Last updated: April 2026 | Coda Crimson Pty Limited A.C.N. 696 491 488
Coda Crimson Pty Limited is committed to protecting the privacy and confidentiality of personal information, including health information, in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) Scheme.
This policy applies to all personal information and health information collected and processed by Coda Crimson through its Platform. By using our Platform, Clients acknowledge they have read and understood this Privacy Policy. Coda Crimson operates as a data processor on behalf of its Clients, who are the data controllers of the personal information and health information entered into the Platform.
We collect business contact details, billing and payment information, platform usage data, and technical data from healthcare organisations that use our Platform. Our Platform may also process health information entered by Clients about their patients, including patient demographic information, medical records, appointment data, and treatment records. This health information is processed solely on behalf of our Clients.
We will not use personal information for any purpose not stated in this Privacy Policy without your prior consent.
We may disclose personal information to our contracted service providers (including AWS cloud infrastructure), professional advisers, and regulatory bodies where required by law. We do not sell, rent, or trade personal information to third parties.
Health information is treated as sensitive information under the Privacy Act 1988 (Cth) and is afforded a higher level of protection. All health information is stored on AWS servers located in Australia (ap-southeast-2, Sydney), encrypted in transit and at rest, and access is restricted to authorised personnel only. We do not use health information for any secondary purpose without consent.
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When personal information is no longer required, we securely delete or de-identify it.
Clients and individuals have the right to access personal information we hold about them and to request corrections. Contact us at the details below. We will respond within 30 days of receiving a request.
In the event of an eligible data breach under the Notifiable Data Breaches (NDB) Scheme, we will notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable, notify affected individuals where required, and take immediate steps to contain and remediate the breach.
If you have a complaint about how we have handled your personal information, please contact us in the first instance. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or on 1300 363 992.
For privacy-related enquiries, please contact our Privacy Officer at info@codacrimson.com.au — Coda Crimson Pty Limited, Sydney, New South Wales, Australia.
We may update this Privacy Policy from time to time. We will notify Clients of material changes via email or through the Platform. Continued use of the Platform after notification constitutes acceptance of the updated policy.
