You can get in touch with us at any time about the way we handle and safeguard your information. In addition to updating or deleting your account, or changing your user preferences, if you want to talk to us, ask us questions, update your information, register a concern, opt out of marketing or anything else – we're just a call or a few clicks away.
We have a dedicated Privacy Officer whose protected role at Arli is to ensure your information is kept safe and secure, to hold us to our service promises, and to respond to your requests, inquiries and complaints.
Our Privacy Officer reports directly to our CEO. You can get in touch with our Privacy Officer directly:
Arli helps people who struggle with addiction or who support those people take positive steps every day. We connect you to an ecosystem of recognition and support.
As part of our service, Arli provides you with online and mobile access to our secure digital platform.
At Arli, protecting your privacy and ensuring that you control the way your information is used is our priority. We hold ourselves to high standards, including by complying with privacy laws and this policy.
We mean what we say
In this policy, when we say:
• we, our or Arli – we mean Aurelius Health Pty Ltd (ABN 28 640 008 804).
• our platform – we mean the Arli digital platform that links you and people who you support with an ecosystem of recognition and support (including our website and app.)
• your information – we mean your health information and your general personal information, which we describe in section 3 below.
• your trusted care circle – we mean your network of family, loved ones and other carers, organisations or representatives who you may authorise to access your information through our platform (for example, for peer support purposes).
• your consent – we mean your express, informed and unbundled consent.
• our trusted partners – we mean our third party service providers, healthcare professionals or providers and other organisations that we partner with to help us deliver services to you and manage our platform.
• privacy laws – we mean all privacy and data protection laws that apply to us when we handle your information, including applicable health information laws, the Australian Privacy Principles and the rest of the Australian Privacy Act 1998 (Cth).
When you use the Arli platform, we collect and hold three main categories of information.
Your general personal information
includes non-health information that you or your trusted care circle choose to contribute directly to the Arli platform, or that you authorise us to collect on your behalf from our trusted partners.
Your health information
Includes any health information that you or your trusted care circle choose to contribute directly to the Arli platform, or that you authorise us to collect on your behalf from our trusted partners.
Information collected for our own business improvement or for research purposes
We may de-identify your information, and use that information in de-identified and aggregated form to conduct analysis on how our platform is being used in order to improve our services and provide benefits back to our users. We may provide insights from this de-identified, aggregated information to our (university) research partners in order to ensure our services are being validated (and are evidence based). These insights also contribute to public health research. We hope that by contributing to research in this way we can together help more people suffering from addiction.
We may also provide certain insights generated from such de-identified, aggregated information to certain trusted partners that have referred you to us, including Eastern Health (trading as Turning Point Alcohol and Drug Centre), The Buttery Ltd (a not-for profit mental health organisation) and certain clinical psychologists, so that these trusted partners can gain insight into the effectiveness of our services.
When we refer to 'de-identified' information, we mean information that has undergone a process of removing all personal identifiers that can reasonably identify you, where safeguards are in place to manage the risk of re-identification.
We may also collect de-identified information via cookies on our website, such as your browser type, operating systems and other websites visited, but these do not contain any of your personal information and will not be used to link back to you individually.
We won't use your health information, without your consent
At Arli, we pride ourselves on creating an environment that puts you in control of your health information and the ways it is used to provide benefits to you.
We will comply with the Privacy Act at all times, and that includes dealing with your information in accordance with the general permitted situations and permitted health situations from time to time (such is to lessen or prevent a serious threat to the life, health or safety of an individual if we are required to do so). It is part of our service promise that we don't otherwise use your health information for any purpose without your consent to use it in that way (for example, if you agree to us providing you with information to improve your health, well-being or care).
If we ever want to use your health information for a new or different purpose, we won't do so without first sending you a positive alert and obtaining your consent. Even once you've provided your consent for a particular use, you can withdraw it at any time, and we will regularly check with you to ensure your consents remain current.
As well as getting your consent, we always handle your health information in accordance with our applicable legal requirements, including our obligations when we collect your health information from our trusted partners (with your authorisation).
Before you provide your consent, you should know that we may from time to time need to respond to legal requests for information (like any company does). Section 10 tells you how we respond to those types of requests.
Use of your information on the platform
We use your general personal information and your health information to enable you to access and use the Arli platform and for us to deliver and improve our products and services. Breaking this down, we use your general personal information and your health information to:
• Capture your name, address and phone number and sign you up to the Arli platform
• Design, provide and manage our products and services
• Offer a forum for regular recovery meetings and encourage engagement
z Contact you when we need to tell you something important about the Arli platform or your information
• Comply with laws, and assist government or law enforcement agencies where we are required and authorised to do so.
When you are a Arli platform user, we will not:
• use any of your health information to send you marketing communications;
• disclose any of your health information to a third party in order for them to market to you,
unless you've given your consent for us to do so.
If you do consent to us using or disclosing your health information or your general personal information for marketing, we will contact you via the preferred communication method you nominate through the Arli platform. We'll always conduct our marketing practices in accordance with privacy laws and other applicable legal and ethical frameworks. We will only send you marketing communications that we believe could offer you a benefit in relation to your health, well-being or care.
If you do expressly consent to us sending you marketing messages using your information, you'll be able to opt out at any time – either by using the unsubscribe facility in the relevant message or by contacting us (it's easy – see section 1).
If you are not yet a registered Arli user, then we may market our services to you generally – including via social media, advertising through our website or through third party websites and other digital or non-digital platforms. We'll always do this in accordance with our legal requirements and only with our trusted partners.
We store all of your information in Australia, and in accordance with all applicable laws – we primarily use G-Suite for data access and storage. We don’t store it overseas, but some features of third party applications may involve access of information by those third parties as overseas recipients of information in order for them to make their functionality available for platform use.
We've designed the Arli platform as a safe space. We take all reasonable steps to keep your information secure and confidential.
We don't share your health information without your consent. It can only be accessed by you and the people you expressly tell us you want to share it with – being your trusted care circle and your trusted healthcare partners.
We may share your general personal information with our trusted partners who help us to deliver our products and services, and for the other reasons we tell you about in this policy or through the platform.
Generally, these third parties are service providers we engage to assist us to deliver services to you and manage the Arli platform – such as those that provide contracted services to Arli such as research and analytics, operating health questionnaires for you to access through the platform, information technology support, hosting and community forum services, telephony services, mailing or sending other documentation.
Keeping your information safe is the way we can gain and retain your trust – we take this very seriously.
We have crafted the Arli platform and our working environment with integrated physical, electronic and managerial processes designed to safeguard your information and protect it from misuse, interference loss and unauthorised access, modification or disclosure.
Here are some of the key things we do to protect your information.
Privacy Officer: Our Privacy Officer is tasked with the role of ensuring your information is kept safe and secure, holding us to our promises and responding meaningfully to your requests, inquiries and complaints about privacy and the way we handle your data.
Staff training: We put our staff through robust training, regularly, about how to keep your information safe and secure at all times.
Secure storage and handling: We use a combination of techniques and measures to maintain the security of the Arli platform and to protect your account and your information.
Destroying or de-identifying information: We only keep your information for as long as we need it or are lawfully required to keep it.
Your health information and your general personal information is not ours. We don’t seek to own it. You have rights in and to it, and we take that seriously. Here are the things you can ask us to do in relation to your information at any time while you use the Arli platform.
Access: You can request a copy of your information, and to ask for it in a format that can be easily reused or transferred to another person that you direct.
Correct: You can ask us to correct or update your information.
Complain: You can express your concerns or complaints to us about your privacy or the way we are handling your information. We take your concerns seriously and will seek to fix any problem as soon as possible.
Where we are not able to fulfil your request to access, correct or delete your health information or your general personal information for a legal or other reason, we will let you know why.
If you're not happy with the way we handle your query or handle your information (including our response to your request to access, correct or delete your health information or your general personal information), you have a right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by visiting the OAIC website.
To exercise any of your rights in relation to your information, you can contact us (it's easy – see section 1).
We want to be clear with you – from time to time, we may be compelled by a law enforcement agency to disclose your health information or your general personal information in a way that you have not expressly consented to in accordance with this policy.
We can't control the formal scope of law enforcement requests that we receive, but we can tell you now exactly what we do in order to respond to them.
Whenever we receive a request from a law enforcement agency in relation to your information, our policy is to carefully test, on a case by case basis (and with assistance from our trusted law firm) the source of power that the agency is relying on, to ensure that it is a legitimate request under law.
If we determine that the request is legitimate, then of course we will comply with our legal requirements and grant access only to the extent necessary to satisfy the purpose of the request.
Where the law permits us, we will notify you about our response to the request and where permitted, the enforcement agency to whom your information has been disclosed.
If we need to change this policy in a way that affects the way we handle your information, you'll receive an alert through the Arli platform the next time you log in.
And remember – no surprises – we don't use your health information for our own purposes, without your specific consent.
You can find out more about the various privacy laws and other rules, regulations and standards we've mentioned in this policy by following the links below.
• Privacy Act 1998 (Cth)
• OAIC Privacy Act page
• OAIC home
• APP (Australian Privacy Principles) Guidelines
• Contact and complaints