Platform Privacy Notice AUS

Inova Design Solutions Ltd

This privacy notice (together with any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, when you become a customer or end-user of the Bodytrak sensor hardware and monitoring platform (“Platform”).

For information on how we collect and use your personal data when you use our general website (https://bodytrak.co/), please see our separate Website Privacy Notice here: https://bodytrak.co/privacy-notice.

Inova Design Solutions Ltd (collectively referred to as “we”, “us” or “our” in this privacy notice) are committed to protecting your personal data and respecting your privacy.

For most data processing activities relating to our customers/users of our Platform, we will be acting in the capacity of data processor under applicable data protection law. (In relation to the implementation of the Platform at a customer’s request, and the subsequent collection of end user personal data for the customer’s purposes, the customer (usually the employer of the end users) will be the data controller of such personal data and we will be the data processor acting under such customer’s instructions.) However, in respect of certain data processing activities (as set out below in this Privacy Notice) we will be acting as a data controller. This Privacy Notice sets out the legal basis for our processing activities when we are acting as a data controller.

1. Information we may collect from you

We may collect and process the following personal data about you:

Information you give us.

1.1 If you contact us by phone or email, the information you give us may include contact information such as your name, address, job title, employer, e-mail address and phone number.

1.2 If you are a customer or user of the Platform, the information you give us may include account information such as your name, email address, phone number and password so you can sign into our monitoring platform or to enable us to assist you with customer support queries.

Information we collect about you.

1.3 If you are a customer or user of our Platform, we may collect and process:

1.3.1 physiological information from you including heart rate, heart rate variability, body temperature and motion (“Physiological Data”). This Physiological Data consists of special category data as defined by the GDPR and sensitive information as defined in Australia’s Privacy Act 1988 (Cth), as it contains health information. As such, we will only collect, use, disclose or otherwise process this Physiological Data (as a data controller) when we have obtained your explicit consent in accordance with clause 2.1.3 below;

1.3.2 technical information, including device battery level, connectivity method and signal strength, connectivity to the internet and crash/diagnostic logs;

1.3.3 location and GPS/satellite coordinates (we collect indoor and outdoor location data using GPS/satellite data where available and other available radio signals (e.g. cellular and WiFi); we collect more precise indoor location data using triangulation between Bluetooth or WiFi access points), where we have your consent in accordance with clause 2.1.3 below (“Location Data”);

1.3.4 device identifiers, download errors and crash data;

1.3.5 the date and time of any acknowledgement of an alert you action;

1.3.6 recording session start and end date and time;

1.3.7 ambient noise exposure level; and

1.3.8 responses to automated phone messages and email alerts.

1.4 With regard to each of your visits to our Platform we may also automatically collect the following information (or be provided with it by third party analytics providers such as Google based inside or outside the UK or European Economic Area (“EEA”)):

1.4.1 technical information, including the Internet protocol (“IP”) address used to connect your computer to the Internet, your login information, device information including browser type and version, approximate geolocation, time zone setting, browser plug-in types and versions, operating system and platform;

1.4.2 information about your visit, including the full Uniform Resource Locators (“URL”) clickstream to, through and from our site (including date and time);

1.4.3 page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page; and

1.4.4 any phone number used to call our customer service number.

Information received from third parties

1.5 We will receive personal data about you from various third parties and public sources as set out below:

1.5.1 Identity and contact data from data brokers or aggregators such as Zenleads, Inc., (Sales Intelligence and Engagement Platform | Apollo ), who could be based inside or outside the UK; and,

1.5.2 Identity and contact data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

Aggregated Data

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Platform feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

2. Uses made of the information and legal basis for processing

2.1 When we are acting as a data controller, we use information held about you in the following ways:

2.1.1 Where we have a legitimate interest, we may use this information:

(a) to administer our products and services (including record keeping) and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

(b) to send you important information about your account;

(c) to guide the development of the content;

(d) to improve our products and services;

(e) to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing);

(f) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;

(g) to carry out direct marketing (in accordance with clause 3 below).

2.1.2 Where we have a legal obligation, we may use this information:

(a) to protect against fraud; and

(b) in any other case, where required or authorised by law, or where we are under a duty to process your personal information in order to comply with any legal obligation.

2.1.3 Where we have your explicit consent, we may:

(a) anonymise the Physiological Data collected from our sensory hardware in order to create anonymised data (rendered anonymous in such a manner that you are no longer identifiable) which we then use for our own research, development and business purposes.

(b) anonymise the Location Data collected from our sensory hardware in order to create anonymised data (rendered anonymous in such a manner that you are no longer identifiable) which we then use for our own research, development and business purposes.

The ‘research, development and business purposes’ referenced above may include, but are not limited to: (i) research and development to improve the performance of the Platform for existing and new customers; (ii) data analysis and market assessment in order to understand the usages of the Platform; (iii) research and development to enable Inova to develop new potential services for existing and new customers; and (iv) sub-licensing of the anonymised data to third parties.

2.2 We will only use your information for the purposes set out in clauses 2.1 above. We will not use such information for any other purpose.

2.3 If you do not provide the necessary personal information where we need it in order to provide you with our goods/services or withdraw your consent for the processing of your personal information where consent is relied on, where this information is necessary for us to provide our products or services or any relevant features to you, we will not be able to provide you with the relevant products, services or features.

3. Direct marketing

3.1 You may receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving that marketing.

3.2 If we have obtained your personal information from a public source or from a third party and you are a “corporate subscriber” (as defined by the Privacy and Electronic Communications Regulations), then you may receive marketing communications from us provided you have not opted out of receiving that marketing.

3.3 We may also analyse your identity, contact, technical, and usage data to form a view which products, services and offers may be of interest to you so that we can then send you relevant marketing communications.

4. Opting out of marketing

4.1 You can ask us to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you or by contacting us ([email protected]).

4.2 If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.

5. Disclosure of your personal data

5.1 Where applicable, we may share your personal data with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (or equivalent laws).

5.2 We will not share your information with third parties other than as follows:

5.2.1 Any third party subcontractors or IT suppliers who may process your personal data as part of the services they provide to us to enable us to provide our services to you;

5.2.2 In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;

5.2.3 If Inova Design Solutions Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and

5.2.4 If we are under a duty to disclose or share your personal data in order to:

(a) comply with any legal obligation;

(b) enforce or apply our terms of website use, our Conditions of Supply of Goods or any other agreements with you;

(c) protect the rights, property, or safety of Inova Design Solutions Ltd, our customers, or others.

6. International transfers

6.1 The personal data that we collect or receive about you may be transferred to and processed by recipients which are located overseas, including inside or outside the UK. We will take all necessary measures to ensure that transfers to overseas recipients are adequately protected as required by applicable data protection laws.

6.2 Currently, if you are a customer based within the UK, the personal data that we collect via our Platform will be transferred and stored within the UK and the EEA. If this position changes and we make data transfers to countries not providing an adequate level of data protection, we will ensure that appropriate safeguards are put in place prior to any data transfer, such as standard data protection clauses adopted by a relevant regulator or supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us at [email protected],

6.3 The countries in which we make data transfers to depend on the circumstances. However, in the course of our ordinary business operations, we may disclose personal information to third parties located in the UK, the EEA and USA.

6.4 We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy notice.

7. Security

7.1 We implement appropriate technical and organisational measures designed to protect your personal data. We may use third-party products and apps to secure or store your information but will use strict procedures and security features to protect it.

7.2 Where you have chosen a password, which enables you to access our Platform, you are responsible for keeping this password confidential. You should not share this password with anyone.

7.3 If you have any reason to believe that your interactions with our Platform are no longer secure, please notify us immediately at [email protected].

8. Retention and deletion of your personal data

8.1 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in accordance with applicable laws, in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

8.2 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

8.3 Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us below.

8.4 In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research and statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. Your rights

9.1 You may have a number of rights when it comes to your personal information which we have summarized in the table below.

Right What does this mean?
1.          The right to object to processing You may have the right to object to certain types of processing, including processing for direct marketing (if applicable).
2.          The right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Notice.
3.          The right of access You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice).  We will provide access to your personal data in accordance with applicable data protection laws, subject to certain exceptions which may apply.

This is so you’re aware and can check that we’re using your information in accordance with data protection law.

4.          The right to rectification You are entitled to have your information corrected if it’s inaccurate or incomplete.
5.          The right to erasure This is also known as “the right to be forgotten”.  In simple terms, where you have this right under applicable laws, you may request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
6.          The right to restrict processing You may have rights to block or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
7.          The right to data portability You may have rights to obtain and reuse your personal information for your own purposes across different apps. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
8.          The right to lodge a complaint If you are based in the UK, you have the right to lodge a complaint about the way we handle or process your personal information with the ICO (the UK data protection regulator). If you are based in the EU, you have the right to make a complaint at any time with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the EU GDPR.
9.          The right to withdraw consent If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.

9.2 Where you submit a request or complaint to us, we’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

9.3 Please note that we do not carry out automated decision making on our platform.

9.4 You can exercise your rights in relation to your personal data at any time by contacting us using the contact details below (see “Contact Details”) or by checking the relevant boxes on the forms we use to collect your data.

10. Third party websites

10.1 Our Platform may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.

10.2 If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

11. Personal data of children

11.1 Our Platform is targeted at persons over the age of 18.

11.2 If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.

12. Changes to our privacy notice and your duty to inform us of changes

12.1 Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.

12.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

14. Contact details

14.1 We are registered in England and Wales under registration number 07513025 and have our registered office at 86-90 Paul Street, London, EC2A 4NE, United Kingdom.

14.2 If you have any comments or concerns regarding the way in which we have used your personal data, or if you believe that we have not adhered to this privacy notice or the applicable data protection laws, please contact us using the details set out below.

14.3 Questions, comments and requests regarding this privacy notice are welcomed. You can contact us:

14.3.1 by post, to the postal address given above;

14.3.2 using our website contact form;

14.3.3 by telephone, on +44 (0)203 432 5439; or

14.3.4 by email to: [email protected]

14.4 If you are based in the UK, you have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection issues (www.ico.org.uk). If you are based in the EU, you have the right to make a complaint at any time with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the EU GDPR. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

14.5 If you are based in Australia, the relevant authority is the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).

 

 Version 1.0 dated March 2024.