improve the service;
to develop new products or service;
for any purpose required by law.
In addition, we may message you to let you know about new releases, patches and other updates to the Services or inform you about myBeepr’s new products and services that may be of interest. You can opt out of receiving marketing communications from myBeepr at any time by contacting our Privacy Officer at email@example.com, or through any opt out message sent to you.
2. HOW DO WE SAFEGUARD YOUR INFORMATION
myBeepr is committed to protecting the security of personal information. We employ security measures designed to protect personal information from misuse, interference and loss and unauthorised access, modification and disclosure.
What we will do to ensure privacy integrity
Our privacy philosophy is based on our commitment to giving you transparency over the collection, use, and distribution of data.
We never use your myBeepr data for displaying advertising;
We take a profound and expert led approach to ensure your data and all Personal information is secure;
You can access your own personal information at any time and for any reason, if it has not already been deleted in accordance with our destruction policy described above.
How we protect your identity and account information
At myBeepr we use identity verification and authentication functionality to verify your myBeepr account. This functionality is also used for the organisational single sign on and in order to protect access.
How we ensure that messages are secure
myBeepr is true end-to-end encrypted and utilises the industry standard asymmetric encryption Elliptic Curve Cryptography (ECC) as well as symmetric encryption AES-256 to encrypt data.
Messages sent through myBeepr are encrypted at rest and in transit, i.e. when sent and decrypted when received by the receiver (end-to-end encryption). What this means is that no third party, including myBeepr itself, can ever decrypt or read the messages. If the organisation you are using myBeepr for has agreed to archive data only their administrator has access to the encryption key to access archived data.
Messages are automatically deleted from your device after 30 days, ensuring that there are no large troves of patient data that can be hacked or otherwise accessed without authorisation.
How we further safeguard against cyber security threats
myBeepr takes security very seriously. Therefore, we have engaged an A-grade provider of cloud hosting, infrastructure and support services. This service allows myBeepr to provide 24/7 support, 99.98% production platform uptime, proactive infrastructure monitoring and tuning for maximum application performance and technology in line with the top ten Open Web Application Security Project (OWASP) standards. We are also using Secure Real-time Transport Protocol (SRTP) as it is best practice industry standard.
3. HOW WE USE THE INFORMATION WE COLLECT
In line with our values, we use information we collect for internal purposes only. We do not sell or rent information about you. We will not disclose information to third parties without your expressed consent.
myBeepr may use your Personal information to contact you regarding the Services. For example, we may, with your permission, message you to let you know about new releases, patches and other updates to the Services.
From time to time, we may contract with Service Providers to provide certain services, such as hosting and maintenance. We provide our Service Providers with only the information necessary for them to perform these services. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal information and Message Data from unauthorized access, use or disclosure. Service Providers are prohibited from using personal information or message data in any manner other than as specified by us.
4. ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
You can always review, correct, update, or change your personal information. Upon your request, we will:
correct, update or change your Personal information;
stop sending you messages if you wish to opt out of our direct marketing efforts; and/or
disable your account to prevent any future activity through that account.
QUESTIONS AND COMPLAINTS
If you have any questions or you believe that we have not complied with our obligations under the Privacy Act, or you believe that the information we hold about you is incorrect or has been compromised, please contact our Privacy Officer at firstname.lastname@example.org
We will respond to any question or complaint as soon as possible. If you do not agree with or are dissatisfied with our response, you can contact the Office of the Australian Information Commissioner at email@example.com or on 1300 363 992 to lodge a complaint.