Home / Your rights / Privacy Policy

Privacy Policy

Kismet Healthcare Pty Ltd ("Kismet", "we", "us" or "our"), trading as "Kismet Healthcare", is an online database accessible via the "Kismet" mobile application or Kismet website at the url: https://www.kismet.healthcare/("Platform"), which provides a marketplace for healthcare services by connecting healthcare service providers to individuals who require or who seek to arrange healthcare services.

A User means a person, entity or organisation who accesses and uses our Platform to connect to Providers whether for themselves or on behalf of others.

A Provider is a person or entity offering the provision of the Providers' products or services to Users on the Platform.

You means a User or a Provider.

The Platform connects, through the Platform or any other third party platform integrated with the Platform, Users (who require for themselves on or behalf of others, the services marketed on the Platform) with Providers who may be able to provide matching services by facilitating introductions between Users and Providers.

We respect your privacy and are committed to protecting it through our compliance with this privacy policy ("Policy"). This Policy describes the types of information we may collect from you or that you may provide via the Platform, and our practices for collecting, using, maintaining, protecting, and disclosing that information. It also describes the choices available to you regarding our use of your information and how you can access and update it.

This information is handled subject to the Privacy Act 1988 (Cth) ('Privacy Act') and Health Records Act 2001 (Vic) and the equivalent legislation in NSW and the ACT ('Health Records Act'). This Policy is published in accordance with Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Act.

This Policy is a legally binding agreement between you and Kismet. If you are entering into this agreement on behalf of a person, business or other legal entity, you represent that you have the authority to bind such person or entity to this agreement, in which case the terms "User", "you" or "your" shall refer to such person or entity. If you do not agree with the terms of this agreement, you must not accept this agreement and must not access and use the Platform. By accessing and using the Platform, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy.

We only collect, use, and disclose personal information where this is permitted by the Privacy Act and for the purposes outlined in this Policy.

Specific information about the personal and sensitive information we collect, use, and disclose to carry out specific activities is outlined below.

Please read this Policy carefully in order to understand how your personal and sensitive information may be collected, held, used, or otherwise processed by us.

Kismet reserves the right to make changes or updates to this Policy from time to time. If this happens, we will update this Policy on our website.

1. What is 'personal information'?

Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable from that information.

2. Collecting personal information

You can access and use parts of the Platform without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the features offered in the Platform, you may be asked to provide certain personal information (for example, your name and email address). We receive and store any information you provide to us when you create an account, make a purchase, or fill any forms in the Platform.

If you are a User: this information may include the following:

  • Account details (such as user name, unique user ID, password, etc)
  • Contact information (such as email address, phone number, etc)
  • Basic personal information (such as name, place of residence, etc)
  • Sensitive information (such as ethnicity, religious beliefs, health information, etc)
  • Payment information (such as credit card details, bank details, etc)
  • Geolocation data of your device (such as latitude and longitude)
  • Certain features on the mobile device (such as contacts, calendar, gallery, etc)
  • Information about other individuals (such as your family members, friends, etc)
  • Any other materials you willingly submit to us (such as articles, images, feedback, etc)

If you are a Provider, this information may include the following:

  • Your business information (such as contact details, domain, location)
  • For paid registered providers, banking details for payment processing
  • For housing providers, the approximate location of the housing and other information to market the housing offering

Some of the information we collect is directly from you via the Platform. However, we may also collect personal information about you from our joint partners of from other sources such as google, for the purposes of collecting review of Providers. Personal information we collect from other sources may include demographic information, such as age and gender, device information, such as IP addresses, location, such as city and state, and online behavioural data, such as information about your use of social media websites, page view information and search results and links.

You can choose not to provide us with your personal information, but then you may not be able to take advantage of some of the features in the Platform. If you are uncertain about what information is mandatory, you are welcome to contact us at help@kismet.healthcare.

3. What is 'sensitive' information'?

We may collect sensitive information about you if you provide it to us. This might include information about your health (including mental, physical, physical, and disability information), sexual orientation, genetic or biometric information and other medical information including your medical history, mental health history, personal history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.

4. Collecting sensitive information

We will only collect your sensitive information where you, your parent, guardian or support coordinator provides it to us.

5. Why we collect personal and sensitive information

We collect personal and sensitive information for reasons including:

  • registration processes;
  • identification purposes;
  • NDIS funding and related administrative purposes;
  • consideration of a participant's needs to propose suitable and appropriate providers;
  • to market and promote providers; and
  • for billing and payment processing purposes.

6. Disclosure of your personal and sensitive information

Kismet does not ordinarily disclose personal and sensitive information of Users and/or participants to any third party in the course of providing the services.

Kismet only discloses the information of the Provider on the Platform as necessary to market the Provider and to facilitate User access to the Provider. If it is expressly requested (via tick box function) that shortlisted Providers can contact the User, then the necessary contact information with be disclosed via the Platform.

We may share your information with our affiliates, contracted companies, and service providers (collectively, "Third Party Affiliates") we rely upon to assist in the operation of the Platform. We will not share any personally identifiable information with third parties and will not share any information with unaffiliated third parties.

Third Party Affiliates are not authorised to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. Third Party Affiliates are given the information they need only in order to perform their designated functions, and we do not authorize them to use or disclose any of the provided information for their own marketing or other purposes.

The limited circumstances where your personal or sensitive information may be required or authorised to be disclosed include when it is:

  • to you;
  • with your consent;
  • necessary to lessen or prevent a serious threat to a patient's life, health or safety or public health or safety, or if it is impracticable to obtain a patient's consent; and
  • under any relevant law;

We will only disclose the minimal amount of information necessary for the relevant purpose.

Payment processing

In case of plans or other parts of the Platform that require payment, you may need to provide your credit card details or other payment account information, which will be used solely for processing payments. We use third-party payment processors ("Payment Processors") to assist us in processing your payment information securely.

Payment Processors adhere to the latest security standards as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. Sensitive and private data exchange happens over a SSL secured communication channel and is encrypted and protected with digital signatures, and the Platform also in compliance with strict vulnerability standards in order to create as secure of an environment as possible for Users. We will share payment data with the Payment Processors only to the extent necessary for the purposes of processing your payments, refunding such payments, and dealing with complaints and queries related to such payments and refunds.

Please note that the Payment Processors may collect some personal information from you, which allows them to process your payments (e.g., your email address, address, credit card details, and bank account number) and handle all the steps in the payment process through their systems, including data collection and data processing. The Payment Processors' use of your personal information is governed by their respective privacy policies which may or may not contain privacy protections as protective as this Policy. We suggest that you review their respective privacy policies.

7. Storage and security of personal and sensitive information

We secure information you provide on computer servers in a controlled, secure database, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of personal and sensitive information in our control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

Therefore, while we strive to protect your personal and sensitive information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and the Platform cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

As the security of personal and sensitive information depends in part on the security of the device You use to communicate with us and the security you use to protect your credentials, please take appropriate measures to protect this information.

A range of measures are in place to protect personal and/or sensitive information provided on or via the Platform:

  • robust multi-tiered technical security controls, which protect the integrity, confidentiality, and availability of personal and/or sensitive information;
  • password protection processes to provide access to authorised users only and restrict unauthorised access; and
  • educating our employees and implementing internal policies in respect of the above.

Data breach

In the event we become aware that the security of the Platform has been compromised or your personal information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to you as a result of the breach or if notice is otherwise required by law. When we do, we may post a notice on the Platform, send you an email, get in touch with you over the phone, or mail you a letter.

8. Collecting through our website

We will collect your personal and sensitive information if you provide it when using the Platform. We will use this information for the purpose for which you provided it. Your first name and the content of your email, and any additional information you choose to provide, may also be used to respond and for reporting purposes.

Automatic collection of information

When you use the Platform, our servers automatically record information that your device sends. This data may include information such as your device's IP address and location, device name and version, operating system type and version, language preferences, information you search for in the Platform, access times and dates, and other statistics.

Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding the usage of the Platform. This statistical information is not otherwise aggregated in such a way that would identify you.

Website analytics and cookies

Our Platform may use third-party analytics tools that use cookies, web beacons, or other similar information-gathering technologies to collect standard internet activity and usage information. The information gathered is used to compile statistical reports on User activity such as how often Users visit our Platform, what pages Users visit and for how long, etc. We use the information obtained from these analytics tools to monitor the performance and improve our Platform. We do not use third-party analytics tools to track or to collect any personally identifiable information of our Users and we will not associate any information gathered from the statistical reports with any individual User.

The Platform uses tools such as Google Analytics and Hubspot CRM to help us continually improve the user experience.

Google Analytics is hosted by a third party. We may use Google Analytics to collect data about your interaction with our Platform. The type of data that we may collect includes:

  • your device's IP address;
  • type of device;
  • browser used to visit the website;
  • geographic location;
  • search terms;
  • pages visited; and
  • date and time when website pages were accessed.

Google Analytics collects information using cookies. Cookies are small data files transferred onto computers or devices by websites. We use cookies on our Platform for record-keeping purposes and to enhance the Platform's functionalities. Kismet may collect other information about user interaction through cookies.

We may use cookie data to improve your experience when using our Platform.

Most browsers allow you to choose whether or not to accept cookies. You can find further information on how to manage or disable cookies in common browsers below:

If you disable all cookies in your browser, you may find that certain sections of our Platform may not work.

Affiliate links

We may engage in affiliate marketing and have affiliate links present on the Platform for the purpose of being able to offer you related or additional products and services. If you click on an affiliate link, a cookie may be placed on your browser.

Links to other resources

The Platform contains links to other resources that are not owned or controlled by Kismet, including the websites of Providers. Please be aware that we are not responsible for the privacy practices of such other resources or third parties. We encourage you to be aware when you leave the Platform and to read the privacy statements of each and every resource that may collect personal and/or sensitive information.

The Providers' use of your personal information is governed by their respective privacy policies which may or may not contain privacy protections as protective as this Policy. We suggest that you review Provider privacy policies.

9. Social Networking and Marketing

We may use social networking services such as Twitter, Facebook, LinkedIn, and YouTube to communicate with the public about our Platform. When you communicate with us using these social media platforms we may collect your personal and sensitive information if you provide it, but we only use it to help us to communicate with you. The social networking service may also handle your information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Facebook, Instagram (Meta), LinkedIn, Twitter and YouTube (a Google company) on their respective websites.

Advertisements

We may display online advertisements and we may share aggregated and non-identifying information about you that we or our advertisers collect through your use of the Platform. We do not share personally identifiable information about individual customers with advertisers. In some instances, we may use this aggregated and non-identifying information to deliver tailored advertisements to the intended audience.

Our Platform may include social media features, such as the Facebook and Twitter buttons, Share This buttons, etc (collectively, "Social Media Features"). These Social Media Features may collect your IP address, what page you are visiting on our Platform, and may set a cookie to enable Social Media Features to function properly. Social Media Features are hosted either by their respective providers or directly on our Platform. Your interactions with these Social Media Features are governed by the privacy policy of their respective providers.

Email marketing

You agree to receive application message, email and sms marketing from us or from a third-party marketing service provider engaged by us. We offer electronic newsletters to which you may voluntarily subscribe at any time. We are committed to keeping your email address confidential and will not disclose your email address to any third parties except as allowed in the information use and processing section or for the purposes of utilizing a third-party provider to send such emails. We will maintain the information sent via email in accordance with applicable laws and regulations.

In compliance with the Spam Act 2003 (Cth), all emails sent from us will clearly state who the email is from and provide clear information on how to contact the sender. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us at help@kismet.healthcare. However, you will continue to receive essential transactional emails.

Push notifications

We offer push notifications to which you may also voluntarily subscribe at any time. To make sure push notifications reach the correct devices, we rely on a device token unique to your device which is issued by the operating system of your device. While it is possible to access a list of device tokens, they will not reveal your identity, your unique device ID, or your contact information to us. We will maintain the information sent via email in accordance with applicable laws and regulations. If, at any time, you wish to stop receiving push notifications, simply adjust your device settings accordingly.

10. Disclosure of personal information overseas

Web traffic information is disclosed to Google Analytics when you visit part of the Platform. Google stores information across multiple countries.

When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.

Other than via the above channels, Kismet will not disclose personal or sensitive information to anyone outside Australia without need and without your consent.

11. Accessing and correcting your personal and/or sensitive information

Under the Privacy Act and other legislation, you have a right to access the personal and sensitive information we hold about you. If you cannot find the personal or sensitive information you are looking for directly through the Platform, please contact us for assistance via the details set out at part 14 below.

If you consider the personal and/or sensitive information we hold that is about you is not accurate, complete, or up to date, please contact us as soon as possible for assistance.

You may be able to delete certain information we collect about you. If you would like to delete your information or permanently delete your account, you can request for us to do so by contacting us at help@kismet.healthcare.

12. Retention of information

Unless a longer retention period is required or permitted by law, we will retain and use your personal and sensitive information for the period necessary to comply with our legal obligations, to enforce our agreements and to resolve disputes.

Once the retention period required or permitted by law expires, your information held by us may deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

13. How to make a complaint

If you wish to complain to us about how we have handled your personal and/or sensitive information please write to us by sending your enquiry or complaint to our postal address (see below) or by email to help@kismet.healthcare. Please address your correspondence to 'The Privacy Officer'. If you need help lodging a complaint, you can contact us - see 'How to contact us' at part 15 below.

If we receive a complaint from you about how we have handled your personal and/or sensitive information we will determine what, if any, action we should take to resolve the complaint.

We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.

If you are dissatisfied with the outcome of the complaint or the way in which the complaint was handled, you may contact the Office of the Australian Information Commissioner for advice about your complaint.

14. Contact us

If you have any questions regarding the information we may hold about you, if you wish to exercise your rights, or if you have any other questions, concerns or complaints regarding this Policy, please contact us at:

Telephone: 1800 006 494, 9am - 5pm (AEST/AEDT), Monday - Friday

Email: help@kismet.healthcare

Post: 117 Moray Street, South Melbourne VIC 3205

Assisted contact:

  • If you need an interpreter, call TIS National on 131 450
  • For hearing or speech assistance, contact the National Relay Service or call 1300 555 727.

15. Changes and amendments

We reserve the right to modify this Policy or its terms related to the Platform at any time at our discretion. When we do, we will amend the Policy as published on the website which shall have a revised 'last reviewed' date at the bottom of the Policy. We may also provide notice to you in other ways at our discretion, such as via notification posted on the Platform, via email or via other contact information you have provided.

An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Platform after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your personal or sensitive information in a manner materially different than what was stated at the time your information was collected.

16. Acceptance of this policy

You acknowledge that you have read and agree to the terms of this Policy. By accessing and using the Platform and/or by submitting your information you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorised to access or use the Platform.

17. Date of last review / version

This document was last updated on August 8, 2024.

Familiarise yourself with the provider's code of conduct

Our goal is to provide our clients and providers with the safest and most transparent experience.

See guidelines