Privacy Policy

Everything that we do with the information you entrust to us.

This policy was last updated on the 15th of August 2022.

1. Definitions

1.1 In this Policy:

  • (a) Clinic means medical practice, centre, clinic or other medical facility, whether private or public.
  • (b) Policy means this Privacy Policy.
  • (c) You means in the case of an individual using a Nookal Website or purchasing a subscription through a Nookal Website, that individual, or in the case of an individual, using a Nookal Website or purchasing a subscription through a Nookal Website on behalf of a company or other legal entity, the company or other legal entity for which such, using the Nookal Website or purchasing a subscription through the Nookal Website.
  • (d) Nookal, us, we means Nookal Pty Ltd ACN 636 857 979.
  • (e) Nookal Website means the online services accessible via the Nookal websites described in the Schedule to this Policy.
  • (f) Personal Information means information or an opinion about an identified natural person, or a natural person who is reasonably identifiable.
  • (g) Products means those products on a Nookal Website from time to time.

2. Introduction

2.1 This Policy sets out how we collect, handle and use information about you.

2.2 We reserve the right to update this Policy at any time without notice.

3. Purpose

3.1 The purpose of this Policy is to:

  • (a) set out the types of information that we may collect; and
  • (b) how that information will be used, handled, stored, and disclosed.

4. Application

4.1 This policy applies to Personal Information that we may collect about you in the manner outlined in this policy, including from all legal entities owned or controlled by us (across any jurisdiction).

4.2 This policy does not apply to Personal Information that may be collected by a third party or how that third party may use, handle, store or disclose your Personal Information.

5. Information We Collect About You

5.1 We may collect, use, store and transfer personal information about you which we have grouped together as follows:

  • (a) Website User Identity Data being your first name, last name, title, address, email address and username collected through the Website;
  • (b) Patient Identity Data being your first name, last name, title, address, email address and username that is collected and input directly by a Clinic;
  • (c) Clinic Identity Data being the first name, last name, title, address, email address and username of employees and contractors of the Clinic;
  • (d) Contact Data being your billing address, shipping address, email address and telephone numbers;
  • (e) Financial Data, to the extent required by law or by any payment processor, being your bank account details, credit card details or other payment information;
  • (f) Clinic Data being medical information, including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors, Medicare number for identification, health care identifiers and health fund information (if applicable);
  • (g) Transaction Data being details about payments to and from you and other details of products or services you have purchased from us;
  • (h) Technical Data being information regarding the IP addresses used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, cookies, operating system and platform, type of device;
  • (i) Profile Data being your username or password from each Nookal Website, details regarding purchases or orders made by you, your interests, preferences, feedback and reviews;
  • (j) Usage Data being information about how you use the Nookal Website, and Products;
  • (k) Marketing and Communications Data being information regarding your preferencing in receiving marketing from us and your communication preferences;
  • (l) Third-Party Data being information we may receive from third-parties such as business partners, sub-contractors in technical and delivery services, advertising networks, analytics providers and search information providers, third party applications that plug into the Products and payment providers or merchants;
  • (m) Religious and Political Beliefs Data being information or opinions about your racial or ethnic origin, political opinions, or memberships, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation, or criminal record;
  • (n) Nookal Products and Services Data being information, communication, or opinions about any of our products, services, transactions, payment history and business activities;
  • (o) Proof of Identity Data being identifiers (such as tax file number and business number), citizenship and residency details, details regarding and information provided by your referees, details regarding and information provided by your guarantor(s) and business partner(s), financials/credit/criminal history checks, results of any pre-employment or profile tests, employment history, education history, identity documents, health information and next of kin details; and
  • (p) Digital Media Data being digital media and content such as video, footage and audio.

5.2 In some situations you will have the option to deal with us anonymously or through a pseudonym, however, where you are requesting products or services from us or a Clinic where such contact is via us or one of our services, it may become impracticable to provide those products or services to you without verifying your identity. Where you fail to provide us information or where the information provided is incomplete and/or inaccurate, or you choose not to provide us with the information that we have requested, it may affect our or a Clinic’s ability to provide you with our Products and services.

5.3 If we receive identifiable information from a third party, such as a Clinic, we will take reasonable steps to ensure that you have given express or implied consent to the collection of that information. If it is determined that we are unable to have possession of the information under a relevant law, we will destroy the information or ensure that the information is de-identified.

6. How do we Collect Information from You?

6.1 We use different methods to collect data from you and about you, including:

  • (a) (direct interactions) – you may give us your Identity, Contact, Financial, Profile and Proof of Identity Data by creating an account with us, completing online forms or corresponding with us;
  • (b) (interactions you have with other sources) – we receive Clinic, Identity, Contact, Financial, Transaction, Usage and Marketing and Communications Data from Clinics, business partners, sub-contractors in technical and delivery services, advertising networks, analytics providers and search information providers, third party applications that plug into the Products and payment providers or merchants;
  • (c) (automated technologies or interactions) – we use the following technologies to collect Technical and Third-Party Data:
    • (i) “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about how we implement cookies, please see our Cookie Policy;
    • (ii) “Log files” track actions occurring on the Nookal Website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps; and
    • (iii) “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Nookal Website and Products.

7. How do we use your Personal Information?

7.1 Website Users

Purpose / Activity Type of Data Lawful basis for processing (including basis of legitimate interest)
To register you as a new customer or create an account with us, to identify you. Website User Identity Data, Contact Data, Marketing and Communications Data, Proof of Identity Data Performance of a contract with you.
To process and deliver your order including, manage payments, fees, and charges, perform fraud checks and collect and recover money owed to us. Website User Identity Data, Contact Data, Financial Data, Technical Data, Transaction Data, Usage Data, Marketing and Communications Data, Proof of Identity Data, Third-Party Data Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us and reduce this risk of fraud).
To manage our relationship with you which will include, notifying you about changes to our terms or privacy policy, asking you to leave a review or take a survey, engaging with you in relation to any support request or communication that you may submit. Website User Identity Data Contact Data, Profile Data, Marketing and Communications Data Performance of a contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services).
To administer and protect our business and the Nookal Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Website User Identity Data Contact Data, Technical Data Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation.
To deliver relevant the Nookal Website content and measure or understand the effectiveness of our website and to ensure the proper function of the website and online software. Website User Identity Data Contact Data, Profile Data, Usage Data, Marketing and Communications Data, Technical Data Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To improve the Products, services or businesses that we or a Clinic undertakes. Website User Identity Data Contact Data, Profile Data, Usage Data, Marketing and Communication Data Necessary for our legitimate interests (to improve our Products and services).
To use data analytics to improve the Nookal Website, products/services, marketing, customer relationships and experiences and to gather anonymous statistics. Technical Data, Usage Data, Third-Party Data Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
To provide you with our newsletter and make suggestions and recommendations to you about goods, services or promotions that may be of interest to you, whether initiated by us or a Clinic. Website User Identity Data, Contact Data, Technical Data, Usage Data, Profile Data, Marketing and Communications Data Necessary for our legitimate interests (to develop our products/services and grow our business).
To maintain as a record in the event of any product service or warranty request. Proof of Identity Data, Website User Identity Data, Contact Data, Financial Data Necessary for our legitimate interests (to maintain customer satisfaction and ensure appropriate processes for warranty requests).
To facilitate internal training, ensure the effective delivery of products and services and to resolve disputes or problems, whether initiated by us or a Clinic. Digital Media Data, Identity Data, Contact Data Necessary for our legitimate interests (to develop our products/services and grow our business).
To improve our products, services and business activities we undertake. Nookal Products and Services Data, Contact Data, Website User Identity Data, Usage Data, Marketing and Communications Data Necessary for our legitimate interests (to develop our products/services and grow our business).

7.2 Clinic Patients

Purpose / Activity Type of Data Lawful basis for processing (including basis of legitimate interest)
To register you as a new customer or create an account with us, to identify you. Patient Identity Data, Contact Data, Marketing and Communications Data, Proof of Identity Data Performance of a contract with you.
To process and deliver your order including, manage payments, fees, and charges, perform fraud checks and collect and recover money owed to us. Patient Identity Data Contact Data, Financial Data, Technical Data, Transaction Data, Usage Data, Proof of Identity Data, Patient Identity Data, Third-Party Data Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us and reduce this risk of fraud).
For a Clinic to register you as a patient and for the Clinic to provide their services to you, including retrieval of historical data about you. Patient Identity Data, Contact Data, Marketing and Communications, Clinic Data, Proof of Identity Data The Clinic’s performance of a contract with you. Our performance of a contract with a Clinic.
To manage our relationship with you which will include, notifying you about changes to our terms or privacy policy, asking you to leave a review or take a survey, engaging with you in relation to any support request or communication that you may submit. Patient Identity Data, Contact Data, Marketing and Communications Data Performance of a contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services).
To administer and protect our business and the Nookal Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Patient Identity Data, Contact Data, Technical Data Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation.
To deliver relevant the Nookal Website content and measure or understand the effectiveness of our website and to ensure the proper function of the website and online software. Patient Identity Data, Contact Data, Profile Data, Usage Data, Marketing and Communications Data, Technical Data Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To improve the Products, services or businesses that we or a Clinic undertakes. Patient Identity Data, Contact Data, Profile Data, Usage Data, Marketing and Communication Data Necessary for our legitimate interests (to improve our Products and services).
To use data analytics to improve the Nookal Website, products/services, marketing, customer relationships and experiences and to gather anonymous statistics. Technical Data, Usage Data, Third-Party Data Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
To provide you with our newsletter and make suggestions and recommendations to you about goods, services or promotions that may be of interest to you, whether initiated by us or a Clinic. Patient Identity Data, Contact Data, Technical Data, Usage Data, Profile Data, Marketing and Communications Data Necessary for our legitimate interests (to develop our products/services and grow our business).
To maintain as a record in the event of any product service or warranty request. Proof of Identity Data, Patient Identity Data, Contact Data, Financial Data Necessary for our legitimate interests (to maintain customer satisfaction and ensure appropriate processes for warranty requests).
To facilitate internal training, ensure the effective delivery of products and services and to resolve disputes or problems, whether initiated by us or a Clinic. Digital Media Data, Patient Identity Data, Contact Data Necessary for our legitimate interests (to develop our products/services and grow our business).
To improve our products, services and business activities we undertake. Nookal Products and Services Data, Contact Data, Patient Identity Data, Usage Data, Marketing and Communications Data Necessary for our legitimate interests (to develop our products/services and grow our business).

7.3 Clinic Personnel

Purpose / Activity Type of Data Lawful basis for processing (including basis of legitimate interest)
To register you as a new customer or create an account with us, to identify you. Clinic Identity Data, Contact Data, Marketing and Communications Data, Proof of Identity Data Performance of a contract with you.
To process and deliver your order including, manage payments, fees, and charges, perform fraud checks and collect and recover money owed to us. Clinic Identity Data, Contact Data, Financial Data, Technical Data, Transaction Data, Usage Data, Proof of Identity Data, Patient Identity Data, Third-Party Data Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us and reduce this risk of fraud).
For a Clinic to register you as a patient and for the Clinic to provide their services to you, including retrieval of historical data about you. Clinic Identity Data, Contact Data, Marketing and Communications Data, Clinic Data, Proof of Identity Data The Clinic’s performance of a contract with you. Our performance of a contract with a Clinic.
To manage our relationship with you which will include, notifying you about changes to our terms or privacy policy, asking you to leave a review or take a survey, engaging with you in relation to any support request or communication that you may submit. Clinic Identity Data, Contact Data, Marketing and Communications Data Performance of a contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services).
To administer and protect our business and the Nookal Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Clinic Identity Data, Contact Data, Technical Data Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation.
To deliver relevant the Nookal Website content and measure or understand the effectiveness of our website and to ensure the proper function of the website and online software. Clinic Identity Data, Contact Data, Profile Data, Usage Data, Marketing and Communications Data, Technical Data Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To improve the Products, services or businesses that we or a Clinic undertakes. Clinic Identity Data, Contact Data, Profile Data, Usage Data, Marketing and Communication Data Necessary for our legitimate interests (to improve our Products and services).
To use data analytics to improve the Nookal Website, products/services, marketing, customer relationships and experiences and to gather anonymous statistics. Technical Data, Usage Data, Third-Party Data Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
To provide you with our newsletter and make suggestions and recommendations to you about goods, services or promotions that may be of interest to you, whether initiated by us or a Clinic. Clinic Identity Data, Contact Data, Technical Data, Usage Data, Profile Data, Marketing and Communications Data Necessary for our legitimate interests (to develop our products/services and grow our business).
To maintain as a record in the event of any product service or warranty request. Proof of Identity Data, Clinic Identity Data, Contact Data, Financial Data Necessary for our legitimate interests (to maintain customer satisfaction and ensure appropriate processes for warranty requests).
To facilitate internal training, ensure the effective delivery of products and services and to resolve disputes or problems, whether initiated by us or a Clinic. Digital Media Data, Clinic Identity Data, Contact Data Necessary for our legitimate interests (to develop our products/services and grow our business).
To improve our products, services and business activities we undertake. Nookal Products and Services Data, Contact Data, Clinic Identity Data, Usage Data, Marketing and Communications Data Necessary for our legitimate interests (to develop our products/services and grow our business).

8. Do Not Track Settings

8.1 Please note that we do not alter our Nookal Website data collection and use practices when we see a Do Not Track signal from your browser.

9. Storing your Information

9.1 We are a growing business. To offer a consistent service to you we may store and manage data electronically or in paper form. Where data is stored electronically, it is done so by a third-party cloud service provider that may store your information or a backup of your information in:

  • (a) those locations noted on our Security page; and
  • (b) such other locations that the third-party cloud service provider determines from time to time (see our list of third parties here for jurisdictions where your information may be stored).

9.2 The data that we collect from you may be transferred to and be stored to these servers or processed by staff operating in other jurisdictions or who work for Nookal.

9.3 We will take all steps reasonably necessary to ensure that your information is secured from misuse, interference, loss, unauthorised access, unauthorised modification, or unauthorised disclosure. Any information will be handled in accordance with this Policy and applicable privacy laws. Despite using all steps reasonably necessary, the transmission of information through the internet is not completely secure.

9.4 Submission of any information to us is an acknowledgement that you agree to such use, storage, and disclosure.

10. Disclosing your Information

10.1 We may share your information with:

  • (a) any and all of our affiliates;
  • (b) third parties including business partners, suppliers and subcontractors;
  • (c) any prospective buyer of any part of our business or assets; or
  • (d) where we are required to disclose your information in order to comply with any legal obligation, or in order to enforce any agreements; or to protect the rights, property, or safety of us and our customers, or others. This includes, where relevant, exchanging information with Organisations for the purposes of fraud protection and credit risk reduction.

11. International Data Transfers

11.1 We collect and store Personal Information globally from each jurisdiction we operate in and from each legal entity that is owned or operated by us in different international jurisdictions and may transfer, process and store your Personal Information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Products. We have appointed Cloud Operations Pty Ltd ACN 636 585 127 (Cloud Operations), a company based in Australia, to control and deal with all Personal Information that is collected globally by Nookal.

12. Accessing and Correcting your Information

12.1 You may request access to Personal Information that we hold about you at any time by contacting our Privacy Officer using the details set out in this Policy. We will respond to any such request for access to Personal Information within a reasonable time frame and will provide you access to the Personal Information that we hold pertaining to you unless we are authorised not to do so by law.

12.2 Where permitted by law, we may charge you a reasonable fee for processing your request to access your Personal Information and should we decline you access to your Personal Information, a written explanation will be provided setting out the legal reasoning for doing so.

12.3 If upon receiving your Personal Information, or at any other time, you believe the Personal Information that we hold about you is incorrect, out of date, incomplete, irrelevant, or misleading, please notify our Privacy Officer using the details set out in this Policy.

12.4 If we decline to correct your Personal Information as requested by you, a reason for refusal will be provided except to the extent that it is unreasonable to do so. If we decline the request to correct Personal Information, you may request to associate a statement with the information.

13. Complaints

13.1 If you believe we have not fulfilled our obligations under any relevant law or have not complied with the terms of this Policy or would like to appeal a decision made by us in relation to your Personal Information, you can make a complaint in writing to our Privacy Officer using the contact details set out in this Policy.

13.2 We will respond to you within a reasonable period of time (or where a period is specified by any law, that period) to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

14. Our External Provider’s Privacy Policies

14.1 We provide Products to various Clinics. The Products have been specifically designed to appear as the relevant Clinic, however, to the extent you are a patient of a Clinic and you directly interact with the Product, then your interaction is with us.

14.2 We hold your Personal Information on behalf of the Clinic in which you are dealing with.

14.3 Accordingly, where you are dealing with an Clinic and you are concerned that there may have been a breach of this Policy by an independent third party associated with us and/or a Clinic, please contact the relevant Clinic directly. Alternatively, you may contact the Privacy Officer at the details set out in this Policy.

14.4 (Primary Purpose): The primary purpose for which your Personal Information is collected by us:

  • (a) is to facilitate various services on behalf of a Clinic to you;
  • (b) for the Clinic to maintain its data and records about you in a centralised customer relationship management system;
  • (c) for the Clinic to communicate with you in a secure manner;
  • (d) for you to make payments to a Clinic;
  • (e) for a Clinic to market to you;
  • (f) for a Clinic to organise and store your Personal Information in a consistent manner for the Clinic to better provide its services to you; and
  • (g) in any manner described or disclosed in the relevant privacy policy of a Clinic.

14.5 (Secondary Purpose): The secondary purpose in which we will use your Personal Information, includes (but is not limited to):

  • (a) providing analytics services, of any kind, to Clinics;
  • (b) to provide any entity in our group of companies;
  • (c) disclosure is required or authorised by or under an Australian law, a law in any jurisdiction in which we operate or a court/tribunal order;
  • (d) a permitted general situation exists in relation to the use or disclosure of the Personal Information by us; and
  • (e) we reasonably believe that the use or disclosure of your Personal Information is necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body

15. Data Breaches

15.1 In the event that we experience a Notifiable Data Breach, we will notify you within 14 days of us becoming aware of that Notifiable Data Breach.

15.2 In this clause 15, “Notifiable Data Breach” means an occurrence of unauthorised access to or unauthorised disclosure of your personal information, or a loss of your personal information that is required to be notified to you under legislation or regulations in the applicable jurisdiction.

16. Local Law Requirements: General Data Protection Regulation (GDPR and UK GDPR)

16.1 Application

This section applies to residents in the European Economic Area (EEA) and residents of the United Kingdom (UK).

16.2 Definitions

Controller, Data Processor, Data Subject, Processor, Processing, Sub-processor, and Supervisory Authority shall be interpreted in accordance with applicable Data Protection Legislation.

UK Data Protection Legislation means the UK General Data Protection Regulation under the Data Protection Act 2018 (UK) and any legislation and/or regulation implementing or made pursuant to it or which amends or replaces any of them, as it applies to the UK.

EEA Data Protection Legislation means General Data Protection Regulation, Regulation (EU) 2016/679 and any legislation and/or regulation implementing or made pursuant to it or which amends or replaces any of them, as it applies to the EEA.

17. Residents of the EEA

17.1 When you submit data, including Personal Information, via the Products or the Nookal Website, that data is being submitted directly to Ireland.

18. Residents of the UK (where we act as Processor)

18.1 We work with Clinics around the world, including the United Kingdom. If you are domiciled in the United Kingdom, your Personal Information is processed by us in Ireland . When you submit data, including Personal Information, via our Products, that data is being submitted directly into Ireland and at no time is held in the United Kingdom. As part of providing our Products, we may transfer your personal information to other regions, including to Ireland and Australia.

18.2 Nookal relies on the following provisions of the UK Data Protection Legislation when transferring your data to our servers in Ireland:

  • (a) (Article 28): Nookal has entered into a data processing agreement with the relevant Controller, being the Clinic;
  • (b) (Article 49(1)(a)): at the time of submitting the data, you explicitly consented to the transfer of your data outside of the UK and into Ireland;
  • (c) (Article 49(1)(b)): the transfer of your data into Ireland is necessary in order for us to perform the a contract with you the Clinic or to perform the contract you are entering into with the Clinic (which is the Controller) when you submit your data;
  • (d) (Article 49(1)(c)): the transfer of your data into Ireland is necessary in order to conclude or perform a contract concluded either between us and the Clinic or you and the Clinic (which is the Controller), created when you submitted the data; and
  • (e) (Article 1): to otherwise pursue our legitimate business interests outlined in this policy, which include us acting as Processor for the Clinic as Controller.

19. Residents of the UK (where we act as Controller)

19.1 We work with Clinics around the world, including in the United Kingdom and you may make an enquiry with us, either on your own behalf or on behalf of a Clinic. If you are domiciled in the United Kingdom, your Personal Information is processed by us in Ireland. When you submit data, including Personal Information, via our Products, that data is being submitted directly into Ireland and at no time is it held in the United Kingdom. In such circumstances, we will be considered the controller of such data submitted.

19.2 Nookal relies on the following provisions of the UK Data Protection Legislation when transferring your data to our servers in Ireland:

  • (a) (Article 28): Nookal has entered into a data processing agreement with Cloud Operations;
  • (b) (Article 49(1)(a)): at the time of submitting the data, you explicitly consented to the transfer of your data outside of the UK and into Ireland;
  • (c) (Article 49(1)(b)): the transfer of your data into Ireland is necessary in order to perform the contract you are entering into with us when you submit your data;
  • (d) (Article 49(1)(c)): the transfer of your data into Ireland is necessary in order to conclude or perform a contract concluded between you and us, created when you submitted the data; and
  • (e) (Article 1): to otherwise pursue our legitimate business interests outlined in this policy.

20. Residents of the EEA and UK

20.1 If you are domiciled in the UK or EEA, you have certain rights under the EEA Data Protection Legislation and UK Data Protection Legislation with respect to your Personal Information, including:

  • (a) the right to request access to, correct, amend, delete, port to another service provider; or
  • (b) object to certain uses of your personal data.

20.2 Due to the manner in which the Products are delivered, you are contracting directly with a Clinic. That Clinic has subsequently contracted with us in order to deliver the Products and therefore facilitate various communications between you and the Clinic. In this manner, we are the Processor of your Personal Information for the Clinic.

20.3 If you wish to exercise rights in accordance with the EU Data Protection Legislation or UK Data Protection Legislation, please contact the Clinic you interacted with directly – we serve as a processor on their behalf and can only forward your request to them to allow them to respond.

20.4 Additionally, if you are located in the UK, we note that we are generally processing your Personal Information in order to fulfil contracts we might have with you (for example if you interact with a Clinic who has purchased Products from us), or otherwise to pursue our legitimate business interests outlined in this Policy, unless we are required by law to obtain your consent for a particular processing operation. We process your Personal Information to pursue the following legitimate interests, either for ourselves, our partners, or other third parties:

  • (a) to provide the Clinic, yourself and others with our Products;
  • (b) to prevent risk and fraud on our platform and within the Nookal Website;
  • (c) to provide communications, marketing, and advertising;
  • (d) to provide reporting and analytics;
  • (e) to facilitate communications and payments between you and the relevant Clinic;
  • (f) to provide troubleshooting, support services, or to answer questions;
  • (g) to test out features or additional services; and
  • (h) to improve our services, Products or the Nookal Website.

20.5 When we process Personal Information to pursue these legitimate interests, we do so where we believe the nature of the processing, the information being processed, and the technical and organisational measures employed to protect that Personal Information can help mitigate the risks to you.

20.6 We note that we use third parties as Sub-processors to process your Personal Information. Depending on the processing undertaken by the third party, will depend on information disclosed to them.

20.7 Where you are located in the UK submit any data to or otherwise use the Nookal Website:

  • (a) you expressly consent to us transferring the submitted data outside of the United Kingdom; and
  • (b) consent to our use of the Sub-processors as disclosed and as added to or replaced from time to time.

21. Data Retention

21.1 When we provide services to you, we will maintain your subscription information for our records unless and until you ask us to delete this information.

22. Minors

22.1 Our services are not intended for use by individuals under the age of 16 (Minor).

22.2 Where you are a Minor, a Clinic must obtain the consent of the parent or guardian having legal capacity over you.

23. Contact

23.1 If you have any comments, concerns or questions regarding this Policy or Personal Information that we hold about you, please contact our Privacy Officer by email to privacy@nookal.com or by post at:

In the European Economic Area:

Privacy Officer
Nookal.com
C/- VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

In the United Kingdom:

Privacy Officer
Nookal.com
C/- VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

In all other jurisdictions:

Privacy Officer
Nookal Pty Ltd ACN 636 857 979
PO Box 1576
Oxenford QLD 4210
Australia

Schedule

Jurisdiction Nookal Websites
Australia https://www.nookal.com/au
The United Kingdom https://www.nookal.com/uk
The United States of America https://www.nookal.com/us
New Zealand https://www.nookal.com/nz
Canada https://www.nookal.com/ca
Ireland https://www.nookal.com/ie
South Africa https://www.nookal.com/za
Chat with Us!
🍪 Cookies