Snug Health Pty Ltd (ABN 47 610 411 473) ("Snug Health", "we", "us" or "our") specialises in the provision of an innovative mobile application that serves as a personal electronic health record and assists with health promotion and disease management (Snug).
What is personal information?
When used in this Policy, "personal information" means any information or opinion relating to an identified or identifiable individual.
In general terms, it is information that can be used to personally identify you such as your name, address, telephone number, email address, profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
When used in this Policy, "sensitive information" refers to a sub-set of personal information that is afforded a higher level of privacy protection under the law because of its sensitive nature.
In general terms, sensitive information includes information about your racial or ethnic origin, political opinions, religious and philosophical beliefs, sexual preferences and criminal history as well as information about your health or genetics. Unless required by law, we will only collect sensitive information with your consent.
What personal information do we collect?
As an account holder in Snug, certain personal information will be required to establish and maintain your record, and to provide services to you. We may collect the following types of personal information relating to you:
The choice of how much information you provide to us is yours, but if you want to register as a member of, or have a user account on our websites, we require certain information from you in order to provide those services.
Where possible, you have the option of interacting with us anonymously (for example, as a visitor of the website) or using a pseudonym if you feel more comfortable dealing with us that way. For example, if you contact us by telephone with a general question, we will not ask for your full name unless we need it to answer your question.
How do we collect personal information?
Where possible we will collect personal information directly from you, however in certain circumstances it may be necessary to collect information about you from third parties. If we receive information about you from someone else, we will take reasonable steps to make you aware of the facts and circumstances of that collection. We may collect your personal information in several ways, including:
Collecting personal information through our websites
What happens if we receive unsolicited personal information?
Why do we collect your personal information?
Do we use your personal information for direct marketing?
We may use your personal information to send you direct marketing communication and information about our services and products, and other related services and products if we have your permission or a legitimate interest in doing so. If at any time you no longer wish to receive this information, you can request to "opt out" from receiving this information by contacting firstname.lastname@example.org.
We will NEVER sell your personal information to anyone for direct marketing purposes of otherwise.
Disclosure of personal information
The information Snug Health collects from you or concerning you or your dependents, will be kept strictly confidential and secure at all times. Where your personal information is disclosed, it will be disclosed in a manner that is consistent with applicable privacy laws and regulations and only for a purpose consistent with the purpose for which the information was originally collected.
Your personal information will only be disclosed to third parties in the following circumstances:
You acknowledge that we may use your personal information in de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. We may also provide de-identified information in aggregated form to third parties for research, marketing and other purposes.
When your personal information and health information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.
Cross-Border Disclosure of personal information
Snug Health is based in and operated out of Australia. Snug Health will, wherever possible, store your personal information on a secure server located within the country from which you access Snug. Where this is not possible your personal information will be stored on Australian servers.
If you are accessing Snug from outside Australia, then you acknowledge that your personal information will be disclosed to our employees and agents in Australia for the purposes of providing you with Snug and relates services. We may disclose personal information outside of Australia but only to contracted service providers that are engaged by us to act on our behalf and assist with our business functions and delivery of Snug and related services. If we transfer your information to a contracted service provider outside Australia, we will take steps to ensure that your privacy rights continue to be protected to ensure that these contracted service providers are either covered by data privacy laws substantially similar to those in Australia or the relevant contracted service provider adheres to data privacy standards substantially similar to those in Australia.
Your rights in relation to your personal information
You may request access to your personal information collected by us and ask that we correct that personal information. You may also ask us to delete your personal information, restrict the processing of your personal information or transfer a machine-readable copy of your personal information to you or a third-party of your choosing. We will need to verify your identity before we are able to action your request.
We may refuse to action your request where actioning the request would:
We may also refuse to action your request where we are authorised to do so by law.
You can make a request in relation to the handling of your personal information by emailing us at email@example.com and we will respond within 30 days. If we refuse to action your request, we will notify you in writing setting out the reasons.
How is your personal information protected and how long is it kept?
Snug Health takes the security of your personal information very seriously and take reasonable steps to protect it from misuse and loss, unauthorised access, modification or disclosure. The methods we use to ensure this includes the implementation or existence of the following measures:
Your information is kept while we need it to provide the services that you have requested from us and where applicable, we are required to keep it to comply with statutory requirements. Where Snug Health determines it is no longer necessary to hold your personal information we will securely destroy, delete or permanently de-identify that information, wherever possible.
In the unlikely event that the security of your personal information is compromised, we will immediately take steps to confirm if a data breach has occurred. If a breach is confirmed, and we form the view that the breach is likely to result in serious harm to you, we will notify you and provide you with a description of the breach, the kinds of information involved, and any recommended actions you could take to protect yourself against the consequences of the data breach. In accordance with our obligations under the Privacy Act 1988 (Cth) and the Australian Notifiable Data Breaches Scheme we will also notify the Office of the Australian Information Commissioner (OAIC) of any data breach that we consider is likely to result in serious harm to any of the individuals to whom the information relates.
Complaints about your privacy
Snug Health will make every attempt to ensure that your privacy is not breached, however, if you believe that your privacy has been breached or you wish to make a complaint about the way we have handled your personal information, you can contact us at firstname.lastname@example.org or lodge a complaint to the address mentioned below:
The Privacy Officer
Snug Health Pty Ltd
GPO Box 714
Hobart TAS 7001
We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. However, if you believe that we have not resolved the issue you may refer the matter to the OAIC, or if accessing the Snug from outside Australia, the relevant privacy and data protection authority in your country of origin.
Effective Date: 3 November 2020
1 An eHealth record is an electronic summary of your key health information such as prescribed medications, allergies and treatments you have received. For more information please visit www.myhealthrecord.gov.au