ResApp Health fully understands the importance of privacy and the protection of personal data in the digital era and is committed to ensure a high level of data protection for all persons with whom ResApp Health has dealings. We handle your privacy in strict compliance with the Australian Government’s National Privacy Principles of the Privacy Amendment (Private Sector) Act 2000 (amendment to Privacy Act 1998) and the EU General Data Protection Regulation (GDPR) 2016/679 and the Data Protection Act 2018 (DPA).
This Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information. There may be instances where your local data protection laws impose more restrictive information handling practices than the practices set out in this Policy. Where this occurs, we will adjust our information handling practices in your jurisdiction to comply with these local data protection laws.
This Policy will explain:
- The type of information we collect
- Purposes for collection of your personal information
- Grounds for collection of your personal information
- Where does your personal information come from?
- Where does your non-personal information come from?
- Who has access to your personal information?
- Where your personal information may be transferred
- How long we will retain your personal information
- Your rights
- How to contact us
1. The type of information we collect
- participate in a ResApp Health research, survey or study.
Personal data has the meaning given under your local data protection law. Personal data generally means information which relates to an individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in material form or not, about an identified or reasonably identifiable individual, and any indication of intention in respect of an individual.
We will only collect personal information in compliance with your local data protection laws, with your express consent and/or where it is reasonably necessary for, or directly related to, one or more of our functions or activities, unless we are otherwise required or authorised to do so by law.
Personal data on children
While in some instances we may collect personal data about children with the consent of his/her parent or guardian for the provision of our services such as research and clinical activities, we do not otherwise knowingly solicit personal data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal information, he or she should contact us as described in the “How to Contact Us” section below. We will take steps to delete such information from our database in accordance with applicable legal requirements.
When you use our products and services, we and our service providers (which are third-party companies that work on our behalf) may automatically collect anonymised or pseudonymised or de-identified usage data through the use of a variety of technologies, including tools, to assist in collecting this information.
We may use third-party web and mobile application analytics services (such as those of Google Analytics) on our products and services to collect and analyse usage data through cookies and similar tools; engage in auditing, research or reporting; assist with fraud prevention; and provide certain features to you.
Our website uses Google Analytics, a web analysis service of Google LLC (“Google”). Google Analytics employs cookies that are stored to your computer in order to facilitate an analysis of your use of the site. The information generated by these cookies, such as time, place and frequency of your visits to our site, including your IP address, is transmitted to Google’s location in the US and stored there. In using Google Analytics our website employs the extension “anonymizeIp”. In doing so, Google abbreviates and thereby anonymizes your IP address to prevent transmission of any personal data. We do not combine the information collected through the use of Google Analytics with personally identifiable information. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.
For more information on “How Google uses data when you use our partners’ sites or apps”, please visit https://www.google.com/policies/privacy/partners/.
2. Purposes for collection of your personal data
ResApp Health will always collect your Personal Data for explicit and legitimate purposes:
- To carry out our business operations; carry out marketing and sales; respond to your interactions with us, such as when you contact us for information and support;
- To comply with our legal or regulatory obligations; monitor safety; manage adverse events; carry out prevention and investigatory activities; carry out administrative formalities, registration, declarations or audits;
- To conduct research and development; carry out clinical and human factor studies, registries and trials; manage and validate the recruitment and participation of individuals to studies, trials and other operations; analyse demographic data; offer special programs, activities, trials, events or promotions via our services; carry out market or consumer studies;
- To provide you access to online services, application and platforms; to provide you information about our products;
- To improve and develop our products and services; identify usage trends and develop new products and services; understand how you and your device interacts with our services; track and respond to safety concerns; determine the effectiveness of our promotional campaigns, conduct surveys;
- To personalise your experience when using our products; ensure that our products are presented in the way that best suits you; understand your professional and personal interests in our content, products and services or other content and adapt our content to your needs and preferences; present you with appropriate products and offers tailored to you;
- To allow us to communicate with you; respond to your requests or inquiries; provide support for products and services; provide you with important information, administrative information, required notices, and promotional materials; send you news and information about our products, our services, our brands, our operations; organise and manage professional events and congresses, including your participation to such events;
- To respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; comply with a subpoena, required registration, or legal process;
- To protect our rights and interests; protect the health, safety, and security of ResApp Health personnel and premises; carry out internal audits, asset management, system and other business controls; manage business administration (finance and accounting, fraud monitoring and prevention); maintain the security of our services and operations; protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary; to protect ourselves against possible fraudulent actions.
3. Grounds for collection of your personal data
ResApp Health will process your Personal Data on either one of the following legal basis:
- Your prior consent; where you have clearly expressed your approval of ResApp Health’s processing of your Personal Data;
- A contractual relationship between you and ResApp Health; in such case, the processing of your Personal Data is generally necessary to the execution or the performance of the contract. This means that if you do not wish ResApp Health to process your Personal Data in that context, ResApp Health may or will be obliged to refuse to enter into such contract with you or will not be able to provide the products or services covered in this contract;
- Legal obligations applicable to ResApp Health’s activities; for instance, ResApp Health may be required to implement procedures to monitor adverse effects of marketed products, which may involve the collection and retention of Personal Data;
- The “legitimate interest” of ResApp Health in the sense of applicable data protection law. In such a case, ResApp Health shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.
4. Where does your personal data come from?
ResApp Health will only collect your Personal Data with your express consent.
Data that you communicate to us through the use of our products and services, through registration in research studies, applications, surveys or direct and indirect interactions with ResApp Health.
5. Where does your non-personal data come from?
Data that we collect automatically: for instance, when following your interactions with our services and products through certain technologies, such as Google Analytics.
6. Who has access to your personal data?
ResApp Health may need to share your personal data with the following authorised third parties:
- Our affiliates and subsidiaries;
- Our partners (healthcare professionals and organisations, distributors, other members of the healthcare and biotechnology industry);
- Selected suppliers, service providers or vendors acting upon our instructions for website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, etc.;
- Legal or administrative authorities, as required by applicable laws, including laws outside your country of residence;
- Other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures.
ResApp Health may need to share your Personal Data with other third parties, in which case you will be duly informed with a Privacy notice.
In any case, ResApp Health will require that such third parties:
- undertake to comply with data protection laws and the principles of this Policy;
- will only process the Personal Data for the purposes described in this Policy; and
- implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Personal Data.
7. Where your personal data may be transferred
ResApp Health will ensure that transfers of your Personal Data are safeguarded.
ResApp Health has offices in Australia and the United Kingdom. ResApp Health may need to transfer (via access, visualisation, storage) your Personal Data in other jurisdictions, including from the European Economic Area to outside the European Economic Area, in countries which may not be regarded as providing the same level of protection as the jurisdiction you are based in.
Safeguards for international transfers of Personal Data: In cases where ResApp Health needs to transfer Personal Data outside the European Union, it shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented (including, notably, the European Commission’s Standard Contractual Clauses, as applicable).
Some non-European Economic Area (EEA) countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here. For transfers from the EEA to countries not considered adequate by the European Commission, we have ensured that adequate measures are in place, including by ensuring that the recipient is bound by EU Standard Contractual Clauses, EU-US Privacy Shield Certification, or an EU-approved code of conduct or certification, to protect your Personal Information. You may obtain a copy of these measures by contacting our data protection officer in accordance with the “How to Contact Us” section below.
We have implemented a variety of technological and organisational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorised access, use and disclosure. These measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. For instance, we store your Personal Data on servers that have various types of technical and physical access controls, which may include, for instance, if appropriate, encryption. Where possible we will aggregate, pseudonymise or anonymise Personal Data to minimise how personally identifiable information is communicated to third parties.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any data with us has been compromised), please notify us immediately in accordance with the “How to Contact Us” section below.
8. How long will we retain your personal data
ResApp Health will retain your Personal Data only for the period necessary to fulfil the purposes outlined in this Policy.
We will retain your personal information for as long as needed (or permitted) in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Service to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
9. Your rights
ResApp Health will ensure that you can exercise your rights pertaining to your Personal Data. You can exercise your rights as provided by data protection laws.
To that end, ResApp Health informs you that you are entitled to:
- Request a copy of your Personal Data – in which case you may receive such data (as requested), unless such data is made directly available to you, for instance within your personal account;
- Obtain a rectification of your Personal Data should your Personal Data be inaccurate, incomplete or obsolete;
- Obtain the deletionof your Personal Data in the situations set forth by applicable data protection law (‘right to be forgotten’);
- Withdraw your consent to the data processing without affecting the lawfulness of processing, where your Personal Data has been collected and processed on the basis of your consent;
- Object to the processing of your Personal Data, where your Personal Data has been collected and processed on the basis of legitimate interests of ResApp Health, in which case you will need to justify your request by explaining to us your particular situation;
- Request a limitation of the data processing in the situations set forth by applicable law;
- Receive your Personal Data for transmission from ResApp Health to a third-party or to have your Personal Data directly transferred by ResApp Health to the third-party of your choice, where technically feasible (data portability right allowed only where the processing is based on your consent).
If you would like to exercise any of these rights, please contact us as described in the “How to Contact Us” below.
10. How to contact us
You may also file a complaint before a competent privacy commission or data protection authority regarding the processing of your Personal Data. While we suggest that you contact us beforehand, if you wish to exercise this right, you should contact directly the competent data protection authority.
ResApp Health welcomes any questions or comments you may have regarding this Policy or its implementation. You can send any request pertaining to ResApp Health’s use of your Personal Data to our Data Protection Officer by emailing firstname.lastname@example.org. We will endeavour to respond to your email within 30 business days.