Privacy Policy

Last updated: 15 November 2025

1. Introduction

DBPA Consulting ("we", "us", "our") operates the Vyra medical inventory management system. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to all users of our platform, including employees, contractors, and authorised business partners of our clients.

2. Information We Collect

2.1 Account Information

When your organisation creates an account for you, we collect:

  • Email address
  • First and last name
  • Mobile phone number (optional)
  • Role and access permissions

2.2 Business Contact Information

We collect information about healthcare professionals and business contacts including:

  • Professional names and titles
  • Business email addresses
  • Professional phone numbers
  • Practice or hospital affiliations
  • Professional specialisations

2.3 Order and Operational Data

To manage medical device inventory and surgical bookings, we collect:

  • Patient names and dates of birth (as required for surgical procedures)
  • Procedure dates, times, and locations
  • Medical device and equipment details
  • Order notes and special instructions

2.4 Form Submissions

Our platform includes customisable forms that may collect various types of information as configured by your organisation. The data collected depends on the specific form and its purpose.

2.5 Automatically Collected Information

We automatically collect certain technical information including:

  • Authentication session data
  • Audit logs of system actions (for security and compliance)
  • Timestamps of data creation and modification

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Vyra platform
  • Authenticate users and manage access permissions
  • Process surgical bookings and manage medical device inventory
  • Send transactional emails (notifications, form confirmations, event invitations)
  • Generate reports and analytics for your organisation
  • Maintain audit trails for regulatory compliance
  • Investigate and prevent security incidents
  • Respond to support requests

4. Information Sharing and Disclosure

We do not sell, rent, or trade personal information to third parties. We may share information with:

4.1 Service Providers

We use trusted third-party service providers located in Australia and the United States to operate our platform, including providers for:

  • Database hosting and user authentication
  • File storage
  • Email delivery
  • Data export and integration services

These providers are contractually bound to protect your information and only process it on our behalf.

4.2 Your Organisation

Information you submit through the platform is accessible to authorised users within your organisation based on their role and permissions.

4.3 Legal Requirements

We may disclose information when required by law, court order, or to protect the rights, property, or safety of DBPA Consulting, our users, or others.

5. Data Storage and Security

Your information is stored on secure servers managed by Supabase Inc. We implement industry-standard security measures including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Role-based access controls
  • Row-level security policies at the database level
  • Regular security audits and monitoring
  • Secure authentication with session management

6. Data Retention

We retain personal information for as long as necessary to provide our services and comply with legal obligations. Specifically:

  • Account data is retained while your account remains active
  • Order and transaction records are retained indefinitely for business and regulatory compliance purposes
  • Audit logs are retained indefinitely for security and compliance
  • Deleted records may be retained in backup systems for a reasonable period

7. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access - Request a copy of the personal information we hold about you
  • Correction - Request correction of inaccurate or incomplete information
  • Deletion - Request deletion of your account (subject to legal retention requirements)
  • Complaints - Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise these rights, please contact your organisation's administrator.

8. Cookies and Tracking

We use only essential cookies necessary for the platform to function, including:

  • Authentication session cookies to keep you logged in
  • Security cookies to prevent cross-site request forgery

We do not use third-party analytics, advertising cookies, or tracking technologies.

9. International Data Transfers

Some of our service providers are located outside Australia, primarily in the United States. When transferring data internationally, we ensure appropriate safeguards are in place, including:

  • Contractual protections with service providers
  • Verification that providers maintain adequate security standards
  • Limiting data shared to what is necessary for service provision

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact your organisation's administrator who can direct your inquiry to DBPA Consulting.

You may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au if you have concerns about how your personal information is handled.