Note: the terms “personal information”, “health information”, and “sensitive information” have the meaning as set out in Section 6 of the Privacy Act 1998 (Cth) (‘Privacy Act’)
1.2 This Policy is available on ChangeBud’s website at www.changebud.com/privacy however, if you request a copy of the Policy in a particular form, we will take reasonable steps to give you a copy of the Policy in the form that you request.
1.3 You can contact us with any questions regarding privacy at the following email address: firstname.lastname@example.org
1.4 ChangeBud recognises that your privacy is very important to you. We collect and handle your personal information in accordance with the Australian Privacy Principles (APPs) and the Victorian Health Records Act 2001.
2 How we collect information about you
2.1 ChangeBud collects information from you when you use the ChangeBud Software and Mobile Application (App). There are five (5) main ways that ChangeBud collects information about you.
If you access the App landing pages without registering
2.2 Whenever you visit the App landing page, ChangeBud’s servers automatically record information about your usage (for example, the time of your visit and its duration).
2.3 Any information we collect about you when using the App landing page remains anonymous.
2.4 We also use “Cookies” to keep track of personal preferences and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. “Cookies” are small files that are transferred to your computer’s hard drive through your web browser and enable our site to recognise your browser and remember certain information. You should be able to configure your computer so that it disables cookies or does not accept them. However, If you reject all cookies, you will not be able to use our products or services that require you to “sign in,” and you may not be able to take full advantage of our service.
If you register and log in to the App
2.5 When you initially create an account, ChangeBud collects information from you including your:
a) email address;
b) name (or pseudonym); and
2.6 We will also request certain information from you so that we can tailor the App to your needs.
2.7 You may use a pseudonym when creating an account and you will not be obliged to identify yourself by your legal name unless it would be impracticable not to do so.
2.8 If you do not provide us with a valid email address and you forget your password, we will be unable to resend your password and you will no longer be able to access your historical data.
If you choose to enter health details
2.9 The App enables you to enter details about your mental health and behaviour, including your:
a) stress triggers;
b) stress symptoms;
c) coping responses;
d) habits you wish to build;
g) values; and
h) support contacts.
2.10 Some of this information may be sensitive information. You should only enter details that are related to, and reasonably necessary to your effective use the App.
If you elect to do the eLearning module
2.11 The System also enables you to take an eLearning module dealing with various aspects of stress, resilience and mental health. This module collects limited information in order to assess usage.
3 How we use and disclose your information
3.1 ChangeBud will use your personal information:
a) to provide you with services in relation to the App,
b) to create a personal account which allows you to record and monitor your health and behavioural patterns.
c) for internal purposes, including to fulfil legal, quality assurance and management requirements.
3.2 ChangeBudwill not disclose your personal information to another person, or entity without your consent unless:
a) ChangeBud is notified of a serious and imminent threat to the life, health or safety of yourself or another person;
b) it needs to investigate or report on activity that it believes on reasonable grounds to be unlawful;
c) disclosure is required or authorised by law (for example where a regulatory authority has the power to request the provision of certain records or information);
d) disclosure is necessary for the purposes of research or the compilation or analysis of statistics, relevant to public health or public safety and it is impracticable to gain your consent.
e) disclosure is necessary for the purposes of secure storage or mail services (see clause 5.3)
f) disclosure is reasonably necessary to enable an enforcement body to perform its functions, for example:
i) to prevent, detect, investigate, prosecute or punish a criminal offence; or
ii) to prepare for, or conduct, proceedings before any court or tribunal, or to implement the orders of a court or tribunal.
3.3 ChangeBud will never use or disclose your personal information to promote its products and services directly to you without your explicit consent or sell or provide your personal information to another entity for the purposes of direct marketing.
3.4 ChangeBud may use information to publish aggregate statistics about usage, registration, traffic patterns and other related site information that does not personally identify users.
4 Cross-border disclosure
4.1 ChangeBud will not disclose your personal information to an overseas entity unless:
a) we are legally permitted by one of the situations outlined in clause 3.2;
b) we reasonably believe that the overseas entity is subject to a law or binding scheme that has the effect of protecting information in a way that is, overall, at least substantially similar to the way the APPs protect your personal information and there are mechanisms available to You which allow the enforcement of that law or scheme.
c) you have given your express consent to disclose your personal information to a particular overseas entity
5 How we store your information
5.1 ChangeBud will take such steps as are reasonable in all the circumstances to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
5.2 ChangeBud’s applications are designed to provide a high level of data security, using industry standard encryption.
5.3 Your information is stored on secure servers that are deployed via the Heroku cloud application platform. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Heroku is certified as abiding by the US-EU Safe Harbour Framework. Heroku subscribes to TRUSTe dispute resolution services for any complaints relating to privacy. You can read more information about Heroku security at www.heroku.com/policy/security.
5.4 In addition, ChangeBud employees and contractors who provide services related to its information systems are legally obliged to respect the confidentiality of any personal information held by ChangeBud.
5.5 Although ChangeBud takes reasonable measures to maintain the security of personal information, you acknowledge that no method of electronic transmission or electronic storage is 100 per cent secure.
5.6 ChangeBud is not responsible for events arising from unauthorised access to your personal information.
6 Your role in protecting personal information
6.1 You are responsible for maintaining the security and confidentiality of your username and password: always log off from the App after completing your session, and do not let other people use your account.
6.2 Please notify ChangeBud immediately if there is any unauthorised use of your account by any other Internet user or any other breach of security.
If you close your App account or do not login to the App for over 36 months, we will take such steps as are reasonable in the circumstances to destroy your personal information or to ensure that the information is de-identified, unless we are required to keep it to comply with any laws.
8 How you can access and correct your information
8.1 As a registered user of the App, you can access, change and update your profile at any time.
8.2 Subject to any legal restrictions, ChangeBud is willing to provide you with details of any personal information it has collected at your request.
8.3 If your request is particularly onerous, we may charge you a fee to provide this information.
8.4 If you believe there are errors in records that relate to you, please email email@example.com and ChangeBud will follow this up on your behalf.
8.5 ChangeBud will take reasonable steps in the circumstances to correct any errors you identify and to ensure that your personal information is accurate, complete and relevant, and we will not charge you to correct any errors that you identify.
9.1 ChangeBud may, from time to time, amend the Policy as it updates and improves its services. We encourage you to regularly check our website at www.changebud.com/privacy for any changes.
10 Your feedback
10.1 We would be pleased to receive feedback from you about this Policy.
10.2 If you have any questions, comments or concerns about this Policy, or about the way in which we handle your Personal Information, please email firstname.lastname@example.org. Our team will attend to your email within a reasonable period of time.
(Last updated on 28 April 2015)