Skip to main content
MedNext

Privacy Policy

We handle your personal information with care, transparency, and full compliance with Australian privacy law. This policy explains exactly how we collect, use, and protect your data.

Mouse Soft Australia Pty Ltd ("we", "our", or "us") is committed to protecting your privacy and ensuring that your personal information is handled securely and responsibly. This policy outlines how we collect, use, disclose, and protect your information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

You can learn more about the Australian Privacy Principles at the Office of the Australian Information Commissioner's website: www.oaic.gov.au

1. What Personal Information We Collect

We may collect information that identifies you, including:

  • Name, address, email, phone number, and professional details
  • Information provided through forms, emails, phone calls, and our websites (including www.mednext.com.au and www.medicalwizard.com.au)
  • Technical information such as browser type and IP address (where provided by your browser or network for operational purposes)

We collect this information directly from you or from authorised third parties such as healthcare organisations, public directories, or trusted partners. Where practicable, you may interact with us anonymously or under a pseudonym; however, this may limit our ability to provide certain services, particularly those involving patient health information.

2. Why We Collect It

We collect personal information primarily to:

  • Provide our software and support services
  • Communicate with clients and users
  • Improve our products and digital experience
  • Meet our legal, regulatory, and security obligations

You may opt out of marketing communications at any time by contacting us in writing.

2.1 Direct Marketing

We may use your name and contact details to send you information about our products, services, or updates that we consider may be of interest to you. We will only do so where you would reasonably expect this, or with your consent. Every marketing communication includes a clear way to opt out, such as an unsubscribe link. We do not provide your personal information to third parties for their own direct marketing purposes without your consent.

3. Sensitive and Health Information

We may collect limited health-related or other sensitive information only when necessary for service delivery, and only with your consent, where permitted under an exception in the Privacy Act 1988 (Cth), or as required by law.

Where our clients use MedNext to process patient health information, they remain the custodians of that data. We act only as a technology service provider and do not access patient data except as authorised for support or maintenance purposes.

3.1 Government-Related Identifiers

In the course of providing our services, we may handle government-related identifiers such as Medicare numbers or Individual Healthcare Identifiers (IHI), where this information is provided to us by healthcare provider clients for the purpose of delivering the software service. We do not adopt a government-related identifier as our own identifier for an individual, and we do not use or disclose such identifiers other than as necessary to provide our services, as required or authorised by law, or with consent.

4. How We Store and Protect Your Data

Your information is stored securely in accordance with industry best practices. All data is hosted in Australian-based AWS data centres with strong encryption, access controls, and regular security reviews.

Our development teams work only with de-identified or synthetic test data and do not have access to live patient information. Where authorised personnel — including personnel located outside Australia — need to access systems for support or maintenance purposes, this is done by remotely connecting to Australian-based infrastructure via a secure, logged remote-access session. No personal information is stored, copied, or transferred outside Australia as a result of this access, and all such sessions are authorised, logged, and limited to what is necessary for the task.

When personal information is no longer needed, we take reasonable steps to securely destroy or de-identify it. See Section 4.1 below for our retention periods.

4.1 Retention Periods

We retain personal information only for as long as necessary for the purposes for which it was collected, or as required by law. As a guide:

  • Patient health information processed on behalf of our healthcare provider clients is retained in accordance with applicable health records retention laws, generally a minimum of 7 years from the last entry for adult patients, and until the patient turns 25 years of age for minors (or longer where required by the relevant State or Territory legislation).
  • Client and user account information is retained for the duration of the service relationship and for 7 years afterward to meet our legal and accounting obligations.
  • Website data: analytics tracking is not currently active on this website. This policy will be updated with applicable retention periods when analytics is implemented.

5. Disclosure of Personal Information

We may disclose your personal information to:

  • Trusted service providers and business partners assisting us in operations, including cloud hosting providers, IT support providers, payment processors, and email or communications platforms
  • Regulatory or legal authorities when required by law
  • Other parties with your explicit consent

We do not sell or rent personal information to third parties. We do not disclose personal information to overseas recipients, other than the limited remote-access arrangement described in Section 4 above, which does not involve personal information leaving Australian-hosted infrastructure.

6. Cookies and Website Analytics

Analytics tracking is not currently active on this website. This policy will be updated when analytics is implemented, including details of any cookies used and applicable retention periods.

You can manage cookie preferences in your browser settings at any time.

7. Access and Correction

You may request access to, or correction of, your personal information at any time by contacting us in writing. We may verify your identity before releasing information.

There is no fee for making an access request, though administrative costs may apply for copies.

8. Maintaining Accuracy

We take reasonable steps to ensure your personal information is accurate and up to date. Please notify us if any details change.

9. Children and Minors

Our website and corporate communications are not directed at children. Where our software is used by healthcare provider clients to process health information relating to minors, that information is collected, used, and disclosed by the relevant healthcare provider in accordance with their own privacy obligations and consent arrangements with the patient or the patient's parent/guardian; we act only as a technology service provider in that context, consistent with Section 3 above.

10. Data Breach Notification

We maintain procedures to identify, assess, and respond to data breaches involving personal information. Where we have reasonable grounds to believe an eligible data breach has occurred, we will comply with our obligations under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act 1988 (Cth), including assessing the breach, notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required, and taking steps to contain and remediate the breach.

11. Policy Updates

This policy may be updated periodically to reflect product, legal, or regulatory changes. The latest version will always be available on our website, along with the version number and date it was last updated.

12. Complaints

For any questions about this policy, please contact us at sales@medicalwizard.com.au or call (03) 9888 2555.