Privacy Policy

For visitors from the United Kingdom please view privacy policy here instead.

Last modified as of 2 October 2018


The privacy of your Personal Information (as defined below) is afforded the highest level of importance by SP Health Co Pty Ltd (ACN 123 248 046) (the “Company”)(trading as "Digital Wellness"). CSIRO has licensed Total Wellbeing Diet to the Company for the development and management of an online next generation Total Wellbeing Diet program, in collaboration with the Glycemic Index Foundation. The Company is bound by the Privacy Act 1988 (Cth) regarding the manner in which the Company handles your Personal Information and how the Company responds to your requests to access and correct it. This Privacy Policy sets out the Company’s information handling procedures and the rights and obligations that both you and the Company have in relation to your Personal Information.

The terms of this Privacy Policy shall form part of the Terms and Conditions of Use of this Website and any agreement between you and the Company (“Agreement”). In case of any inconsistency between the Terms and Conditions of Use and/or any Agreement and this Privacy Policy, the Terms and Conditions and/or the Agreement shall prevail.

This Policy shall be available for free access on our Website at all times. Let the Company know if you would like a hard-copy of this Policy sent to you.

1. How the company collects your personal information

The Company collects your Personal Information primarily as a result of your use of the Website, including the information you provide when completing the health assessment, your registration to participate in the Total Wellbeing Diet program, feedback provided by you or the posting of material in the social network forum, and any other correspondence between you and the Company. In the event of a complaint, we may also receive Personal Information about you from other parties or from other users of this Website or third parties who may communicate information to us in relation to that complaint.

From time to time, the Company may receive information relating to you that we have not requested (“Unsolicited Information”). In the event that the Company does receive Unsolicited Information, we will check whether it’s reasonably necessary for us to keep it. If it is, the Company will treat the Unsolicited Information in the same way as other information that we request you to provide to us. If the Company determines that it not reasonably necessary for us to keep it, we will, as soon as practicable, destroy or de-identify the relevant Unsolicited Information.

2. Cookies

A cookie is a piece of data temporarily stored on the user's hard drive containing information about the user. The cookie helps the user to save time. For instance, by setting a cookie on this Website, the user would not have to log in a password more than once, thereby saving time while on this Website. Web browsers can be set to reject cookies. If a user rejects the cookie they may still use this Website, but may not be able to take advantage of certain features.

Cookies help us evaluate your use of this Website, such as what kind of information you want to see and what kind you will never read. Cookie technology allows websites to ask for your registration and preference questions only once. The next time you return to this Website you will not necessarily need to "sign in" again. Remember that cookies are "non-executable" pieces of code; that is, they are incapable of doing anything to your hard drive.

Cookies are easy to delete from your hard drive; talk to your systems administrator or your Internet provider for detailed instructions.

Third parties may also use cookies, web beacons, and similar technologies to collect or receive information from your website and elsewhere on the internet and use that information to provide measurement services and target ads. 

If you would like to opt out of third party cookies, please disable or delete the cookies in your browser or use the service.

3. Kinds of personal information that the company holds about you

The Company only holds your Personal Information if it is reasonably necessary and relevant to providing the Total Wellbeing Diet program and for the purposes of the research study being conducted by the CSIRO and the Glycemic Index Foundation (see Total Wellbeing Diet Online Study information). Personal Information generally includes your name, address, date of birth, contact details, including both or either postal and/or email addresses, marital status, employment status, occupation, records of correspondence and information relating to your use of the Website.

Information that you provide in the health assessment may include sensitive Personal Information, such as information about your personal and family medical history and status, dietary requirements, previous illnesses or injuries or current or expected state of health (such as information about your height, weight and age). However, the Company will only hold this information if it has been collected with your express consent.

The Company will take reasonable steps to ensure that the Personal Information we hold about you is accurate, up to date and complete.

All the personal information referred to in this paragraph 3 is collectively referred to as “Personal Information” for the purposes of this Privacy Policy.

4. How the company holds your personal information

Depending on the circumstances, the Company may hold your Personal Information in either hard copy or electronic form, or both. Generally, a copy of all written correspondence is held in hard copy and the Company’s client database and email correspondence is held in electronic format.

The Company will take reasonable steps to destroy or de-identify your Personal Information once it is no longer needed, unless we are required by Australian law, or a court or tribunal order to retain it.

5. How the company uses your personal information

The Company uses your Personal Information:

  • to provide you the Total Wellbeing Diet program;
  • to contact you regarding the program or respond to any feedback you request from us; 
  • for internal purposes such as procedural assessments, risk management, product and service reviews; and
  • to provide you with information about our products and services either by way of communications directly from us or through communications via social media platforms.

We also use IP addresses in order to analyse trends, administer this Website, track users’ movements and gather broad demographic information. IP addresses are not linked to Personal Information.

We also use de-identified Personal Information to analyse results of the program, and disseminate these findings as publications or reports, conference abstract or presentations.

Digital Wellness provides de-identified information to CSIRO so that CSIRO can use that information to analyse the results of the program, conduct research and disseminate these findings as publications or reports, conference abstracts or presentations.  

6. Sharing your personal information

De-identified information will also be provided to the CSIRO and the Glycemic Index Foundation in connection with evaluating the use of the Website, the tools made available on the Website and the effectiveness of the Total Wellbeing Diet program. For example, information about the number of unique users who visit the site, the demographic breakdown of the users of the site, the activities that visitors to the site engage in while on the site, food diary information, exercise logs and weigh-in details. De-identified information means data that is identified by a code and not by a person’s name or other personal details.

The Company may disclose your Personal Information to operators of social media platforms for the purposes of enabling us to provide you with information about our products and services to you or others through the relevant social media platform.

The Company may also disclose Personal Information where it is expressly permitted under the Privacy Act 1988 (Cth). For example, if you give your consent, the Company is legally required to do so, (including pursuant to court or tribunal orders, taxation laws), there is a serious threat to an individual’s health or safety, there is reasonable suspicion of unlawful activity, for the conduct of surveillance and intelligence gathering by an enforcement body, or to assist in locating a missing person.

Third parties may unlawfully intercept or access transmissions or private communications. As a result, while we strive to protect your Personal Information, we cannot ensure or warrant, and do not warrant, the security, privacy or confidentiality of any information, including Personal Information, that you transmit to us, and you do so at your own risk.

In the unlikely event that we need to investigate or resolve problems or enquiries, we can (and you authorise us to do so) disclose any Personal Information about you to private entities, law enforcement or other government officials as we, in our discretion or as may be required under law, believe necessary or appropriate.

Outside contractors

We may engage independent contractors, vendors and suppliers (collectively, "Outside Contractors") to provide specific services and products related to this Website or online products, such as hosting and maintaining our social network forums and developing applications for this Website and email services. These Outside Contractors may sometimes have limited access to information collected on this Website, including your Personal Information, in the course of providing products or services to us. Access to your Personal Information by these Outside Contractors is limited to the information reasonably necessary in order for the Outside Contractors to perform their limited function for us. We also require that these Outside Contractors:

  1. protect the privacy of your Personal Information consistent with this Privacy Policy, and
  2. not use or disclose your Personal Information for any purpose other than providing us with products or services for which we contract.

General considerations

Please keep in mind that:

  1. whenever you voluntarily disclose Personal Information online – such as in discussion forums, sharing information in our social network forum – that Personal Information can be collected and used by others, without your prior consent or knowledge. If you disclose such Personal Information, that is accessible to the public, you may receive unsolicited messages from parties who have used that Personal Information; and
  2. you are solely responsible for maintaining the security of your passwords and/or any account information. Accordingly, please be careful and responsible with your Personal Information, whenever you are online.

Please note that if you provide any Personal Information to parties who provide service to this Website or any other websites you encounter on the Internet (even if these websites are branded with our branding), different rules may apply to their use or disclosure of the Personal Information you disclose to them. We encourage you to investigate and ask questions before disclosing Personal Information to any of those third parties.

7. How the company secures your personal information

The Company holds all hard copy and electronic records of Personal Information in a secure manner to ensure that they are protected from unauthorised access, modification or disclosure. The Company’s staff follow strict information handling procedures and the Company only permits those staff whose tasks require use of your Personal Information to access it. The Company deletes your Personal Information once it is no longer needed or required to be kept by law by shredding hardcopy records and degaussing (demagnetising) electronic records.

8. Your right to lodge a complaint

If you are not satisfied with how the Company has handled your Personal Information, you are entitled to lodge a complaint with the Office of the Australian Information Commissioner. Information regarding how to lodge a complaint is available from the Commissioner's website at or by ringing the Commissioner's information line on 1300 363 992. However, before investigating a complaint, the Commissioner is legally required to be satisfied that you have first expressed your concern to the Company to afford it an opportunity to resolve the complaint directly, unless it is inappropriate for you to do so. You may lodge a complaint with the Company’s Privacy Officer either by mail to PO Box 1971, North Sydney NSW 2059, by telephone on (02) 9923 8222, by facsimile on (02) 9923 8223 or by email to [email protected]. The Company will inform you who will handle your complaint and you may contact the Company’s Privacy Officer to enquire about the progress of the complaint at any time.

9. Your right of access

You may request access to your Personal Information at any time by sending a written request to the Company’s Privacy Officer by mail to PO Box 1971, North Sydney NSW 2059, by telephone on (02) 9923 8222, by facsimile on (02) 9923 8223 or by email to [email protected]. In your request, please state how you would like to obtain access. For example, you may like to inspect the Company’s records of your Personal Information at the Company’s premises or you may prefer to be sent a photocopy or an electronic version of your Personal Information. You do not need to provide a reason for your request.

Once the Company’s Privacy Officer has verified your identity, your request will be forwarded to the Company’s information systems manager who will acknowledge receipt of your request within 14 days and arrange for access to be provided to you in an appropriate manner within a reasonable time, usually within 30 days of receipt of your request. The Company may charge a reasonable fee for providing access if a significant amount of time is required to locate your Personal Information or to collate or present it in an appropriate form. The Company will notify you in advance of any likely charges (or the basis for their calculation) for providing access to your information. If your account is held in conjunction with another individual, the Company will provide each person named on the account with access to Personal Information held about each account holder.

In rare circumstances, and only where it is permitted under the Privacy Act 1988 (Cth), the Company may not be able to provide you with access to your Personal Information; for example, where it will have an unreasonable impact on the privacy of others, where it relates to legal proceedings between the Company and you through which the Personal Information would not otherwise be available, where it would be prejudicial to negotiations the Company is holding with you, where the Company is required by law to withhold the Personal Information, where it would reveal information relating to the Company’s commercially sensitive decision making processes; where it’s subject to a court or tribunal order, or if it would be a serious threat to public health and safety. If the Company is unable to provide you with the requested access, the Company will state why this is so and consider whether the use of an intermediary would be appropriate to provide you with an explanation of the Company’s position.

10. You may correct your personal information

If your Personal Information is out-of-date or incorrect, you may inform the Company of this and the Company will correct it for you. However, you can correct some of your Personal Information held by the Company in the My Account feature of this Website. In the unlikely event that the Company disagrees about the accuracy of the Personal Information provided and is unable or unwilling to change it, you may provide the Company with a statement indicating that you dispute its accuracy and the Company will associate that statement with your Personal Information in such a manner that it will be brought to the attention of each person who uses the Personal Information.
If the Company is unable to correct your information, we will provide to you within a reasonable period a written notice setting out the reason, and the complaint mechanisms available to you.

11. Your choices regarding the collection, disclosure and distribution of personal information

Except as otherwise described in this Privacy Policy, we will only use Personal Information for the purposes described above or as otherwise disclosed at the time we request such information, from you. You must "opt-in" and give us permission to use your Personal Information (including sensitive information) for any other purpose.
Users of this Website are notified when Personal Information is being collected by third parties on this Website. We do this so you can make an informed choice as to whether you should disclose information to a third party.

12. Transfer of your personal information overseas

The Company only transfers your Personal Information overseas if the transfer is to you, or to one of your authorised representatives, or it is with your express consent, or the transfer is necessary for the provision of contracted products or services to you. For example, we may store your Personal Information in a cloud or other type of networked electronic storage which uses data storage facilities outside of Australia. Countries to which we may transfer your Personal Information include the United States of America.

The Company will not send your Personal Information outside of Australia in any other circumstances. Where the Company does send your Personal Information overseas, it will ensure reasonable steps are taken so that the overseas recipient does not breach the Australian Privacy Principles in relation to that information, or adheres to laws substantially similar to the Australian Privacy Principles. The Company will also take reasonable steps to prevent unauthorised access and reduce the risk of disclosure to unknown entities.

13. The company may need to change its privacy policy from time to time

Due to changing business circumstances, the Company may need to change its Privacy Policy from time to time. If the Company does, it will notify you and your continued use of this Website will constitute acceptance by you of the change. Any actions that the Company has taken before the change will continue to be regulated by the Privacy Policy that existed before the changes were made.

You are encouraged to check this Website regularly to consider, and act upon if so desired, any changes to the terms of this Privacy Policy.

14. Further personal information

The Company will, upon receipt of your request, provide you with further Personal Information regarding your privacy. If you have any queries or requests in this respect, please contact the Company’s Privacy Officer either by mail to PO Box 1971, North Sydney NSW 2059, by telephone on (02) 9923 8222, by facsimile on (02) 9923 8223 or by email to: [email protected].