Website Privacy Notice

This notice explains how Mondrian Health Pty Ltd (Mondrian, we, us or our) handles personal information through the public Mondrian Health website at https://mondrianhealth.com.

The website is designed for general information, business enquiries and early conversations about hospital operations, planning, advisory work and Mondrian Health products. It is not a patient portal, clinical service, emergency service or secure patient-information channel.

This notice is written for website visitors, people who contact us, people who book or request a conversation, business contacts, prospective customers, suppliers, partners, advisers and other people who interact with us through the public website.

It does not replace any product-specific privacy notice, data processing schedule, security schedule, order form, statement of work or signed customer agreement that applies to a Mondrian Health product, pilot, demonstration, implementation, consulting engagement or secure product environment.

At a glance

• The website is for information, business enquiries and professional conversations.
• Please do not send patient information, clinical records or confidential operational datasets through the website or ordinary email.
• If sensitive information is needed for a legitimate business discussion, start with a general enquiry so we can arrange an appropriate secure channel.
• Some website forms may open your email client with a pre-filled message. In that case, the website does not store the form submission; the message is sent only if you choose to send it.
• We use enquiry information to respond to you, route your enquiry, keep a record of the conversation, improve our website and manage our business.
• We may use limited analytics, cookies and similar technologies to understand aggregate website activity, improve content and keep the website secure.
• We do not sell personal information.
• We handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles to the extent they apply to Mondrian Health.

What this notice covers

This notice covers information handled through the public Mondrian Health website, including:

• website browsing and technical logs;
• contact links and enquiry forms;
• email enquiries generated from the website;
• meeting, demonstration or strategy-call requests;
• newsletter, event, insight or update subscriptions if offered;
• supplier, partner, media, investor, recruitment or general business enquiries;
• website analytics, performance measurement and security monitoring;
• communications sent to Mondrian Health because of the website.

This notice does not cover:

• customer data uploaded into a Mondrian Health product environment;
• information handled inside a contracted product, pilot, demonstration, implementation or secure workspace;
• information handled under a signed customer agreement;
• information held by hospitals, health services, insurers, funders, advisers or other third parties under their own privacy obligations;
• personal information handled by third-party websites that are linked from our website.

Information we collect

The information we collect depends on how you use the website.

Information you choose to provide

If you contact us, request a meeting, click an email link, submit a form, subscribe to an update or otherwise communicate with us, we may receive:

• your name;
• your work email address;
• your organisation;
• your role, job title or area of responsibility;
• your phone number if you choose to provide it;
• your country, state, region or time zone if relevant to the enquiry;
• the area of interest you select, such as Mondrian Theatre, Mondrian Estimate, hospital flow and operations, capacity planning, advisory services, public health services, private hospitals or another topic;
• the message, question or business context you provide;
• files, links, attachments or supporting information you choose to send;
• the date, time and history of our communications with you;
• information needed to arrange meetings, demonstrations or follow-up conversations.

Contact-form generated emails

Some forms on the website are designed to open your email client with a pre-filled message. When that happens, the website itself does not store the form submission.

You decide whether to send the email. Once you send it, the message is handled through ordinary email infrastructure and received by Mondrian Health at the relevant Mondrian Health email address.

Website and technical information

When you visit the website, standard web systems may automatically generate information such as:

• IP address;
• approximate location derived from technical connection data;
• browser type and version;
• device type;
• operating system;
• referring page, link or search source;
• pages viewed and links clicked;
• dates and times of visits;
• cookie identifiers or similar technical identifiers;
• error logs, performance logs and security logs.

This information helps us operate, troubleshoot, secure and improve the website.

Analytics and measurement

Where analytics tools are configured, they are used to understand aggregate website activity. For example, analytics may help us understand which pages are visited, how visitors arrive, whether pages load properly and which content is useful.

We aim to configure analytics in a way that minimises personal information collection where reasonably practicable. We do not use website analytics to make clinical decisions about patients or to create patient-level profiles.

We do not use the public website for behavioural advertising or cross-site advertising profiles unless this notice is updated and any required consent process is implemented.

Communications and marketing preferences

If you ask to receive updates, insights, newsletters, event information or similar communications, we may use your contact details to send them.

You can opt out of non-essential marketing communications by using the unsubscribe link in the communication, replying to us, or contacting us using the details at the end of this notice.

We may still send non-marketing communications that are reasonably necessary for business administration, responding to enquiries, arranging meetings, managing a relationship or complying with legal obligations.

Recruitment, supplier and partner enquiries

If you contact us about working with Mondrian Health, supplying services, partnering with us or similar matters, we may collect information relevant to that enquiry. This may include professional background, contact details, organisation details, links to professional profiles, correspondence and any documents you choose to send.

Information we do not want through the website

The public website is not a clinical service, patient-support channel, secure data-submission channel or emergency contact pathway.

Please do not submit through the website, contact forms or ordinary email:

• patient names;
• patient contact details;
• Medicare numbers, insurer identifiers, hospital UR numbers, medical record numbers or other patient identifiers;
• dates of birth or residential addresses;
• identifiable clinical narratives;
• full patient records;
• health information about yourself or another person unless we have expressly agreed to receive it through an appropriate channel;
• confidential hospital datasets;
• commercially sensitive information that has not been approved for ordinary email;
• information you are not authorised to share.

If you send patient information, sensitive information or confidential material to us through the website or ordinary email without an agreed secure process, we may delete it, quarantine it, refuse to process it, ask you to resend it through a secure channel, or take other reasonable protective action.

Sensitive information and health information

Sensitive information includes health information and other categories of information that receive additional protection under Australian privacy law.

Mondrian Health does not seek sensitive information through the public website for ordinary website use. We only collect sensitive information through the website if:

• you provide it voluntarily;
• it is reasonably necessary for a permitted purpose;
• we have your consent or another lawful basis applies; and
• the collection is appropriate in the circumstances.

The safest approach is not to send sensitive information through the public website. If a legitimate business discussion requires sensitive material, contact us first in general terms so we can agree an appropriate channel and process.

Anonymity and pseudonymity

You can browse most public website pages without identifying yourself.

You may also make a general enquiry using limited information where it is lawful and practicable. However, if you want us to respond, arrange a meeting, assess a business request or maintain a continuing conversation, we will usually need enough identifying and contact information to do that.

Why we use information

We use information handled through the website to:

• respond to enquiries;
• arrange meetings, demonstrations, strategy conversations or advisory discussions;
• understand what you are trying to plan, model, improve or decide;
• route your enquiry to the right person at Mondrian Health;
• provide information about our products, services, advisory work and content;
• maintain continuity of business conversations;
• send updates or insights where you have requested them or where permitted by law;
• manage supplier, partner, media, recruitment or professional enquiries;
• improve the website, content, design and user experience;
• monitor website performance, reliability and security;
• detect misuse, spam, technical errors, fraud or security issues;
• maintain business, audit and legal records;
• comply with legal, regulatory, insurance and professional obligations;
• protect Mondrian Health, website visitors and third parties.

We do not use website enquiries to make clinical decisions about patients.

Who we share information with

We may share information with people and providers who help us operate the website, communicate with you and manage our business. This may include:

• Mondrian Health personnel, directors, employees, advisers and contractors who need the information for a legitimate purpose;
• website hosting and infrastructure providers;
• email, calendar, booking and communication service providers;
• analytics, performance measurement and website improvement providers where configured;
• security, logging, monitoring, spam prevention and abuse-prevention providers;
• customer relationship management, document management and business administration providers where used;
• professional advisers, auditors, insurers, accountants and legal representatives;
• regulators, courts, law enforcement, government agencies or other authorities where required or permitted by law;
• a purchaser, investor, financier, adviser or other participant in a proposed or completed business sale, restructure, merger, investment, financing or asset transfer, subject to appropriate confidentiality arrangements where practicable.

We do not sell personal information.

Overseas handling

The website and related business systems may be hosted, supported or accessed using providers located in Australia and overseas.

Depending on the tools and providers in use at the relevant time, personal information associated with website enquiries, email, analytics, hosting, security, backups, business administration or support may be processed in countries including Australia, the United States, the United Kingdom, member states of the European Union, New Zealand, Singapore and other locations used by our service providers.

Where we disclose personal information to an overseas recipient, we will take reasonable steps in the circumstances to protect that information in line with applicable privacy obligations.

Cookies and similar technologies

Cookies are small text files stored on your device when you visit a website. We also use related technologies such as local storage, tags and server logs. We group the cookies and similar technologies used on this website into four categories.

Strictly necessary cookies are required for the website to function and to remember your privacy choices. They are always active and do not require your consent. Preferences (functional), analytics (performance) and marketing (targeting) cookies are optional, and we do not set any optional cookie until you give consent through our cookie banner or the Manage cookie preferences control.

When you first visit the website you can choose Accept all, Reject all, or set your choices for each category individually. You can change or withdraw your consent at any time — and as easily as you gave it — using the Manage cookie preferences link in the website footer or the cookie-settings button on screen. Withdrawing consent stops the relevant optional cookies from being used and removes the analytics cookies we previously set.

We record your choices, together with the date and the version of this notice, so that we can honour them and re-ask you if our cookie practices change. We will ask you to confirm your choices again at least every six months.

Today the only optional technology we use is Google Analytics 4, which helps us understand aggregate website activity. Google Analytics is provided by Google LLC and may involve handling of information in the United States; please see the Overseas handling section of this notice. We do not use the public website for behavioural advertising or cross-site advertising profiles.

The cookies and similar technologies currently in use are:

If we add new optional cookies — for example preference or marketing technologies — we will update this table, update the version of this notice, and ask for your consent again before those cookies are used.

You can also control cookies through your browser settings. Blocking some cookies may affect how parts of the website work. For any privacy question or complaint about cookies, contact our Privacy Officer using the details at the end of this notice; if you are not satisfied with our response you may contact the Office of the Australian Information Commissioner.

How we protect information

We use reasonable technical and organisational measures designed to protect information handled through the website. These may include:

• access controls;
• secure hosting and deployment practices;
• encryption in transit where available;
• monitoring and logging;
• spam, abuse and malware controls;
• limiting access to enquiry information to people who need it;
• internal practices for handling sensitive or confidential enquiries;
• vendor and service-provider controls where appropriate.

No website, email system or internet transmission is completely secure. Please do not use the website or ordinary email to send patient information, clinical records or confidential operational datasets.

How long we keep information

We keep information for as long as reasonably necessary for the purpose for which it was collected, including to:

• respond to enquiries;
• keep a record of business conversations;
• manage relationships and follow-up communications;
• operate, troubleshoot and secure the website;
• meet legal, accounting, audit, insurance and record-keeping obligations;
• resolve disputes or protect rights;
• maintain backups and security records for a reasonable period.

When information is no longer needed, we will delete it, de-identify it or otherwise handle it in line with our retention practices and legal obligations.

Access, correction and privacy requests

You may contact us to request access to personal information we hold about you or to ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading.

We may need to verify your identity before responding. In some cases, we may not be able to provide access or make a correction, for example where a legal exception applies. If that happens, we will explain our position where reasonably practicable.

There is no fee for making an access or correction request. If a request requires substantial work, we may charge a reasonable cost-recovery fee where permitted by law and will tell you before doing so.

Privacy complaints

If you have a privacy concern or complaint, please contact us using the details at the end of this notice.

Please include enough detail for us to understand and investigate the issue. We will aim to respond within a reasonable time.

If you are not satisfied with our response, you may have the right to raise the matter with the Office of the Australian Information Commissioner.

Data breaches

If Mondrian Health becomes aware of a data breach involving personal information and the Privacy Act 1988 (Cth) requires notification, we will take steps required by the Notifiable Data Breaches scheme, including notifying affected individuals and the Office of the Australian Information Commissioner where required.

Nothing in this notice prevents us from taking urgent steps to investigate, contain, remediate or reduce the risk of harm from a security issue.

Children's privacy

The website is intended for organisational, professional and business audiences. It is not directed to children, and we do not knowingly collect personal information from children through the ordinary operation of the website.

Links to other websites

The website may include links to third-party websites, services, publications, datasets, social media pages or resources.

Those third parties are responsible for their own content, security and privacy practices. Their websites and services are not controlled by Mondrian Health. You should review their privacy notices before providing information to them.

Changes to this notice

We may update this notice from time to time. The Last updated date at the top of this page shows when the current version took effect.

If we make a material change, we will take reasonable steps to make the updated notice available on the website or otherwise notify affected people where appropriate.

Contact us

For privacy questions, requests or complaints, contact:

Privacy Officer
Mondrian Health Pty Ltd
ABN 28 670 479 044
ACN 670 479 044
Email: enquiry@mondrianhealth.com