In the course of carrying out our activities SMART Recovery Australia Limited (we, us, our) will collect, store, use and disclose personal information. We appreciate that you are trusting us with your information. We understand how important your privacy is and are committed to the responsible management, use and protection of your information and to being in compliance with privacy law.
Personal information and sensitive information
Personal information is information or an opinion about an identified or reasonably identifiable individual, whether or not the information or opinion is true and whether or not the information is recorded in a material form. Sensitive information is personal information that includes information about a person’s health (among other things).
Types of personal information we collect and hold
We collect and hold personal information about individuals for the provision of our products and services and purposes connected to those products and services.
Consistent with the provision of our products and services, the types of personal information we may collect and hold include:
- Your identity and contact details – includes your date of birth, gender, and email address.
- Your profile data – if you register an account, this includes the profile you create to identify yourself when connecting to our website and apps (including your username and password) and other data about purchases and your personal preferences.
- Other information – we may collect text of communications gathered during our interaction with you on live-chat, social media and emails, and other information from your interactions with us online, including IP address and other associated information.
The basis for our processing of your personal information under the General Data Protection Regulation (GDPR) is with your consent and to enable us to perform the contract with you related to the services you have asked us to provide. If you do not provide us with personal information, we are unlikely to be able to provide you with our services.
How we collect and hold personal information
We may collect personal information in the course of providing our products and services, from our SMART Platform or website or directly from you.
Personal information is held securely, is subject to various security protections and is held only for as long as the information remains relevant to the purpose for which it was collected.
We take reasonable steps to ensure the security and integrity of the personal information we collect, store, use and disclose, including restricted server access, encryption and other industry standard security protocol like use of firewalls and complex password protection.
Purposes for which we hold, use, and disclose information
We will not use or disclose personal information for any secondary purpose, unless that secondary purpose is related to the primary purpose for which we have collected that information, and you would reasonably expect the disclosure in the circumstances, or unless you consent to that use or disclosure, or where required by law..
For the purposes of the GDPR we are a data processor and a data controller.
The purposes for which we hold, use, and disclose and process information include:
- to deliver and customise the SMART Platform and conduct our business which includes providing our services, or the services of a third party, to you.
- to provide a platform for mutual aid support, training, personal development, and tailored feedback, such as self-management strategies.
- to maintain the safety and security of our operations (e.g., electronic, and other security monitoring, maintaining management records).
- to communicate information about our products and services or third-party products or services that may be of interest to you.
- for internal administrative, research, planning, marketing, and development purposes; and
- for our regulatory and legal compliance, including without limitation compliance with our licensing obligations.
We may also disclose personal information to third party technology partners.
Access and correction
We will take all reasonable steps to ensure any personal data we collect, use, or disclose is up to date and accurate. If you believe personal information we hold about you is not up to date or accurate, you may ask us to correct it.
You may ask us to provide you with details of the personal information we hold about you, and copies of that information. We will respond to your request and attempt to provide you with the data within 30 days of receipt of your request.
If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.
Please direct all requests for access and correction to [email protected]
Some other rights in relation to your privacy
Some individuals also have a right, in certain circumstances, to have the information held about them erased. You can talk to us further about this at [email protected].
You can also request that we restrict or suspend the processing of your personal information. If you do so, note that we will then be most likely unable to provide the services to you.
The GDPR also provides that, in some circumstances, individuals have a right to data portability, to withdraw their consent at any time, to object to data processing and to object to processing of data for marketing purposes.
Relevant to the GDPR, in order to provide our services to you, we may disclose the information which we process to countries outside the European Economic Area (EEA). Regardless of the location of our processing, we will impose adequate data protection safeguards and implement appropriate measures to ensure that your personal data is protected in accordance with applicable data protection laws.
In relation to our Australian operations, we may, in the course of providing products and services, host your personal information and our databases on overseas data servers.
Changes to this policy
If you consider a breach of the Privacy Act 1988 (Cth) has occurred, you may direct your query to our Privacy Officer at [email protected] and we will attempt to resolve your complaint.
If you do not consider our response satisfactory, you may contact the Australian Privacy Commissioner at its website www.oaic.giv.au or by telephone on 1300 363 992 or you can contact another appropriate supervisory authority. For EU individuals, you can contact the European Data Protection Supervisor.