1. Respecting your privacy
We provide the following Platforms:
(a) a platform to conduct and manage a process, project, workflow or task which includes a clinical trial (each a Project, together the Project Platform);
(b) a platform for users to track their COVID19 symptoms available at http://covidaware.me (COVID19 Platform),
(together, the Platforms).
To become a registered user of any of our Platforms, you will be required to agree that your personal information will be collected, held, used and disclosed by us in accordance with this policy. We may amend this policy from time to time, and the amended policy will be made available in the Platforms. You may be asked to accept the new policy before you can continue to use the Platforms. If you are not asked, we will treat your continued use of the Platforms, or your provision of further personal information to us, as your acceptance of the amended policy.
We collect personal information from:
(a) individuals and businesses who want to use the Project Platform to conduct a Project (Project Customers);
(b) individuals who want to use the Project Platform through the access provided by a Project Customer in relation to a Project in which they are involved (Project End Users). Project End Users can include patients, employees and contractors of the Project Customer, and other third parties to whom the Project Customer grants access to the Project Platform in relation to a Project; and
(c) individuals who use the COVID19 Platform (COVID 19 Users).
The types of personal information that we collect and hold about you will depend on our relationship with you and the circumstances of collection. The information will generally include:
(a) full name (for Project Customers and Project End Users only);
(b) email address;
(c) mobile phone number;
(d) your date of birth (for Project End Users only);
(e) other information about you and your health including age, gender, symptoms, pre-existing conditions, medications taken, dietary habits, specialist reports, test results, notes of your diagnosis (for Project End Users and COVID19 Users only);
Generally, we collect personal information directly from you. This may occur in a number of ways, including:
(a) when you sign up to become a registered user of any of the Platforms;
(b) when you update your information on any of the Platforms; and
(c) when you make an enquiry or provide feedback to us.
Sometimes we collect personal information from a third party or from a publicly available source, but only if you have consented to your information being used in this way, or would reasonably expect us to collect it in this way. We only collect this information from companies or sources that are allowed to disclose it to us.
3. Providing personal information of others to us
You must not provide us with personal information about any other individual unless you have the express consent of that individual to do so. If you do provide us with such information, before doing so, you:
(b) warrant that you have that individual’s consent to provide their information to us.
4. Use of your personal information
We use the personal information (which is not sensitive information) we collect for the purposes for which it is collected and for other related purposes, and as permitted or required by law. Our general purposes may include:
(a) to provide the services you request, and to administer and manage those services;
(b) to respond to your enquiries or requests for assistance from us;
(c) to improve and develop the Platforms, including expanding the functionality and offerings available through the Platforms;
(d) otherwise to facilitate our business operations and processes.
5. How do we use sensitive information?
Sensitive information is a type of personal information that includes information about an individual’s health, racial or ethnic origin or sexual orientation or practices. We will only use your sensitive information for the purpose for which you have provided it to us and to the extent that it is reasonably necessary for us to provide the Platforms.
6. Disclosure of your personal information
Generally, we will obtain consent before we disclose any personal information other than as specified in this policy. Such consent may be given expressly or it may be implied by conduct.
In the specific case of Project End Users, your personal information will be disclosed to our Project Customers for their business purposes and to allow them to conduct the Project. More generally, your personal information may also be disclosed to:
- our related entities, representatives and business partners for our business purposes;
- our third party service providers to permit them to provide services to us such as provision of infrastructure, information systems and IT services, data analysis, customer services and operation of call centres, and other similar services;
- our external advisers who have been engaged to provide us with legal, administrative, financial, insurance, research, marketing or other services;
- any other person authorised, implicitly or expressly, when the personal information is provided to or collected by us.
Some of our related entities or other third parties to whom we may disclose your personal information, may be located in countries outside Australia or may hold your data on servers located outside of Australia, including the United States of America.
We reserve the right to disclose any personal information (including sensitive information) to law enforcement or other government officials where such disclosure is required by law, or where we reasonably believe that disclosure is necessary or appropriate.
We will not share your personal information with third parties for their marketing purposes. We will never sell, trade, lease or rent your personal information to third parties. We may share de-identified, aggregated information with third parties for their marketing and business purposes, but such information will not individually identify you.
7. Payment providers
8. What happens if I do not provide personal information?
If you do not provide your personal information to us, you will not be able to use our Platforms.
We may also collect data from you by using ‘cookies’, which are small data files deposited by the Platforms on your phone, computer, or other device. Cookies are sent back only to the servers that deposited them when a visitor returns to the relevant page. With the information we receive through cookie technology, we hope to improve the Platforms.
In addition, we may gather information about you that is automatically collected by our server, such as your IP address and domain name. We may use this information to customise our offerings, to make information more readily accessible to you, and to make the Platforms easier for you to use.
10. Data security
We take the security of your personal information seriously. We take reasonable steps to protect the personal information we hold, whether in electronic or other form, against loss, unauthorised access, use, modification or disclosure, and against other misuse.
When no longer required by us or when requested by you, we will take reasonable steps to destroy, delete or permanently de-identify personal information in a secure manner.
11. Access and correction
You may request access to the personal information we hold about you by contacting us using the contact details below. We will process such requests within a reasonable time. If we deny an access request as permitted or required by law, we will provide reasons to the extent we are required by law to do so.
We will take reasonable steps to ensure the personal information we hold about you is up to date and accurate. Please let us know promptly if any changes are required to be made to the personal information we hold about you by contacting us using the contact details below.
You may ask us at any time to correct personal information we hold about you. On request, we will take reasonable steps to correct the information so that it is accurate, complete and up to date, or will provide reasons for not doing so to the extent required.
Of course, you may also update your personal information at any time through the Platforms.
12. Complaints handling
If you wish to make a complaint about a breach of this policy or the Australian Privacy Principles, you can contact us using the contact details below. You will need to provide sufficient details regarding your complaint, together with supporting evidence and information. Our Privacy Officer will investigate your complaint and determine what steps we need to take to resolve your complaint. We will contact you if we require further information from you, and will notify you in writing of the outcome of our investigation.
If you are not satisfied with the outcome, you may contact us to discuss the matter further, or you may make a complaint to the Information Commissioner using the details below:
Office of the Australian Information Commissioner:
GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
Fax: 02 9284 9666
13. How to contact us
If you have any questions or concerns about this policy or our practices you may contact us by email sent to contact (at) covidaware.me.
Version No: 1
Date: 25 March 2020