Skip to main contentSkip to navigation

Privacy Policy

Last updated: 15 July 2026

Privacy Compliance

Dragatron is committed to protecting the privacy of healthcare professionals, patients, and all users of our Service. We collect, store, and process personal and health information in accordance with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy details how we handle personal information, including collection, use, disclosure, storage, and your rights regarding your information. You must comply with all applicable privacy laws when using our Service to collect, process, or store personal or health information.

Usage and Technical Data We Collect

When you access and use the Service, we automatically collect certain technical information about your access and usage, where reasonably necessary for our functions and activities. This may include:

  • Account and user identifiers
  • IP address and approximate geolocation derived from your IP address
  • Device and browser characteristics (such as device type, operating system and browser)
  • Session identifiers and logs of user actions (such as login attempts and data-entry events)

We use this information to secure the Service and maintain audit trails, to detect and investigate suspected misuse of accounts or credentials and other breaches of our terms, to support you and meet our legal and regulatory obligations, and to improve the Service. We handle this information in accordance with the Australian Privacy Principles and only collect what is reasonably necessary for these purposes.

Healthcare Data Requirements

If you are a healthcare provider using our Service:

  • You must ensure compliance with all relevant healthcare laws and regulations
  • This includes the Healthcare Identifiers Act 2010 and applicable state/territory health records legislation
  • You are responsible for obtaining necessary patient consents
  • You must maintain appropriate clinical documentation standards
  • Ensure your use complies with professional confidentiality duties

Data Security Measures

We implement industry-standard security measures to protect data stored in the Service:

  • Encryption: All network communications use HTTPS/TLS encryption
  • Access Controls: Restricted access to authorized personnel only
  • Security Testing: Regular vulnerability scans and penetration testing
  • Data Backups: Routine encrypted backups with disaster recovery plans
  • Secure Hosting: Cloud environment with robust physical security and monitoring
  • Staff Training: Privacy and security training for all personnel

However, no method of electronic storage or transmission is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Retention and Deletion

We retain data in accordance with legal requirements and our data retention policies:

  • Healthcare providers must ensure our retention periods meet their obligations under health records legislation
  • Upon termination of subscription, data retained for reasonable period to allow reactivation or export
  • Data may be deleted after retention period in accordance with our policies
  • Some minimal information retained for compliance, auditing, or legal archival as required by law
  • Even after termination, retained data remains protected under our privacy and security policies

Third-Party Integrations

Our Service integrates with the following systems today:

  • Services Australia: the Australian Immunisation Register (AIR) for immunisation history, and the Healthcare Identifiers (IHI) Service for verifying patient and provider identifiers
  • Pharmacy dispensing / point-of-sale systems and electronic prescription exchanges: for prescriptions and dispensing data

Other integrations may be offered or enabled from time to time — for example My Health Record, Medicare claiming, or other digital-health services — and are only available where they have been separately enabled for your pharmacy.

When data is exchanged with third-party systems, we do so only with appropriate consent and authorization. Both our Privacy Policy and the third-party's policies may apply to integrated services.

Notifiable Data Breaches

Dragatron complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth):

  • In the event of a data breach likely to result in serious harm, we will assess and contain the situation
  • We will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required
  • Notifications will occur as soon as practicable after initial assessment
  • We maintain a breach response plan with defined roles and responsibilities
  • Users must notify us promptly of any suspected security incidents on their side

Your Rights and Choices

Under Australian privacy law and international standards, you have the right to:

  • Access and review your personal information
  • Request correction of inaccurate data
  • Request deletion of your data (where legally permissible)
  • Object to certain data processing activities
  • Data portability - receive your data in a standard format
  • Withdraw consent for non-essential processing

User Security Responsibilities

As a user, you share responsibility for keeping data safe:

  • Keep account credentials confidential and secure
  • Use strong, unique passwords and enable two-factor authentication
  • Only access data you are authorized to view
  • Maintain security of devices used to access the Service
  • Log out when not in use, especially on shared computers
  • Report suspected security incidents immediately

Privacy Inquiries

For privacy inquiries, requests to access or correct your information, or to report privacy concerns, contact our Privacy Officer at privacy@dragatron.com.au.