We are committed to protecting the privacy of all our clients. The Privacy Act (1988) (Cth) (Privacy Act) and the Australian Privacy Principles (Privacy Principles) set out in Schedule 1 of the Privacy Act, govern the collection, storage, use, and disclosure of information by which individuals may be identified. Further, to the extent applicable, we comply with EU General Data Protection Regulation 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA).
WHAT INFORMATION DO WE COLLECT?
“Personal Information” means information that can be used to personally identify you such as your name, residential address, email address, contact number and payment details. We do not collect or process the Personal Information of anyone under the age of 18 without the consent of their parent or guardian and otherwise in accordance with our Terms.
“Usage Information” means anonymous aggregate data that is automatically collected through your use of our Platform. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the Platform. This information is used for statistical analysis to help us to improve the Services to the benefit of all users.
HOW DO WE COLLECT YOUR INFORMATION
Personal Information is collected directly from you when you:
If you choose to register and create an account with us in order to access our Services, we require you to provide your full legal name, location, email address and credit card details (for the purposes of charging you the agreed fees for the Services). We need this information to create an account for you so that you can access the Services, we can correspond with you about delivery of the Services and so that you pay for the Services. If you do not provide these details, we cannot provide the Services.
If you do not provide these details we may be limited in how we can perform the Services.
It is your choice to provide Personal Information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that it may be necessary for us to collect your Personal Information to enable us to provide the Services to you. As such, if you do not wish to provide your Personal Information, we may not be able to provide the Services to you in a fully operational form or at all.
We may collect anonymous Usage Information on our Platform through Google Analytics, Facebook Ad Analytics and other user/data analytics sites/programs from time to time, which utilises cookies, pixel tags and other tracking technologies (collectively “Cookies”). Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that helps a website ‘remember’ your actions and preferences over time. These are the types of Cookies that we may use to operate our Services:
Strictly Necessary Cookies – these Cookies are essential to making sure the Platform works correctly, and record information that allows you to move around the Websites and navigate their features.
Performance Cookies – these Cookies collect information about how you use the Platform, such as how often you access the Platform and if you encounter any errors.
Functionality Cookies – these Cookies allow our Platform to remember the choices you make to provide a more personalised experience.
Targeting or Advertising Cookies – these Cookies deliver targeted advertising to you based on your interests and use of the Platform.
Cookies can stay on your device temporarily (Session Cookies) or until you manually delete them (Persistent Cookies).
Legimate purposes that you agree we may use your Personal Data for include but are not limited to the following:
For the avoidance of doubt, we will only use your Personal Data for purposes that you would reasonably expect us to use your Personal Data for in connection with providing the Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or licence your email address or any of your Personal Data.
You agree and consent that we may disclose your Personal Data to:
We may use de-identified wellbeing survey data, other survey data and data regarding use of our Platform for purposes including research and analysis, case studies, marketing and improving and continuing to develop our Services.
For the avoidance of doubt, all employees, consultants, contractors and agents of ours are bound by Australian privacy laws.
You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing us at firstname.lastname@example.org, but please note that withdrawal of such consents may affect your ability to access and use the Services.
In accordance with the GDPR, we acknowledge the right of EU citizens to:
To erase, request a copy of or restrict processing of your Personal Data, please email us at email@example.com.
Upon your written request we will provide you with a copy of your Personal Data that we hold unless:
We cannot modify your Personal Information without your instruction. You can update your details with us at any time by emailing us at firstname.lastname@example.org. You acknowledge that it is your responsibility to maintain the truth, accuracy, and completeness of your information at all times and your failure to do so may inhibit our ability to provide the Services. We shall have no liability to you or any third party arising from your failure to keep your information up to date.
How we use your Personal Data for Direct Marketing is tightly controlled by the Privacy Act. We will follow those laws to ensure you only receive direct marketing in circumstances where you are expecting to. Under the Privacy Act we may use your Personal Data for the purposes of Direct Marketing if:
As set out above, we may use your Personal Data to provide you with information regarding our Services and your Usage Information to provide you with customised recommendations regarding use of our Platform (either by email, sms or through the Platform).
Unless it would be impracticable or unreasonable, we need your consent when:
If at any time you want to know who provided us with your Personal Data, then please send a request to us at email@example.com. We will provide the details of that third party within a reasonable time and without charge.
We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from Direct Marketing, and as such these consents can be modified at any time by emailing us at firstname.lastname@example.org or clicking unsubscribe on any Direct Marketing communications. We will always provide a simple means for you to “opt-out” from receiving direct marketing, which typically involves an “opt-out” or “unsubscribe” link on emails, a check box on the collection notice or through a pop-up on your screen when you provide personal information on our Website or via the App.
We will not use or disclose your Personal Data for the purposes of Direct Marketing material if you have previously told us not to.
If at any time in the future you do not want us (or one of our service providers) to send you Direct Marketing material or you wish to cancel a previous consent, please inform us by contacting us at email@example.com. We will affect the change in a reasonable time and without charge.
We protect your Personal Data through technical security measures i.e. firewalls, encryption that limit the risk of loss, disclosure, or unauthorised access. No security measures are, however, 100% secure so we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss or misuse of any information or data or for the actions of any third parties that may obtain any information or data.
Notwithstanding the above, we acknowledge our obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner and, where our data breach involves the information of EU citizens, report to the European Data Protection Supervisor. We will also inform you, where possible, if your data has been breached in circumstances where it poses a risk of serious harm or your rights and freedoms.
We may, in the course of providing the Services to you, transfer your Personal Data to overseas countries that are deemed by the EU Commission as having an ‘adequate’ level of Personal Data protection. Where we transfer data to a third party in a country where no adequacy decision has been made, we warrant that any person or entity handling your data in those countries are bound under contract to meet the requirements of the Privacy Act, Privacy Principles and GDPR.
For the avoidance of doubt, we may transfer any data to an overseas third party with your express or implied consent, and the above condition only applies in the case of a data transfer or transmission to our related business entities in other countries.