You are encouraged to provide feedback about this policy or make a complaint if you become aware of a breach. We will notify you if we become aware of a breach that includes your data and what we have done to remediate it.
Care Diary Pty Ltd A.C.N (“Care Diary”, “our”, “us”, or “we”), is the “data controller” of the personal information we collect about you when you visit or use any of our websites, or use products, services and applications that are linked to this Privacy Statement (collectively, our “Services”). This Privacy Statement explains how we collect, share and use your personal information collected in this way and how you can exercise your privacy rights.
When we interact with you, we may also provide you with additional privacy notices about specific processing activities or offer you additional choices about how we process your personal information at that particular point in time.
Information we collect and hold
We collect data directly from you when you join our platform, or from your care organisation when they enter you into our platform. We also collect data from you when you use our apps or website, or from the people supporting you when they use our apps or app website.
We collect different kinds of data about you depending on your role in the platform and the capabilities you have. Typical examples of the kinds of data we collect are:
What Personal Data We Collect: When you request information from us through the Site, fill out (online) forms, or contact us for any other reason, we will collect any data you provide, such as your name and/or email address, and the content of your inquiry.
How we use this data: To respond to your request or inquiry, to provide you with updates on information related to Care Diary, such as newsletters or service releases and for retargeting purposes.
Legal Basis: We process this Personal Data based on the performance of a contract when we respond to your inquiry and provide you with newsletters. Processing your Personal Data for retargeting purposes is based on our legitimate interests.
Automatically Collected Data
What Personal Data We Collect: When you visit the Site, we automatically collect information about your computer or mobile device, including non-Personal Data such as your operating system and browser type, internet service provider (ISP), and Personal Data such as your IP address, browsing history, including referring and exit pages, and any information regarding your viewing history on our Site.
How we use this data: (1) to review usage and operations, including in an aggregated non-specific analytical manner, develop new products or services and improve current content, products, and services; (2) to prevent fraud, protect the security of our Site and address any problems with the Site; (3) to provide you with customized content, targeted offers, and advertising related to our products and services, based on your usage history on the Site on other third-party sites or apps you may visit and/or use, or via e-mail.
Legal Basis: We process this Personal Data for our legitimate interests to develop our products and Services, review usage, perform analytics, prevent fraud, for our recordkeeping and protection of our legal rights and market our own products and services. Additional information regarding direct marketing is provided below.
What Personal Data We Collect: In order to register to use our Platform, Apps, and/or receive the Services, you will be required to register and to provide all Personal Data requested by us, which includes your full name, and email address, and phone number. You may also add additional details such as job title or any other information.
How we use this data: (1) to provide you with the Platform, Apps, and/or Services and to respond to your inquiries and requests and contact and communicate with you; (2) to prevent fraud, protect the security of and address any problems with the Platform, Apps, and/or Services; and (3) to provide you with informational newsletters and promotional materials relating to our Platform, Apps, and/or Services, including via email. For more information about our direct marketing activities and how you can control your preferences, please see the Direct Marketing section below.
Legal Basis: (1) We process this Personal Data for the purpose of providing the Services to you, which is considered the performance of a contract with you, including responding to your inquiries and requests and providing customer support; (2) when we process your Personal Data for the purposes of preventing fraud, protecting the security of and/or addressing problems with the Platform, Apps, and/or Services and/or for the purpose of providing you with informational newsletters and promotional materials relating to our Services, such processing is based on our legitimate interests.
What Personal Data We Collect: When you make a payment to Care Diary for use of the Services, we receive information related to such purchase, including the last four digits of your credit/debit card number, CVV, expiration date, and the name of the cardholder.
How we use this data: To process the payment for your purchase and for the purposes of fraud prevention
Legal Basis: We process this Personal Data based on the performance of a contract. Processing for the purpose of fraud prevention is based on our legitimate interests.
Data collected from the use of our Platform or App
What Personal Data We Collect: When you use the Platform or App, we automatically collect information about your computer or mobile device, including non-Personal Data such as your operating system and browser type, internet service provider (ISP), and Personal Data such as your IP address, browsing history, including referring and exit pages, and any information regarding your viewing history on the Platform or App, browser language, and browser time zone.
How we use this data: (1) to review usage and operations, including in an aggregated non-specific analytical manner, develop new products or services and improve current content, products, and services; (2) to prevent fraud, protect the security of our Platform and address any problems with the Platform; (3) to provide you with customized content, targeted offers, and advertising related to our products and services, based on your usage history on the Platform or App on other third-party sites or apps you may visit and/or use, or via e-mail.
Legal Basis: We process this Personal Data for our legitimate interests to develop our products and Services, review usage, perform analytics, prevent fraud, for our recordkeeping and protection of our legal rights and market our own products and services.
Materials You Upload
What Personal Data We Collect: Any materials including images and/or pictures and/or photos and/or documents you may upload to the Platform will be collected by us.
How we use this data: To provide you with the Services.
Legal Basis: We process this Personal Data for the purpose of performance of a contract with you.
What Personal Data We Collect: Subject to your consent, when you use the Platform, Apps, and/or Services, we may collect your (geo)location. You may be asked to share your precise (GPS level) geo-location information with us so we can customize your experience with our Services. Such geolocation information may include physical locations visited (latitude & longitude). If you agree to such collection, in most cases, you will be able to turn off such data collection at any time by accessing the privacy settings of your mobile device and/or through the setting in the applicable mobile application.
How we use this data: We use this information in order to provide location-based services through the App.
Legal Basis: We process this Personal Data based on your consent. You may withdraw your consent at any point by adjusting your device settings.
Use of information
We may use the personal information collected via our Services or when you contact us for purposes that include:
Business Contact Data. Care Diary collects and uses business contact data to engage in communications or transactions, including for conducting due diligence regarding, or providing or receiving, a product or service.
Services and transactions. We may use your personal information to deliver services to you or carry out transactions you have requested, including, but not limited to, providing information on Company products or services you have purchased or otherwise use, registering purchased products, processing product orders, handling warranty claims, replacing product manuals, answering customer service requests and facilitating the use of our Services.
Administering and protecting our business and Services. We may use your personal information to administer and protect our business and our Services, including troubleshooting, system maintenance, support, reporting and hosting of data.
Improving our business, products and Services. We may use your personal information to perform business analyses or for other purposes that help us to develop and improve the quality of our business, Services, products and services (including new products and services), for example, by customizing our Services to your particular preferences or interests.
Marketing. In accordance with applicable laws and regulations, we may use your personal information to inform you of products or services which may be of interest to you and to otherwise communicate with you about offerings, events and news, surveys, special offers, and related topics.
Research and analysis. We may use your personal information to conduct research and analysis to help us analyse your purchasing preferences, identify the products and services that best meet your requirements and measure the effectiveness of the advertising we serve you.
Enforcement: We may use the personal information we collect in order to detect, prevent and respond to fraud, intellectual property infringement, violations of our terms and conditions, violations of law or other misuses of our Services.
Where permitted by law, we may combine the information that we collect via our Services with other information we hold about you (such as information about your use of our products and services) in order to offer you an improved and consistent customer experience when interacting with us or for other purposes set forth in this Privacy Statement.
Disclosure of information
We may share your personal information with selected third parties in accordance with applicable law, including as set out below:
Our group companies: We may share your personal information with our affiliates and group companies as reasonably necessary for the purposes set out in this Privacy Statement.
Service providers: We may share your personal information with companies with which we have contracted to provide services on our behalf, such as hosting websites, conducting surveys, processing transactions, analyzing our Services and performing analyses to improve the quality of our business, Services, and products and services. We require these service providers to protect the confidentiality of your personal information.
Distributors and other trusted business partners: We may share your personal information with third parties that distribute our products and other trusted business partners for purposes that include allowing those third parties to send marketing communications to you. Such sharing of personal information for marketing purposes will be performed in accordance with applicable laws and regulations.
Disclosure in connection with transactions: In connection with certain transactions, we may disclose some or all of your personal information to financial institutions, government entities and shipping companies or postal services involved in the fulfilment of the transaction.
Disclosures in connection with acquisitions or divestitures: Circumstances may arise where for strategic or other business reasons Care Diary decides to sell, buy, divest, merge or otherwise reorganize businesses in some countries. We may disclose the information we maintain about you to the extent reasonably necessary to proceed with the negotiation or completion of a merger, acquisition, divestiture or sale of all or a portion of Care Diary’s assets.
Disclosure for other reasons: We may disclose personal information if required or authorized to do so by law or in the good-faith belief that such action is necessary to comply with legal requirements or with legal process served on us, to protect and defend our rights or property or, in urgent circumstances, to protect the personal safety of any individual.
Subject to applicable law, we retain Personal Data as necessary for the purposes set forth above. We may delete information from our systems without notice to you once we deem it is no longer necessary for these purposes. Retention by any of our processors may vary in accordance with the processor’s retention policy.
In some circumstances, we may store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, audit, and accounting requirements and so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether those purposes can be achieved through other means, as well as applicable legal requirements.
We retain Personal Data for as long as it is needed to provide you with the Platform, Apps, and Services. Following the deletion of your account, your Personal Data will be backed up for an additional period of 90 days.
With respect to the data of Administrators and Employees for which we serve as a processor, we will retain that data for as long as directed by the applicable Customer. For example, a Customer may choose to archive data of Administrators or Employees who have been terminated, in which case such archived data will be retained until deleted by the Customer.
Please contact us at firstname.lastname@example.org you would like details regarding the retention periods for different types of your Personal Data.
Security and storage
We have implemented and maintained appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Personal Data appropriate to the nature of such data. The measures we take include:
Safeguards – The physical, electronic, and procedural safeguards we employ to protect your Personal Data include secure servers, firewalls, antivirus, and SSL encryption of data.
Access Control – We dedicate efforts for a proper management of system entries and limit access only to authorized personnel on a need-to-know basis of least privilege rules, review permissions quarterly, and revoke access immediately after termination of our employees.
Internal Policies – We maintain and regularly review and update our privacy-related and information security policies.
Personnel – We require new employees of ours to sign non-disclosure agreements according to applicable law and industry customary practice.
Encryption – We encrypt the data in transit using secure TLS/ SSL protocols.
Database Backup – Our databases are backed up on a periodic basis for certain data and are verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity, are tested regularly to ensure availability, and are accessible only by authorized personnel.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords, please take appropriate measures to protect this information.
How can you access and update your Personal Information?
You can access some of the information that we collect about you by logging in to your account on the Care Diary App. You also have the right to make a request to access other information we hold about you and to request corrections of any errors in that information. To make an access or correction request, email us at email@example.com.
Links to other websites
Our Services may contain links to third-party websites, products and services. We have no liability or responsibility for those websites, products and services, their policies, or their collection or other processing of your personal information. The practices of those third parties are governed by their own privacy policies. We encourage you to learn about the privacy policies of those third parties
Making a request for your data
You can make a request about the data we hold about you by sending an email to firstname.lastname@example.org
If you wish to make a complaint to us regarding your privacy and personal information please do so in writing addressed to our Privacy Officer. If you need help lodging a complaint, please feel free to contact us using the contact information listed below. We take all complaints seriously and will respond to your complaint within a reasonable period. We will determine what (if any) action we should take to resolve the complaint. If you are not satisfied with our response to the complaint, you may pursue it further with the relevant government or regulatory body. In Australia, this body is the Office of the Australian Information Commissioner.
Changes to this Privacy Statement
We may occasionally update this Privacy Statement. When we do, we will revise the “last updated” date below and take such additional steps as may be required by law.
Last updated: 25 July 2022
Effective date: 25 July 2022