MGP‑Pulse MGP‑Pulse

Privacy Policy

A-BASE TECH AU PTY LTD
ABN: 98 691 196 782
Email: info@mgp-pulse.com.au
Effective Date: November 3, 2025
Last Updated: November 3, 2025

1. Introduction

This Privacy Policy explains how A-BASE TECH AU PTY LTD ("we", "us", "our") handles personal and health information through our MGP Pulse application ("the App") in compliance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

The App is a secure software platform designed for Midwifery Group Practices (MGPs) to manage client appointments, pregnancy information, and care coordination. We act as the custodian of health information entered by midwives on behalf of their healthcare providers.

2. Information We Collect

Midwives enter the following personal and health information about their clients into the App:

Personal Information:

  • Full name (first and last name)
  • Email address
  • Phone number
  • Physical address

Health Information (Sensitive Information under APP 3):

  • Estimated due date (EDD)
  • Parity
  • Birthing details
  • Clinical notes related to pregnancy and birth outcomes

Appointment Information:

  • Scheduled appointments and events
  • Event types (antenatal visits, ultrasounds, consultations)
  • Location of care
  • Midwife assignments

Important: We do not collect this information directly from clients. Midwives enter this information into the App as part of their clinical practice on behalf of their healthcare provider. The collection of this information from clients, including obtaining necessary consents, is the responsibility of the healthcare provider and midwives.

3. Why We Collect This Information

We collect and store this information to enable:

  • Care coordination between midwives within the same Midwifery Group Practice
  • Appointment scheduling and management
  • Continuity of care across the midwifery team
  • Clinical record-keeping for pregnancy and birth outcomes

Legal Basis: We process this information as part of providing healthcare service infrastructure under the Australian Privacy Act 1988 (Cth).

4. How We Use This Information

The information stored in the App is used solely for:

  • Displaying client schedules and appointments to authorized midwives
  • Coordinating care within the assigned Midwifery Group Practice
  • Maintaining clinical records for continuity of care
  • System security and integrity monitoring through audit trails

We do not use this information for:

  • Marketing or promotional purposes
  • Research without appropriate authorization
  • Any purpose unrelated to clinical care coordination

5. Who Can Access This Information

Within the App:

  • Midwives within the same MGP: All midwives assigned to the same Midwifery Group Practice can access client information for care coordination purposes. Due to the collaborative nature of midwifery group practice, there is no restriction on access between midwives within the same MGP group.
  • System administrators: Limited access for technical support, system maintenance, and security monitoring purposes only.

Data Isolation:

  • Client data is strictly isolated between different MGP groups
  • Midwives can only access information for clients assigned to their MGP
  • No data sharing occurs between different Midwifery Group Practices

External Access:

  • Healthcare providers may analyze data for quality improvement and clinical governance
  • No information is shared with third parties for commercial purposes
  • No cross-border data transfers occur (all data remains in Australia)

6. How We Protect This Information

We implement robust security measures to protect personal and health information:

Technical Security:

  • AES-256 encryption for all sensitive data fields at rest in the database
  • Encrypted fields include: names, email, phone, address, date of birth, estimated due date, and clinical notes
  • 90-day persistent authentication with secure token refresh mechanism
  • MGP-based data isolation preventing access across different midwifery groups
  • Server-Sent Events (SSE) for real-time secure updates
  • UTC timezone standardization for data integrity

Organizational Security:

  • Dual audit trail system:
    • 7-year compliance audit trail for regulatory requirements
    • 6-month transparency audit for detailed access monitoring
  • Access logging for all data modifications
  • Regular security monitoring and error detection
  • Secure authentication with role-based access controls (midwife, admin)

Infrastructure Security:

  • Server location: Sydney, Australia (no international data transfer)
  • Automated backups:
    • Full backups every 12 hours
    • Incremental backups every 2 hours
    • All backups stored in Australia
  • Secure hosting environment with industry-standard protections

7. Data Retention

Client Information:

  • Client personal and health information is retained indefinitely to support ongoing care and clinical record-keeping requirements
  • Healthcare providers and midwives are responsible for determining appropriate retention periods based on clinical and legal requirements

Audit Trails:

  • Compliance audit records: 7 years (regulatory requirement)
  • Transparency audit records: 6 months

Deletion Requests:

  • Clients wishing to have their information deleted must contact their assigned midwife
  • The midwife and healthcare provider will determine if deletion is appropriate based on clinical and legal obligations
  • Timeframes for deletion are managed by the healthcare provider

8. Your Rights (Client Rights)

Under the Australian Privacy Principles, clients have rights regarding their personal and health information. To exercise these rights, clients must contact their assigned midwife or healthcare provider:

Right to Access (APP 12):

  • Clients can request access to their personal and health information
  • Requests should be directed to the assigned midwife

Right to Correction (APP 13):

  • Clients can request corrections to inaccurate or incomplete information
  • Requests should be directed to the assigned midwife

Right to Deletion:

  • Clients can request deletion of their information
  • Requests are subject to clinical and legal record-keeping requirements
  • Managed by the healthcare provider and assigned midwife

Timeframes: Response times for access, correction, and deletion requests are determined by the healthcare provider and their policies.

Note: We do not handle client requests directly. All requests must go through the midwife or healthcare provider who manages the client relationship.

9. Data Breach Notification

In the event of a data breach that is likely to result in serious harm to individuals:

  1. We will immediately investigate the breach
  2. We will promptly notify affected Midwifery Group Practices and healthcare providers
  3. We will assist healthcare providers in meeting their notification obligations under the Privacy Act and the Notifiable Data Breaches (NDB) scheme
  4. We will take immediate remedial action to prevent further unauthorized access

Healthcare providers are responsible for notifying affected clients as required by law.

10. Collection Notification (APP 5 Compliance)

Important Notice to Healthcare Providers and Midwives:

Under APP 5, clients must be informed at the time their information is collected:

  • What information is being collected
  • Why it is being collected
  • Who will have access to it (midwives within the MGP)
  • How it will be stored and secured
  • Their rights to access and correct information
  • How to make complaints

This notification is the responsibility of the healthcare provider and midwives, not A-BASE TECH AU PTY LTD. We provide the technical platform only.

11. Sensitive Information Handling (APP 3)

The App stores sensitive health information including pregnancy and birth details. Under APP 3, collection of sensitive information requires:

  • Explicit consent from the individual, OR
  • Collection is necessary for healthcare service provision

Obtaining appropriate consent and ensuring lawful collection is the responsibility of the healthcare provider and midwives. We provide secure storage and access controls but do not manage the consent process.

12. Complaints Process

Complaints About the App:

If you have concerns about how we handle personal or health information through the App:

  1. Contact us first:
    Email: info@mgp-pulse.com.au
    We will investigate and respond to your complaint
  2. Contact your healthcare provider:
    For complaints about data collection, use, or access by midwives
  3. Contact the OAIC:
    If your complaint is not resolved satisfactorily, you can lodge a complaint with:
    Office of the Australian Information Commissioner (OAIC)
    Phone: 1300 363 992
    Email: enquiries@oaic.gov.au
    Website: www.oaic.gov.au

13. Third-Party Services

Data Processing:

  • Server hosting: Sydney, Australia (Australian data centers only)
  • Backups: Stored in Australia, managed internally
  • Error monitoring: Internal monitoring only, no third-party analytics services
  • No cross-border transfers: All data remains within Australia

Data Analysis:

  • Healthcare providers may analyze their own client data for quality improvement
  • No data is shared with external analytics providers without explicit authorization

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Changes in privacy laws
  • Improvements to the App

When we make significant changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will notify healthcare providers and MGP administrators
  • Users are encouraged to review this policy periodically

The current version is always available at: https://mgp-pulse.com.au/privacy

15. Contact Us

For questions about this Privacy Policy or our data handling practices:

A-BASE TECH AU PTY LTD
ABN: 98 691 196 782
Email: info@mgp-pulse.com.au

For questions about your personal information, data collection practices, or clinical records, please contact your assigned midwife or healthcare provider directly.

16. Acknowledgment of Australian Privacy Principles

This Privacy Policy is designed to comply with the following Australian Privacy Principles:

  • APP 1: Open and transparent management of personal information
  • APP 3: Collection of solicited personal information (including sensitive information)
  • APP 5: Notification of collection
  • APP 6: Use or disclosure of personal information
  • APP 11: Security of personal information
  • APP 12: Access to personal information
  • APP 13: Correction of personal information

Healthcare providers using the App remain responsible for their own APP compliance regarding collection, consent, and client notification requirements.