COVIDTracer and Corplite Pty Ltd are committed to providing quality services to you and the Australian public and this policy outlines our continuous obligations with respect to how we manage your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au.
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include:
– Email addresses;
– Phone numbers;
– Social media account information;
– Marketing information;
– Account log-in credentials;
– Troubleshooting and support data; and
– Payment information.
This Personal Information will be gathered through our COVIDTracer website and is collected upon you signing up and inputting the information into the website. For the purposes of providing you and others the services of the COVIDTracer website, we may also obtain your Personal Information from third parties. We don’t guarantee any website links or policies of any third parties that may be affiliated with us.
We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients, providing information to parties that may have a vested interest in the substance of our services (e.g. Department of Human and Health Services, Centrelink, hospitals, statistical modelling firms, etc) and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists, alerts and notifications list or otherwise general communication lists at any time by contacting us in writing.
The COVIDTracer website collects your Personal Information for the primary purpose of tracking, or assisting with the tracking, and notifying, or assisting with notifying, you and other members of the public, private companies and governmental agencies of COVID-19 statistics and information, including locations and infection pathways.
Sensitive Information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
This Sensitive Information may be gathered through our COVIDTracer website and is collected upon you signing up and inputting the information into the app. For the purposes of providing you and others the services of the COVIDTracer website, we may also obtain your Personal Information from third parties. We don’t guarantee any website links or policies of any third parties that may be affiliated with us.
Where reasonable and practicable to do so, we will collect your Personal Information and Sensitive Information only from you. However, in some circumstances, we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Use and Disclosure of Personal Information and Sensitive Information
We will only use your Personal Information and Sensitive Information for one of the following reasons.
By downloading or otherwise using our COVIDTracer App, you hereby consent to us using, disclosing or otherwise dealing with your Personal Information and Sensitive Information for the following additional purposes:
Third Party Integrations
Sharing Your Information
With respect to the sharing of of your Personal Information and Sensitive Information, it is important to distinguish between the two types of information that we may collect through the use of our COVIDTracer website:
We will ensure that any Identity Information collected by us through the COVIDTracer website will not be disclosed, shared or otherwise dealt with by us except for in the following circumstances as outlined below. Registered Businesses may be anonymously disclosed as case studies for media purposes.
By downloading or otherwise using our COVIDTracer website, you hereby consent to us sharing or otherwise dealing with your Identity Information for ONLY the following purposes:
From time to time our website may display advertisements from third parties or otherwise utilize any Anonymous Metadata collected through the COVIDTracer website for legitimate business purposes.
By downloading or otherwise using our COVIDTracer website, you hereby consent to us sharing or otherwise dealing with your Anonymous Metadata for the following purposes:
Other examples include analyzing data, hosting data, engaging technical support for our Service, processing payments, and delivering content.
Retention of Data
We retain Personal Information and Sensitive Information where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we’ll refer to these criteria in order to determine retention period:
– Whether we have a legal or contractual need to retain the data.
– Whether the data is necessary to provide our Service.
– Whether you have the ability to access and delete the data within your account.
– Whether you would reasonably expect that we would retain the data until you remove it or your account is closed or terminated.
When we have no ongoing legitimate business need to process your Personal Information and Sensitive Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information and Sensitive Information has been stored in backup archives), then we will securely store your Personal Information and Sensitive Information and isolate it from any further processing until deletion is possible.
Please see below some general information pertaining to your Personal Information and Sensitive Information:
– Please note that if you do not provide us with your Personal Information and Sensitive Information or if you withdraw your consent for us to collect, use and disclose your Personal Information and Sensitive Information, we may be unable to provide the Service to you.
– Where we say we assume an obligation about Personal Information, we will also require our contractors and subcontractors to undertake a similar obligation.
– Our servers are located in Australia and are hosted through an Amazon private server system. In addition, we or our subcontractors may use cloud technology to store or process Personal Information and Sensitive Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of offshore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information and Sensitive Information overseas.
– We may also share your Anonymous Metadata outside of Australia to our business operations in other countries. It is not practicable for us to specify in advance each country where your Personal Information and Sensitive Information may be disclosed. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information and Sensitive Information overseas.
If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request. If you find that the information we have is not up to date or is inaccurate or incomplete, please contact us in writing at firstname.lastname@example.org, so we can update our records. We will respond to all requests for correction within a reasonable time.
Where is the data stored?
The application’s data is stored on-shore in Sydney’s AWS Data centre in Australia with enterprise level data and physical security.
Changes to this Policy
Security of Personal Information
Your Personal Information and Sensitive Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information and Sensitive Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information and Sensitive Information. However, most of the Personal Information and Sensitive Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Access to Your Personal Information and Sensitive Information
You may access the Personal Information and Sensitive Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information and Sensitive Information, please contact us in writing.
We will not charge any fee for yoru access request, but may charge an administrative fee for providing a copy of your Personal Information and Sensitive Information.
In order to protect your Personal Information, we may require identification from you before releasing the requested information.
Maintaining the Quality of your Personal Information and Sensitive Information
It is important to us that your Personal Information and Sensitive Information is up to date. We will take reasonable steps to make sure that your Personal Information and Sensitive Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.