Privacy Policy
Effective Date: June 24, 2025
CardiAction Screening Australia Pty Ltd (“CSA”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and manage your personal and health information when you use our services, including cardiovascular risk assessments delivered through the CardiAction digital platform.
This policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
CSA is an independent provider of non-clinical cardiovascular risk screening services. We deliver our services through the CardiAction platform, licensed to us by CardiAction Pty Ltd and hosted on secure digital infrastructure operated by contracted technology providers. CSA is solely responsible for managing your personal information collected through the service.
We collect the following types of information:
Personal Details: Personal Details: Full name, date of birth, gender, and contact information.
Health and Screening Data: Blood pressure, pulse wave analysis, weight, height, and other relevant biometric measures.
Service Usage Data: Appointment history, communication records, and engagement with our platform.
Optional Lifestyle or Demographic Data: Information you may voluntarily provide (e.g. smoking status, physical activity levels).
We collect and use your information for the following purposes:
To deliver your cardiovascular risk screening
To communicate with you about your appointment, results, and from time to time, to share updates about our services, cardiovascular health interventions, and news or educational content related to heart and artery health. You may opt out of these communications at any time.
To operate, maintain, and improve our platform and services
To analyse de-identified data to identify health trends and improve population-level outcomes
To comply with applicable laws, regulations, and service quality obligations
Access to your personal information is strictly limited to:
CSA’s authorised staff involved in delivering or supporting the screening service
Authorised technology service providers under contract to support platform infrastructure, security, and maintenance
CardiAction Pty Ltd, who may access only de-identified usage data for quality assurance, platform performance monitoring, or research oversight
All parties are bound by strict confidentiality and privacy agreements, and data is accessed solely on a need-to-know basis.
Your personal data is securely stored using Australian-based infrastructure licensed to CSA. Our technology partners are contractually obligated to comply with the Privacy Act 1988 (Cth) and to apply appropriate data protection, encryption, and access controls to prevent unauthorised access or misuse.
CSA may use de-identified information (that cannot reasonably be used to identify you) for:
Population health research
Service quality improvement
Ethical research studies, including those in collaboration with research institutions
This data will not be linked to your identity or used in a way that could reasonably re-identify you.
CSA is the sole provider of the CardiAction screening service, regardless of where the service is delivered. All data management and privacy responsibilities lie with CSA. Host locations (such as pharmacies or corporate clients) are not responsible for your data and are not covered by CSA’s professional indemnity insurance.
You may withdraw your consent at any time by contacting CSA using the details provided below.
Upon withdrawal:
CSA will cease collecting or using any further personally identifiable information.
Your previously collected de-identified data may continue to be used for research, evaluation, and quality improvement, in line with ethical and legal standards. This data will not be re-linked to your identity.
This approach aligns with accepted research and privacy guidelines under Australian law.
You may request access to or correction of your personal information by contacting CSA. We will take reasonable steps to ensure your data is accurate, complete, and up to date.
If you have concerns about how your personal information is handled, you may lodge a complaint with CSA. We will respond promptly in accordance with our obligations under the Australian Privacy Principles.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).
