Covidence website will be inaccessible as we upgrading our platform on Monday 23rd August at 10am AEST, / 2am CEST/1am BST (Sunday, 15th August 8pm EDT/5pm PDT) 

Privacy Policy


This privacy policy (“Privacy Policy”) sets out how Veritas Health Innovation Ltd ABN 41 600 366 274 and its related bodies corporate (“we”, “our”, ”us”) collects, stores, uses, protects, shares and discloses your Personal Data. Capitalised terms not defined in this Privacy Policy have the meanings given in our Terms of Service. By visiting or using our website accessible at and its related services, products, websites, tools and applications, including Covidence, our flagship online systematic review platform (“Services”) you agree to the collection, storage, usage and disclosure of your Personal Data by us in the manner described in this Privacy Policy.

From time to time we will review our Privacy Policy. We will notify you about any changes to our Privacy Policy at any time by posting an updated version of the Privacy Policy on the Website. We do not make any representations about third party web sites that may be linked to the Website.

In this Privacy Policy, “Personal Data” means any information that allows someone to identify you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.

The processing of Personal Data by us will always be in line with the Australian Privacy Principles contained in the Privacy Act 1998 (“Privacy Act”), the General Data Protection Regulation (“GDPR”), and in accordance with country-specific data protection regulations applicable to us. For purposes of the GDPR we are a data controller (entity details as above).

We have implemented a number of technical and organisational measures to ensure the protection of Personal Data processed through our Services.

User Consent

We rely on your consent as the lawful basis to the collection and processing of your data under the GDPR. We will always ask you to positively affirm your acceptance of our Privacy Policy. By clicking a button indicating that you accept this Privacy Policy, you acknowledge and agree to be bound by this Privacy Policy.

For all areas of the Services where consent is given it is just as easily able to be withdrawn through the appropriate account settings on the Services. An individual may opt to not have us collect their Personal Data. This may prevent us from offering them some or all of our Services and may terminate their access to some or all of the Services they access with or through us. If an individual believes that they have received information from us that they did not opt in or they opted out to receive, they should contact us using the details below.


Our Service is not offered to children. We do not knowingly collect Personal Data from children without parental or guardian consent.

If you become aware that a child has provided us with information please contact us. Any information provided that is in breach of this provision will be deleted.

What Personal Data we collect

We will only collect Personal Data from you if it is reasonably necessary for us to collect it in order to provide our Services.

Information you provide to us

  1. Account Data

    You do not need to create an account with us to use some of our Services. If you wish to subscribe to our Services or use the Covidence platform you will need to register and set up a user account.

    When you register, or subscribe to our Services, we collect the information of the details you input on the forms provided.

    During your account registration, and later on if you update your registration details, you may be required to provide us with your full name, email address, password, organisation and position title. We may also ask specific questions in relation to your review in order to better customise your onboarding experience.

    If you sign up to our Services including Covidence, we will use your details to assist us in providing the online systematic review platform to you. This includes assisting in verification and security measures, notifying you of new products, invoices and other financial requirements, and providing you with access to Covidence. Other users may be able to see your details if you make them public (for example your Account Data will be associated with review data you contribute and be visible to other Covidence users).

    The legal basis for the above processing is based on:

    • your consent through your voluntary submission of the form/s and agreeing to these terms (please note that some information is necessary for the running of our Services such as invoicing and billing and consent is not the lawful basis for that processing);
    • the Personal Data being necessary for the performance of a contract to which you are a party;
    • carrying out pre-contractual measures; and/or
    • any other legitimate interests as detailed below.

    The registration of an account and voluntary provision of Personal Data to us is intended to enable us to offer you Services that may only be available to registered users, as well as provide with access to password protected areas of the Services.

  2. Review Data

    When you create an account on Covidence and submit Review Data to be made available to other Covidence users and non-Covidence users, you may provide us with information such as:

    • your name or the name of other persons specified in the Review Data;
    • contact information contained in the Review Data; and/or
    • the Review Data generally that is associated or linked to your Personal Data.

    You may also submit this Review Data to us outside of Covidence.

    We use this Review Data to be able to provide the Services to you, specifically the Covidence platform. As part of our mission to improve the efficiency of evidence production we may develop services that enable the sharing of this data with other Covidence users and others in the scientific community. We may also aggregate and incorporate Review Data as part of new data sets and make those data sets available to others. The processing of Review Data is integral to the running of our Services. It is one of the main functions of Covidence.

    The legal basis for the above processing is based on:

    • your consent through your voluntary submission of the form/s and agreeing to these terms;
    • the Personal Data being necessary for the performance of a contract to which you are a party;
    • carrying out pre-contractual measures; and/or
    • any other legitimate interests as detailed below.
  3. Testimonial Data

    When you provide us with a testimonial or review of the Services, we may collect such information including your name, your email address and your address. This is in addition to the testimonial or review and any information you provide in that testimonial or review.

    We use this information to be able to market our Services to others. We may place your testimonial or review on our website as well as on other social media platforms and advertising mediums. Your name, organisation and job title may be placed directly below your testimonial or review, therefore the testimonial or review data will be associated or linked to your Personal Data. Should you have recommended the platform via a public forum or on social media, we may embed that recommendation, linking back to its original public source.

    The legal basis for the above processing is based on your consent through your voluntary submission the data to us and agreeing to these terms.

  4. Form and Support Data

    Our Services contain several forms where you may submit information to us, including without limitation:

    • a request for us to provide you with support, in which case your information will be used to assist us in responding to your request; and/or
    • a request for information regarding Covidence, in which case we will use your details to provide marketing information for Covidence and any information we consider would be of benefit for you.

    The legal basis for this processing is based on:

    • your voluntary submission of the form and agreeing to these terms or by your voluntary submission of data to us by other means;
    • the Personal Data being necessary for the performance of a contract to which you are a party (this is particularly the case if you’re a user of Covidence and request support);
    • for carrying out pre-contractual measures; and/or
    • any other legitimate interests as detailed below.
  5. Payment Data

    When you make a purchase from us or subscribe to our Services, we (or our third party service provider) will collect all information necessary to complete the transaction, including your name, credit card information, debit card information, billing information and/or other provider information.

    The legal basis for this processing is based on:

    • your consent through your voluntary submission of the form and agreeing to these terms;
    • the Personal Data being necessary for the performance of a contract to which you are a party including the payment of goods or services; and/or
    • any other legitimate interests as detailed below.
  6. Subscription Data

    When using the Services you may have the ability to subscribe to various newsletters or other forms. We may collect your Personal Data when you input your details for subscription purposes.

    The Personal Data is processed for the purpose of informing you regularly by means of a newsletter or other offer form in respect of the topics you have subscribed to. We may also use your Personal Data to send you other information about our Services, including promotional materials and partner content. The Personal Data collected during the subscription will only be used for reasons made known at the time of subscribing.

    The legal basis for this processing is based on:

    • your consent through your voluntary submission of the form and agreeing to these terms; and/or
    • any other legitimate interests as detailed below.

    By submitting the form and voluntarily providing us with your data, you are providing consent to the use of such data by us. For the purpose of revocation of consent there is a corresponding unsubscribe link found in each subscription email. Please review the consent section above in this Privacy Policy for how we deal with consent. Where we use your data for direct marketing we will ensure that it is in compliance with relevant laws. Where you are a customer of ours we may be required to send you emails for legitimate reasons including but not limited to billing, reminders, key product changes and account verification. You cannot unsubscribe from these emails whilst you remain a user of our Services.

  7. General Data

    We may also collect Personal Data at other points in our Services, such as when you contact us, supply goods and/or services to us, or require us to provide you with access. In some circumstances, Personal Data is provided to us by third parties such as our related entities, service providers or other organisations conducting activities on your behalf. We are entitled to presume that you have given your consent to your Personal Data being used and disclosed to us this way.

    The legal basis for this processing is based on:

    • your voluntary submission of the Personal Data and agreeing to these terms or by your voluntary submission of Personal Data to us by other means;
    • the Personal Data being necessary for the performance of a contract to which you are a party;
    • for carrying out pre-contractual measures; and/or
    • any other legitimate interests as detailed below.

Information we collect as you use our services

  1. Log Data

    To make our Services more useful to you, our servers (which may be hosted by a third party service provider) gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data. We may collect information about your online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information.

    We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site, to improve our Services, for statistical purposes and to gather demographic information about our user base as a whole.

    We also use cookies and similar technologies which we discuss below.

  2. Social Networking Services

    If you:

    • log on to the Service with your login credentials from a social networking site (such as Facebook, Twitter, or LinkedIn) (“Social Networking Services”); or
    • associate your Covidence account with your account at a Social Networking Service,

    we may receive information about you from such Social Networking Services, in accordance with such Social Networking Services terms of use and privacy policy (“SNS Terms”). We may add this information to the information we have already collected from you via the Service. If you elect to share your information with these Social Networking Services, we will share information with them in accordance with your election. The SNS Terms will apply to the information we disclose to them. We have no control over this or whether such Social Networking Services will comply with their SNS Terms. As such, you provide and disclose such information at your own risk.

  3. Pixel Tags

    Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.

Information we collect from others

  1. Data and content other people upload

    We may also collect information and communications that other people provide when they use our Services. This can include information about you such as when others send us Review Data which contains your Personal Data (such as author information) or a public forum discussion.

    This Personal Data also includes the interaction between the different roles of Users using Covidence. For example, if a Review Collaborator invites you to their review, they may share your Personal Data with us in order for us to send you an email invitation.

How we use your Personal Data

We will only use or disclose your Personal Data for the purposes for which we advised you we were collecting it for (which are set out as follows and otherwise in this Privacy Policy) or a related purpose which would reasonably be expected or otherwise with your permission.

Generally we will use your Personal Data:

  1. to operate the Services including to:
    1. enable us to provide the Services to you including updates and improvements;
    2. to manage our relationship with you, including information about similar services we provide;
    3. enable you to communicate with us regarding the Services;
    4. to communicate with you about your user account or any transaction;
    5. provide customer support;
    6. provide payment services;
  2. conduct our business, generate content;
  3. to administer contracts including to negotiate, execute and or manage a contract with you;
  4. for our administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes, and our related bodies corporate, contractors and employees or service providers;
  5. to conduct business processing functions including providing Personal Data to our related bodies corporate, contractors, service providers or other third parties, including but not limited to providing your information to a contractor and other goods and Services provided in our Services;
  6. to provide your updated Personal Data to our related bodies corporate, contractors, employees or service providers;
  7. to provide, administer, market and manage our Services, including but not limited to, providing you with customary search results for use in our Services;
  8. to provide you with access to protected areas of the site and to authenticate your account;
  9. to conduct surveys to determine use and satisfaction with our Services;
  10. to enforce our Terms of Service, this Privacy Policy or any other policy;
  11. to verify information for accuracy or completeness (including by way of verification with third parties);
  12. to comply with our legal obligations, a request by a governmental agency or regulatory authority or legally binding court order;
  13. to combine or aggregate your Personal Data with information we collect from third parties and use it for the purposes set out this Privacy Policy;
  14. to aggregate and/or make anonymous your Personal Data, so that it cannot be used, whether in combination with other information or otherwise, to identify you;
  15. to resolve disputes and to identify, test and resolve problems;
  16. to notify you about the Services we provide and updates to the Services from time to time; and/or
  17. to protect a person’s rights, property or safety.

In the event that we hold sensitive information about you, we will only disclose or use that information with your consent or if another exception applies under applicable laws.

Creation of Anonymous Data

We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose.

If we do combine non-personal information with personal information the combined information will be treated as Personal Data for as long as it remains combined.

Disclosure of your Personal Data

We may disclose your Personal Data to third parties for the purposes contained in this Privacy Policy (including those listed above), including without limitation to:

  1. Service Providers

    We may share your Personal Data with service providers to:

    • provide you with the Services that we offer you through our Services;
    • to conduct quality assurance testing;
    • to facilitate creation of accounts;
    • to provide technical support; and/or
    • to provide other services to us.

    The service providers include:

    • information technology service providers such as web host providers, email service providers, customer relationship management (CRM) platforms and analytical providers;
    • mailing houses;
    • market research organisations to enable them to measure the effectiveness of our advertising; and
    • specialist consultants.

    These third-party service providers are not permitted to use your Personal Data other than to provide the Services requested by us.

  2. Affiliates and Acquirers

    We may share some or all of your Personal Data with our parent company, subsidiaries, joint ventures, or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy. In the event we are involved in a merger, acquisition or sale of assets we may disclose Personal Data collected by us to such entities that we propose to merge with or be acquired by, and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy. This includes the disclosure of information to our clients where we act as a data processor.

  3. Third parties and others you choose to share with

    We may disclose your Personal Data to third parties to whom you expressly ask to us to send the Personal Data to or to others you directly or indirectly choose for us to disclose your Personal Data to.

    Please note when you make your information public, your information may become accessible through search engines.

We will take reasonable steps to ensure that anyone to whom we disclose your Personal Data respects the confidentiality of the information and abides by the APPs the GDPR or equivalent privacy laws. Where necessary under applicable laws, we will enter into data processing agreements with processors.

We may share your Personal Data with such third parties subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your Personal Data only on our behalf and pursuant to our instructions.

We will not share, sell, rent or disclose your Personal Data in ways different from what is disclosed in this Privacy Policy.

If we can’t collect your Personal Data

If you do not provide us with the Personal Data described above, some or all of the following may happen:

  • we may not be able to provide the requested products or Services to you, either to the same standard or at all;
  • we may not be able to provide you with information about products and Services that you may want; or
  • we may be unable to tailor the content of our Services to your preferences and your experience of our Services may not be as enjoyable or useful.

Cookies Policy

We use cookies and URL information to gather information regarding the date and time of your visit and the information for which you searched and which you viewed. “Cookies” are small pieces of information that a Website sends to your computer’s hard drive while you are viewing a web site. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. Persistent Cookies can be removed by following Internet browser help file directions. Cookies may enable automatic logins when you visit in the future and may enable content customisation.

Cookies may collect and store your Personal Data. This Privacy Policy applies to Personal Data collected via Cookies. You consent and acknowledge that we collect your Personal Data through Cookies.

We sometimes use Cookies to show remarketing communications via third party networks like Google Display network, Facebook and others.

In order to operate Covidence, we use third parties for various purpose (such as to record errors encountered by users, monitor system performance, provide analytics that inform our product roadmap, etc). These third parties may add a Cookie to your browser to correlate your activity across multiple pages for these purposes.

You can control and/or delete cookies as you wish.

Third Party Services

When you click on a link to any other website or location, you will leave our Services and go to another website and another entity may collect Personal Data from you. We have no control over, do not review, and cannot be responsible for, these outside websites. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on links to such outside websites.

Managing your Personal Data

Subject to the Privacy Act and the GDPR, you may request to access the Personal Data we hold about you by contacting us. All requests for access will be processed within a reasonable time.

  1. Accessing or Rectifying your Personal Data

    We may, if required, provide you with tools and account settings to access, correct, delete, or modify the Personal Data you provided to us. You can find out more about how to do this by contacting us. In the event that you are unable to access your account to access or rectify your Personal Data, you may submit a request to us to correct, delete or modify your Personal Data.

  2. Deletion

    We keep data for as long as it is needed for our operations. If you deactivate and delete your account your data will no longer be visible on your account. Please keep in mind that third parties may still retain copies of information you have made public through our Site.

    If you wish to have us delete your data please contact us.

  3. Object, Restrict, or Withdraw Consent

    If you have an account on the Site you will be able to view and manage your privacy settings. Alternatively, if you do not have an account, you may manually submit a request to us if you object to any Personal Data being stored, or if you wish to restrict or withdraw any consent given for the collection of your Personal Data.

    You may withdraw your consent to the processing of all your Personal Data at any time. If you wish to exercise this right you may do so by contacting us.

    You may withdraw your consent or manage your opt-ins by either viewing your account on the Services or clicking the unsubscribe link at the bottom of any marketing materials we send you.

  4. Portability

    We may, if required and possible, provide you with the means to download the information you have shared through our Services. Please contact us for further information on how this can be arranged.

We may retain your information for fraud prevention or similar purposes. In certain instances we may not be required or able to provide you with access to your Personal Data. If this occurs, we will give you reasons for our decision not to provide you with such access to your Personal Data in accordance with the Privacy Act and the GDPR.

There is no application fee for making a request to access your Personal Data. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for information or where the information is held by a third party provider.

Anonymity and Pseudonymity

In order for us to operate our site and interact with our customers and users, we need to know their personal details. It is not practicable for us to deal with individuals who have not identified themselves or who use a pseudonym.

Storage and Security of your Personal Data

We are committed to protecting the security of your Personal Data. We (and our third party service providers) use a variety of industry-standard security technologies and procedures to help protect your Personal Data from unauthorised access, use or disclosure. We will take all reasonable precautions to protect an individual’s Personal Data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.

We follow reasonable technical and management practices to help protect the confidentiality, security and integrity of data stored on our system. While no computer system is completely secure, we believe the measures implemented by us reduce the likelihood of security problems to a level appropriate to the type of data involved. We use industry-standard encryption to store and transfer Personal Data. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.

Covidence is designed to optimise collaboration in research by facilitating a cloud based solution available to reviewers around the world. Given this, data may be stored outside of your country of origin.

We encourage you to be vigilant about the protection of your own information when using digital services, such as social media. While we will endeavour to ensure that any relationships we have with third parties include an appropriate level of protection for your privacy, we will be limited in our ability to control any electronic platform operated by a third party.

International Transfer and Disclosure of Personal Data

We will not disclose an individual’s Personal Data to any entity outside of Australia that is in a jurisdiction that does not have a similar regime to the Australian Privacy Principles or an implemented and enforceable privacy policy similar to this Privacy Policy. We will take reasonable steps to ensure that any disclosure to an entity outside of Australia will not be made until that entity has agreed in writing with us to safeguard Personal Data as we do.

Where we transfer Personal Data outside of the European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.

We may disclose Personal Data to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your Personal Data do not breach the privacy obligations relating to your Personal Data.

We may disclose your Personal Data to entities located outside of Australia, including the following:

  • our related bodies corporate;
  • our data hosting and other IT service providers, located in various countries; and
  • other third parties located in various foreign countries.

We may disclose your Personal Data to entities within Australia who may store or process your data overseas.

Notifiable Data Breaches

We take data breaches very seriously. Depending on where you reside our policy is:

If you reside in Australia:

In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act 1988 (Cth) or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.

We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.

If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.

Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.

If you reside in the European Union or EFTA States:

We will endeavour to meet the 72 hour deadline as imposed by the GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you.

Further, where there is likely to be a high risk to your rights we will endeavour to contact you without undue delay.

We will review every incident and take action to prevent future breaches.

Integrity and Retention of Data

We take all reasonable steps to ensure that the Personal Data we collect about you is accurate, up to date and complete. Where we collect that information from you directly, we rely on you to supply accurate information. We make it easy for you to keep your Personal Data accurate, complete, and up to date. We will retain your Personal Data for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

Contact Information

We welcome your comments or questions regarding this Privacy Policy. If you have a question regarding this Privacy Policy or you would like to make a complaint, please contact us by email by using our contact details on the Site or below.

If you reside in Australia:

You can confidentially contact our Privacy Officer at:

The Privacy Officer
Veritas Health Innovation Ltd
Level 10, 446 Collins Street
Melbourne VIC 3000 Australia

If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission at:

Telephone: 1300 363 992
Office Address: Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address: GPO Box 5218, Sydney NSW 2001

If you reside in the European Union or EFTA States:

You can confidentially contact our EU Representative on the above contact details.

If you wish to raise a concern about our use of your information you have the right to do so with your local supervisory authority. See a link to all the supervisory authorities here.

Changes to this Privacy Policy

This Privacy Policy is subject to occasional revision and we reserve the right, at our sole discretion, to modify or replace any part of this Privacy Policy. It is your responsibility to check this Privacy Policy periodically for changes as continued use of our Services shall indicate your agreement to our then current Privacy Policy. Not all changes to our Privacy Policy will require your consent, for example where office security procedures are changed. We will notify you of any change to our Privacy Policy that requires your consent before being implemented.