Privacy Policy

Our commitment

ResApp Health fully understands the importance of privacy and the protection of personal data in the digital era and is committed to ensure a high level of data protection for all persons with whom ResApp Health has dealings. We handle your privacy in strict compliance with the Australian Government’s National Privacy Principles of the Privacy Amendment (Private Sector) Act 2000 (amendment to Privacy Act 1998) and the EU General Data Protection Regulation (GDPR) 2016/679 and the Data Protection Act 2018 (DPA).

This Privacy Policy describes our practices in connection with information that we, or our service providers, collect through the ResApp Health website, our products and/or services operated and controlled by ResApp from which you are accessing this Privacy Policy.

This Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information. There may be instances where your local data protection laws impose more restrictive information handling practices than the practices set out in this Policy. Where this occurs, we will adjust our information handling practices in your jurisdiction to comply with these local data protection laws.

This Policy will explain:

  1. The type of information we collect
  2. Purposes for collection of your personal information
  3. Grounds for collection of your personal information
  4. Where does your personal information come from?
  5. Where does your non-personal information come from?
  6. Who has access to your personal information?
  7. Where your personal information may be transferred
  8. How long we will retain your personal information
  9. Your rights
  10. How to contact us
  11. How we will update this Privacy Policy

1. The type of information we collect

We want you to understand the types of information we, or our service providers, (which are third-party companies that work on our behalf) collect as you use our products and services. This Privacy Policy applies to the information that we collect and process about you when you use our products and services, such as when you:

  • access or use our website, mobile application, hardware, software, or other online or mobile service that links to or otherwise shows you this Privacy Policy;
  • participate in a ResApp Health research, survey or study.

Personal data

Personal data has the meaning given under your local data protection law. Personal data generally means information which relates to an individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in material form or not, about an identified or reasonably identifiable individual, and any indication of intention in respect of an individual.

We will only collect personal information in compliance with your local data protection laws, with your express consent and/or where it is reasonably necessary for, or directly related to, one or more of our functions or activities, unless we are otherwise required or authorised to do so by law.

Personal data on children

While in some instances we may collect personal data about children with the consent of his/her parent or guardian for the provision of our services such as research and clinical activities, we do not otherwise knowingly solicit personal data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal information, he or she should contact us as described in the “How to Contact Us” section below. We will take steps to delete such information from our database in accordance with applicable legal requirements.

Non-personal data

When you use our products and services, we and our service providers (which are third-party companies that work on our behalf) may automatically collect anonymised or pseudonymised or de-identified usage data through the use of a variety of technologies, including tools, to assist in collecting this information.

We may use third-party web and mobile application analytics services (such as those of Google Analytics) on our products and services to collect and analyse usage data through cookies and similar tools; engage in auditing, research or reporting; assist with fraud prevention; and provide certain features to you.

Our website uses Google Analytics, a web analysis service of Google LLC (“Google”). Google Analytics employs cookies that are stored to your computer in order to facilitate an analysis of your use of the site. The information generated by these cookies, such as time, place and frequency of your visits to our site, including your IP address, is transmitted to Google’s location in the US and stored there. In using Google Analytics our website employs the extension “anonymizeIp”. In doing so, Google abbreviates and thereby anonymizes your IP address to prevent transmission of any personal data. We do not combine the information collected through the use of Google Analytics with personally identifiable information. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.

Our website uses third-party vendor re-marketing tracking tools, including the Facebook pixel, to serve ads about ResApp, our products, and services. These ads appear on Facebook, and on sites across the Internet. The third-party vendors use cookies, web beacons, and similar technologies to tailor the ads based on your past visits to our website and elsewhere online and to measure ad conversion. To opt-out of the collection and use of information for ad targeting on Facebook, please visit https://www.aboutads.info/choices.

In our mobile applications we use Google Analytics for Firebase, a web analysis service of Google LLC (“Google”) . The use of this technology is mandatory for the use of our mobile applications. We use the information we receive from Google Analytics for Firebase to improve and maintain our mobile applications. Google Analytics for Firebase uses cookies, identifiers for mobile devices (e.g., Android Advertising Identifier or Advertising Identifier for iOS) or similar technology to collect data and help analyse how users interact with the mobile application. The information generated by Google Analytics for Firebase is usually transferred to a Google server in the US and stored there. Google abbreviates and thereby anonymizes your IP address to prevent transmission of any personal data. We do not combine the information collected through the use of Google Analytics for Firebase with personally identifiable information.

For more information on “How Google uses data when you use our partners’ sites or apps”, please visit https://www.google.com/policies/privacy/partners/.

2. Purposes for collection of your personal data

ResApp Health will always collect your Personal Data for explicit and legitimate purposes:

  • To carry out our business operations; carry out marketing and sales; respond to your interactions with us, such as when you contact us for information and support;
  • To comply with our legal or regulatory obligations; monitor safety; manage adverse events; carry out prevention and investigatory activities; carry out administrative formalities, registration, declarations or audits;
  • To conduct research and development; carry out clinical and human factor studies, registries and trials; manage and validate the recruitment and participation of individuals to studies, trials and other operations; analyse demographic data; offer special programs, activities, trials, events or promotions via our services; carry out market or consumer studies;
  • To provide you access to online services, application and platforms; to provide you information about our products;
  • To improve and develop our products and services; identify usage trends and develop new products and services; understand how you and your device interacts with our services; track and respond to safety concerns; determine the effectiveness of our promotional campaigns, conduct surveys;
  • To personalise your experience when using our products; ensure that our products are presented in the way that best suits you; understand your professional and personal interests in our content, products and services or other content and adapt our content to your needs and preferences; present you with appropriate products and offers tailored to you;
  • To allow us to communicate with you; respond to your requests or inquiries; provide support for products and services; provide you with important information, administrative information, required notices, and promotional materials; send you news and information about our products, our services, our brands, our operations; organise and manage professional events and congresses, including your participation to such events;
  • To respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; comply with a subpoena, required registration, or legal process;
  • To protect our rights and interests; protect the health, safety, and security of ResApp Health personnel and premises; carry out internal audits, asset management, system and other business controls; manage business administration (finance and accounting, fraud monitoring and prevention); maintain the security of our services and operations; protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary; to protect ourselves against possible fraudulent actions.

3. Grounds for collection of your personal data

ResApp Health will process your Personal Data on either one of the following legal basis:

  • Your prior consent; where you have clearly expressed your approval of ResApp Health’s processing of your Personal Data;
  • A contractual relationship between you and ResApp Health; in such case, the processing of your Personal Data is generally necessary to the execution or the performance of the contract. This means that if you do not wish ResApp Health to process your Personal Data in that context, ResApp Health may or will be obliged to refuse to enter into such contract with you or will not be able to provide the products or services covered in this contract;
  • Legal obligations applicable to ResApp Health’s activities; for instance, ResApp Health may be required to implement procedures to monitor adverse effects of marketed products, which may involve the collection and retention of Personal Data;
  • The “legitimate interest” of ResApp Health in the sense of applicable data protection law. In such a case, ResApp Health shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.

4. Where does your personal data come from?

ResApp Health will only collect your Personal Data with your express consent.

Data that you communicate to us through the use of our products and services, through registration in research studies, applications, surveys or direct and indirect interactions with ResApp Health.

Cookies: Please refer to the Cookie Policy on our website for detailed information on how we use Cookies. The website also includes information on how to disable these technologies. If you do not disable them and continue to use our website, we will infer your consent.

5. Where does your non-personal data come from?

Data that we collect automatically: for instance, when following your interactions with our services and products through certain technologies, such as Google Analytics.

6. Who has access to your personal data?

ResApp Health may need to share your personal data with the following authorised third parties:

  • Our affiliates and subsidiaries;
  • Our partners (healthcare professionals and organisations, distributors, other members of the healthcare and biotechnology industry);
  • Selected suppliers, service providers or vendors acting upon our instructions for website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, etc.;
  • Legal or administrative authorities, as required by applicable laws, including laws outside your country of residence;
  • Other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures.

ResApp Health may need to share your Personal Data with other third parties, in which case you will be duly informed with a Privacy notice.

In any case, ResApp Health will require that such third parties:

  • undertake to comply with data protection laws and the principles of this Policy;
  • will only process the Personal Data for the purposes described in this Policy; and
  • implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Personal Data.

7. Where your personal data may be transferred

ResApp Health will ensure that transfers of your Personal Data are safeguarded.

ResApp Health has offices in Australia and the United Kingdom. ResApp Health may need to transfer (via access, visualisation, storage) your Personal Data in other jurisdictions, including from the European Economic Area to outside the European Economic Area, in countries which may not be regarded as providing the same level of protection as the jurisdiction you are based in.

Safeguards for international transfers of Personal Data: In cases where ResApp Health needs to transfer Personal Data outside the European Union, it shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented (including, notably, the European Commission’s Standard Contractual Clauses, as applicable).

Some non-European Economic Area (EEA) countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here. For transfers from the EEA to countries not considered adequate by the European Commission, we have ensured that adequate measures are in place, including by ensuring that the recipient is bound by [EU Standard Contractual Clauses, EU-US Privacy Shield Certification, or an EU-approved code of conduct or certification], to protect your Personal Information. You may obtain a copy of these measures by contacting our data protection officer in accordance with the “How to Contact Us” section below.

We have implemented a variety of technological and organisational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorised access, use and disclosure. These measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. For instance, we store your Personal Data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. Where possible we will aggregate, pseudonymise or anonymise Personal Data to minimise how personally identifiable information is communicated to third parties.

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any data with us has been compromised), please notify us immediately in accordance with the “How to Contact Us” section below.

8. How long will we retain your personal data

ResApp Health will retain your Personal Data only for the period necessary to fulfil the purposes outlined in this Policy.
We will retain your personal information for as long as needed (or permitted) in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Service to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

9. Your rights

ResApp Health will ensure that you can exercise your rights pertaining to your Personal Data. You can exercise your rights as provided by data protection laws.

To that end, ResApp Health informs you that you are entitled to:

  • Request a copy of your Personal Data – in which case you may receive such data (as requested), unless such data is made directly available to you, for instance within your personal account;
  • Obtain a rectification of your Personal Data should your Personal Data be inaccurate, incomplete or obsolete;
  • Obtain the deletionof your Personal Data in the situations set forth by applicable data protection law (‘right to be forgotten’);
  • Withdraw your consent to the data processing without affecting the lawfulness of processing, where your Personal Data has been collected and processed on the basis of your consent;
  • Object to the processing of your Personal Data, where your Personal Data has been collected and processed on the basis of legitimate interests of ResApp Health, in which case you will need to justify your request by explaining to us your particular situation;
  • Request a limitation of the data processing in the situations set forth by applicable law;
  • Receive your Personal Data for transmission from ResApp Health to a third-party or to have your Personal Data directly transferred by ResApp Health to the third-party of your choice, where technically feasible (data portability right allowed only where the processing is based on your consent).

If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” below.

10. How to contact us

You may also file a complaint before a competent privacy commission or data protection authority regarding the processing of your Personal Data. While we suggest that you contact us beforehand, if you wish to exercise this right, you should contact directly the competent data protection authority.

ResApp Health welcomes any questions or comments you may have regarding this Policy or its implementation. You can send any request pertaining to ResApp Health’s use of your Personal Data to our Data Protection Officer by emailing privacy@resapphealth.com.au. We will endeavour to respond to your email within 30 business days.

11. How we will update this privacy policy

We may change this Privacy Policy. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on the Service. Your use of the Service following these changes means that you accept the revised Privacy Policy. We recommend that you regularly review the Privacy Policy when you visit the Service. This policy was last updated 4 June 2020.

ResApp Logo White

ResApp Health Limited
ABN 51 094 468 318
Level 12, 100 Creek St, Brisbane, QLD 4000

© 2020 ResApp Health Limited. All rights reserved. US Patent No. 10,098,569, Australian Patent No. 2013239327, Japanese Patent No. 6,435,257 and Patents Pending. ResApp Health®, the ResApp Health logo and ResAppDx® are registered trademarks of ResApp Health Limited in the United States and other countries. ResAppDx is not available for sale in the United States.