TrueBlueReview

True Blue Review – Data Processing Agreement

This Agreement is between:

The Healthcare Practice ("Clinic")

and

True Blue Review Pty Ltd ("Service Provider")

This Agreement applies when the Clinic uses the True Blue Review service or connects a practice management system integration.

1. Purpose

The Service Provider sends post-appointment communications and patient feedback requests on behalf of the Clinic.

The Service Provider processes personal information only to provide this service.

2. Roles

The Clinic is the holder of patient records. True Blue Review acts as a contracted service provider processing information on the Clinic's instructions.

True Blue Review does not determine the purpose of patient communications.

3. Information Processed

The Service Provider may process limited patient information:

  • patient name
  • mobile phone number
  • appointment attendance/date
  • message delivery status
  • opt-out status

The Service Provider does not process clinical records.

4. Clinic Responsibilities

The Clinic warrants that:

  • it has authority to disclose patient contact information
  • it complies with the Privacy Act 1988 (Cth)
  • it complies with the Spam Act 2003 (Cth)
  • patients are appropriately informed of communications
  • communications requested are lawful

The Clinic remains responsible for patient care and clinical decisions.

5. Service Provider Responsibilities

True Blue Review will:

  • process information only to provide the service
  • not use patient information for independent marketing
  • implement reasonable security safeguards
  • restrict access to authorised personnel
  • notify the Clinic of a data breach
  • delete identifiable patient data after termination (except opt-out suppression records)

6. Sub-processors

The Clinic authorises the Service Provider to use service providers such as hosting and SMS providers where necessary.

The Service Provider will take reasonable steps to ensure those providers protect personal information.

7. Data Breach

If a data breach occurs, the Service Provider will notify the Clinic promptly and cooperate in response.

8. Confidentiality

All patient information is confidential and may only be used to operate the service or where required by law.

9. Termination

Upon termination:

  • processing stops
  • identifiable data is deleted within a reasonable timeframe
  • opt-out records may be retained to prevent further messaging

10. Liability

The Service Provider is responsible only for its handling of personal information.

The Clinic is responsible for:

  • patient consent
  • message appropriateness
  • legal compliance of communications.

11. Governing Law

This Agreement is governed by the laws of Australia.

By using the service, the Clinic agrees to this Agreement.

Back to Sign Up