ACTIVE HEALTH TECH
PRIVACY POLICY

PURPOSE OF OUR POLICY

This Privacy Policy applies to each of ACTIVE HEALTH TECH LTD (Company number 10530672) (United Kingdom) and Active Health Tech Pty Ltd (ABN 70 162 052 271) (Australia) (the Active Health Group).  When we mention we, us or our in this privacy policy, we are referring to the relevant company in the Active Health Group that is responsible for processing your data.

We provide the TrackActive Me (www.trackactiveme.com) and TrackActive Pro (www.trackactive.co) website platforms and mobile applications.

This Privacy Policy aims to give you information on how we process the Personal Information that we collect about individuals.

This Privacy Policy takes into account obligations in the European Union under the General Data Protection Regulation (GDPR) and follows the standards of the Australian Privacy Principles set by the Australian Government for the handling of Personal Information under the Privacy Act 1988 (Cth) (Privacy Act). 

By publishing this Privacy Policy we aim to make it easy for our customers and the public to understand what Personal Information we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their Personal Information in our possession.

OUR SERVICE

We offer 2 types of service. TrackActive Pro is available to healthcare practitioners from a range of disciplines (Practitioners) to use and offer services to their patients and clients (Patients).

TrackActive Me is available to individuals, either directly or via an organization (such as their employer, insurer, health organization or a charity).

TrackActive Pro allows:

Both TrackActive Pro & TrackActive Me allow individual users to:

Certain provisions of this policy apply only to use of TrackActive Pro. Where you are using TrackActive Pro, your Practitioner will also have access to all of your Personal Information submitted via the service. The Practitioner will be a data controller in their own right in respect of their use of that personal data and will process that personal data in accordance with their own privacy policy. 

For the avoidance of doubt, by contrast, where you are using TrackActive Me via your employer organization, your employer organization does not have access to your personal data on the service (except with your express consent).

WHO AND WHAT THIS POLICY APPLIES TO

Our Privacy Policy deals with how we handle ‘personal information’ or ‘personal data’, being data that identifies an individual or data from which an individual is identifiable. In the provision of services, we are also required to process special categories of data (as defined in the GDPR), including health data (and ‘health information’ for the purposes of the Privacy Act in Australia).

We may handle Personal Information of adults and children as users of TrackActive Pro, both in our own right and also for and on behalf of Practitioners.

Our Privacy Policy does not apply to information we collect about businesses or companies, however it does apply to information about the people in those businesses or companies whose data we process.

The Privacy Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.

You must not provide any Personal Information or other information about someone other than yourself unless:

THE INFORMATION WE PROCESS

In the course of business we may collect and process certain Personal Information about you. 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate Statistical Information to calculate the percentage of users accessing a specific application feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

HOW INFORMATION IS COLLECTED

Most information will be collected in association with an individual’s use of TrackActive Pro or TrackActive Me, a related enquiry or generally dealing with us.  However we may also receive Personal Information from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies, our customers (including organizations and practitioners) and our business partners. In particular, information is likely to be collected as follows:

We will publish changes to the way that information is collected at the point of collection and within this policy.

OUR PURPOSES FOR PROCESSING PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we process special categories of personal data, we will most commonly rely on the following additional legal basis when processing that personal data:

For the avoidance of doubt, as set out below, we will only use the special categories of data provided to us by you (including your EHR) for the purposes of providing our service to you, when one of the legal basis set out above applies. That may require us to share that data with third parties, such as Practitioners where you use TrackActive Pro, for that purpose. We may also use special categories of data that we process to put it into an anonymized and aggregated form for statistical purposes. For the avoidance of doubt, once it is anonymized and aggregated, it is no longer your personal data. We will not use special categories of personal data for any other purpose.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/ActivityLawful basis for processing including basis of legitimate interest
To provide the TrackActive Pro or TrackActive Me servicePerformance of a contract with you.
Legitimate interests to provide you with our service where we do not have a direct contract in place with you but you have requested our service from us.
To the extent that we process special categories of personal data, your explicit consent or where that personal data has been manifestly made public by you.
To register you as a new customerPerformance of a contract with you
To enable us to verify your identityPerformance of a contract with you
To process and deliver your order including managing payments and collecting monies owed to usPerformance of a contract with you
To manage our relationship with you which will include notifying you about changes to our terms, privacy policy or services or asking you to leave a review or take a surveyPerformance of a contract with you

Necessary to comply with a legal obligation

Necessary for our legitimate interests (to keep our records updated, to inform you about changes to our service and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a surveyPerformance of a contract with you

Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To send you marketing communicationsConsent, where you are a new customer and such communications are sent by electronic means

Legitimate interests, where you are an existing customer (and have not opted out), where you are a corporate subscriber or where those communications are sent by post (to provide you with marketing about our business).
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to youNecessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

Consent
To use data analytics to improve our website, products/services, marketing, customer relationships and experiencesNecessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

Consent
To make suggestions and recommendations to you about goods or services that may be of interest to youNecessary for our legitimate interests (to develop our products/services and grow our business)

Consent
Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activityLegitimate interests (to ensure that we provide an effective and efficient service)


Necessary to comply with a legal obligation


Performance of a contract with you
Carrying out regulatory checks and meeting our obligations to our regulatorsNecessary to comply with a legal obligation
As required or permitted by lawNecessary to comply with a legal obligation

SHARING PERSONAL DATA

Whether any Personal Information (including your EHR) is shared, it will depend on the system you are using:

(a) TrackActive Pro – where you are using TrackActive Pro the primary reason Personal Information is used or disclosed is to share EHRs with authorised Practitioners, by giving them access to the EHR in TrackActive Pro.  Unless we have your consent, we will not disclose EHR in TrackActive Pro for any other purpose than making the individual’s EHR and other related information available to authorised Practitioners, in a manner compliant with the applicable data protection laws in the course of our business.

(b) TrackActive Me – we will not release Personal Information that you input into TrackActive Me to your employer, without your express consent.

We utilise third-party service providers to process information, host or transmit personal data, communicate with an individual and to store Personal Information about them. Such services we currently use include the following:

We may disclose personal information to third parties:

We may also share your Personal Information with the other companies within the Active Health Group for the purposes of providing relevant services to you.

You may choose to link your account with a third party (such as Facebook, LinkedIn, Twitter or Google+) to our services to enable certain functionality, which allows us to obtain information from those accounts (including your profile picture, friends or contacts). We are not responsible for the privacy practices of third parties. The information we may obtain from those services often depends on your settings or their privacy policies. We recommend that you read the privacy policies of third party service providers so you can understand the manner in which your personal information will be handled by these providers.

Notwithstanding anything to the contrary in this Agreement, nothing shall restrict us from collecting, analysing, using and sharing any personal information on an aggregated and anonymous basis.  You consent to such use of aggregated and anonymised data.

INTERNATIONAL TRANSFERS

If your personal data was collected by or in the context of our Australian group company, we will not disclose your Personal Information to any entity outside of Australia that is in a jurisdiction that does not have a similar regime to the Australian Privacy Principles or an implemented and enforceable privacy policy similar to this Privacy Policy. We will take reasonable steps to ensure that any disclosure to an entity outside of Australia will not be made until that entity has agreed in writing with us to safeguard Personal Information as we do.

If your personal data was collected by or in the context of our UK group company, we may transfer your personal information outside the EEA, to our group companies or to third party service providers. Where we do so, we ensure a similar degree of protection is afforded to it by ensuring there are adequate safeguards in place, as required under the GDPR, which may include an adequacy decision by the European Commission, standard contractual clauses or, where we use providers based in the US, those providers are EU-US Privacy Shield certified.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

TrackActive Pro personal data is stored within Australia. Where personal data is stored for TrackActive Me users will depend on the regional settings of the individual’s device – being stored either in Australia or the United Kingdom.  As set out under the ‘Sharing Personal Data’ heading above, certain information may be  transferred to, processed and/or stored outside of Australia and/or the European Economic Area (EEA) (as applicable) including with third parties. 

RETENTION OF DATA

We will retain Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. Whilst the retention periods vary according to the type of record, in respect of certain EHR in Australia and the United Kingdom we allow for 8 years from (i) the date of last treatment for adult records and (ii) for children, eight years after their 18 birthday or until 25 years of age. In certain circumstances we may be legally required to maintain records indefinitely.

HOW IS YOUR DATA KEPT SECURE?

We may appoint a Privacy Officer to oversee the management of this Privacy Policy and compliance with the applicable data protection law. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.

We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.

We use SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. We also help keep your data secure: by carrying out regular penetration testing, by following internal policies of best practice, by training for staff, and by encrypting personal data. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.

We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.

If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.

We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information, in compliance with the law.

COOKIE POLICY

We use cookies to distinguish you from other users of our websites. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. This helps us to provide you with a good experience when you browse the website and also allows us to improve our systems and services. By continuing to access our websites, you are agreeing to our use of cookies.

We use the following cookies:

You can find more information about some individual cookies we use and the purposes for which we use them in the table below:

Cookie NamePurposeMore information
1P_JARGoogle cookie. These cookies are used to collect website statistics and track conversion rates.Save duration - 1 week
_gidUsed to distinguish users.Save duration - 24 hours
_gaUsed to distinguish users.Save duration – 2 years
wp-settings-{time}-[UID]This is used to customize users’ view of admin interface, and possibly also the main site interface.Save duration – 1 year
mp_*_mixpanelThis cookie is set by Mixpanel Analytics and helps us understand how people are using the site so we can improve the experience.Save duration – 1 year
_atuvc
Helps to ensure share counter you see on the website updates properly after you’ve shared something.Save duration – 1 year

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

YOUR RIGHTS, COMPLAINTS AND DISPUTES

Under certain circumstances, you have the following rights in relation to your personal data:

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance

HOW TO ACCESS AND/OR UPDATE INFORMATION

Users can update their Personal Information held within the TrackActive Pro or TrackActive Me service, as applicable, from within their account or profile.

It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.

CONTACTING US

All correspondence with regards to privacy should be addressed to:

Privacy Officer

Active Health Tech Limited
191 Wood Ln
London W12 7FP
United Kingdom

[email protected]

Active Health Tech Pty Ltd
Level 1, 6 Bridge St
Sydney New South Wales 2000
Australia

We recommend you contact the Privacy Officer by email in the first instance.

CHANGES TO THIS PRIVACY POLICY

If we decide to change this Privacy Policy, we will post the changes on our webpage at www.trackactive.co and www.trackactiveme.com.  Please refer back to this Privacy Policy to review any amendments.

We may do things in addition to what is stated in this Privacy Policy to comply with the Australian Privacy Principles, and nothing in this Privacy Policy shall deem us to have not complied with the Australian Privacy Principles. 

Subscribe to receive updates and get a free report:

‘Using a mobile health application for self-management and prevention of neck and back pain in the workplace’

Subscribe now