Snug Privacy Policy

Snug Health Pty Ltd (ABN 47 610 411 473) ("Snug Health", "we", "us" or "our") specialises in the provision of an innovative mobile application that serves as a personal electronic health record and assists with health promotion and disease management (Snug).

Snug Health is committed to protecting your privacy and complying with all privacy and data protection laws, principles and regulations that apply in the jurisdiction from which you access and use Snug. As Snug Health is based in and operated out of Australia, this Privacy Policy has been specifically tailored to comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles.

This Privacy Policy describes our policies and procedures on the collection, holding, use and disclosure of your personal information and should be read together with our Terms of Use. This Privacy Policy applies to all your dealings with Snug Health.

What is personal information?

When used in this Policy, "personal information" means any information or opinion relating to an identified or identifiable individual.

In general terms, it is information that can be used to personally identify you such as your name, address, telephone number, email address, profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

When used in this Policy, "sensitive information" refers to a sub-set of personal information that is afforded a higher level of privacy protection under the law because of its sensitive nature.

In general terms, sensitive information includes information about your racial or ethnic origin, political opinions, religious and philosophical beliefs, sexual preferences and criminal history as well as information about your health or genetics. Unless required by law, we will only collect sensitive information with your consent.

What personal information do we collect?

As an account holder in Snug, certain personal information will be required to establish and maintain your record, and to provide services to you. We may collect the following types of personal information relating to you:

  • identification information such as your name, date of birth, contact phone details, residential, postal and email addresses, gender, your family/single status, your next of kin, guardian, power of attorney, emergency contacts, health insurance details, your occupation and if you are an Australian resident, your Medicare number and Individual Healthcare Identifier;
  • sensitive information such as health information, including your personal medical history, current health issues, health goals, medications, allergies, immunisations, social history, family history, risk factors, areas of interest, ethnic origins and lifestyle patterns;
  • details of your care providers including your general practitioner, pharmacist, general treatment providers and other medical providers who may from time to time provide you with medical treatment and advice;
  • information about persons who have been designated by you to act on your behalf such as your carer or family members;
  • information about health management programs, chronic disease management programs or any other health care programs that you may participate in and associated communications including action plans and evaluations;
  • demographic information and unique identifiers in order to provide you with a more personalised experience or to verify your passwords; and
  • any other personal information that you choose to import or upload into your Snug record.

The choice of how much information you provide to us is yours, but if you want to register as a member of, or have a user account on our websites, we require certain information from you in order to provide those services.

Where possible, you have the option of interacting with us anonymously (for example, as a visitor of the website) or using a pseudonym if you feel more comfortable dealing with us that way. For example, if you contact us by telephone with a general question, we will not ask for your full name unless we need it to answer your question.

How do we collect personal information?

Where possible we will collect personal information directly from you, however in certain circumstances it may be necessary to collect information about you from third parties. If we receive information about you from someone else, we will take reasonable steps to make you aware of the facts and circumstances of that collection. We may collect your personal information in several ways, including:

  • when you email, fax, phone or write to us;
  • have contact with us in person;
  • when you first register for and agree to the terms and conditions of Snug and complete the enrolment interview;
  • when you enter, import or upload data into your Snug record including your health information;
  • when you connect a device and Snug directly communicates with that device;
  • when you complete a survey or an assessment through your Snug record;
  • from hospital, medical and general treatment providers and other health care related entities, where you have given consent for this information to be entered or uploaded to your Snug record;
  • from your carer, guardian, holders of your power of attorney, or from anyone else that you have given consent to manage your record;
  • from your parent, guardian or responsible person if you are under the age of 14 years and you don't have your own account;
  • if you are an Australian resident and you have chosen not to opt-out of Australia's eHealth record system, My Health Record, then, with your consent, we may collect your personal information from your My Health Record in accordance with the Personally Controlled Electronic Health Records Act 2012 (Commonwealth);
  • participate in public or closed surveys, questionnaires or conference events;
  • register for face-to-face or digital events (such as webinars); and
  • interact with us online, including through our websites, email, webchats, mobile applications and social media channels (such as Facebook, Twitter, YouTube, Instagram or LinkedIn - these social media channels will also handle your personal information for their own purposes and have their own privacy policies);

Collecting personal information through our websites

In some cases, we may also collect your personal information through the use of "cookies". When you access one of our websites, we may send a "cookie" (which is a small summary file containing a unique ID number) to your computer or internet enabled device. This allows us to recognise your computer or internet enabled device, and whether you have already registered and greet you each time you visit our website/s. It also enables us to keep track of services you view so that, if you consent, we can send you news about those services. We also use cookies to measure traffic and engagement patterns, to determine which areas of our website have been visited and to measure overall, aggregate transaction patterns. We use this to research our website visitor's habits and what they are looking for and accessing, so that we can continually improve our services, programs, content and resources. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

What happens if we receive unsolicited personal information?

If we receive personal information that we did not take any active steps to collect, we will determine whether we would have been permitted to collect that information as part of providing our products and services in accordance with the law. We will destroy or de-identify unsolicited personal information that we would not collect as part of providing our products or services if it is lawful to do so. If the information is of the type that we would ordinarily collect to provide our products or services, we will manage that information in accordance with this Privacy Policy.

Why do we collect your personal information?

We will generally explain at the time we collect your personal information the purposes for which we will use it. We will only ever use your personal information for the purpose that we collected it or as otherwise set out in this Privacy Policy. We may collect, hold, use and/or disclose your personal information for the following purposes:

  • to provide you with our products and services;
  • to identify you or verify your authority to act on behalf of another account holder;
  • to establish and maintain your account and record;
  • to confirm your eligibility for Snug;
  • to update our records and keep contact details up to date;
  • to provide you with services and information appropriate to your needs;
  • to answer your enquiries and to provide information to you about our services;
  • to provide effective risk management and to protect against fraud and unauthorised access to your account;
  • to provide analysis of information for product development and marketing purposes
  • to develop and improve our products and services;
  • to perform administrative functions and for other internal purposes;
  • for information technology maintenance and development;
  • to investigate and resolve complaints relating to services provided by/or on behalf of Snug Health;
  • to comply with any law or legislative requirements;
  • to keep you informed about your Snug record and other relevant information relating to Snug Health;
  • for any purpose required or authorised by law; and
  • for any other purpose for which you have given your consent.

Do we use your personal information for direct marketing?

We may use your personal information to send you direct marketing communication and information about our services and products, and other related services and products if we have your permission or a legitimate interest in doing so. If at any time you no longer wish to receive this information, you can request to "opt out" from receiving this information by contacting

We will NEVER sell your personal information to anyone for direct marketing purposes of otherwise.

Disclosure of personal information

The information Snug Health collects from you or concerning you or your dependents, will be kept strictly confidential and secure at all times. Where your personal information is disclosed, it will be disclosed in a manner that is consistent with applicable privacy laws and regulations and only for a purpose consistent with the purpose for which the information was originally collected.

Your personal information will only be disclosed to third parties in the following circumstances:

  • where you would reasonably expect us to disclose it in order to provide the service in respect of which the information was originally collected;
  • where you have authorised us to do so;
  • where such disclosure is provided for under contract, including under this Privacy Policy or our Terms of Use;
  • where we are legally required to do so, for example, in response to a subpoena, court order or other legal process;
  • where we need to enforce or apply our Terms of Use to which you have agreed (or other terms that have been agreed to apply to our relationship with you);
  • to our commercial partners, where your eligibility to access Snug is based on your membership of, or relationship with, that commercial partner;
  • to your family, carer, legal representative, guardians and attorneys as required or authorised by law. We require a written authority from you, or from an authorised representative (such as an attorney under a power of attorney) if you would like someone to manage your Snug record on your behalf;
  • if you are an Australian resident and have consented to be connected to view or download your My Health Record information, then we are required to disclose your name, date of birth, Medicare number and Individual Healthcare Identifier to the Australian Government in order to establish this connection. Snug Health will not disclose any personal health information in establishing a connection to your My Health Record information;
  • to emergency service providers in circumstances where your immediate consent cannot be obtained, such as when there is an immediate need to provide you with emergency medical treatment where your state of health and/or life is at risk and where you have provided pre-consent for your personal information to be released for this purpose;
  • where our agents or contractors who assist us in providing our products and services require such information in order to perform a core business function on behalf of Snug Health but only where the relevant agent or contractor has a confidentiality agreement in place with Snug Health. Our agents and contractors will only use your information to the extent necessary to perform their functions;
  • where all, or most, of the assets of Snug Health or any single business unit within Snug Health are merged or acquired by a third party, or we expand or re-organise our business, in which case your personal information may form part of the transferred or merged assets;
  • for compliance reasons to ensure compliance with relevant laws and regulations;
  • for operational reasons for maintaining, reviewing and developing our business systems, procedures and infrastructure including testing or upgrading our products or our computer systems in order to securely and efficiently deliver our services to you and others;
  • in exceptional circumstances, where there are grounds to believe that the disclosure is necessary to prevent a threat to an individual's health and safety, for law enforcement purposes or to protect public health and safety; and
  • when it is otherwise required or authorised by law.

De-identified Information

You acknowledge that we may use your personal information in de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. We may also provide de-identified information in aggregated form to third parties for research, marketing and other purposes.

When your personal information and health information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.

Cross-Border Disclosure of personal information

Snug Health is based in and operated out of Australia. Snug Health will, wherever possible, store your personal information on a secure server located within the country from which you access Snug. Where this is not possible your personal information will be stored on Australian servers.

If you are accessing Snug from outside Australia, then you acknowledge that your personal information will be disclosed to our employees and agents in Australia for the purposes of providing you with Snug and relates services. We may disclose personal information outside of Australia but only to contracted service providers that are engaged by us to act on our behalf and assist with our business functions and delivery of Snug and related services. If we transfer your information to a contracted service provider outside Australia, we will take steps to ensure that your privacy rights continue to be protected to ensure that these contracted service providers are either covered by data privacy laws substantially similar to those in Australia or the relevant contracted service provider adheres to data privacy standards substantially similar to those in Australia.

Your rights in relation to your personal information

You may request access to your personal information collected by us and ask that we correct that personal information. You may also ask us to delete your personal information, restrict the processing of your personal information or transfer a machine-readable copy of your personal information to you or a third-party of your choosing. We will need to verify your identity before we are able to action your request.

We may refuse to action your request where actioning the request would:

  • pose a serious threat to the life or health of an individual;
  • have an unreasonable impact on the privacy of others;
  • be unlawful;
  • prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security or negotiations with you;
  • jeopardise the conduct of existing or anticipated legal proceedings.

We may also refuse to action your request where we are authorised to do so by law.

You can make a request in relation to the handling of your personal information by emailing us at and we will respond within 30 days. If we refuse to action your request, we will notify you in writing setting out the reasons.

How is your personal information protected and how long is it kept?

Snug Health takes the security of your personal information very seriously and take reasonable steps to protect it from misuse and loss, unauthorised access, modification or disclosure. The methods we use to ensure this includes the implementation or existence of the following measures:

  • all Snug Health employees, agents and contractors are bound by confidentiality agreements and procedures have been implemented so that only those people with a genuine need to know have access to your personal information;
  • electronic and physical data and document storage security policies;
  • policies and procedures governing the retention, use and access of documents and data;
  • internal system access security policies including authenticated access of employees and contractors;
  • verification procedures to identify an individual before personal information is disclosed;
  • access control for our buildings and data hubs; and
  • the use of data encryption, firewalls and other security systems for our computer systems and cloud-based services.

Your information is kept while we need it to provide the services that you have requested from us and where applicable, we are required to keep it to comply with statutory requirements. Where Snug Health determines it is no longer necessary to hold your personal information we will securely destroy, delete or permanently de-identify that information, wherever possible.

In the unlikely event that the security of your personal information is compromised, we will immediately take steps to confirm if a data breach has occurred. If a breach is confirmed, and we form the view that the breach is likely to result in serious harm to you, we will notify you and provide you with a description of the breach, the kinds of information involved, and any recommended actions you could take to protect yourself against the consequences of the data breach. In accordance with our obligations under the Privacy Act 1988 (Cth) and the Australian Notifiable Data Breaches Scheme we will also notify the Office of the Australian Information Commissioner (OAIC) of any data breach that we consider is likely to result in serious harm to any of the individuals to whom the information relates.

Complaints about your privacy

Snug Health will make every attempt to ensure that your privacy is not breached, however, if you believe that your privacy has been breached or you wish to make a complaint about the way we have handled your personal information, you can contact us at or lodge a complaint to the address mentioned below:

The Privacy Officer
Snug Health Pty Ltd
GPO Box 714
Hobart TAS 7001

We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. However, if you believe that we have not resolved the issue you may refer the matter to the OAIC, or if accessing the Snug from outside Australia, the relevant privacy and data protection authority in your country of origin.

Changes to this Privacy Policy

By using our website, services or Snug or by accepting our Terms of Use which refer to this Privacy Policy, you are agreeing to the collection, use and disclosure of your personal information in accordance with the terms of this Privacy Policy.

We may change this Privacy Policy from time to time. We will let you know that the policy has changed by emailing you at the email address provided by you to us (if any) and also via a notification on our application. Your continued use of Snug or our services following notification of a change to this Privacy Policy indicates that you accept those changes. Through this document we will always let you know the information we collect, how we use it, and the circumstances under which such information may be disclosed by us.

Effective Date: 3 November 2020

1 An eHealth record is an electronic summary of your key health information such as prescribed medications, allergies and treatments you have received. For more information please visit