1. PURPOSE OF THIS POLICY
Hello Sunday Morning (ABN 82 145 512 125) (HSM) is a non-profit organisation which aims to assist individuals to change their relationship with alcohol. HSM owns Daybreak which is accessible via a mobile app (DAYBREAK).
Important definitions which apply to this policy:
“Personal Information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
“Health information” is (a) Personal Information or an opinion about: (i) the health or a disability (at any time) of an individual; or (ii) an individual’s expressed wishes about the future provision of health services to him or her; or any other Personal Information about you when a Health Service Provider collects it.
“A Health Service Provider” is an organisation that provides a health service and holds Health Information is covered by the Privacy Act 1988 (Privacy Act), even if they’re a small business or providing a health service is not their primary activity.
“Sensitive Information” is any Health or genetic information, information or opinion about an identified Member’s racial or ethnic origin; political opinions; membership of a political association, religious beliefs or affiliations, philosophical beliefs, trade union, professional or trade association membership; sexual preferences or practices or criminal record.
HSM respects MEMBERS’ right to privacy and is committed to safeguarding MEMBERS’ privacy when engaging with DAYBREAK.
HSM’S PRIVACY OFFICER may be contacted by emailing firstname.lastname@example.org
When a MEMBER registers a profile with HSM through DAYBREAK, they will be required to provide HSM with their email address for administrative/registration purposes. MEMBERS are also encouraged to use a nickname (MEMBER NAME), not their real name for their profile and participation in the COMMUNITY FEED and to not disclose this name to others in order to retain anonymity. Retention of anonymity means that certain information provided by a MEMBER does not become identifiable, so it is important that MEMBERS adhere to this rule. Even if you engage with our Care Navigation service, you must remain anonymous. The Care Navigator will not have access to your registration details and will not be passing any communications with them onto any services which the Care Navigator may suggest to you, including HSM’s separate Health Coaching service.
3. WHAT IS DAYBREAK?
DAYBREAK is a mobile app developed by HSM to provide a platform whereby MEMBERS can anonymously engage with each other online via written posts to discuss changing their relationship with alcohol. All MEMBERS can view the posts. Posts are moderated by HSM’s MODERATORS as set out in COMMUNITY RULES.
In addition, to providing a discussion feed for MEMBERS (COMMUNITY FEED), DAYBREAK includes features whereby Members can choose to undertake behavioural experiments (EXPERIMENTS) or engage in seeking individual help from care navigators who may work with you to develop a Personalised Care Plan (PERSONALISED CARE PLAN) which will be based on your priorities, interests and motivations to suggest resources and services to you. .
In order to become a MEMBER, individuals must be at least 18 years old.
DAYBREAK is NOT a crisis service and is NOT monitored in real time, 24 hours/ 7 days per week. In a crisis situation, MEMBERS should not rely on posting their concerns in DAYBREAK or reaching out to CARE NAVIGATORS but should immediately contact emergency services in their country as every minute counts.
4. TYPES OF PERSONAL INFORMATION COLLECTED
A) Anonymous Community Feed
DAYBREAK has a COMMUNITY FEED for MEMBERS to exchange information with each other anonymously. Anonymity facilitates MEMBERS to openly share their concerns and to support each other without being identified and enables HSM to minimise the amount of identifiable information collected about MEMBERS.
MEMBERS are therefore encouraged to use a nickname or pseudonym in their interactions in DAYBREAK (MEMBER NAME) in the COMMUNITY FEED and to respect other MEMBERS right to stay anonymous by not using the COMMUNITY FEED to break anonymity (see the COMMUNITY GUIDELINES for further information).
MEMBERS are not able to identify MEMBERS’ registered identity and other Personal Information from the MEMBER NAME. However, HSM does retain the link between the MEMBER NAME and MEMBERS’ registered identity in the event that the MODERATOR and CARE NAVIGATORS reasonably determines that they should contact the MEMBER to provide emergency assistance information or apply COMMUNITY GUIDELINES. This information may also be made available to HSM’s technical and customer support and the Privacy Officer in order to respond to MEMBER enquiries.
HSM does not require MEMBERS to provide identifiable HEALTH or other SENSITIVE INFORMATION in DAYBREAK. Any such PERSONAL, HEALTH or SENSITIVE INFORMATION posted by MEMBERS in the COMMUNITY FEED or provided to MODERATORS or CARE NAVIGATORS is done voluntarily and at MEMBERS’ own risk of exposure of their identity and that information.
To ensure that we comply with Australian Privacy laws and Australian laws regarding the retention of HEALTH INFORMATION, we categorise MEMBERS information as follows:
a. Any identifiable information is PERSONAL INFORMATION and treated as such in compliance with Australian Privacy Laws;
b. Any identifiable information that includes HEALTH INFORMATION is treated as such in compliance with Australian Privacy Laws and Australian laws relating to the retention of HEALTH INFORMATION;
c. Any information that is provided on an anonymous basis and a health crisis is identified requiring matching of the registered identity by HSM with the MEMBER NAME in order to intervene, becomes HEALTH INFORMATION and will be treated in accordance with Australian Privacy Laws and Australian laws relating to retention of HEALTH INFORMATION;
d. Any information that is provided by a MEMBER on an anonymous basis into the COMMUNITY FEED, to a MODERATOR, or to a CARE NAVIGATOR and is also a breach of COMMUNITY GUIDELINES which requires matching of the registered identity of the MEMBER by HSM with the MEMBER NAME in order to intervene, potentially becomes PERSONAL and/or HEALTH INFORMATION and will be treated in accordance with Australian Privacy Laws.
B) Registration Information
Registration information collected by HSM from MEMBERS includes:
The following mandatory registration information:
- Email address,
- Date of Birth,
- Location (including postcode and country),
- Information about alcohol consumption and well-being;
- MEMBERS’ short-term and long-term goals.
The following optional registration information:
- Identity of private health insurance utilised (if any).
- Nature of the MEMBERS immediate social circumstances (eg living with themselves, partner, children, housemate, parents).
From time to time, HSM will post requests for further information from MEMBERS for research and quality assurance purposes. See RESEARCH section.
Cookies, our website and your privacy
So, we can understand your usage and browsing history of DAYBREAK, third party providers to HSM collect this information via cookies. We use this information to assess the effectiveness of DAYBREAK and to improve its quality assurance, functionality and appeal. DAYBREAK also collects technical data such as country from which contact is being made. Cookies do not reveal Personal Information, such as your name, address, phone number or address. Members can adjust their browser to disable cookies, but this may restrict the Members access to, and ability to use all aspects of DAYBREAK.
5. WHY HSM COLLECTS MEMBERS’ PERSONAL INFORMATION (and how HSM uses it)
HSM only collects, holds and handles information about MEMBERS that is necessary for it to:
a. complete registration under DAYBREAK;
b. provide MEMBERS with DAYBREAK’s services (e.g.CARE NAVIGATION);
c. improve DAYBREAK’s functionality;
d. promote and market DAYBREAK; including use of attribution tools that use IP addresses to understand how MEMBERS find Daybreak (e.g. through social media campaigns);
e. respond to MEMBERS’ enquiries;
f. monitor compliance with COMMUNITY FEED rules;
g. comply with a funder’s statistical reporting requirements;
h. conduct research by itself or in conjunction with third parties, including the compilation or analysis of statistics for management, funding or monitoring of the DAYBREAK service or to measure and improve the effectiveness of DAYBREAK in the assisting MEMBERS change their relationship with alcohol;
i. review written exchanges between a MEMBER and a MODERATOR or CARE NAVIGATOR for the following purposes:
A) to review a MEMBER’s complaint about a particular issue/instance that they reported about a MODERATOR or CARE NAVIGATOR;
B) for MEMBER safety concerns or complaints of unethical communications;
C) for HSM’s training and supervisory purposes;
D) to transition a MEMBER to a new CARE NAVIGATOR;
E) in response to a quality assurance concern of a MEMBER; and
F) to use “Meta Data” and other search terms to scan de-identified MEMBER CARE NAVIGATION AND MODERATOR MESSAGES to search for trends and patterns that may affect HSM’S quality of service, DAYBREAK or the practices of HSM’S MODERATORS OR CARE NAVIGATORSand to contribute to research in relation to alcohol use and online social connection platforms.
HSM may from time to time distribute surveys through DAYBREAK or to MEMBERS’ email addresses seeking feedback to improve MEMBERS’ experience of DAYBREAK or for marketing purposes to promote DAYBREAK. In addition, HSM may engage in health research and seek the participation of MEMBERS.
MEMBERS invited to be involved in such marketing and/or research can provide consent (opt in) or deny consent (opt out) at the time such invitations occur. Opting out of marketing or research will not impact on MEMBERS ability to continue to participate in use of DAYBREAK.
For any enquiries about marketing, please contact email@example.com.
6. WHEN DOES HSM DISCLOSE MEMBERS PERSONAL INFORMATION TO PEOPLE OUTSIDE THE ORGANISATION?
We do not sell your Personal Information to third parties.
To the extent practicable HSM will only disclose de-identified information about MEMBERS outside its organisation on the following bases:
a) to HSM’s accountants, funders, grant providers, financial advisors and legal advisors for the purposes of maintaining the provision of the DAYBREAK’s services and HSM’s business generally;
b) to HSM’s academic partners and/or academic publications for the purposes of publishing research regarding the usage and effectiveness of DAYBREAK in helping MEMBERS change their relationship with alcohol;
c) to HSM’s service providers and contractors to help HSM provide, manage, administer, monitor, distribute, operate or facilitate DAYBREAK’s services; to develop, market or provide HSM’s products and services, and to enable HSM to provide and improve its services (for example, web hosting companies, website administrators, mobile app distribution platforms, support services companies, marketing campaign attribution services, data analytics and analysis companies, advertising partners and payment processing venders);
i. if HSM considers it necessary to protect the rights or property of HSM or any other individual, or to lessen a serious threat to a person’s health or safety;
ii. if a MEMBER has given permission for us to do so;
iii. to obtain funding or prospective funding for HSM to perform its services;
iv. to configure the DAYBREAK’s services to meet MEMBERS or a MEMBER’S wishes and needs;
v. to generate anonymous statistical data;
7. STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
All conversations in the COMMUNITY FEED, MODERATOR and CARE NAVIGATION MESSAGES are electronically stored at the time of posting.
HSM will use all reasonable endeavours and appropriate technical and organisational safeguards to maintain the security of Personal Information (including Health Information) it collects against unauthorised access, modification or disclosure and to make DAYBREAK as secure as possible against unauthorised access of MEMBERS’ personal information. Data transmissions over the Internet cannot be guaranteed to be fully and absolutely secure. DAYBREAK has security measures in place designed to protect against the loss, misuse and alteration of the information under our control.
Security measures include the encryption of COMMUNITY FEED posts, MODERATION AND CARE NAVIGATION MESSAGES and other self-reported data during transmission and at rest. HSM uses standard Secure Socket Layer encryption that encodes these posts and transcripts during transmission. All posts and transcripts are maintained on secure services for a period of time, as defined by relevant laws.
Access to stored data is protected by multi-layer security controls including firewalls, role-based access controls and passwords. MEMBERS accept that all conversations in the COMMUNITY FEED, with MODERATORS or CARE NAVIGATORS or in blogs are electronically stored at the time of posting/sharing in the COMMUNITY FEED, or with MODERATORS or CARE NAVIGATORS and that these records are retained and may contain PERSONAL or, HEALTH INFORMATION which has been voluntarily provided by MEMBERS.
HSM cannot ensure or warrant that MEMBERS’ PERSONAL or HEALTH INFORMATION will always be secure during transmission or protected from unauthorised access during storage therefore MEMBERS provide such information on DAYBREAK at their own risk.
MEMBERS should contact the Privacy Officer immediately at firstname.lastname@example.org if they become aware or have reason to believe there has been unauthorised use of their Personal or Health information in connection with DAYBREAK.
8. DATA BREACH
If HSM becomes aware of a breach of data which is likely to result in serious harm to the MEMBER whose PERSONAL INFORMATION is involved in the breach, HSM will quickly investigate it and then as soon as practicable notify the affected individual(s) and the Australian Information Commissioner of:
a) the identity and contact details of the organisation;
b) a description of the data breach;
c) the kinds of information concerned; and
d) recommendations about the steps individuals should take in response to the data breach.
If a MEMBER has a reasonable belief to suspect there has been a breach of their PERSONAL INFORMATION, they should immediately contact HSM’s Privacy Officer at email@example.com.
9. TRANSFER OF MEMBERS’ PERSONAL INFORMATION TO OTHER COUNTRIES
HSM stores MEMBERS’ information on its servers located inside Australia and the United States of America. Please be aware the information HSM collects (including for example, device data) may be transferred, processed and/or stored in a country outside of a MEMBER’s country of residence. As such MEMBERS’ PERSONAL INFORMATION may be transferred, processed and stored in a country or region in which the data protection and privacy laws, including MEMBERS’ rights, may not give a MEMBER the same level of protection as they have in the country or /region where they live or are a citizen.
In order to use DAYBREAK requires MEMBERS to give express consent to the transfer, processing and storage of their data (including de-identified and identified) in Australia. If a MEMBER chooses not to consent to the transfer of data they will not be able to access the services provided in DAYBREAK and will not be able to complete registration.
10. MEMBERS ACCESS TO AND CORRECTION OF THEIR PERSONAL INFORMATION
MEMBERS may seek correction of their PERSONAL INFORMATION by writing to Customer Support at firstname.lastname@example.org. MEMBERS may obtain access to or deletion of their PERSONAL INFORMATION by writing to our Privacy Officer at email@example.com.
To assist HSM in the process, it would be helpful if a MEMBER seeking access provides HSM with their email address and nickname and a telephone number so they can be contacted if HSM has any queries about the request. HSM will reasonably endeavour to respond to any MEMBER’s request within SEVEN (7) Australian business days.
It is MEMBERS responsibility to ensure that their Personal Information which was required for registration is accurate and kept up to date. MEMBERS are responsible for advising HSM of any changes to such Personal Information.
When a MEMBER’S account is DELETED:
- The Member will not be able to log in to DAYBREAK;
- The MEMBER NAME will be removed from all of the member’s posts, shares and comments in DAYBREAK;
- All of the Member’s posts and comments will remain in the Community FEED in DAYBREAK;
- Any information related to when a MEMBER was provided with crisis intervention or support by HSM will be retained securely as HEALTH INFORMATION;
- Any information related to when a MEMBER breached the COMMUNITY GUIDELINES and intervention was provided by HSM will be retained securely as PERSONAL INFORMATION and/or HEALTH INFORMATION;
- Any de-identified health information and demographics will be stored securely and retained for HSM’s research purposes for 10 years after it was provided.
- HEALTH INFORMATION will be retained for the period required by Australian law and then securely destroyed.
- PERSONAL INFORMATION will be retained for the period required by Australian law and for as long as it is required for or relevant to HSM’s organisational purposes and then securely destroyed.
12. APPLICABLE LAW
13. QUESTIONS AND COMPLAINTS
If a MEMBER is not satisfied with HSM’s response, they may lodge a complaint with the Office of the Australian Information Commissioner (‘OAIC’) by writing to OAIC at GPO Box 5218, Sydney NSW 2001. For further information about the OAIC, please visit www.oaic.gov.au