Privacy Policy

Our commitment to protecting your personal information

Cardioscan Services Pty Ltd ACN 160 564 661 (‘CardioScan’, ‘us’ or ‘we’) is committed to protecting your personal privacy and complying with our obligations under relevant privacy legislation, as set out in the Privacy Act 1988 (Cth) and embodied in the Australian Privacy Principlesunder that legislation (and to the extent they apply, in the other jurisdictions in which we operate).

This Privacy Policy sets our commitment to protecting your personal information. It outlines how we collect, use, hold and disclose personal information, and how you can contact us if you have any concerns, questions or complaints about our management of your personal information, or if you want to access it.

We may update this Privacy Policy from time to time so please periodically check and review the policy for changes. You can access the current version of the Privacy Policy at the following webpage on our website:

Should you require a copy of the Privacy Policy in another form please contact us via the contact details set out in section 16 at the end of this policy to request a copy.


Personal Information + Sensitive Information

A reference to “personal information” means any information or opinion about you from which your identity is apparent or can reasonably be ascertained, from the information or opinion regardless of whether the information or opinion is:

·    true or not; or
·    recorded in a material form or not.

Personal information can also include sensitive information. “Sensitive information” means information or an opinion about matters such as your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or your health information.


Application of this Policy

We collect a variety of information from visitors to our Website, some of which can be confidential. This document explains the types of information we collect and what we do with that information (among other things).

This policy applies to personal information we receive or collect from or about you. This may occur when you:

  • visit or use the CardioScan Website or any related software or applications (including any mobile applications);
  • request or use any of our services;
  • make an enquiry or register your interest with CardioScan;
  • become or remain a client of CardioScan;
  • contact and interact with us independently of the Website, such as by email, phone or in person;
  • apply for a job with us or express interest in employment or providing services to us;
  • make a payment of any tax invoices we issue; or
  • provide your personal information to us in any other way.

When you provide CardioScan with personal information, you consent to CardioScan using, handling and processing your personal information for the purposes and in the ways outlined in this policy (see sections 5 and 6 below) or such other purposes as we communicate to you from time to time.

You do not have to provide us with your personal information, but if you do not provide us with the personal information that we need, we may not be able to provide our services or assistance to you or on your behalf and you may not be able to enjoy the full benefits of our Website or our services.


What kinds of information do we collect?

The types of information we keep on record will depend on what activities you are engaging in or the type of product or service used or requested by you.

We only collect personal information that is necessary to assist us in providing our services. The type of personal information commonly collected for this purpose includes:

  • identification and contact information (e.g. name, age, date of birth, address, telephone number, email address etc.);
  • employer details;
  • country of residence;
  • your IP address for your interaction with various parts of our CardioScan Website. Your IP address is the identifier for your computer when you are using the internet; and

We may also collect personal information you upload on the CardioScan Website, e.g. during your use of the Website or to apply for an employment or contracting opportunity. You consent to CardioScan posting and using this personal information for the purposes of our functions and activities.

In certain circumstances, we may also be required or permitted by law, court or tribunal order to collect certain personal information about you.

We will advise you in accordance with relevant privacy legislation when we collect your personal information and for what purpose.

We only collect sensitive information about you with your consent and if it is necessary for, or directly related to, our functions or activities, except if we are otherwise required or permitted by law to collect, use or disclose it.

We may also collect some statistical information about visitors to the CardioScan Website (for example, the number of visitors, pages viewed, your type of browser and geographic location, types of transactions conducted, time online and documents downloaded, how you came to the site, and information that will help us trouble-shoot problems, analyse our resources and improve our services). Some of this statistical information is collected by using cookies, but none of the statistical information we collect allows us to identify a visitor. We use this information to evaluate our website performance and continually improve our services.


How we collect your Personal Information

We will collect personal information directly from you unless:

  • it is not reasonable or practicable to do so;
  • you consent to us collecting it from other sources; or
  • collection is otherwise permitted under relevant privacy legislation.

If we receive your personal information without requesting or soliciting it (‘unsolicited personal information’), we will (within a reasonable period after receiving it) determine whether or not we could have collected that personal information if we had sought it from you directly. If we could not have collected the personal information, and it is not contained in a Commonwealth record, then we will (as soon as practicable) destroy the information or ensure that it is de-identified provided it is lawful and reasonable to do so.

You must not provide us with the personal information about another person unless you have first obtained that person’s prior consent to do so and you have told them their personal information will be handled in accordance with this Privacy Policy (including where they can find it).


Purposes of collecting and using your Personal Information

We collect your personal information so that we can provide you with the products and services you are seeking from us. We may use your personal information in the following ways:

  • communicating with you, including by email, mail or telephone;
  • responding to your requests or queries;
  • operating and improving CardioScan’s Website, content, offers and services;
  • sending you news and information about CardioScan and our products, services or promotional communications, including newsletters, surveys and information about security updates, or information that is related to you as a customer or service provider of CardioScan;
  • occasionally sending you marketing, advertising or promotional material about our products and services (or the products and services of our partners) that we think may be of interest to you;
  • providing you with more effective customer service;
  • enabling us to conduct customer research;
  • to compile data and conduct analysis of CardioScan member/user statistics;
  • performing research and analysis aimed at improving our products, services and technologies;
  • establishing, maintaining and administering your account and customise the service we provide to you;
  • verifying your identity, profiles and products, checking your credentials;
  • monitoring and reporting as permitted or under any applicable laws;
  • investigating any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our Terms of Use or that you are or have been otherwise engaged in any unlawful activity;
  • to communicate with regulators or government departments in respect of CardioScan’s functions and activities;
  • to assess a job applicant and to allow us to carry out any monitoring activities which may be required of us under applicable law as an employer;
  • ensuring our internal business operations are running smoothly, which may include fulfilling legal requirements and conducting confidential systems maintenance and testing;
  • quality assurance and training purposes;
  • any other uses identified at the time of collecting your personal information;
  • using personal information as otherwise required or permitted by any law (including the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth)).

Personal information that we collect is not traded, sold, leased or rented. You consent to us using and disclosing your personal information in the manners that could reasonably be contemplated by this Privacy Policy, our Website Terms + Conditions or by the relevant activities you are engaged in when providing us with your personal information (e.g. as a website user, job candidate, service provider or customer).


Disclosure of your Personal Information

Any personal information provided to us may be disclosed, if appropriate, to other entities in order to facilitate the purpose for which the information was collected. Such entities generally include:

  • third-party service providers for the purpose of enabling them to provide a service such as (but not limited to) payroll, superannuation administration, IT service providers, data storage/processing, IT security, web-hosting and server providers; debt collectors, maintenance or problem-solving providers; security services; credentialing service providers; professional advisory (including legal, accounting, financial and business consulting); mailing house and delivery services; and banking, payment and insurance providers;
  • any applicable or relevant regulator or third party for the purpose of legislative or contractual compliance and/or reporting;
  • any related entities of CardioScan; or
  • other entities if you have given your express consent.

We may also disclose your personal information to third parties in the following circumstances:

  • Where we are under a legal or regulatory obligation to do so (for example, to a court or tribunal in response to a legal request, to a subpoena or to the Australian Taxation Office) or to protect the rights and interests, property, or safety of CardioScan, our members and users, or others;
  • If all, or substantially all, of the assets of CardioScan are merged with or acquired by another party, in which case your personal information may form part of the transferred or merged assets;
  • Where possible, we will inform you, at or before the time of collecting your personal information about other types of organisations to whom we may, with your consent, disclose your personal information. Prior to such disclosures, CardioScan will take all reasonable steps to satisfy ourselves that:
  • the organisation has a commitment to protecting your personal information; and
  • where necessary, you have consented to such disclosure.

From time to time, these parties may reside outside of Australia. Our contracts with these parties generally include an obligation for them to comply with Australian privacy lawand this Privacy Policy. However, you acknowledge that, by agreeing to the disclosure of your personal information to these entities outside of Australia, we will no longer be required to take reasonable steps to ensure the recipient’s compliance with the Australian privacy law in relation to your personal information and we will not be liable to you for any breach of the Australian privacy law by these overseas recipients. On this basis, you consent to such disclosure.


Direct Marketing

From time to time we may use your personal information to contact you about, among other things:

  • particular CardioScan products and services being offered to CardioScan members / users which we believe may be of interest to you;
  • changes to our organisation or our services; or
  • your use of CardioScan’s Website or services.

We will generally only do this with your prior consent (where practical) and we will always give you the opportunity to opt out of receiving such communications at any time. Direct Marketing from Everlight generally takes the form of emails or telephone calls.

Every directly addressed marketing communication sent or made by CardioScan will include a means by which you may unsubscribe (or ‘opt out’) of receiving further marketing communications. You may also instruct us at any time to remove any previous consent you provided to receive marketing communications from us. Requests should be directed to us via the channels provided under the 'Contact us' section of this policy (see section 16 below).


Links to third party websites

Our website may contain links to the websites of other entities. If you click on such links, you will be transferred to the website of those third-party entities. We have no control over, and are not responsible for, the privacy practices of these entities. You should read the privacy policy of those entities to find out how they handle your personal information when you visit their websites.


Personal information about employees, contractors or job applicants

CardioScan may also collect personal information from you if you apply for a job (or a position as a contractor) with and/or become employed by (or contract with) us.  In these circumstances, you:

  • authorise us to collect any personal information (whether written or verbal) from any referee or previous employer specified in your application for employment or curriculum vitae for evaluation of your application for employment and to hold such information on your personal file for future evaluation of your employment by us;
  • acknowledge that your personal information is collected for the purpose of evaluating your application for employment by us and, should you accept employment with us, the assessment of your continued employment by us and the administration by us of your remuneration and any PAYG obligations.
  • You acknowledge that a failure by you to provide the requested personal information will have a detrimental effect on our ability to give your employment application proper consideration.  You can request to access and/or correct your personal information in accordance with this policy.


Updating or correcting your Personal Information

We will take reasonable steps to ensure the personal information we collect is accurate, up to date and complete. We will also take reasonable steps to ensure that when we use or disclose your personal information it is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure. However, we also rely on you to advise us of any changes to your personal information by maintaining and updating your profile or information with us.

During the course of our relationship with you, we will from time to time ask you to confirm whether your personal information is correct or has changed.

You may also inform us of any changes to your personal information or correct any inaccuracy by contacting us via the contact details in the ‘Contact us’ section of this policy (see section 16 below) so that we can update your file accordingly. However, where there are grounds to refuse to correct the information as requested, we will provide you with reasons for not complying with your request.


Accessing your Personal Information

You may request access to any of the personal information we hold about you at any time by contacting us via the contact details in section 16 of this policy.

You may access personal information we otherwise hold about you, subject to a small number of legal restrictions or exemptions.

While we do not generally charge you for requests to access your personal information, you should be aware that there may be reasonable charges (which will be notified to you when you make a request) for our time and cost associated with processing your request to access your personal information in the following circumstances:

  • if an extended amount of time is required to collate and prepare material for you; or
  • if you wish to have your files photocopied for you.

Access to your personal information may be denied on certain grounds including, for example:

  • it is unlawful;
  • it may have an unreasonable impact upon the privacy of other individuals; or
  • your request is frivolous or vexatious.

If we deny you access, we will advise you of the reasons for doing so at the time of your request.


Dealing with us anonymously or by pseudonym

In order for us to effectively do business with you or make our Website, services and associated content available to you, it will not, in most circumstances, be practical for us to deal with you without you providing relevant personal information to us. However, where it is lawful and practicable to do so, you may deal with us anonymously or by using a pseudonym. Such a situation might include where you make general enquiries about current or potential CardioScan Services or promotional offers or the content on our Website.


Storage + Security

We will take all reasonable steps to protect your personal information by storing it in a secure environment. When the information is no longer needed for any purpose for which it was collected, used or disclosed, it will be destroyed or permanently de-identified.

We will also take reasonable steps to protect any personal information from misuse, loss, and unauthorised access, modification or disclosure, including by implementing security procedures for access to our business premises and within our offices, as well as IT security procedures including password protection, firewalls and site monitoring.

Although we aim to create a safe, secure environment by trying to limit access to the Website to legitimate users, we cannot guarantee that unauthorised parties will not gain access. We will not have any liability arising from any unauthorised access to your personal information.

Please contact us immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security (see the contact details in section 16 of this policy).


Changes to our Privacy Policy

We regularly review all of our business policies and may change this Privacy Policy from time to time, or as the need arises, without prior notice. You should periodically check the page on the CardioScan Website containing our Privacy Policy and review the policy regularly to ensure that you are aware of any changes to its terms. This is the current Privacy Policy and may replace any other privacy policy previously published for CardioScan.

This Privacy Policy was last reviewed on January 2018.


Contacting us

Please contact us via the contact details provided below if you want to:

  • want to obtain further information about the way we manage your personal information;
  • access your personal information held by us;
  • raise a concern or make a complaint regarding how we collect or handle of your personal information, including about a breach of this Privacy Policy or the Privacy Act 1988 (Cth); 
  • correct or update your personal information held by us; or
  • unsubscribe from any CardioScan mailing list or have any questions or complaints regarding unsolicited electronic communications which you may have received or are concerned about.


Contact us at:


Write to us at:
The Privacy Officer
Level 3, 293 Camberwell Rd
Camberwell VIC 3124


Need more information about privacy?
For more general information regarding privacy in Australia, visit the website of the Office of the Australian Information Commissioner.