SP Health Co Pty Ltd (ABN 73 123 248 046) and Digital Wellness Pty Ltd (ABN 14 629 478 860) collectively, (DW) is committed to managing personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws.
“Personal Information” is any information (or opinion) about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.
Personal Information includes, for example, your name, email address, birth date, phone number, gender and location. Personal Information may also include personal and other information which is treated as “sensitive information” under the Privacy Act.
“Sensitive Information” includes, for example, Personal Information that includes information or an opinion about your racial or ethnic origin, your sexual orientation, your religious beliefs or your membership of a professional association, trade association or trade union. Sensitive information also includes your health information, genetic information and some aspects of biometric information.
The Personal Information generally held by DW includes your name, address, date of birth, contact details (including both or either postal and/or email addresses), marital status, employment status, occupation, records of correspondence and information relating to your use of the Services.
Information that you provide in your initial health assessment may include Sensitive Personal Information, such as information about your personal and family medical history and status, dietary requirements, previous illnesses or injuries or current or expected state of health (such as information about your height, weight and age). We may also collect sensitive Personal Information if you have a consultation with one of our allied health practitioners, for example, at the end of your treatment program so that a final report on your progress can be prepared. However, we will only hold this information where it has been collected with your express consent for us to do so.
We collect your Personal Information primarily as a result of your use of the Services. For example, this includes the information you provide:
We may also collect your Personal Information from third parties, such as your health insurer, your health practitioner where you have provided consent to them to disclose your Personal Information to us.
In the event of a complaint, we may also receive Personal Information about you from other parties or from other users of this Services or third parties who may communicate information to us in relation to that complaint.
You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the Services you have requested. If you have any concerns about personal information we have requested, please let us know.
From time to time, we may receive information relating to you that we have not requested (“Unsolicited Information”). In the event that we do receive Unsolicited Information, we will check whether it’s reasonably necessary for us to keep it. If it is, we will treat the Unsolicited Information in the same way as other information that we request you to provide to us. If determine that it is not reasonably necessary for us to keep it, we will, as soon as practicable, destroy or de-identify the relevant Unsolicited Information.
Depending on the circumstances, we may hold your Personal Information in either hard copy or electronic form, or both. Generally, a copy of all written correspondence is held in hard copy and our client database and email correspondence is held in electronic format.
We will take reasonable steps to destroy or de-identify your Personal Information once it is no longer needed, unless we are required by Australian law, or a court or tribunal order to retain it.
All Personal Information in electronic form is held on servers in Australia and USA depending on the location of the sale.
We use your Personal Information:
We also use IP addresses in order to analyse trends, administer our websites, track users’ movements and gather broad demographic information. IP addresses are not linked to Personal Information. We also use de-identified Personal Information to analyse results of our programs, and disseminate these findings as publications or reports, conference abstracts or presentations.
We may disclose Personal Information where we are permitted under the Privacy Act. This includes:
SOCIAL MEDIA PLATFORMS
We may disclose your Personal Information to operators of social media platforms for the purposes of enabling us to provide you with information about our products and services to you or others through the relevant social media platform. Third parties may unlawfully intercept or access transmissions or private communications. As a result, while we strive to protect your Personal Information, we cannot ensure or warrant, and do not warrant, the security, privacy or confidentiality of any information, including Personal Information that you transmit to us, and you do so at your own risk.
CSIRO AND GLYCEMIC INDEX FOUNDATION
We may provide de-identified information to the CSIRO and the Glycemic Index Foundation in connection with evaluating the use of the website, the tools made available on the website and the effectiveness of the Total Wellbeing Diet program. For example, information provided may include information about the number of unique users who visit the website, the demographic breakdown of the users of the website, the activities that visitors to the website engage in while on the website, food diary information, exercise logs and weigh-in details.
We may also provide de-identified information to the CSIRO so that the CSIRO can use that information to analyse the results of participants in the CSIRO Total Wellbeing Diet program, conduct research and disseminate these findings as publications or reports, conference abstracts or presentations.
We may engage independent contractors, vendors and suppliers (collectively, "Outside Contractors") to provide specific services and products related to our Services, such as hosting and maintaining our social network forums and developing applications for this Website and email services. These Outside Contractors may sometimes have limited access to information we collect, including your Personal Information, in the course of providing products or services to us. Access to your Personal Information by these Outside Contractors is limited to the information reasonably necessary in order for the Outside Contractors to perform their limited function for us. We also require that these Outside Contractors:
We hold all hard copy and electronic records of Personal Information in a secure manner to ensure that they are protected from unauthorised access, modification or disclosure. Our staff follow strict information handling procedures and we restrict access to your Personal Information to staff who are required to use and access it. We use multiple security measures to protect personal information, e.g. Secure Socket Layer (SSL) technology, encryption when data is being transferred, encrypted payment gateways, firewalls, etc.
We destroy your Personal Information once it is no longer needed by us or required to be kept by law, for example, by shredding hardcopy records and degaussing (demagnetising) electronic records.
A cookie is a piece of data temporarily stored on the user's hard drive containing information about the user. The cookie helps the user to save time. For instance, by setting a cookie on this Website, the user would not have to log in a password more than once, thereby saving time while on this Website. Web browsers can be set to reject cookies. If a user rejects the cookie, they may still use this Website, but may not be able to take advantage of certain features.
Cookies help us evaluate your use of this Website, such as what kind of information you want to see and what kind you will never read. Cookie technology allows websites to ask for your registration and preference questions only once. The next time you return to this Website, you will not necessarily need to "sign in" again. Remember that cookies are "non-executable" pieces of code; that is, they are incapable of doing anything to your hard drive.
Cookies are easy to delete from your hard drive; talk to your systems administrator or your Internet provider for detailed instructions.
If you would like to opt out of third party cookies, please disable or delete the cookies in your browser or use the www.aboutads.info/choices service.
You may lodge a complaint with our Privacy Officer at the contact details set out below. We take complaints very seriously and will respond shortly after receiving written notice of your complaint. You may also contact our Privacy Officer to enquire about the progress of the complaint at any time.
If you are not satisfied with our response, you are entitled to lodge a complaint with the Office of the Australian Information Commissioner. Information regarding how to lodge a complaint is available from the Commissioner's website at www.oaic.gov.au or by ringing the Commissioner's information line on 1300 363 992.
You may request access to your Personal Information at any time by sending a written request to our Privacy Officer at the contact details set out below. Once we have verified your identity, we arrange for access to be provided to you in an appropriate manner within a reasonable time, usually within 30 days of receipt of your request.
You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request. We will notify you in advance of any likely charges (or the basis for our calculation) for providing access to your information.
If your account is held in conjunction with another individual, we may provide a person named on the account with access to Personal Information held about another account holder.
We may decline your request to access to your Personal Information in certain circumstances in accordance with the APPs. If we are unable to provide you with the requested access, we will let you know and provide you with an explanation of our position.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you or if your personal details change.
If you consider any Personal Information we hold about you is out-of-date, incorrect, incomplete, irrelevant or misleading, you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to correct your personal information in certain circumstances in accordance with the APPs. If we refuse your request, we will provide to you within a reasonable period a written notice setting out the reason(s), and the complaint mechanisms available to you.
We only transfer your Personal Information overseas if the transfer is to you, or to one of your authorised representatives, or it is with your express consent, or the transfer is necessary for the provision of contracted products or services to you. For example, we may store your Personal Information in a cloud or other type of networked electronic storage which uses data storage facilities outside of Australia. Countries to which we may transfer your Personal Information include the United States of America.
We will not send your Personal Information outside of Australia in any other circumstances. Where we do send your Personal Information overseas, it will ensure reasonable steps are taken so that the overseas recipient does not breach the APPs in relation to that information, or adheres to laws substantially similar to the APPs. We also take reasonable steps to prevent unauthorised access and reduce the risk of disclosure to unknown entities.