PRIVACY POLICY (11 September 2020)

COVIDTracer and Corplite Pty Ltd are committed to providing quality services to you and the Australian public and this policy outlines our continuous obligations with respect to how we manage your Personal Information.

We have adopted and incorporated into our privacy policy the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act), which governs the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au.

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include:

–       Names;

–       Addresses;

–       Email addresses;

–       Phone numbers;

–       Social media account information;

–       Marketing information;

–       Account log-in credentials;

–       Troubleshooting and support data; and

–       Payment information.

This Personal Information will be gathered through our COVIDTracer website and is collected upon you signing up and inputting the information into the website. For the purposes of providing you and others the services of the COVIDTracer website, we may also obtain your Personal Information from third parties. We don’t guarantee any website links or policies of any third parties that may be affiliated with us.

We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients, providing information to parties that may have a vested interest in the substance of our services (e.g. Department of Human and Health Services, Centrelink, hospitals, statistical modelling firms, etc) and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists, alerts and notifications list or otherwise general communication lists at any time by contacting us in writing.

The COVIDTracer website collects your Personal Information for the primary purpose of tracking, or assisting with the tracking, and notifying, or assisting with notifying, you and other members of the public, private companies and governmental agencies of COVID-19 statistics and information, including locations and infection pathways.

Sensitive Information

Sensitive Information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

This Sensitive Information may be gathered through our COVIDTracer website and is collected upon you signing up and inputting the information into the app. For the purposes of providing you and others the services of the COVIDTracer website, we may also obtain your Personal Information from third parties. We don’t guarantee any website links or policies of any third parties that may be affiliated with us.

Third Parties

 Where reasonable and practicable to do so, we will collect your Personal Information and Sensitive Information only from you. However, in some circumstances, we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. 

Use and Disclosure of Personal Information and Sensitive Information

We will only use your Personal Information and Sensitive Information for one of the following reasons. 

  1. For the primary purpose for which we collect your Personal Information and Sensitive Information; 
  2. For secondary purposes related to the primary purpose for which we collected your Personal Information and Sensitive Information; 
  3. For purposes that have been disclosed to you and that you have consented to; and
  4. Where we are required to use or disclose your Personal Information and Sensitive Information pursuant to the relevant legislation or regulation.

By downloading or otherwise using our COVIDTracer App, you hereby consent to us using, disclosing or otherwise dealing with your Personal Information and Sensitive Information for the following additional purposes:

  1. To send you system alert messages in reliance on our legitimate interests in administering the Service and providing certain features. For example, we may inform you about temporary or permanent changes to our Service, such as planned outages, or send you account, security or compliance notifications, such as new features, version updates, releases, abuse warnings, and changes to this privacy policy. 
  2. To communicate with you about your account and provide customer support to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in reliance on our legitimate interests in administering and supporting our Service.
  3. To enforce compliance with our Standard Terms of Use and applicable law, and to protect the rights and safety of our users in reliance on our legitimate interest to protect against misuse or abuse of our Service and to pursue remedies available. This may include developing tools and algorithms that help us prevent violations.
  4. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
  5. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements in reliance on our legitimate interests.
  6. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  7. To provide, support and improve the Service in reliance on our legitimate interests in administering and improving the Service and providing certain features. For example, this may include sharing your information with third parties in order to provide and support our Service or to make certain features of the Service available to you. When we share Information with third parties, we take steps to protect your information in a manner that is consistent with our obligations under applicable privacy laws.
  8. To provide suggestions to you and to provide tailored features within our Service that optimize and personalize your experience in reliance on our legitimate interests in administering the Service and providing certain features.
  9. To perform data analytics projects in reliance on our legitimate business interests in improving and enhancing our products and services for our Members.
  10. To personalize the Service, content and advertisements we serve to you in reliance on our legitimate interests in supporting our marketing activities and providing certain features within the Service. We may use your Personal Information to serve you specifically, such as to deliver marketing information, product recommendations and non-transactional communications (e.g., email, telemarketing calls, SMS, or push notifications) about us, in accordance with your marketing preferences and this privacy policy.

Third Party Integrations

We may use the Personal Information and Sensitive Information we collect or receive through the Service, as a processor and as otherwise stated in this privacy policy, to enable your use of the integrations and plugins you choose to connect to your account or otherwise use of the Service. For instance, if you choose to connect a Google integration to your account, we’ll ask you to grant us permission to view and/or download, as applicable, your Google Sheets, Google Contacts, Google Analytics and Google Drive. This allows us to configure your Google integration(s) in accordance with your preferences.

Sharing Your Information

We may share and disclose your Personal Information with our Affiliates and to the following types of third parties for the purposes described in this privacy policy.

With respect to the sharing of of your Personal Information and Sensitive Information, it is important to distinguish between the two types of information that we may collect through the use of our COVIDTracer website:

  1. Personal information that may be used to identify or contact you directly (Identity Information); 
  2. Anonymized metadata that cannot be used to contact you or identify you (e.g. locations visited, time at which the website was accessed, number of times the website was accessed, etc) (Anonymous Metadata). This Anonymous Metadata will not be linked or connected with your Identity Information so that your identity, safety and security is ensured.

We will ensure that any Identity Information collected by us through the COVIDTracer website will not be disclosed, shared or otherwise dealt with by us except for in the following circumstances as outlined below. Registered Businesses may be anonymously disclosed as case studies for media purposes.

By downloading or otherwise using our COVIDTracer website, you hereby consent to us sharing or otherwise dealing with your Identity Information for ONLY the following purposes:

  1. Where required by legislation, regulations or a court of law;
  2. Where it is in collaboration with a verified and registered Australian government agency (e.g. for example contacting people that have been in contact with a COVID-19 cluster or positive case); or
  3. For the purposes of promoting and advancing public health and safety.

From time to time our website may display advertisements from third parties or otherwise utilize any Anonymous Metadata collected through the COVIDTracer website for legitimate business purposes.

By downloading or otherwise using our COVIDTracer website, you hereby consent to us sharing or otherwise dealing with your Anonymous Metadata for the following purposes:

  1. Our service providers: Sometimes, we share Anonymous Metadata with our third-party service providers working on our behalf for the purposes described in this privacy policy. For example, companies we’ve hired to help us provide and support our Service or assist in protecting and securing our systems and services and other business-related functions.

Other examples include analyzing data, hosting data, engaging technical support for our Service, processing payments, and delivering content.

  1. Advertising partners: We may partner with third-party advertising networks, exchanges, and social media platforms (like Facebook) to display advertising on our website or to manage and serve our advertising on other sites, and we may share your Anonymous Metadata with them for this purpose. We and our third-party partners may use cookies and other similar tracking technologies, such as pixels and web beacons, to gather information about your activities in order to provide you with targeted advertising based on your browsing activities and interests. 
  2. Any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.
  3. A potential buyer (and its agents and advisors) in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this privacy policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our website.

Retention of Data

We retain Personal Information and Sensitive Information where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we’ll refer to these criteria in order to determine retention period:

–   Whether we have a legal or contractual need to retain the data.

–   Whether the data is necessary to provide our Service.

–   Whether you have the ability to access and delete the data within your account.

–   Whether you would reasonably expect that we would retain the data until you remove it or your account is closed or terminated.

When we have no ongoing legitimate business need to process your Personal Information and Sensitive Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information and Sensitive Information has been stored in backup archives), then we will securely store your Personal Information and Sensitive Information and isolate it from any further processing until deletion is possible.

General Information

Please see below some general information pertaining to your Personal Information and Sensitive Information:

–       Please note that if you do not provide us with your Personal Information and Sensitive Information or if you withdraw your consent for us to collect, use and disclose your Personal Information and Sensitive Information, we may be unable to provide the Service to you.

–       Where we collect your Personal Information and Sensitive Information, the Personal Information we ask you to provide will be information that is reasonably necessary for, or directly related to, one or more of our functions or activities. Please see Section 4, of this privacy policy for examples of the types of Personal Information we may ask Visitors to provide.

–       Where we say we assume an obligation about Personal Information, we will also require our contractors and subcontractors to undertake a similar obligation.

–       Our servers are located in Australia and are hosted through an Amazon private server system. In addition, we or our subcontractors may use cloud technology to store or process Personal Information and Sensitive Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of offshore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information and Sensitive Information overseas.

–       We may also share your Anonymous Metadata outside of Australia to our business operations in other countries. It is not practicable for us to specify in advance each country where your Personal Information and Sensitive Information may be disclosed. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information and Sensitive Information overseas.

If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request. If you find that the information we have is not up to date or is inaccurate or incomplete, please contact us in writing at covidtracer@corplite.com, so we can update our records. We will respond to all requests for correction within a reasonable time.

Where is the data stored?

The application’s data is stored on-shore in Sydney’s AWS Data centre in Australia with enterprise level data and physical security.

Changes to this Policy

We may change this privacy policy at any time and from time to time. The most recent version of the privacy policy is reflected by the version date located at the top of this privacy policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this privacy policy or other notice on tour website. We encourage you to review this privacy policy often to stay informed of changes that may affect you. Our electronically or otherwise properly stored copies of this privacy policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this privacy policy that was in effect on each respective date.

Security of Personal Information

Your Personal Information and Sensitive Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.

When your Personal Information and Sensitive Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information and Sensitive Information. However, most of the Personal Information and Sensitive Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

Access to Your Personal Information and Sensitive Information

You may access the Personal Information and Sensitive Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information and Sensitive Information, please contact us in writing.

We will not charge any fee for yoru access request, but may charge an administrative fee for providing a copy of your Personal Information and Sensitive Information.

In order to protect your Personal Information, we may require identification from you before releasing the requested information.

Maintaining the Quality of your Personal Information and Sensitive Information

It is important to us that your Personal Information and Sensitive Information is up to date. We will take reasonable steps to make sure that your Personal Information and Sensitive Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy, please contact us via covidtracer@corplite.com

BY DOWNLOADING OR OTHERWISE USING THE COVIDTRACER WEBSITE, YOU ACKNOWLEDGE AND WARRANT THAT YOU HAVE THOROUGHLY READ, UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO COMPLY WITH AND PROVIDE THE CONTENTS AND CONSENT CONTAINED HEREIN.