Privacy Policy
1. Privacy Policy
This is the privacy policy of Foxo Technology Pty Ltd (ABN 88 625 517 428) (“we” or “us”).
This privacy policy describes generally how we manage personal information provided to us by users of the Foxo application (Foxo) and through communications with us. Users may include employees who use Foxo under their organisation’s licence (Enterprise Users) and other individuals who use Foxo without a paid subscription, either under an account (Free Users) or via a live link made available by Enterprise Users (Guest Users).
This Privacy Policy also outlines the principles and practices we follow in protecting the personal and health information of our clients. We are committed to ensuring the privacy and security of all Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA).
Please be sure to read this entire privacy policy before using Foxo or submitting personal information to us.
Privacy Program
We have established a comprehensive Privacy Program to oversee and ensure the protection of PHI. This program includes the appointment of a Privacy Program Manager who is responsible for:
- Overseeing the collection, access, processing, disclosure, retention, or use of PHI.
- Implementing and maintaining privacy policies and procedures.
- Ensuring compliance with HIPAA and other applicable US privacy laws.
Privacy Program Manager
The Privacy Program Manager's responsibilities include:
- Monitoring compliance with privacy policies and HIPAA regulations.
- Conducting periodic reviews of the effectiveness of the privacy program.
- Managing instances of non-compliance and reporting results to management.
- Providing training and support to employees and business associates on privacy practices.
Personal Information
This privacy policy concerns any personal information or sensitive information of yours which is provided to us.
Personal information is any information or opinions about an identified individual or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
Sensitive information is any personal information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health, genetics, biometrics or biometric templates.
We generally do not collect sensitive information of Foxo users (medical and allied health professionals and their administrative and support staff). If we do, we collect, use or disclose it only as allowed by law, for example where we have received your consent to do so or the collection is required by law.
Collection and use of PHI
We collect and use PHI solely for the purposes of providing and managing our platform. PHI will only be accessed by authorized personnel and will be protected through administrative, technical, and physical safeguards.
Business Associates
We identify all business associates and execute appropriate Business Associate Agreements (BAAs) to ensure they protect PHI in compliance with HIPAA. We also require our business associates to execute BAAs with any downstream BAs or subcontractors.
Rights of Individuals
Individuals have the following rights regarding their PHI:
- The right to access and obtain a copy of their PHI.
- The right to request amendments to their PHI.
- The right to request restrictions on certain uses and disclosures of their PHI.
- The right to receive an accounting of disclosures of their PHI.
What personal information do we collect from Foxo users?
We provide Foxo to (and collect personal information from):
- users who set up a free account to use Foxo (Free Users);
- employees who access Foxo through their employer’s “Enterprise” subscription (Enterprise Users); and
- individuals who access Foxo through a live link made available by an Enterprise User (Guest Users).
Free Users and Enterprise Users
When a Free User or Enterprise User signs up to use Foxo, we collect the following personal information:
- full name;
- gender;
- work email;
- postcode;
- your position and the place where you work;
- speciality;
- location(s) of practice;
- (if they are a medical practitioner) Medical license number (AHPRA or NHI);
- (if they are a medical practitioner) Medicare provider number;
- mobile number (if provided); and
- profile picture (if provided).
We also collect any other information provided by the user, which may include qualifications and degrees, research interests and languages spoken.
Guest Users
When a Guest User accesses and uses Foxo via a live link, we collect the following personal information:
- full name;
- email;
- mobile number;
- Other information requested by the healthcare provider using the service.
All users
We also hold personal information submitted by Foxo users through their use of Foxo (such as patients’ personal information). We only hold this information for the purpose of providing Foxo to Foxo users and we do not use it for any other purpose.
How do we collect your personal information?
We collect personal information that is necessary for our business activities and in order to provide and develop our services (including Foxo). We may collect this information in a number of ways, including:
- directly from you, when you provide it to us;
- by analysing your use of Foxo;
- from other Foxo users (for example, if you are a Guest User, we may collect your personal information from an Enterprise User that sends you a live link to use Foxo); or
- from publicly available sources.
We also collect information using passive information collection technologies such as cookies as you navigate through our websites (foxo.com).
We may use and combine such passively collected anonymous information to provide better services to Foxo users and website visitors, customise our website based on your preferences, compile and analyse statistics and trends and otherwise administer and improve Foxo and the website for your use. Such information is not combined with personal information collected elsewhere through Foxo or on the websites unless you have consented.
Why do we collect your personal information?
If we are not provided with the personal information that we request, we may not be able to meet your request or provide our products or services to you.
The personal information you provide us may be used for a number of purposes connected with our business operations, which include to:
- verify your identity;
- provide Foxo and related products and services;
- contact you with information about our activities and to promote our products and services; and
- develop and improve the quality and scope of the products and services we provide, and seek your feedback.
Your personal information may be used so that we can provide you with information about our products and services, such as by way of email, or to request your feedback for promotional purposes. You always have the right to opt-out of receiving such information. You may exercise that right by contacting us as set out below.
We will not use your information for purposes other than those described above unless we have your consent or as permitted by law (including for law enforcement or public health and safety reasons).
Sharing your personal information
We will share your information through Foxo with other Foxo users.
We also may disclose your personal information to:
- others in accordance with a request made by you;
- our related companies and business partners; and
- in confidence, to persons engaged in providing us with professional, business, technology and corporate services, when reasonably required.
Unless you consent, we otherwise will not disclose your personal information to third parties.
Data Sovereignty
In the course of our ordinary business operations, we hold all personal information in data centers relevant to your location.
We will only share your personal information:
- if we are authorised to do so by law;
- for sending you transactional emails;
- for any of the purposes set out in this privacy policy (but only to parties that are subject to obligations in relation to personal information no less onerous than those in this privacy policy); or
- if you have consented to us doing so.
Access and correction
You may request access to any of the personal information we hold about you by contacting us as specified below. We reserve the right to charge a reasonable fee for the costs of retrieval and supply of any requested information.
We will take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date. To ensure your personal information is accurate, please notify us of any errors or changes to your personal information and we will take appropriate steps to update or correct such information in our possession.
Storage and security
We will take all reasonable precautions to safeguard your information from loss, misuse, unauthorised access, modification, disclosure or destruction. We implement a range of physical and electronic security measures to protect the personal information that we hold, including:
- restricted access to personal information;
- using industry-standard firewalls and security practices to protect personal information;
- using technology products to prevent unauthorised computer access to our network and databases; and
- internal policies in relation to the use of our computers and management of personal information.
You should keep in mind that no Internet transmission is ever completely secure or error-free.
Notifiable data breaches scheme
In the event of any loss or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will investigate and notify you and the Australian Information Commissioner, in accordance with the Privacy Act.
Complaints and Reporting of Non-Compliance
All employees and business associates are required to report any suspected or actual non-compliance with this privacy policy or HIPAA regulations. The Privacy Program Manager will investigate all reports and take appropriate corrective actions.
If you have any questions or concerns about our collection, use or disclosure of personal information, or if you believe we have not complied with this privacy policy or the Privacy Act, please contact us as set out below. Our Privacy Officer will investigate the complaint and determine whether a breach has occurred and what action, if any, to take.
We take every privacy complaint seriously and will aim to resolve any such complaint in a timely and efficient manner, and our target response time is 30 days.
We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal written complaint to the Officer of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia):
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
enquiries@oaic.gov.au
How to contact us
If you wish to exercise your right to opt-out of receiving our marketing materials, or you have any questions or concerns about this privacy policy or our information practices (including whether and what type of health information we hold about you), please contact us at privacy@foxo.com.
Links to other websites
foxo.com may contain links or references to other websites to which this privacy policy may not apply. You should check their own privacy policies before providing your personal information.
Personal information of non-users
When a Foxo user submits and shares the personal information of a non-Foxo user (i.e. a patient) to or via Foxo, that information is only used by us to provide Foxo to other Foxo users.
We do not collect that personal information and it is not subject to this privacy policy. Foxo users are required to ensure that they comply with applicable privacy laws when submitting content to Foxo.
Changes to this privacy policy
Our privacy policy may change from time to time as updated on Foxo.com and in the Foxo application. Before providing us with personal information, please check this policy on our website or Foxo for any changes.
This privacy policy was last updated in June 2024.