Cor42
Book a consultation Work with us
Home Services Approach About Contact Work with us
Legal

Privacy policy.

Cor42 helps labs handle some of the most sensitive data on earth. We hold ourselves to the same standard we ask of our clients, this policy explains how.

Effective: 24 October 2025 · Current as of 24 October 2025

At Cor42, your privacy and our commitment to quality aren't just policies, they're fundamental principles that guide how we operate. Personal information you share with us is treated with industry-leading security measures and transparent practices.

This policy describes how Cor42 Pty Ltd ("Cor42", "we", "us", "our") collects, uses, discloses and protects information when you visit cor42.com or engage us for pathology IT consulting services.

Scope & data controller

This policy applies to the Cor42 website, our consulting engagements, and all communications you initiate with us, email, calls, video meetings, contact forms and document exchanges. Cor42 Pty Ltd is the data controller for personal information collected via this website.

Where Cor42 processes information on a client's behalf during an engagement, the client is the controller and Cor42 acts as a processor under a written agreement (Data Processing Agreement, Business Associate Agreement, or equivalent, as required by jurisdiction).

Information we collect

Information you provide

  • Identity & contact: name, work email, phone number, organisation, role.
  • Engagement detail: project context, area of interest, technical questions and any documentation you choose to send.
  • Communication preferences: how you'd like to hear from us and when.

Information collected automatically

  • Device & technical: IP address, browser type and version, operating system, referring URL, time-zone setting and locale.
  • Usage: pages viewed, time spent, navigation paths and aggregate analytics events.

Information we do not ask you to provide

Please do not include patient identifiers, protected health information (PHI), personally identifiable health data or sensitive case detail in any web form or unencrypted email. If we need to discuss specific clinical or technical data, we'll set up an encrypted channel and a written data-handling agreement first.

How we use information

We use the information we collect to:

  • respond to your enquiry promptly and accurately;
  • provide, scope and deliver consulting services;
  • maintain a record of communications for service quality and legal obligations;
  • improve the website, including security, performance and accessibility;
  • comply with applicable law, including reporting obligations to regulators.

We do not sell, trade or rent your personal information to third parties.

Where the EU GDPR, UK GDPR, or comparable laws apply, we rely on the following legal bases: (a) contract, to take steps at your request and to perform services; (b) legitimate interests, to operate, secure and improve the website and our services; (c) consent, for optional cookies and marketing where required; and (d) legal obligation, to meet statutory or regulatory duties. You may withdraw consent at any time without affecting prior processing.

Sharing & sub-processors

We share personal information only:

  • with sub-processors who provide infrastructure to us (for example email, hosting, video conferencing) under written agreements that limit them to the purposes we authorise;
  • with professional advisers (accountants, lawyers, auditors) under confidentiality;
  • with regulators and law enforcement, where required by law and after legal review;
  • in connection with a merger, acquisition or sale of business assets, with notice to affected individuals.

A current list of sub-processors is available on request to admin@cor42.com.

International transfers

Cor42 is headquartered in Australia and works with clients across North America, Europe and Asia-Pacific. Personal information may be transferred to, and processed in, countries other than the one in which you reside. Where transfers occur out of the EEA, UK or other regions with cross-border restrictions, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

Retention

We retain personal information only as long as needed for the purpose for which it was collected, and then for the period required by law:

  • website enquiries that don't result in an engagement: up to 24 months;
  • engaged-client records (contracts, correspondence, deliverables): the duration of the engagement plus 7 years for tax, audit and statutory record-keeping;
  • technical & security logs: typically 13 months, longer where required for incident response.

Security measures

We implement encryption in transit and at rest, access controls, multi-factor authentication, secure servers, vendor due-diligence and regular security reviews aligned to ISO 27001 controls. Engagement-specific safeguards are detailed in the relevant Data Processing Agreement.

No data transmission over the internet or electronic storage system is completely secure. While we use commercially reasonable means to protect your information, we cannot guarantee absolute security. We notify affected individuals and regulators in accordance with the law if a notifiable breach occurs.

Cookies & analytics

cor42.com uses cookies and similar technologies in the following categories:

  • Essential, required for authentication, security and core site functionality.
  • Analytical, aggregate usage measurements that help us improve the site.
  • Functionality, remember preferences such as language or region.
  • Targeting, only when explicitly enabled by you.
  • Third-party, cookies set by services we embed, governed by their own policies.

You can view and delete existing cookies, block cookies from specific sites, or configure your browser to alert you when cookies are set. Blocking essential cookies may break parts of the site.

Your rights

Depending on where you live, you may have the right to:

  • access the personal information we hold about you;
  • request correction of inaccurate or incomplete information;
  • request erasure of personal information ("right to be forgotten");
  • object to or restrict certain processing;
  • data portability, receive a copy in a machine-readable format;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with the Office of the Australian Information Commissioner (OAIC), the EU/UK data protection authority in your country, or other applicable regulator.

To exercise any of these rights, write to admin@cor42.com. We respond within statutory timeframes (typically 30 days; sooner where possible).

Children

The Cor42 website is intended for professional and business audiences. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with information, please contact us and we'll delete it.

PHI, clinical data & engagement-specific terms

Some Cor42 engagements involve protected health information, identifiable clinical data, or other specially regulated categories (for example, under HIPAA, the Australian Privacy Principles, the EU GDPR Article 9, or the UK Data Protection Act).

For those engagements, we sign jurisdiction-appropriate agreements before any data changes hands, Business Associate Agreements (HIPAA), Data Processing Agreements (GDPR / UK GDPR), Australian Privacy Principles bound contracts, and any additional terms required by the client's accreditation framework (RCPA, NATA, CAP, CLIA, ISO 15189). The terms of those agreements take precedence over this general policy for engagement-specific processing.

Breach notification

If a notifiable data breach occurs, we follow the timelines and procedures required by the relevant law, including the Australian Notifiable Data Breaches scheme, the EU GDPR's 72-hour authority-notification rule, and any sector-specific obligations (for example, HIPAA Breach Notification Rule). Affected individuals receive direct notice where required.

Changes to this policy

We may update this policy from time to time. Any changes will be posted on our website with an updated effective date. Where changes materially affect your rights, we'll also notify you by email if you've contacted us. Your continued use of our website following the posting of any changes constitutes your acceptance of those changes.

Contact us about privacy

For privacy questions, requests to exercise rights, or to report a concern:

  • Email: admin@cor42.com
  • Subject line: Privacy enquiry, Cor42
  • Postal address: available on request.

Cor42 Pty Ltd (ACN / ABN available on request) · Australia.

Questions about how we'd handle your data?

Privacy starts before signature. Talk to us about engagement-specific safeguards.

Contact us admin@cor42.com