Privacy Policy
Ethos Health - Privacy Policy
About this Privacy Policy
This is the Privacy Policy for Ethos Health Pty Ltd ABN 91 137 759 310 (Ethos Health, us, we, our). This Privacy Policy sets out Ethos Health's obligations in line with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act) and the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council) - as it applies to persons in the European Union who interact with us. A reference to 'Personal Information' in this policy is a reference to both 'Personal Information' as defined in the Privacy Act and to 'Personal Data' for the purposes of the GDPR (if it applies to you).
This Privacy Policy sets out the different types of Personal Information we collect, why we collect it and what you can do if you would like to remove yourself from our mailing list, correct any details we may hold about you, or exercise other rights you have.
We will update this Privacy Policy from time to time at our discretion, and we will notify you of updates. You can visit our website to see the latest copy of the Privacy Policy. This Privacy Policy was last reviewed on 19 May 2020.
By using our site, you consent to this Privacy Policy and to our website Terms of Use, if any.
What Personal Information Do We Collect?
We collect the following Personal Information:
- personal identification information including: name, email, address, telephone, date of birth and gender; and
- information you supply in our software as a service (SaaS).
How Do We Collect and Store Your Personal Information?
We collect Personal Information in a number of ways, including:
- information submitted through our website;
- in some cases, through web analytics
- through communications with you, including emails, and voice calls.
We hold Personal Information:
- in systems that we use in connection with our business, some of which may be owned and operated by our suppliers; and
- in our hard copy files; and
- in the databases associated with our website.
Providing it is lawful and practical, we will give you the option of not identifying yourself, using a pseudonym, or not providing Personal Information when you enter into a transaction or deal with us. However, if you elect not to provide us with Personal Information then it is unlikely we are able to provide you with the information, products, services or support that you may want.
We may receive other unsolicited Personal Information in the course of our business. We will deal with this unsolicited Personal Information in accordance with this policy.
We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:
- the length of time we have an ongoing relationship with you and provide services to you;
- legal obligations we may have to keep (or destroy) your data; or
- legal advice we receive (such as in regard to litigation, regulatory investigations or applicable statutes of limitation).
When your Personal Information is no longer required it is destroyed in a secure manner.
What Do We Use Your Personal Information For?
We collect, hold, use and disclose Personal Information for the following purposes:
- supplying you with information from our SaaS for workplace health and safety purposes;
- sending subscription emails;
- improving the website experience of our visitors; and
- supplying identified and/or aggregated information to your employer or contractor (who has paid for the use of the SaaS) when it relates to workplace health and safety training and education;
- supplying de-identified and aggregated information to your employer or contractor (who has paid for your use of the SaaS), when personal health-related information is collected. No identifiable personal health-related information will be disclosed to your employer or contractor without your written consent. This data would be used for the purpose of identifying workforce health needs and/or targeting future training and education initiatives only.
We also use Personal Information for our own internal business purposes including:
- data analysis to improve our products and services;
- auditing our internal processes to ensure they function as intended and that we comply with regulatory requirements;
- fraud and security monitoring;
- developing new products and services;
- identifying usage trends so we can understand which of our services are of most interest to our customers;
- determining the effectiveness of marketing campaigns so that we can adapt to the needs and interests of our customers; and
- operating and expanding our business activities such as understanding which of our services are of most interest to our customers, so we can focus on our customers' needs.
For clarity, we disclose that we de-identify data, so it is no longer Personal Information, and then use this de-identified data for research, which may also include publication of our research. We consider that there is no possibility of re-identification of individuals for this usage.
Do we share your information?
We may send Personal Information outside Australia in the following circumstances:
- where our website, or any hosting service we use to support our managed services, software or software as a service, is hosted by us or a third party, and the hosting facilities and/or the back-up/disaster recovery sites are located overseas. We have no control over where these third party providers host the website and it is impractical for us to be able to advise you of the countries where the Personal Information may be held or processed;
- where a third party application is being used in connection with our interactions with you, e.g. when we use email, help desk or VoIP providers, the third party providers of the relevant application may have their applications hosted overseas. We have no control over where these third party providers host their applications and it is impractical for us to be able to advise you of the countries where the Personal Information may be held or processed; or
- your employer or contractor is located outside Australia.
When we send Personal Information outside Australia for processing we will enter into formal contracts with those processors, which will contact privacy terms and conditions that allow us to meet our privacy obligations to you.
GPS Location Access Policy
FatigueTech workplace app ("App") may request access to your device's GPS location data in respect of your workplace fatigue procedure. We will only collect your GPS location data with your explicit consent. You can choose to grant or deny access to location services through your device settings at any time. By enabling access, you consent to the collection, maintenance and use of your location data, to provide and improve fatigue management products and services.
How We Use Your GPS Location Data
If you grant permission, we will use your GPS location data for the following purposes:
- Tracking Work-Related Trips: To monitor and record your work-related trips and your journeys to and from work.
- Log the location of assessments: To monitor where StartFits and FatigueChecks were completed.
- Provision of information to your workplace: To share location data collected with your workplace in respect of your workplace’s fatigue program to help your workplace manage fatigue
- Service Accuracy: To improve the accuracy and quality of our services, ensuring better fatigue management and recommendations to workplaces.
Data Sharing and Disclosure
We will not share your GPS location data with any third party without your consent, except under the following circumstances:
- Legal Requirements: As required by law.
- Safety: To protect the safety of others or ourselves.
- Service Provision: To provide services that your workplace has requested, which may involve sharing your location data with third-party service providers.
Data Security
We implement appropriate technical and organizational measures to protect your GPS location data from unauthorized access, use or disclosure. Information collected will be treated in accordance with Ethos Health’s Privacy Policy.
Use of Social Media
Our website includes links to social media, including blogs, Twitter feeds, Facebook, Instagram, and similar services. The nature of social media is that these applications actively enable exchange and disclosure of any information, whether personal or otherwise, that is included within those applications. All information, including Personal Information that you enter in those applications may be used, stored, handled and disclosed in any way that is consistent with the privacy policies of the relevant applications, if any. We have no control over those interactions.
Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
We use cookies to operate and improve your experience on our site, including:
- allowing you to sign in faster, and keeping you signed in; and
- to track how the site is used.
If you do not allow cookies to be used some or all of the website or other applications or tools on it might not be accessible to you and you may not be able to purchase goods from us.
Your Rights Regarding Your Personal Information
You have the right to access your Personal Information that we hold, and request that it be rectified or erased. If you want to access your Personal Information we hold or you believe any of your Personal Information that is held by us is inaccurate, out of date, incomplete, irrelevant or misleading or it is not necessary for us to continue to hold it, you can contact us, and we will either provide you with access to the Personal Information (in so far as we are required to do so by law,) or we will correct it, as applicable, within a reasonable period. We may make a reasonable charge for giving you access to your Personal Information, but we will not charge for you making the request, correcting Personal Information or making a statement as to why we are not correcting your Personal Information.
In certain circumstances if you raise a complaint on how we have handled your Personal Information, you may also request that we 'restrict processing' meaning that the data will be preserved from further processing 'as evidence' either while we investigate your complaint or to support your complaint to the Australian Information Commissioner.
Where you have provided your personal data directly to us that is processed by automated means and is done so solely on the basis of your consent, then you will have the right to obtain and reuse your personal data in an electronic format for your own purposes across different services.
You have the right to object any aspect of our processing of your personal data under certain circumstances under the GDPR. 'Processing' is the term under that law that describes all uses of your personal data. This will include the collection, sharing, storage, retention and destruction of your data.
You may unsubscribe from our direct marketing at any time. We will not send you direct marketing without your consent and you can withdraw your consent at any time by selecting the 'unsubscribe' link within each email.
Complaints
If you wish to complain about a breach of any Australian Privacy Principle that binds us, a registered privacy code that binds us, the GDPR or this Privacy Policy, then you should contact us using the information in the Contact Us section of this Privacy Policy.
We will use our best efforts to respond to any complaint within 5 business days of the date of receipt. We will attempt to resolve your complaint to your satisfaction. If you are not satisfied with how we deal with your complaint you may contact the Australian Information Commissioner, whose contact details can be found at http://www.oaic.gov.au/.
Contacting Us
If you have any questions regarding this privacy policy or your information, we invite you to contact us by:
- email at the following email enquiries@ethoshealth.com.au;
- using the contact web form on our website (http://www.ethoshealth.com.au/); or
- writing to Ethos Health, Level 1, Annie Street, Wickham, Newcastle, NSW 2293