Sleepfit (we, us, our) is bound by and committed to complying with its obligations under, the Privacy Act 1988 (Cth) (Privacy Act) and General Data Protection Regulation EU and UK (GDPR) in relation to your personal information.
Personal information is information about you, or which identifies you, such as your name, contact details, and records of your dealings with us. It includes sensitive information about you, such as health information.
The types of personal information that we typically collect include:
Users of the Sleepfit Platform & Programs: Email address and responses to our questions in providing the Program to you. Where follow up is indicated, we may collect your phone numbers and work and home addresses.
Business contacts: Your work contact details and information about our business relationship with you.
Why we handle your personal information
We collect, hold, use and disclose your personal information for the following purposes:
to interact with you
provide you with our services and products, including our Sleepfit Platform and Programs
to maintain our business records
to provide you with information about products and services that may be of interest to you
to obtain payment for services that we provide to you such as from your health fund or employer
to connect or refer you to other health provider(s) or specialist services
any purpose required or permitted by law
any purpose disclosed to you and to which you have consented
any purpose that you would otherwise reasonably expect, and
otherwise to run our business including development and research
Collection of your personal information
We only collect personal information by lawful and fair means. We collect personal information directly from users when they engage with our Sleepfit Platform and Programs. In some cases, where it is unreasonable or impracticable to obtain your personal information directly from you, we will seek to obtain it from a third party, such as general practitioners and or medical specialists with whom we work.
Disclosing your personal information
We will not sell or rent any of your personal information with the exceptions below. We may disclose your personal information to third parties, such as:
your agents or representatives, including your general practitioner or medical specialist.
our service providers, including IT services, insurers, mailing houses
our professional advisers, including lawyers, accountants and auditors, and
government, regulatory and law enforcement authorities.
Where you are engaging with our Sleepfit Program through your employer, the information you provide to Sleepfit will be confidential. Your employer will not access any of that information, although we will report aggregated, anonymised information about employees to the employer.
Accessing and correcting your personal information
Right to access: A user of Sleepfit has the right to view all personal information that we have collected about them, as well as the disclosure of this data. To receive a copy of this data, please contact our Chief Technology and Data Protection Officer. The first copy of this information is provided free of charge, and in a portable / common electronic form (e.g., CSV file). After this, we may seek to recover reasonable costs incurred for data retrieval.
Right to accuracy: A user of Sleepfit has the right to ensure that the data we have stored is accurate. In most cases, the system allows you to directly modify your own information. However, if there is incorrect data within our system that you are not able to change, please contact our Chief Technology and Data Protection Officer and we will work directly with you to update this information.
Right to deletion: A user of Sleepfit has the right to request deletion of all data within the system. To request your data be deleted, please contact our Chief Technology and Data Protection Officer. In most cases, your request will be completed within 30 days. If circumstances require a delay to this deletion, we will notify you directly explaining the reason for the delay. If there is a legal requirement to hold on to your data, we will notify you directly.
Right to withdraw consent: A user of Sleepfit has the right to withdraw their consent at any time by contacting our Chief Technology and Data Protection Officer. Please note that without consent to process your data, we will be unable to deliver the Sleepfit program.
Right to notification of disclosure: In addition to the right to request disclosures of your data specified in the "right to access" above, we will notify you as required by law if there has been a breach of the security of your identifiable health information.
Security of your personal information
We hold your personal information in both paper-based and electronic files. Electronic information is transferred to and stored on a secure third party server within Australia. We seek to ensure that personal information that we hold is protected from misuse, interference and loss caused by unauthorized access, modification or disclosure. Our employees and agents are obliged to treat any personal information held by us confidentially.
Sleepfit will retain all health-related information in electronic format only and for a period of at least 7 years and may thereafter dispose electronically.
We may use the personal information that we hold about you, including your contact details, to provide you with information about products and services that may be of interest and value to you. These products and services may be offered by us, or one of our preferred suppliers by various means including by mail, telephone, SMS, push notifications, or through social media or targeted advertising through Sleepfit or non-Sleepfit websites or products or services, You may opt- out of receiving all or certain types of marketing information from us at any time by contacting us on the details provided below.
Questions and complaints
If you believe that any of your rights with respect to your or others’ identifiable health information have been violated by us, our employees or agents, please contact our Chief Technology and Data Protection Officer. You may also lodge a complaint with the Office of Australian Information Commissioner by calling 1300 363 992 or sending an email to email@example.com.
Cyber security standards followed by our organisation?
We are ISO 27001 certified. This certification means that we follow the global best-practice approach to effectively identify and assess threats and monitor our information security risks by addressing people, processes, and technology. It means that we have security built into every facet of our operations and strive to improve our security posture through continuous improvement.
Who can you contact?
Chief Technology and Data Protection Officer
Suite 1, 11 West St,
NSW, Australia 2060
These terms and conditions were last updated on 1st June 2020.