Who we are: Digital Thing Pty Ltd Trading as Clinic Compliance (ABN 56 600 497 194) (“Clinic Compliance”, “we”, “us”, “our”).
Website & app: cliniccompliance.com.au and related tools.
We respect your privacy and handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Policy explains what we collect, why we collect it, how we use and share it, and your choices.
Scan inputs: website URL(s) you submit for auditing; optional work email and clinic details (name, role, state).
Account & billing (paid): name, business details, billing address, ABN (if provided); limited payment metadata (actual card data is handled by our PCI-compliant payments provider).
Support & feedback: emails, forms, chat transcripts, attachments.
Marketing preferences: newsletter opt-ins, content downloads (e.g., checklist).
Audit findings from public pages (e.g., detected phrases, screenshots/snippets, page URLs, timestamps).
Derived metrics (e.g., risk score, categories breached, recommended changes).
We only scan public pages you instruct us to scan. We don’t log into your systems.
Technical data: IP address, device/browser info, referrer/UTM, time zone, language.
Usage data: pages viewed, features used, completion of forms, error logs.
Cookies/SDKs: functional cookies; analytics (e.g., Google Analytics); advertising/attribution (e.g., LinkedIn Insight Tag) — see §8.
We don’t seek to collect sensitive information (e.g., health information about identifiable individuals). If such information appears on a public page you submit, it may be processed only to generate your report.
Provide the service: run scans, generate scorecards/reports, deliver email summaries, provide support.
Improve and secure: troubleshoot, product analytics, A/B tests, prevent abuse, maintain availability.
Compliance & record-keeping: invoices, tax records, regulatory requests.
Marketing (with your choice): send product updates and resources; tailor ads/retargeting (e.g., LinkedIn) — you can opt out at any time.
Legal: enforce terms, manage disputes, detect fraud/security incidents.
Where GDPR/UK GDPR applies, our legal bases typically include contract (to provide the service), legitimate interests (security, improvement, limited B2B marketing), consent (where required for marketing/cookies), and legal obligation (records, requests).
We don’t sell your personal information. We share it only with:
Service providers (“processors”): hosting, storage, email, analytics, payments, logging, customer support.
Professional advisers: accountants, auditors, lawyers (confidentiality bound).
Change of control: in a merger or acquisition, information may transfer with appropriate protections.
Legal requests: where required by law or to protect rights, safety, and security.
Some providers may be located outside Australia (e.g., US/EU). Where we transfer information overseas, we take reasonable steps to ensure appropriate safeguards (contractual and technical) consistent with the APPs.
Scan results & reports: kept for 24 months by default so you can compare rescans. You can delete scans earlier via request.
Account & billing records: retained as required by law (typically 7 years).
Support tickets & logs: retained up to 12 months unless needed longer for security or legal reasons.
We use administrative, technical and physical safeguards appropriate to the risk (e.g., access controls, encryption in transit, audit logging). No method is 100% secure; please keep credentials safe and contact us immediately if you suspect unauthorised access.
Access & correction: you can request access to, or correction of, your personal information.
Deletion: ask us to delete personal information we no longer need (subject to legal obligations).
Marketing opt-out: use the unsubscribe link or contact us.
Cookies: manage in your browser or use our cookie controls (where available).
Contact: audit@cliniccompliance.com.au
Complaints (AU): If you’re not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.
EEA/UK: You may also contact your local data protection authority.
We use:
Strictly necessary cookies (site functionality, security).
Analytics (e.g., Google Analytics) to understand usage and improve features.
Advertising/attribution (e.g., LinkedIn Insight Tag) to measure campaign performance and, where permitted, show relevant ads.
You can block or delete cookies in your browser; some features may not work as intended. Where required, we’ll present a consent banner.
Our services are intended for business users. We do not knowingly collect personal information from children under 16.
Our website may link to third-party sites. Their privacy practices are their own; please review their policies.
If a data breach is likely to result in serious harm, we will assess and, where required by the Notifiable Data Breaches (NDB) scheme, notify affected individuals and the OAIC.
We may update this Policy to reflect changes to our practices or the law. We’ll post the new date above and, if significant, notify you by email or on the site.
Email: audit@cliniccompliance.com.au
