Skip to content

QUMulus® Privacy Policy

A & RJ Saunders Pty Ltd, developer and owner of QUMulus®, is committed to protecting the privacy of all individuals using QUMulus®, including the data recorded by users that relates to their clients or patients.

This policy outlines our ongoing obligations to our clients with respect to how we manage personal and business information.

Section 1: Your Business Unit

Personal information

We only collect your personal information for purposes which are directly related to the use of QUMulus® functions or activities, and only when it is necessary for, or directly related to these purposes. The personal information we collect is, at most: names, business name, address, email address, phone and facsimile numbers.

We will take reasonable steps to ensure that the personal information we hold about you is kept secure and is protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Your personal information will not be disclosed to third parties or other clients without your prior permission unless required or authorised by law.

Security of your personal information

Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.

When your personal information is no longer needed for the purpose for which it was obtained, we will take delete your personal information from our systems to the extent permitted by law. Some personal information may need to be retained by us for a minimum of 7 years to satisfy legal requirements.

Access to your personal information

You may access the personal information we hold about you and ask us to update and/or correct it. If you wish to access your personal information, please contact us in writing.

Maintaining the quality of your personal information

It is an important to us that your personal information is up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Section 2: Patient data

This section applies to the personal and/or medical information of patients entered into QUMulus® by a Business Unit.

QUMulus® collects the following information through our management and hosting of the cloud application comprising:

  • personal details: patient name (required); date of birth and Medicare or DVA number (optional data, but recommended to avoid misidentification)
  • name of residential care facility
  • medication details

(collectively known as “patient data”)

The pharmacist or nominated person associated with your Business Unit is responsible for collection and accuracy of patient data.

We may collect, hold, use and disclose your patient data for the primary purpose for which it was collected and for other purposes which are related to the primary purpose of collection. These purposes include, but are not limited to, the following:

  • to operate, improve and optimise QUMulus® and user experiences, such as carefully de-identifying patient data (so that it is no longer in identified form) and then performing analytics and conducting research utilising the de-identified data
  • any other purpose, with your consent.

Identifiable patient data is not shared to anyone (including any other QUMulus® Business Unit) unless required or authorised by law.

All data is protected from external access by robust user authentication, and is encrypted on the cloud server and during transmission. No data within QUMulus® is accessible to AI systems e.g. to feed their large language models.

De-identified analytics

A & RJ Saunders Pty Ltd may provide certain of our licence holders the opportunity to participate in health, education and research through the sharing of selected de-identified data with QUMulus®.

Future innovations and enhancements to our health, education, research and insights that will be enabled through data sharing may occur via analytics, visualisations, machine learning or other such developments.

We do not use patient data in identified form for this purpose. Before we perform any data analytics, we will carefully remove certain information or alter the information that we collect so that an individual person cannot be identified from that information.

Each Business Unit is able to perform analytics using information entered into their own Business Unit and retrieve patient data. Some of the analytics do include patient data from your own Business Unit. No Business Unit can identify patients from other Business Units. Each Business Unit can access de-identified aggregated data from the pooled QUMulus® database.

Page updated 26 November 2022

QUMulus® and this website Copyright © 2026 A & RJ Saunders Pty Ltd. All rights reserved.