Data Privacy & Medical Data
GARDIAN TECHNOLOGIES POLICY
Last Updated November 2020
1.1 This Policy applies in relation to all information that We collect from you and is kept strictly confidential and is only for use by Us to any third parties as authorised by You by your continued use of our Site and Mobile App. The Products and Services are not directed or intended for children under the age of 16. We may however collect Personal Data and Health Information about children below the age of 16 years of age with a parent or guardians’ explicit consent.
1.2 We will alert you about any changes by updating the “Last Updated” date of this Policy.
1.3 We are bound by the Australian Privacy Principles and the Privacy Act. We follow the Data Protection Laws.
1.4 The purpose of the Policy is to:
a. clearly communicate Our handling of information;
b. enhance transparency; and
c. give individuals a better and more complete understanding of the Personal Data collected and the way We handle that information.
1.5 This Policy applies to all persons who uses Our Site and Mobile App.
2.1 Unless otherwise defined herein capitalised terms and expressions shall have the following meaning:
“Complaint Handler” means the Head of Customer Service;
“Complaint Handler Email Address” means email@example.com;
“Data Protection Laws” means the Privacy Act, Australian Privacy Principles, EU Data Protection Laws; Health Records and Information Privacy Act 2002 all relevant Privacy Laws within Australian States and Territories and, to the extent applicable, the data protection or privacy laws of any other country.
“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Site and Mobile App. The Data Controller, unless otherwise specified, is always Us.
“Health Information” means your Personal Data relating to your health and healthcare and may include information collected in connection with the provision of a health service.
“EU” means the European Union
“GDPR” means General Data Protection Regulation 2016/679;
“Mobile App” means the Gardian EMS Assist, Event Medic, and Event Control applications;
“Personal Data” has the meaning detailed in Clause 3.1(a) of this Policy;
“Privacy Act” means the Privacy Act 1988 (Cth);
“Products” means the Gardian EMS Assist, Event Medic, and Event Control applications and the Gardian Vital Assist smart wristband or smart watch;
“Us, Our, We” means Gardian Technologies Pty Ltd;
“Services” means the services as defined in the End User License Agreement or those as defined in the contractual agreement between Gardian Technologies Pty Ltd and each individual client;
“Site” means www.gardian.tech;
“UK” means the United Kingdom.
3.0 COLLECTION OF PERSONAL INFORMATION
3.1 We only collect Personal Data for the purpose of Our Products and Services and We may collect and store personal information about you. The manner in which We will collect your Personal Data will depend on the manner in which you engage with Us either through the Mobile App or Site and includes:
a) Personal Data - Personally identifiable information, such as your name, address, email address, and telephone number, and demographic information, such as your age, gender, hometown, interests and Health Information that you voluntarily give to Us when you choose to participate in various activities related to Us and Our Products and Services including online chat and message boards. You are under no obligation to provide Us with personal and Health Information of any kind.
b) Derivative Data - Information Our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site. If you are using Our Mobile App, this information may also include your device name and type, your operating system, your phone number, your country, your likes and replies to a post, and other interactions with the application and other users via server log files, as well as any other information you choose to provide.
c) Mobile App Information - If you connect using Our Mobile App:
Geo-Location Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using Our Mobile App, to provide location-based services. If you wish to change Our access or permissions, you may do so in your device’s settings.
Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device’s Bluetooth, calendar, camera, contacts, microphone, reminders, sensors, SMS messages, social media accounts, storage, and other features. If you wish to change Our access or permissions, you may do so in your device’s settings.
Mobile Device Data. We may collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and IP address.
Push Notifications. We may request to send you push notifications regarding your account or the Mobile App. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
Payment information. We may request your Personal Data for authorisation for payment of Services or Products by Us or third parties engaged by Us, including a fraud monitoring and prevention service.
3.2 Unless specified otherwise, all data requested by our Mobile App is mandatory and failure to provide this data may make it impossible for the Mobile App to provide its services. In cases where the Mobile App specifically states that some data is not mandatory, you are free not to communicate this data without consequences to the availability or the functioning of the Service.
4. USE OF YOUR INFORMATION
4.2 We will not disclose your Health Information unless it is connected with the Products and Services in which you supplied such information. For the avoidance of doubt, your Personal Data and Health Information may be shared with health professionals for the purpose of providing medical treatment and services.
4.3 Having accurate information about you permits Us to provide you with a smooth, efficient, and customised experience.
4.4 We take steps to protect Personal Data We hold against loss, unauthorised access, use, modification, or disclosure, and against other misuses.
4.5 We take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of Personal Data. All Personal Data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition, Personal Data may be accessible to certain types of persons in charge, involved with the operation of the Mobile App and Site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, payment service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by Us. The updated list of these parties may be requested from Us in writing at any time.
4.6 We may share information We have collected about you in certain situations. Your information may be disclosed as follows:
a) By Law or to Protect Rights - If We believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of Our policies, or to protect the rights, property, and safety of others, We may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
b) Third-Party Service Providers - We may share your information with third parties that perform services for Us or on Our behalf, including background checking, third party payment services, data analysis, email delivery, hosting services, customer service, and marketing assistance.
c) Marketing Communications - With your consent, and with an opportunity for you to withdraw consent, We may share your information with third parties for marketing purposes, as permitted by law.
d) Interactions with Other Users - If you interact with other users of the Site and Our Mobile App, those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.
e) Online Postings - When you post comments, contributions or other content to the Site or Our Mobile App, your posts may be viewed by all users and may be publicly distributed outside the Site and Our Mobile App in perpetuity.
f) Third-Party Advertisers - We may use third-party advertising companies to serve ads when you visit the Site or Our Mobile App. These companies may use information about your visits to the Site and Our Mobile App and other Sites that are contained in Web cookies in order to provide advertisements about goods and services of interest to you.
g) Affiliates - We may share your information with Our affiliates, in which case We will require those affiliates to honour this Policy. Affiliates include Our parent company and any subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
h) Business Partners - We may share your information with Our business partners to offer you certain products, services, or promotions.
i) Other Third Parties - We may share your information with advertisers and investors for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law.
4.7 Specifically, you authorise Us to use any Personal Data collected by Us about you to:
a)compile anonymous statistical and health data and analysis for use internally or with third parties;
b)deliver targeted advertising, coupons, newsletters, and other information regarding promotions and the Site and Our Mobile App to you;
d)enable user-to-user communications;
e)generate a personal profile about you to make future visits to the Site and Our Mobile App more personalised;
g)increase the efficiency and operation of the Site and Our Mobile App;
h)monitor and analyse usage and trends to improve your experience with the Site and Our Mobile App;
i)notify you of updates to the Site and Our Mobile Apps;
j)offer new products, services, mobile applications and/or recommendations to you;
k)perform other business activities as needed;
l)prevent fraudulent transactions, monitor against theft, and protect against criminal activity;
m)request feedback and contact you about your use of the Site and Our Mobile App;
n)resolve disputes and troubleshoot problems;
o)send you a newsletter;
p)solicit support for Us, Our Products and Our Services;
q)make payment by you for Services and/or Products under the Site or Mobile App.
4.9 We are assisted by a variety of third parties to deliver the Services We offer. These third parties change from time to time and include technology service providers for internet, app services, cloud services, publishing, payment services and printing services. These third parties may be located in Australia or overseas locations. You consent to share your Personal Data with persons outside the country in which you reside.
4.10 Our Site and Mobile App may include links to other third-party Sites, social media tools, widgets, or plug-ins, permitting sharing web content including IP address, with third parties and social media providers. These social media providers may learn of your visit even if you are not logged in to your social media account or if you do not have an account with them. To the extent any linked Sites or features you visit, or use are not owned or controlled by Us, we suggest that you review their own privacy notices or policies.
4.11 Wherever possible, We impose contractual restrictions equivalent to those imposed in the relevant Data Protection Laws in respect of collection and use of personal information by those third parties. We will obtain an individual’s specific consent prior to disclosing information for the purposes of direct marketing of other Services. An individual will be able to opt-out of direct marketing at any time if they so choose. Under no circumstances will We sell or receive payment for licensing or disclosing an individual’s personal information.
4.12 We are not responsible for the actions of third parties with whom you share personal or sensitive data, and We have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.
4.13 There are inherent risks in transmitting information across the internet, and We do not have the ability to control the security of information collected and stored on third-party platforms. In relation to Our own servers, We take all reasonable steps to manage data stored on Our servers to ensure data security.
5.0 LEGAL BASIS OF PROCESSING
5.1 We may process Personal Data relating to You if one of the following applies:
a) you have given your consent for one or more specific purposes. Note: Under some legislations We may be allowed to process Personal Data until you objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
b) provision of Personal Data is necessary for the performance of an agreement with the You and/or for any pre-contractual obligations thereof;
c) processing is necessary for compliance with a legal obligation to which We are subject;
d) processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in Us;
e) processing is necessary for the purposes of the legitimate interests pursued by the Us or by a third party.
5.2 All Personal data will be processed at Our operating office located within Australia.
6.0 DATA QUALITY
6.1 We take steps to ensure that the personal information We collect is accurate, up to date and complete. These steps include maintaining and updating personal information when We are advised by individuals that their personal information has changed, and at other times, as necessary.
6.2 Personal Data will be stored for as long as required for the purpose it has been collected for. Therefore:
a) Personal Data collected for purposes relating to the Services shall be retained until the Services have been fully performed;
b) Personal Data collected for the purpose of Our legitimate interest shall be retained as long as needed to fulfill such purpose. You may find specific information regarding the legitimate interest by requesting such information in writing from Us.
c) Once the retention period has finished or upon cancellation of your consent, the Personal Data will be deleted, and you will be unable to access or request this information.
7.0 OUR RESPONSIBILITIES UNDER THE GDPR
7.1 If you are a resident of the European Union (EU) or United Kingdom (UK) you have certain rights and protections under the GDPR regarding the processing of your Personal Data.
7.2 We collect, use, and store your Personal Data to enable Us to provide you with Our Products or Services and information about them. We rely on the following lawful means of processing your Personal Data:
a)Where it is necessary to fulfil a contract with you. This includes where We collect your Personal Data to enable Us to send you Our Products or provide you with Our Services.
b)Where you have given Us valid consent to use your Personal Data. We will rely on that consent and only use the Personal Data for the specific purpose for which you have given consent. This includes where We email newsletters or send mobile phone notifications.
c)We may also process your Personal Data where it is to further Our legitimate interests which could include usage statistics, analytics, and internal analysis so We can improve Our Services to you.
8.0 YOUR RIGHTS AS AN EU OR UK RESIDENT
8.1 If you are a resident of the EU or UK, you have various rights including the:
a)Right to be informed;
b)Right of access;
c)Right to rectification;
d)Right to object;
e)Right to restriction of processing;
f)Right to erasure or to be forgotten;
g)Right to data portability; and
h)Right not to be subject to automated processing.
8.2 If you want to access your Personal Data or ask for the information to be corrected, please contact Us. In some circumstances, you also have a right to object to or ask that We restrict certain processing activities or delete your Personal Data. If you would like to limit or request deletion of your Personal Data or exercise any other rights, you can do so by contacting Us.
9.0 ACCESS TO PERSONAL INFORMATION
9.1 You may access the Personal Data that We hold about you and can ask Us to correct the Personal Data We hold about You. We will take reasonable steps to make appropriate corrections to your Personal Data so that it is accurate, complete and up-to-date unless We consider that there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes.
10.0 WITHDRAWING YOUR CONSENT
10.1 You can withdraw your consent to Our collection or processing of your Personal Data at any time. You can do so by contacting Us or by opting out of email newsletter communications by following the instructions in those emails or by clicking unsubscribe. If you withdraw Your consent to the use of your Personal Data, you may not have access to Our Products and Services, and We might not be able to provide you with Our Products and Services. In some circumstances, where We have a legal basis to do so, We may continue to process your information after you have withdrawn consent. For example, if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect Our legitimate interest in keeping Our Services secure.
11.0 OUR COMPLIANCE
11.1 We comply with the Privacy Act and GDPR protection directives set out by the EU and UK regarding the collection, use and retention of Personal Data from EU member countries and the UK. All Personal Data stored on Our platform is treated as confidential. It is stored securely and is only accessed by authorised personnel. Our collection is limited in relation to what is necessary, for the purpose for which the Personal Data is processed and kept only for so long as is necessary for the purpose for which the Personal Data was collected. We implement and maintain appropriate technical, security and organisational measures to protect Personal Data against unauthorised or unlawful processing or use, and against accidental loss, destruction, damage, theft, or disclosure. We ensure the encryption and pseudonymisation of Personal Data and We have adequate cybersecurity measures in place.
12.0 YOUR ACKNOWLEDGEMENT
12.1 By providing Us with Your Personal Data, you consent to Us disclosing it to third parties including those who reside outside Australia, the EU or UK. We will ensure that those third parties are GDPR compliant.
13.0 COMPLAINT HANDLING
13.1 You may complain about the way We handle your personal information. A complaint should be made in writing to our Complaint Handler Email Address. On receipt, the complaint is referred to the Complaint Handler.
13.2 You can make a complaint regarding the misuse of your Personal Information at the relevant Statutory body that applies to the country in which you reside. For Australian residents, complaints can be made to the Office of the Australian Information Commissioner about the handling of their personal information by private sector organisations covered by the Privacy Act.
This document is © 2020 Gardian Technologies Pty Ltd [Gardian].