Welcome to the Springday health and wellbeing technology platform.
At Springday, your privacy and the security of your personal information is a major priority for us. We want our visitors to feel protected when visiting and using the Springday health and wellbeing technology platform and our Programs, Tools and Online Community (collectively “the Platform”), which are available at url: Springday.com.au and at any other website which we operate on behalf of our corporate partners (“Website”) (collectively the “Springday Services”).
1. What information does Springday collect?
Springday collects the following types of information:
- Personally Identifiable Information
Personally Identifiable Information (“PII”) is information (or opinion) about an identified individual or an individual who is reasonably identifiable. PII may include, for example, your name, email address, birth date, phone number, gender and location.
PII may also include personal information which is treated as “sensitive information” under the Privacy Act 1988 (Cth). Sensitive information includes, for example, information or opinion about your health, your racial or ethnic origin, or your membership of a professional association, trade association or trade union.
- Non-Personally Identifiable Information
Non-Personally Identifiable Information (“NPII”) by itself cannot be used to identify or contact you. NPII may include user IP addresses, browser types, domain names, and anonymous statistical data involving the use of our Website and Platform.
From time to time, NPII may be connected to other information we collect from you. You do not have to provide PII to, for example, visit the Website; however, you do need to provide us with PII to subscribe to particular Tools, Programs and the Online Community, which are available on the Platform. If you do not provide certain PII we won’t be able to offer you those services.
The type of information we collect from you will depend upon the type of interaction you have with us. Broadly speaking, the types of PII that we collect may include:
- from users of the Platform – for example:
– your name, email address, birth date, phone number, gender and location when you create your Profile;
– details of, for example, your lifestyle, health, fitness and recreational activities and associated goals;
– details of any steps you have taken via the Platform, for example, participation in a health or fitness challenge, booking a flu vaccination etc.
- from our corporate clients and suppliers – for example, full names of key contacts, employer name, work contact details (including address, phone number, fax number and email address).
- from job applicants and employees – for example, full name, contact details (including address, phone number and email address), driver’s licence details, job title, passport details, employment history and education details, names and contact details of referees, next of kin details (in the event of an emergency) and superannuation fund and Tax File Number details, if required by law, for example, under the Superannuation Guarantee (Administration) Act, the Superannuation Industry (Supervision) Act, the Income Tax Assessment Acts and Taxation Administration Act.
We may also collect data from, for example, any of the following which you may use:
- wearables and connected fitness devices and platforms, such as Fitbit and Garmin;
- consumer health applications; and
- health data aggregators, such as Apple Health,
if you chose to connect them with Programs or Tools etc, which are available on the Platform or Website.
2. How does Springday collect PII?
We may collect PII from you in a variety of ways, including at different places and times on our Platform or Website, such as when you become a subscriber.
We may collect your PII when you do any of the following, for example:
- join the Platform and create and manage your profile;
- use the Wellbeing Check Tool, which is available on the Platform;
- choose customised content, Programs, Tools and incentives, including when you connect wearables and connected fitness devices and platforms (such as Fitbit and Garmin), consumer health applications and/or health data aggregators (such as Apple Health) with particular Programs and Tools on the Platform;
- subscribe to receive our newsletter or promotional materials or sign up to a mailing list;
- participate in challenges on the Platform or enter competitions, surveys or other promotional activities available on the Platform or Website; and
- interact with us by phone, email, mail, or via the Website, a Platform or any of our social media pages if, for example, you are a user of the Platform or a corporate client key contact.
We may also collect your PII from third parties. This may include (but is not limited to) the collection of your PPI from:
- your employer, for example, if your employer has engaged us to provide the Platform and Springday Services to its employees;
- nursing service providers, for example, if your employer has engaged a nurse to assist with the completion of your well-being assessment;
- someone duly authorised to act on your behalf;
- where you have provided consent, from your private health insurer and/or medical or health practitioner to, for example, co-ordinate any care requirements you may have; and
- recruiters we have retained, from referees you have provided in support of a job application and any service provider we may engage to conduct background checks on job applicants.
As stated above, Springday may also access data from your wearables and connected fitness devices, consumer health applications and/or health data aggregators if you chose to use them in connection with a Program or Tool available on the Platform.
Data permissions for Personal Data access
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application. Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party’s consent to provide the Data to Springday.
Depending on the User’s specific device, this Application may request certain permissions that allow it to access the User’s device Data as described below.
By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact us for support at the contact details provided in the present document.
The exact procedure for controlling app permissions may be dependent on the User’s device and software.
Please note that the revoking of such permissions might impact the proper functioning of this Application.
If User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by this Application.
This Application requests certain permissions from Users that allow it to access the User’s device Data as summarised here and described within this document.
Health Data read permission. Allows reading the User’s health Data within the Application to support its feature performance, troubleshooting and processing of de-identified analysis for the purpose of our Service.
Activity data tracked by your device
This Application uses some activity data tracked by your device to operate or to provide specific features within our Application and Service.
Personal Data processed: body measurements & indexes; food related activity; general activity data; movement activity.
Apple HealthKit (Apple Inc.)
HealthKit is an activity data handling service provided by Apple Inc. that enables the Springday to access or store activity data.
Personal Data processed: body measurements & indexes; food related activity; general activity data; movement activity; sleeping activity.
Registration and authentication provided directly by this Application
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services. The Personal Data is collected and stored for registration or identification purposes only. The Data collected are only those necessary for the provision of the service requested by the Users.
Direct registration (this Application)
The User registers by filling out the registration form and providing the Personal Data directly to this Application.
Personal Data processed (not limited to): email address; first name; gender; last name; company name; office location; department.
Indirect / Third-party authentication and registration
The User registers to our Service using third-party credentials and providing permission to share the Personal Data to this Application.
Personal Data processed (not limited to): email address; first name; gender; last name; company name; office location; department.
3. How does Springday collect NPII?
We collect NPII using “cookies” and “action tags”.
In addition to cookies that we place on your computer, cookies may also be placed on your computer by third parties that we use to display or serve advertisements on our Website or to collect NPII for advertising-related services. In the course of serving advertisements on this Website, third party ad servers may place or recognise unique “cookies” on your browser. Neither these third parties nor their cookies collect PII on our Website, and we do not share PII with them without your permission.
You do not have to accept cookies to use our Website. Although most browsers are initially set to accept cookies, you may reset your browser to notify you when you receive a cookie or to reject cookies generally. Most browsers offer instructions on how to do so in the “Help” section of the toolbar. While you are not required to accept our cookies to access our Website, if you reject cookies, certain offerings, features, or resources of our Website (may not work properly and you may experience some loss of convenience.
“Action tags,” also known as web beacons or GIF tags, are a web technology used to help track anonymous website usage information, such as how many times a specific page has been viewed. Action tags are invisible to you, and any portion of our Website, including advertisements, or email sent on our behalf, may contain action tags. Unlike cookies, action tags are not placed on your computer.
We may also collect NPII through our Internet Log Files, which record data such as user IP addresses, browser types, domain names, and other anonymous statistical data involving the use of our Website. This information may be used to analyse trends, to administer our Website, to monitor our Website’s use, and to gather general demographic information. We may link this information to PII for these and other purposes such as personalising your experience on our Website and evaluating our Website in general.
4. How does Springday use the information we collect?
If you subscribe to the Platform, complete the Wellbeing Check Tool or use other Tools or Programs available on the Platform, we may use your PII to:
- assist you to monitor and improve your health, fitness and wellbeing. For example, if you have completed the Wellbeing Check Tool, we will use your PII to send you an overview on your wellbeing based on your responses when completing the Wellbeing Check;
- send you details of, for example, Programs, Tools and service providers etc which may assist you with your health, fitness and wellbeing;
- manage appointments you may schedule via the Platform;
- send you direct marketing messages which we consider may be of interest to you;
- the prevention of fraud and/or identifying and investigating any suspicious use of our Website, Platform or the Springday Services;
- for our internal business and management processes, for example accounting or auditing purposes;
- for any other purpose to allow us to comply with our obligations under law; and
- for any other purposes that would reasonably be expected by you.
We may also use your PII to send you direct marketing messages about our campaigns, promotions, products and services which you might be interested in, for example, via our newsletters or email marketing communications. You may choose whether to receive these direct marketing messages from Springday.
If you do not wish to receive these direct marketing communications, you can opt-out by:
- changing your account settings by logging into your profile on the Platform or Website;
- following the unsubscribe instructions in any marketing communications we may send to you; or
- contacting us using the contact details below and informing us that you wish to opt-out.
If you create a profile on the Platform, the only information which is available to the public is your username, program, photo (if you choose to display a photo) and your points if you are participating in challenges etc. If you choose to post in the Online Community, your profile and posts will be available to those in your closed group – NOT the general public.
If you are a job applicant, employee or contractor, we will use your PII for purposes relating to your engagement, training, performance management, payroll, superannuation, health and safety, for administration and staff management purposes. Where we consider it appropriate, we may also conduct background checks (or engage a third party to do so on our behalf).
If you are a representative of a corporate client or a supplier, we will use your PII to administer and manage our relationship with your company.
The NPII we collect may be used for a variety of purposes, including but not limited to:
- help us understand who uses our Website and Platform, how they are used and to improve our Tools, Programs and the Online Community.
- perform statistical analysis of user behaviour, to analyse and evaluate issues relating to nutrition, weight loss, behaviour and fitness, and/or to evaluate and improve the Springday Services and Platform. We may link some of this information to PII for internal purposes only or to assist you in achieving your health and wellness goals.
We may provide aggregated data in respect of the Springday Services to our corporate clients so they gain insights about workplace wellbeing etc. However, no PII is provided with this data.
Where your information is no longer required for the purpose for which it was collected (for example if our agreement with your employer to provide the Platform comes to an end) and we have no legal obligation to retain the information, Springday will use reasonable endeavours to ensure that your PII is deleted, destroyed or otherwise de-identified.
Mode and place of processing the Data
Methods of processing
Springday takes appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to Springday, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from Springday at any time.
Legal basis of processing
Springday may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations Springday may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
- provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which Springday is subject
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Springday
- processing is necessary for the purposes of the legitimate interests pursued by SPringday or by a third party.
In any case, Springday will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Data is processed at Springday’s operating offices and in any other places where the parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organisation governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by Springday to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or enquire with Springday using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of Springday’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by Springday within the relevant sections of this document or by contacting Springday.
Springday may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, Springday may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
5. Does Springday disclose information to third parties?
We may provide your PII to your healthcare practitioner and/or insurer where you have provided consent, for example, you may permit your healthcare practitioner to monitor your fitness device tracking data, which they may access via the Platform.
Our corporate partners are not able to access the PII of their employees who use the Platform.
Third Parties Generally.
We may provide NPII (that does not allow you to be identified or contacted) to third parties, including where such information is combined with similar information of other users of the Springday Services. For example, we might inform third parties regarding the number of unique users who visit the Website or Platform, the demographic breakdown of users of Platforms, or the activities that visitors to our Website engage in while on our sites. The third parties to which we may provide this information may include potential or actual advertisers, providers of advertising services (including website tracking services), commercial partners who use our Platforms, potential commercial partners, sponsors, licensees, researchers and other similar parties.
We may engage independent contractors, vendors and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to our Platform, Website and/or the Springday Services, such as hosting and maintaining the Springday Community section of the Website, providing credit card processing and fraud screening, and developing applications for our Platforms, Website and email services. These Outside Contractors may sometimes have limited access to information collected on our Platforms and/or Website, including your PII, in the course of providing products or services to us.
Access to your PII by Outside Contractors is limited to the information reasonably necessary in order for the Outside Contractors to perform their limited function for us. We also require that these Outside Contractors:
b. not use or disclose your PII for any purpose other than providing us with products or services for which we contracted.
Sale of Business.
6. Third Party Websites
7. How does Springday secure the information we collect?
We want your information (including PII) to remain as secure as reasonably possible. We strive to provide secure transmission of your information from your computer to our servers through industry- standard techniques.
To help ensure the integrity and privacy of the PII you provide to us via the Internet at the time you elect to become a community user or subscribe to our Website, we use Secured Socket Layer (SSL) encryption technology in transmitting such PII over the Internet to our servers. We secure the PII you provide on servers located in controlled, secure environments, protected from unauthorised access, use, or alteration.
8. Can you access, update or correct your PII?
You have a right to access and correct your PII that we hold and to have any inaccuracies in the information corrected. You also may request the erasure of your PII (eg where you have withdrawn your consent to our use of your PII) or to transfer or receive a copy of your PII in a useable format. If your PII is out-of-date or incorrect, you may inform Springday by sending us an email to email@example.com by contacting us using the Contact Details below. Depending on the PII, you may be able to correct some of your PII held by Springday in the My Profile feature of this Website.
There are some circumstances specified by law where we may refuse your request for access to and/or the correction of your personal information. However, if one of these circumstances applies, we will provide you with a written explanation of the reasons for refusal, unless it would be unreasonable to provide that notice.
Once we receive your request for access or correction, we will endeavour to respond to your request within 30 days after the request is made.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights).
There is no charge for requesting access to your personal information but we may require you to meet Springday’s reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
9. Who do I contact if I have a privacy question or wish to lodge a complaint?
Attention: Privacy Officer
Springday Pty Limited
PO Box 699
Milsons Point NSW 1565
We will investigate your complaint and endeavour to provide you with our response within a reasonable time. If, after receiving our response you still consider that your privacy complaint remains unresolved, you may, for example, refer your concern to the Office of the Australian Information Commissioner at www.oaic.gov.au.
Last Updated: 18 February 2022
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilised by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).