Our approach to privacy
Handy Health Pty Ltd ACN 640 738 307 (“Handy Health”) respects your privacy and is committed to complying with the Australian Privacy Principles contained in the Privacy Act 1988 (“Privacy Act”).
We may collect personal information from you when:
- Youcreate an account in our mobile application, Handy Health (“App”), and you have given your consent to our collection, disclosure and usage of your health information.
- You use the App to collect, record, and store your health information in electronic format for later access, retrieval and use on the App by you and other persons authorised by you (“Purpose”).
- Your information may also be collected through in-app surveys or other health surveys that you may be asked to complete when you have an account in our App.
The types of personal information we may collect from you include:
- general personal details such as your name, gender, contact number, address, and email address;
- demographic information such as your age, gender, and State or Territory residence;
- your financial or billing information (such as billing address, bank account, and payment information);
- your health information including time, date, blood pressure, weight, medication, body and heart rates;
- if you supply it to us, we may collect certain information about you including information about your medical history, information such as your height and weight, prior medical diagnosis and testing, current and previous use of certain medications, and health habits;
- only where relevant and with your consent, sensitive information about your health;
- technical data about your App usage, App version and installation ID, device identifier, and technical data about your Apple device or Android device (“Device”), including operating system and model.
No location data will be collected and stored at any time.
Why do we collect, use, and disclose your personal information?
We may use your information to:
- provide to you our products and services for the Purpose;
- communicate with you, and build and maintain our relationship with you;
- comply with applicable laws and our other regulatory, accounting, reporting or professional obligations;
- protect, exercise or defend our legal rights; and
- process and respond to your requests, enquiries, or complaints.
We may also use your information to perform analytics (on a de-identified basis) to:
- improve our products and services;
- market our services to you;
- identify and develop new products and services you may be interested in;
- conduct, monitor and analyse our business and internal operations;
- send you updates, publications, marketing, and new product or service offerings (however, if you do not want to receive marketing emails from us, you can opt-out at any time using the contact details set out below).
To whom do we disclose your personal information?
We cannot access any health data stored on a device, or share this with any health and medical practitioners (health practitioner) unless required by law; or it is necessary to prevent a serious threat to life, health or safety, or you consent to the disclosure of the data to an identified health practitioner. In this case, the practitioner would contact you to ask for your permission to see your health information.
We may also disclose your information to:
- our service providers, agents, and contractors from time to time that help us to provide our services to you;
- any person you nominate explicitly to share your health information, which you can do by giving the person a QR code you generate within the App on your Device for that person to input into the App on their Device;
- specific third parties authorised by you to receive information held by us; and
- other persons, including government agencies, regulatory bodies, and law enforcement agencies, as required or authorised by law; or
- as otherwise required or authorised by law.
Some of these vendors or other parties may receive or store your information in overseas locations. For example, we may disclose your email address or additional contact information to providers of marketing database services, which may store the data in an overseas jurisdiction.
Handy Health does not host or store your personal information outside Australia.
How do we store and keep your information secure?
We will hold your personal information in electronic form encrypted and stored in a cloud-based facility, using infrastructure located in Australia (“Data Store”), which has been classified as appropriate for storage of data up to the “protected” security level. All of your data in the storage facility will be removed from the Data Store by you deleting your account by going to Handy Health App → My Profile → Delete Profile, or when you make a request by email to firstname.lastname@example.org and provide proof of identity.
We use a variety of physical and electronic security measures to keep your personal information secure from misuse, interference, loss or unauthorised use or disclosure. For example, we restrict physical access to our offices, employ firewalls and secure databases, password protect our IT systems, frequently update our anti-virus software, and conduct regular audit and data integrity checks. All of our employees, providers, agents and contractors are also bound to keep your personal information secure and treat it as confidential.
We will ensure your health information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse. However, we cannot guarantee the security of your personal information, including your health information. The Internet is not a secure environment. If you do use the Internet to send us any information, including your email address, please be aware that it will be posted at your own risk.
Accessing or correcting your personal information
You have rights under the Privacy Act to:
- request access to the personal information we hold about you;
- ask us to update or correct any information that is inaccurate, misleading, incomplete or outdated; and
- opt-out of receiving direct marketing communications from us.
You can also ask us to remove any information that is not relevant to the Purpose.
You can do any of these things by contacting our Support Team using the contact details below.
If you request access to your personal information or ask us to correct or update information about you, we may need to verify your identity. In some circumstances, there may be a valid reason for us to deny your request to access or correct your information. If we do this, we will tell you why.
Making a complaint
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address, or telephone number and clearly describe your complaint.
Handy Health’s Support Team will investigate any complaint, and the outcome of that investigation communicated to you. (Please allow at least 14 days for us to do so).
If you are not satisfied with the outcome of any internal investigation that we conduct, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at email@example.com or on 1300 363 992. More information is available on the OAIC’s website at https://www.oaic.gov.au/.
If you would like more information concerning how we handle your information or our approach to privacy, or to exercise any of your rights outlined above, please contact: Handy Health Support Team: firstname.lastname@example.org.
Last updated: 3 January 2021