1. DEFINITIONS IN THIS POLICY
In this Policy “We”, “Our” and “Us” means ABN: 96 829 151 330 trading as Activetoo. “You” and “Your” refers to Our customers and prospective customers as well as those who use Our website.
What is Personal Information?
Personal Information is defined in the Privacy Act 1988 (Cth) and is essentially information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.
For the purposes of this Privacy Policy sensitive information means the information You disclose to us about your physical and mental health and wellbeing.
Sensitive information will only ever be used for providing services to You. Such information will not be used or disclosed for any other purposes without consent, except in exceptional cases when disclosure may be required by law or is necessary to protect the rights or property of Activetoo, or any member of the public, or to lessen a serious threat to a person's health or safety. For the purposes of this Privacy Policy sensitive information is a subset of personal information.
2. OUR COMMITMENT
We value Our partners and Our customers’ trust in Us and We are committed to maintaining the confidentiality and privacy of Your Personal Information. The only personal information we collect is provided voluntarily by You. This Policy details how We collect, disclose and handle Your Personal Information in accordance with the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
3. YOUR CONSENT
In dealing with Us, You agree to Us using and disclosing Your Personal Information in accordance with this Policy. We will not collect or monitor your personal information without your consent. This consent remains valid unless You alter or revoke it by giving written notice to Us. However, should You choose to withdraw Your consent, it is important for You to understand that this may mean We may not be able to provide You or Your organisation with Our insurance products and services, or to respond to Your claim.
Anonymity and pseudonymity
Where possible, You have the option of interacting with Us anonymously or using a pseudonym. For example You may use some of Our online facilities without having to reveal any Personal Information however it will generally be impracticable for You to deal with Us anonymously or use a pseudonym if You wish to use Our services or have Us arrange an insurance product for You.
4. KEEPING OUR POLICY UP TO DATE
Our Policy may change from time to time and where this occurs, the updated Policy will be posted to Our website.
5. WHY WE COLLECT YOUR PERSONAL INFORMATION?
In the course of providing products or services to you, we may use your Personal Information for the following primary purpose:
a)To fulfil our obligations to you under any contract;
b)To render services to you in accordance with our Terms of Service;
c)To provide information about products, service and/or special offers;
d)To obtain opinions or comments about products and/or services;
e)To record statistical data for marketing analysis.
Activetoo may employ other companies or service providers to assist us in providing our services or any functions related to our services, including (but not limited to) marketing, market research, mail-house services, debt recovery functions, hosting and product development services, analysis of member lists and/ or consulting services.
Fitness First recognise the trust with which individuals provide personal information, and such information will not be used or disclosed for any other purposes without consent, except in exceptional cases when disclosure may be required by law or is necessary to protect the rights or property of Activetoo, or any member of the public, or to lessen a serious threat to a person's health or safety.
6. THE TYPES OF PERSONAL INFORMATION THAT WE COLLECT
The Personal Information We collect and hold depends on the type of product or service sought, but generally includes:
a)contact information (for example: Your name, address details, contact numbers, email address etc);
b)employment details;
c)Your date of birth and gender;
d)information relevant to Our products or services;
e)other information such as Your opinions, statements and endorsements collected from You or through surveys and questionnaires that You’ve completed through third parties engaged by Us; and
f)any relevant payment or billing information, such as bank account details, direct debit and credit card details or premium funding and insurance payment arrangements.
7. HOW WE COLLECT YOUR PERSONAL INFORMATION
When a service or product is purchased personal information will be requested in order to provide the requested service or product, provide updated information, and advise of other Activetoo products or services, which may be of interest. You are not obligated to provide personal information however failure to do so may result in Activetoo being unable to provide services or products to you.
We collect Your Personal Information when You submit a form during the process of purchasing a service or product directly from us or through an associated third party. Other means by which we may collect your Personal Information include (but are not limited to):
a)service providers engaged by Us or a third party who partners with Us, including service providers, clubs, associations, member loyalty or rewards program providers and other relevant organisations;
b)family members, agents or anyone else You have authorised to deal with Us on Your behalf;
c)Our website or partner websites;
d)Our mobile phone applications or that of Our partners;
e)telephone;
f)when You enter a competition or when You voluntarily participate in a survey.
Our Website
By using Our website You also agree to Our Terms of Service and acknowledge that We may use cookies to provide a number of services to you. Cookies are text files which are stored on Your computer so that each time You visit a web page Your IP address and the name of the website You visited is recorded. The next time You visit the same website, the text file communicates that You have been there before and the website may tailor the content, such as pop ups, to You.
Third parties, including Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information from ActiveToo websites and apps and elsewhere on the internet and use that information to provide measurement services and target advertisements to you.
Your Cookie Choices
You can enable or disable cookies by adjusting your browser settings. This allows you to reject the placement of all cookies (except strictly necessary cookies). You can also delete cookies which have already been placed on your device.
Please remember that disabling or deleting some or all cookies may prevent some web services (including on this website) from functioning correctly, and may lead to a less smooth or less personalised browsing experience.
For further general information on cookies and more detailed advice on how to disable and enable them please go to http://www.allaboutcookies.org.
Third Party Platforms
Sometimes we use third party platforms (for example: a partner website or mobile device application) to deliver and collect information. These are platforms hosted and managed by organisations other than ourselves. Before deciding to contribute to any third party platform, You should consult the privacy policies relevant to that third party site.
Unsolicited Personal Information
Unsolicited Personal Information can be characterised as information that We receive but have not taken active steps to collect. Where We receive unsolicited Personal Information, We will destroy or de-identify the information as soon as it is practicable, but only if it is lawful and reasonable to do so.
8. SHARING, DISCLOSING AND USING YOUR PERSONAL INFORMATION
We will only use Your Personal Information for the purpose it was given to us and will not share it with any other party except in accordance with this Policy and under the following circumstances:
a)if disclosure is required by law or requested by a statutory, regulatory or ombudsman authority;
b)where You have consented to the use or disclosure– which may be given expressly or may reasonably be implied by Your conduct. For example, where access to Our products has been facilitated through a third party, You consent through your actions that We may share Your information with that third party;
c)where it is necessary for a third party to assist Us in providing Our services, provide professional advice to Us or provide additional services to You (for example: lawyers, accountants, loss or other partner service providers etc);
d)for purposes related to: research (including market research), planning, service development, security, testing and risk management;
e)if disclosure is required for the purpose of conducting business analysis in order to improve or promote Our products and services including direct marketing (see below).
Related and unrelated third parties to whom Your Personal Information is disclosed are required to keep the information confidential and only use it for the same purposes We are permitted to use it. This can include third parties promoting services and products provided by Us or those We have an association with, that might be of interest to You. These third parties may also combine the Personal Information We disclose to them with information they already hold about You subject to their own privacy policy, in order to provide You with more relevant advertising about Our or their own products and services.
Direct Marketing
We may from time to time engage in direct marketing activities to advise You about or offer You products or services that may be of interest to you. Personal Information You or an associated party have provided us will be held on file for marketing purposes until you opt out of receiving such information.
a)We may use or disclose Your Personal Information for direct marketing purposes if:
b)the information has been collected from You directly;
c)You would reasonably expect that the Personal Information would be used or disclosed for that purpose;
d)We have provided You with a simple means by which You can easily request not to receive direct marketing communications; and
e)You have not made such a request not to receive direct marketing communications.
Third party marketing service providers may combine the personal information We disclose to them with information they already hold about You, in order to serve You with more relevant advertising about Our products and services.
Where We have collected Your Personal Information from a third party, that Personal Information may be used or disclosed for direct marketing if:
a)You have consented to its use or disclosure, or if it was impracticable to obtain Your consent; or
b)You were provided with the option to opt-out of direct marketing communications or were otherwise made aware that You could make such a request; and
c)You did not make such a request to opt-out of direct marketing communications.
If You request confirmation of the source of Your Personal Information used by Us for direct marketing purposes, We will endeavour to provide it to You within a reasonable period, unless it is impracticable or unreasonable for Us to do so.
We will not use or disclose Your sensitive information for direct marketing purposes without Your consent.
Overseas Entities
In some circumstances, in order to provide Our services to You, We may need to disclose Your Personal Information to third parties with whom We have subcontracted to provide specific services for Us, who are located outside Australia. These entities and their locations may change from time to time. Please contact us, if you would like a full list of the countries in which these third parties are located.
In circumstances where We disclose Your Personal Information to third parties outside of Australia, We have contractual provisions in place requiring these entities to comply with the requirements of the APPs in order to protect Your Personal Information against unauthorised disclosure, misuse or loss.
9. HOW WE STORE, SECURE AND DESTROY YOUR PERSONAL INFORMATION
Activetoo takes all reasonable steps to keep secure personal information recorded and to keep this information accurate and up to date. The personal information is stored on secure servers if in digital format, or in locked areas if in hardcopy format: these repositories are protected in controlled facilities.
Activetoo employees and data processors are obliged to respect the confidentiality of any personal and/or sensitive information held by Activetoo. Activetoo only permits authorised personnel to access your information and information will only be disclosed to third parties where they have the appropriate authority. We destroy or de- identify personal information we no longer need, wherever possible. We hold Personal Information within Our own data storage devices or with a third party provider of data storage including those outside of Australia.
10. MANDATORY DATA BREACH REPORTING
In accordance with Our obligations under the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (Privacy Amendment Act) We will notify the Information Commissioner and You if We have reasonable grounds to believe there is an "eligible data breach”, which occurs when:
a)there is unauthorised access to, or unauthorised disclosure of, information held by Us; or
b)information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, information is likely to occur; and
c)a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to You.
Serious harm, in this context, could include serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation and other forms of serious harm that a reasonable person in Our position would identify as a possible outcome of the data breach.
We will undertake an assessment of the circumstances within 30 days of becoming aware of the breach to determine if the breach is likely to cause You serious harm.
If after concluding Our assessment We believe that there are reasonable grounds that the relevant circumstances amount to an eligible data breach, We will notify the Information Commissioner and You in writing as soon as practicable. The notification will include:
a)Our identity and contact details;
b)a description of the serious data breach;
c)the kinds of information concerned; and
d)recommendations about the steps that You should take in response to the serious data breach.
Exceptions to mandatory reporting
In accordance with the exceptions provided for under the Privacy Amendment Act, We will not notify You of a data breach if:
a)we have taken remedial action after identifying an eligible data breach and the remedial action means it's unlikely the incident will result in serious harm to You; or
b)the data the subject of the breach is co-held with one of Our business partners and they have already reported the breach to You and the Information Commissioner; or
c)the Information Commissioner has granted an exemption.
11. QUALITY OF YOUR PERSONAL INFORMATION
When We deal with You We will take reasonable steps to confirm the details of the Personal Information We hold about You and ask You if there are any changes required.
The accuracy of Personal Information depends largely on the information You provide to Us, so We rely on You to:
a)promptly inform Us of changes to Your Personal Information (such as Your name or address); and
b)let Us know if You become aware of any errors in Your Personal Information that We hold.
12. ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION
Generally, You can access the Personal Information We hold about You and if required request corrections. This right is subject to some exceptions set out in the APPs.
When You seek to access or correct any Personal Information We hold about You, You should contact Us using the contact details available on our website. In all cases We will need to verify Your identity before actioning any request. We will respond to a request for access or correction within a reasonable period after receipt of the request.
If We refuse to give You access or access in a manner requested by You, We will provide written reasons together with guidance on how You can make a complaint about the refusal.
If We do not agree to make the requested changes to the Personal Information held, We will provide You with Our written reasons and You will have an opportunity to provide a statement as to why the information should be changed or corrected.
Where We have previously disclosed Your Personal Information to a third party and You request Us to notify that third party of the correction, We will take reasonable steps to provide the notification, unless it is impracticable or unlawful for Us to do so.
Cost of access and corrections
We will not usually charge for a request to access or change Your Personal Information. However, if We decide to apply a charge for providing the information, this will be limited to Our reasonable costs in locating and compiling the information.
13. PRIVACY COMPLAINTS PROCESS
If You are not satisfied with Our response to Your enquiry or complaint or where You have any concerns about Our treatment of Your Personal Information or where You believe there has been a breach of this Privacy Policy, You should contact Our Privacy Officer clearly setting out the nature of Your concern. The contact details are at the end of this Policy.
In the event of a privacy complaint, it will be reviewed and considered by someone with the appropriate authority to deal with the complaint. We will investigate any complaints received in writing and do our best to resolve them as soon as possible.
If you are not satisfied with the result of your complaint to us, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate complaints and recommend appropriate action to remedy privacy complaints.
The contact details for the OAIC is as follows:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
1300 363 992
14. CONTACT US
Please contact our Activetoo team or our Privacy Officer at privacy@activetoo.com if you wish to:
withdraw Your consent to any of the uses of Your information including receiving offers of products or services from Us or persons We have an association with;
access, update or correct any of Your personal information held by Activetoo
request a copy of this Policy by email, post or some other form and We will do Our best to accommodate Your request.
Have a complaint about a breach of Your privacy or a query relating to our Privacy Policy