Last updated: 18 December 2024
SiSU Wellness Pty Ltd (ACN 166 905 602) (the Company), trading as SiSU Health Group.
Our Privacy Policy describes what information we collect via our services that include but are not limited to our and our partners;
At the Company, we understand that health is a very personal, private subject, and we want you to feel as comfortable as possible using our Services. The Company takes this responsibility very seriously.
This document also describes how we may process (collect, use, and disclose) the information that we obtain about you directly or indirectly, and how we protect that information in accordance with applicable data privacy laws. This document also outlines the choices you have about how your information is used.
We encourage you to read this Privacy Policy carefully so that you understand both our commitment to you and your privacy, and how you can participate in that commitment. This Privacy Policy is drafted to comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). Some of our commitments to you go beyond the requirements of the APPs and these are detailed in Section 8.
Should you have any questions about this policy or our privacy practices, please email us on [email protected] or write to us at: SiSU Wellness Pty Ltd, Data Privacy and Security, L8, 637 Flinders Street, Docklands, VIC, 3008.
Scope of Privacy Policy
This Privacy Policy explains and describes:
a. Provided by You
The Company will collect information that identifies you (Personal Information) when you voluntarily provide it to us through the use of any of our Services. For example, when you choose to register via our online health portal (website) or use our biometric health station, we may ask you to provide personal information, such as your name, telephone number, date of birth, gender and email address. We may collect information that will allow you to establish a username and password.
We collect information that you provide to us, including when you communicate with us via email or other channels, when you sign up for or request that we send you newsletters, alerts, or other materials, when you sign up for a webinar or event, when you respond to our communications or requests for information, or through responses to questionnaires and self-assessments. We may collect Personal Information about your other dealings with us, including any contact we have with you in person, by telephone, email or online.
In addition, we collect sensitive biometric and lifestyle related health information through our health station tests or online portals such as health, weight, height, blood pressure, heart rate, and body fat percentage (Sensitive Personal Information). Sensitive Personal Information is a subset of Personal Information. Special rules apply to the handling of Sensitive Personal Information (please see the section below concerning Sensitive Personal Information).
Individuals may deal with the Company on an anonymous basis or using a pseudonym when making inquiries to the Company. However, the Company may require certain contact details or other information from individuals to respond to these inquiries.
In some circumstances, we may also request Personal Information that includes financial information, such as your credit card details. Financial information will be transacted online via trusted third-party transaction gateways, and will never be stored by the Company.
Personal Information may also be collected through use of a Fitbit or other like devices (Wearables) when you connect your device to our Services. The Personal Information collected through Wearables may include Sensitive Personal Information such as gender, weight, date of birth, plus activity-related information such as heart rate, number of steps, and calorie-intake.
b. Unsolicited Personal Information
If we receive Personal Information that we did not take any active steps to collect, we will determine whether we would have been permitted to collect that information as part of providing our Services in accordance with the law. We will destroy or de-identify unsolicited Personal Information that we would not collect as part of providing our Services if it is lawful to do so. If the information is of the type that we would collect to provide our Services, we will contact you to confirm what information we have been provided and the lawful basis on which we intend to rely to use that information in accordance with this Privacy Policy.
c. Social Media
If you access or log-in to a Service of the Company through a third party social media service or connect a Service of the Company to a third party social media service, the information we collect may also include your user ID and/or user name associated with that social media service, as well as any information or content you have permitted the third party social media service to share with us, such as your profile picture, email address, and any information you have disclosed in connection with that social media service.
Any information gathered through these channels will be governed by the privacy settings, policies, and/or procedures of the applicable social media platform, which you should ensure you have read and understand and for which we accept no responsibility for. We do not collect your passwords other than in relation to our own Services. When you access the Services of the Company through third party social media services or when you connect a Service of the Company to third party social media services, you are authorising Company to collect, store use and disclose such information and content in accordance with this Privacy Policy.
d. Cookies
Cookies are small text files that store information on your computer, mobile phone or other similar device. We may use cookies in the course of delivering any online Services where appropriate to gather information about your usage of our Services, for example the pages you visit on our website, in order to assist us in improving our Services and to tailor your experience with our Services to suit your preferences. You can review our Cookie Policy and use of cookies here.
We may also gather information about your general Internet usage. This non-personal information is not connected to any Personal Data you provide us and it cannot be used to identify you. We use it for statistical reasons only. For example, we may use it to analyse broad audience profiles – like what region you are from. This statistical data is anonymous and aggregated. Through this process we do not gather or disclose any of your Personal Data.
We also utilise a Customer Data Platform (CDP) to monitor user activity across the various components of our digital platform. Generally, all information on the CDP is displayed in anonymised formats. However, some personal information such as your IP address and mobile phone name, may be visible to authorised staff only.
The cookies we use remain on your device for differing times. Some expire at the end of each session and some remain for longer so that when you return to our use our Services, you will have a better user experience.
Most browsers are initially set to accept cookies, however you can adjust the settings on your browser to block any or all cookies if you wish. This can easily be done by activating the browser settings on your computer or handheld device and selecting reject cookies. Please be aware though that if you disable cookies, you may not be able to access some of our Services. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org which includes information on how to manage your settings for the major browser providers.
e. Google Analytics
We use the utmz cookie which expires after 26 months. We collect standard internet log information and details of visitor behaviour patterns by using Google Analytics cookies. We do this to compile reports and to help us find out things such as the number of visitors to the various parts of our website, so that this can be improved. We will not associate any data gathered in this way with any Personal Information from any source. For more information about Google Analytics cookies please see https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?csw=1.
To provide website visitors with more choice on how their data is collected by Google Analytics, Google have developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services. For more information about Google Analytics Opt-out Browser Add-on please see https://tools.google.com/dlpage/gaoptout?hl=None.
f. Location Data
Location data may be collected by the Company when you use our mobile application and health stations and stored to improve the overall functionality and accessibility of the SiSU Health Station network and Services. The level of location information you provide may be varied in the app settings, including being active all the time, only when the app is in use, or not at all.
g. Sensitive Personal Information
From time to time, we may request the collection of Sensitive Personal Information about you in order to provide our Services, such as information about your health or ethnicity.
We will request your explicit consent before we collect, use or disclosure your Sensitive Personal Information. Please see the section below entitled ‘What We Do With Your Personal Information and Why We Collect It’ which provides more details about consent where you have granted this to us.
Where you have provided us with your explicit consent to use your Sensitive Personal Information then we will use, store and disclose your Sensitive Personal Information in accordance with this Privacy Policy or as required by law. For the avoidance of doubt, this includes holding your Sensitive Personal Information in a secure third-party web host with appropriate security and confidentiality measures in place under a service agreement with the Company. We will only share limited amounts of your information with certain third-party service providers who assist us to provide our products and services as set out in the section below entitled ‘Disclosure of Personal Information to Third Parties’.
2. Legal Basis for Usage of Your Personal Information
Where we intend to use, or process, your Personal Information, we rely on the following legal grounds:
Performance of a Contract: We may need to collect and use your Personal Information to enter into a contract with you or to perform a contract that you have with us. For example, to provide you with our products and services, health checks at our health stations, health risk appraisals online, lifestyle coaching, and provision of relevant health content, and where we respond to your requests and provide you with services in accordance with our terms and conditions or other applicable terms of business agreed with you or with your employing organisation.
In Our or a Third Party’s Legitimate interests: Where we consider use of your information as being (a) non-detrimental to you, (b) within your reasonable expectations, and (c) necessary for our own, or a third party’s legitimate purpose, we may use your Personal Information, which may include:
Compliance with a Legal Obligation: We may be required to process your information due to legal requirements, including tax laws and other regulatory provisions applicable to the Company as a provider of health assessment and health improvement services.
Consent: We will only ask you for your consent to use and process your personal information if there is no other legal reason to process it. If we need to ask for your consent, we will make it clear that this is what we are asking for and ask you to confirm your choice to give us that consent.
You may be asked to provide your consent in connection with certain Services that we offer, for example in respect of any use or processing of your Personal Information for the marketing of third party products that we consider may be of interest to you. We are also legally obliged to gain your explicit consent in respect of your Sensitive Personal Information, due to the sensitive nature of such information and/or the circumstances in which it is gathered or transferred.
You may also be asked to provide your consent to SMS/TXT messages and emails from our Communications Platform. You can withdraw this consent at any time by pressing the unsubscribe button that appears in each of those emails, or by replying "STOP" to any text messages.
If we cannot provide a Service without your consent (for example, we cannot provide the results to your health station tests without health information), we will make this clear when we ask for your consent. Where we are reliant upon your consent, you may withdraw this at any time by contacting us at [email protected] or by using the details set out at the end of this Privacy Policy, however we will no longer be able to provide you with the Service that relies on having your consent.
3. What We Do With Your Personal Information and Why We Collect It
We will only use, disclose, or otherwise process your Personal Information for the purpose that we collected it or as set out in this Privacy Policy. We also set out some legal reasons why we may process your personal information (these depend on what category of personal information we are processing).
a. Internal Uses
We may use your Personal Information within the Company:
We may also use your information within the Company, to send you information relating to your use of the Company Services.
b. Direct Marketing
We may use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.
We may use your personal information to send you marketing by post, by phone, through social media, by email and by text message. This may include emails and text messages from our Communications Platform.
For our legitimate interests, in order to support the Services we provide to you, we may provide you with information and services on an ongoing basis, including relevant marketing communications related to the Company, and other information or materials, that you request from us or which we feel may interest you where you have indicated that you would like to receive these from us.
If you don’t want to receive emails from us, you can click on the ‘unsubscribe’ link that appears in all emails we send. If you no longer wish to receive text messages from us, you can reply 'Stop'. Otherwise, you can always contact us update your profile information on our website in accordance with the section titled ‘How You Can Access and/or Correct Your Personal Information’ below or by contacting us at [email protected] to update your contact preferences.
You may object to direct marketing and profiling (the automated processing of your information to help us evaluate certain things about you, for example, your personal preferences and your interests) relating to direct marketing. Please see the section about your privacy options for more details.
c. Customer Panel Feedback
We are committed to constantly improving our Services and platform. If we have your permission or a legitimate interest as described above, we may reach out to you via text message or email, in order to seek your feedback on various Services or asking you to take part in a Customer Panel to facilitate that improvement.
d. Promotions and Other Marketing
If you provide Personal Information or any loyalty program number that has been issued to you for the purposes of any promotions offered in connection with the Services either by the Company or a third party, this information may be passed back to the owner of the promotion to apply rewards and improve your overall customer experience.
If at any time we intend to change the purpose for which we hold your Personal Information, for example to offer you with a complimentary service that we may provide in the future, we will give you prior information of that new purpose so you are aware of this.
We may also use reports and analysis, created using de-identified data, for advertising, promotion and marketing purposes.
e. Population Health Planning and Preventive Health Research
Independent, evidence-based Population Health Planning and peer-reviewed research is critical to improving population and preventive health outcomes, as well as the platform supporting SiSU Health's mission and vision to help people live healthy lives.
We partner with a number of leading Australian Universities, peak health organisations and state and federal health departments to undertake research and population health planning, disclosing de-identified insight about population and preventive health measures. Any and all data provided to these organisations is fully de-identified and the scope, length and terms of its use are clearly defined and documented. Depending on the nature of the research study and its protocol, we may require your specific consent to participate.
SiSU Health also undertakes due diligence with each of its partners to confirm that their data management protocols and processes relating to security, access and transmission are robust, auditable and compliant. Any health research collaborations with universities must also pass the universities Human Research Ethics Committee (HREC) processes.
SiSU Health's University, Population Health partnerships and specific research projects can be viewed on the SiSU Health website: https://www.sisuhealthgroup.com/research-development
f. Client & Partner Reporting and Analytics services
SiSU Health also uses de-identified data to undertakes its own population health analysis and reports for internal and external audiences.
We provide de-identified reporting and analytics to employers and other corporate partners as part of a contracted deployment of the SiSU Health Platform to support their employees or members. These reports provide an aggregated summary of participant activity and health metrics generated on the SiSU Health Platform, including the SiSU Health Station (in both workplace and public locations), online Health Risk Assessment, SiSU Mobile app, SiSU Portal and digital communications etc.,
All data presented in these reports is sourced from a database that contains no personally identifiable information such as participant names, date of birth, email address, or IP address etc. SiSU Health also employs a mechanism within its reporting services to control against deductive identification of individuals where there is small response pool (n) for a specific deployment location. Where this occurs, reporting is automatically presented at a higher, aggregated level and excludes age group and/or sex.
4. Disclosure of Personal Information to Third Parties
We will not give, sell, rent, loan or otherwise disclose any Personal Information to any third party, unless:
We use third party service providers to provide services that involve data processing, for example web-hosting, analytics providers in connection with the operation of our Services, , auditing, professional advisory (including legal, accounting, financial and business consulting), research, client contact, and marketing services. [A full list of such service providers can be found at https://www.sisuhealthgroup.com/sub-processors/ . This link may be updated from time to time as we change, add or update our suppliers, so we would encourage you to periodically check this list for any changes that may have been made].
5. How We Protect Information Online
We take steps to hold information securely in electronic or physical form and hold ISO 27001 accreditation for our information security systems.
Our information security policy is supported by a variety of processes and procedures, and we store information in access-controlled premises or electronic databases requiring logins and passwords. It is our policy to protect your account information against unauthorised access or release. All the information you provide to us is handled through a Secure Socket Layer (SSL). SSL is a leading Web technology that encrypts your account information. If you register on-line or via any of our health stations we use 256-bit encryption when we ask for or provide personal or confidential information. Please exercise caution when sending information via email, as email messages do not have the security features that are built into our website. In addition, we have procedures that limit the Company’s employees and contractors access to personal information. Only those employees and contractors with a business reason to know have access to such information. We educate our employees about the importance of confidentiality and customer privacy through standard operating procedures, mandatory training programs, and internal policies on data privacy and corporate integrity. We take appropriate disciplinary measures to enforce employee privacy responsibilities.
Once we have received your Personal Information, we will take reasonable steps to use procedures and security features to try to prevent unauthorised access, modification or disclosure.
All information collected by the Company that is stored online will be stored by a secure third-party web host under a service agreement with the Company. Your email address and some personal information will be stored with our email providers under a service agreement with the Company.
6. How You Can Access and/or Correct Your Personal Information
If you register or use our Services, you may review and correct, as needed, the registration information you provide by visiting the website. You are able to update and keep all your information accurate via our website. For this reason we recommend you do not share your Personal Information with anyone or allow them to access your personal details and health information. Please contact us immediately if you believe your Personal Information is incorrect and you are unable to correct it or it otherwise needs to be corrected or has been viewed or accessed by anyone without your consent at [email protected].
7. Disclosure of Personal Information Outside of Australia
Where you are submitting Personal Information from within Australia, such information may be transferred outside Australia. By way of example, this may happen if one or more of our third-party service providers with whom we share Personal Information in accordance with the section titled ‘Disclosure of Personal Information to Third Parties’ are located, or have their servers located, outside Australia. If we transfer your information outside Australia in this way, we will take steps to ensure that your privacy rights continue to be protected and ensure that these third parties are either covered by data privacy laws substantially similar to those in the European Union (being considered a higher level of privacy than Australia) or the Third Party adheres to data privacy standards substantially similar to those in the European Union.
8. Your Options in Relation to Your Personal Information
Where you have consented to our processing of certain Personal Information, you can at any time withdraw such consent and/or tell us not to contact you with updates and information regarding our products and services (or part of them) either at the point such information is collected, (by leaving the relevant box unticked) or, where you do not wish us to continue to use your information in this way, by following the changes instructions on any communications sent to you. Alternatively, you may contact us using the contact details at the end of this Privacy Policy.
You may request:
You may also object to, or request the restriction of, our use of your Personal Information.
If you would like to exercise any of the options set out in this section, please contact us at [email protected] or using the details below. We may refuse to provide access where we have legitimate reasons for doing so under applicable data privacy laws, and in exceptional circumstances may charge a fee for access if the relevant legislation allows us to do so, in which case we will provide reasons for our decision.
9. Retention, Account Deactivation and Deletion
You may delete your account at any time by sending us an email at [email protected] with the subject titled “Delete Account”.
Where an account is deleted, we will retain your information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or allowed by law, or pursuant to the terms of any agreements with our collaboration partners. Your Personal Information will then be de-identified or deleted from our servers.
Remember that even after your account is deleted, your email address will still be held by us in a suitably secure/pseudonymised way in order to comply with the law, to avoid any other person attempting to fraudulently use your contact details. We may also retain backup information related to your account on our servers for some time after cancelation for fraud detection or to comply with applicable law or our internal security or other policies. We are not responsible for any information lost following the deletion of your account.
10. Changes to our Privacy Policy
Your provision of Personal Information to us or use of our online services constitutes your acceptance of the terms of this Privacy Policy.
We may change this Privacy Policy from time to time, so please check back often. We will let you know that the policy has been changed by changing the effective date at the top of this page. Your continued use of the Services following the posting of changes to this Privacy Policy indicates that you accept those changes. Through this document we will always let you know the information we collect, how we use it, and the circumstances under which such information may be disclosed by us.
11. Links to Third Party Sites
The Company may, from time to time, let you leave the site to linked sites. The linked sites are not under the control of the Company and the Company explicitly states that it is not responsible for the contents of any linked site. The links are provided for the convenience of members and any such link does not imply endorsement by the Company of the site or of any association with the operators of the site.
12, Requesting Further Information and Making a Complaint
To find out more about the Company please visit https://www.sisuhealthgroup.com.
The Company at your request, can confirm what information we hold about you and how it is processed. If the Company does hold Personal Information about you, you can request the following information by contacting us using the details below:
In order to verify the identity of those who make a request to us, we will accept the following forms of ID when information on your Personal Information is requested:
If you think the Company has breached any of its privacy obligations, or you wish to make a complaint about the way your Personal Information has been handled, you can contact our Privacy Manager by email at [email protected]. So that the Company can respond to you, please clearly describe your complaint and include your name, email address and/or telephone number for our reply. Your complaint will be considered by the Company’s management, and an acknowledgement and response to your complaint will be provided to you within a reasonable period of time.
If you think that the Company has failed to resolve the complaint satisfactorily, you may refer the matter to the Office of the Australian Information Commissioner:
Mail: GPO Box 5218, Sydney, NSW 2001
Online: www.oaic.gov.au/privacy
Phone: 1300 363 992
Email: [email protected]
If you are located in the European Union, please refer to our European Privacy Policy.
13. Law
These terms of use shall be governed and construed in accordance with the laws in effect in the state of Victoria, Australia. If any term is held to be invalid, unlawful or unenforceable, it shall not affect the enforceability of any of the remaining terms.
14. Who We Are
The Services are owned and controlled by SiSU Wellness Pty. Ltd.
Our full postal address is: L8, 367 Flinders Street, Docklands, VIC 3008.
Our email address is: [email protected]
Our website is: https://www.sisuhealthgroup.com
Please address any privacy concerns to the Privacy Officer, Adam McLeod.
In the spirit of reconciliation, we acknowledge the Traditional Custodians of Country throughout Australia. We recognise their continuing connection to land, sea and community and we pay our respects to Elders past, present and emerging. SiSU Health is dedicated to supporting better health and health outcomes for indigenous peoples across Australia. As of November 2024, we are proud to have provided more than 64,000 free health checks to more than 40,000 individuals of Aboriginal and Torres Strait Islander heritage across Australia.
DISCLAIMER: The use of SiSU Health Products is not intended to replace medical advice from a qualified physician or healthcare professional. Always check with a qualified healthcare professional before making any changes to your health or lifestyle.
Company
L8, 637 Flinders Street, Docklands, 3008
Australia
(03) 9818 3998