1. About us
Respiri Limited (Respiri) is committed to managing personal information in accordance with the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth) (the Privacy Act), the General Data Protection Regulation (EU) 2016 / 679 (GDPR) and in accordance with other applicable privacy laws (Privacy Laws).
We only collect, use or disclose personal information (which may include sensitive information as defined in the Privacy Act) in accordance with Privacy Laws and this Policy.
In this Policy, “we”, “us” and “our” means Respiri.
We take privacy seriously and are committed to ensuring the protection of your personal information, no matter where you are located. Details of additional rights of individuals located in the EU and other countries are outlined under the heading Country/Region-Specific Disclosures.
2. Your privacy is important
We understand that the privacy and confidentiality of your personal information is important.
Respiri’s intention is to use the personal information provided by you to us to make any dealings with Respiri better suited to your needs.
Our Policy describes how we collect, hold, use and may disclose your personal information through our websites (e.g., including www.respiri.co.), associated devices and applications (e.g. wheezoTM), and other interactions (e.g. customer service inquiries, online stores, etc.) you may have with Respiri (collectively, the Services). If you do not agree with this Policy, do not access or use Respiri products or Services.
Our aim is to ensure the quality, integrity and security of your personal information.
3. What information do we collect?
Respiri collects personal information – that is, any information or opinion about an identified individual or individual who is reasonably identifiable.
The personal information that we collect about you will depend on the products or Services we provide you, or that you may enquire about.
Some examples of personal information we collect may include (but is not limited to):
- your name, date of birth and gender;
- your physical traits, such as height and weight;
- contact details such as telephone number, email address or delivery address;
- payment or banking information (including related payment verification information);
- information about your interest in or use of our products or Services;
- health (sensitive) information;
- information about your treating medical practitioners; and
- any other information you choose to provide us with.
Please note that sensitive information includes (but is not limited to), information about a person’s health (including medical information), race or ethnic origin, political opinions, religious or philosophical beliefs, and criminal history.
For example, we may collect health information about selected health issues in relation to your wheezoTM product. If we need this type of information, we will ask for your permission – except where otherwise allowed by law.
4. Why Respiri collects personal information
The type of personal information that we collect and the purposes for which we collect that personal information is used, will be dependent upon the circumstances. We collect personal information from you when it is reasonably necessary in the course of its business.
We collect it to provide you with the purposes for which it was collected (and related purposes) which would be reasonably expected by you; purposes to which you have consented; to supply you with the products that you have requested from us and to provide you with the best possible service; or as otherwise authorised by law. .
We will only use the personal information that we collect about you for the purposes connected with Respiri’s business. Reasons we may collect personal information include:
- communicating with you, including by email, telephone and mail;
- answering your questions and comments and provide you with information or advice;
- verifying your identity;
- coordinating your care with health care providers and health plans;
- obtaining payment for our products and Services;
- interacting with you via digital marketing;
- providing your personal information to selected, approved third parties that assist in providing products and services you have requested;
- analysing and improving the products and Services we provide;
- delivering marketing communications, promotional health materials, or advertisements that may be of interest to you;
- considering and respond to queries made by you; and
- complying with laws or regulations or to comply with any directions given by regulators or authorities.
In addition, we may use de-identified health information to contribute to public health efforts (particularly, research) regarding respiratory disease and for other related medical uses.
Please note: If we are not able to collect your personal information about you, we may not be able to provide you with the products, services or assistance you require.
5. How do we collect personal information?
We collect your personal information in a number of ways and for various purposes, including:
- You give it to us when you interact with us.
This may happen when you contact us, sign up to our newsletter, create an account, purchase our products online, use one of our products or services.
- We collect information when you use our networks, products and Services.
The purpose of collection is to improve users experience of the site and for record keeping purposes. Such information may include:
- information from our website including the number of visits, dates of visits, pages viewed and navigation of the site;
- transaction information including the type of Services you requested or provided, your order details, delivery information, date and time the service was provided, amount charged, and payment method; and
- device information including the hardware models, device IP address, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion information, and mobile network information.
- We obtain information from outside sources like marketing mailing lists, public information (including public posts to social networking sites) and commercially available personal, identity, geographic and demographic information.
We may also collect your personal information to comply with legal requirements or obligations, law enforcement, and for public safety purposes.
If you provide personal information about another person to us, we require that you:
- inform that person you have done so and provide them with a copy of this policy; and
- confirm to us that you have that person’s consent to provide such information for the purpose specified.
6. How do we use your information?
We will only use and disclose your personal information:
- for the purposes outlined in Section 4; or
- if we otherwise get your consent to do so, in accordance with this Policy and the Privacy Act.
We will not use your personal information for any purpose for which you would not reasonably expect us to use your personal information.
We will only use or disclose your personal information for the purposes of direct marketing if:
- we collected the information directly from you;
- it is reasonable in the circumstances to expect that we would use or disclose the information for direct marketing purposes;
- we provide you with a simple means to ‘opt-out’ of direct marketing communications from us; and
- you have not elected to ‘opt-out’ from receiving such direct marketing communications from us.
You may opt-out of receiving marketing information from Respiri at any time by:
- clicking on a link in the email communications sent to you; or
- contacting our Privacy Officer.
Please allow a reasonable period for your request to be actioned.
7. Cookies and Third Party Technologies
- authenticating users;
- remembering user preferences and settings;
- personalising content and ads;
- determining the popularity of content;
- delivering and measuring the effectiveness of advertising campaigns; and
- analysing site traffic and trends, and generally understanding the online behaviours and interests of people who interact with our Services
You may adjust your browser to refuse to accept cookies, remove cookies or notify you when a cookie is set by editing your web browser preferences or options. Each browser is different, so check the “Help” menu on your browser to learn how to change your cookie preferences. You do not have to accept all cookies sent to you by our website. However, depending on the particular cookie you reject, you may not be able to use some features of our website.
8. Sharing your personal information
To ensure that we can meet your specific needs, we may share your personal information with others in a variety of ways.
We may share your personal information with Respiri’s related entities. Where appropriate we integrate the information we hold across the Respiri family of entities to, among other things, provide the services you have requested or authorised; to manage risk; and to provide us with a complete understanding of your product holdings and your needs.
We may also share your information with third parties where the law otherwise allows, including:
- third parties engaged by us to perform functions or provide products or services on our or their behalf such as mail outs, marketing or advertising;
- third parties that sponsor or promote us;
- credit reporting bodies and credit providers;
- our professional advisors, including our accountants, auditors and lawyers;
- persons authorised by you to receive information held by us; and
- any person as required or permitted by any law.
Generally, we require that third parties who handle or obtain personal information as service providers to Respiri acknowledge the confidentiality of your personal information, undertake to respect an individual’s right to privacy and comply with the Privacy Act and this Policy.
Respiri may also disclose aggregate or de-identified data that is not personally identifiable with third parties. Aggregate data is created by pooling information about individuals and describing the data in the aggregate (e.g. 20% of customers who clicked on the X promotion participated in the promotion).
Protecting children is a very important priority for Respiri.
We recognise the need to provide further privacy protections with respect to personal information we may collect from children in relation to any of our products and Services.
We do not knowingly collect personal information from children under the age of 18 without the consent of a parent or legal guardian (note that the minimum age may vary based on country/region and on local law).
When we intend to collect personal information from children, we take additional steps to protect children’s privacy.
In accordance with applicable law, and our practices, we obtain consent from parents for the collection of personal information from their children, or for sending information about our products and Services directly to their children.
We also limit our collection of personal information from children to no more than is reasonably necessary to use our products and Services.
Respiri provides parents access (or an ability to request access to personal information) that we have collected from their children and the ability to request that the personal information be changed or deleted.
If you become aware that your child has provided us with personal information without parental consent, please contact our Privacy Officer immediately.
If we become aware that a child has provided us with personal information without parental consent, we will take reasonable steps to remove the data and cancel the child’s account.
Consent to Respiri’s Collection, Use and Disclosure of your Child’s Information
10. Family Sharing
Family Sharing Services allows you to monitor the activity (i.e. analysis of breathing sounds for the presence of wheezing when using the wheezoTM product) for each device on your account.
You are able to control what personal information you share and with whom you share it with.
We encourage you to adjust the sharing settings to best meet your objectives.
When setting up Family Sharing services, parents must first provide consent for the collection, use and disclosure of their child’s information for the purpose of providing the services. At any time, parents may provoke such consent. However, without such consent, Family Sharing services will not be available for your use of the product and/or Service.
11. Access and correction of personal information
If you require access to your personal information, please contact our Privacy Officer.
We reserve the right to charge you reasonable expenses for providing access to or updating your personal information, for example, a fee for photocopying any information requested by you.
Respiri endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. Please contact our Privacy Officer if you believe the information Respiri holds about you is inaccurate, incomplete or out-of-date.
12. Storage and security of your personal information
We will retain your personal information for as long as you maintain an account or as otherwise necessary to provide you the Services. We will also retain your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where we no longer need to process your personal information for the purposes set out in this Policy, we will delete your personal data from our systems.
We hold your personal information in a combination of hard copy and electronic files. Electronic files are stored in servers that are operated and maintained by Respiri and third parties under contract with Respiri and they are located in Australia or overseas countries such as USA, Israel and Singapore.
Respiri takes reasonable and appropriate measures to protect your personal information from loss, misuse, alteration, disclosure or interference and unauthorised access.
We endeavour to keep information, including your personal information provided by you or on your behalf, secure and confidential. However, we cannot guarantee or warrant the security of any information you send to us using online communication. You submit information online at your own risk.
Sending your personal information overseas
Sometimes, we may send your personal information overseas, including to:
- service providers or third parties who store data or operate outside Australia; or
- comply with laws, and assist government or law enforcement agencies.
We will disclose personal information overseas only to the extent it is necessary to effectively perform our functions or activities.
Please note all countries have different data protection standards. If we send your personal information overseas (including countries such as USA, Israel and Singapore), we will take appropriate measures to protect your personal information such as ensuring all information is de-identified where appropriate before being transmitted.
Links to other websites
Our Services may provide a link or otherwise provide access to third party websites. We provide these links because we believe you may find them useful and informative. Please be aware, however, that we have no control over, do not review, and are not responsible for third party websites, their content, or any goods or services available through the third party websites.
Our Policy does not apply to third party websites, and any information that you provide to third party websites, you provide at your own risk. We encourage you to review the privacy policies of any third party websites that you may interact with.
13. Notifiable Data Breaches
Despite our every effort to protect your personal information, there remains the possibility that a breach of our security could occur. In the event of any loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, Respiri will:
- seek to rapidly identify and secure the breach to prevent any further breaches;
- engage the appropriate authorities where criminal activity is suspected;
- assess the nature and severity of the breach including the type of personal information involved and the risk of harm to affected individuals;
- notify the affected individuals directly if appropriate and where possible;
- if appropriate, put a notice on our website advising our customers of the breach; and
- notify the Australian Information Commissioner (at the OAIC) if the breach is significant.
14. Privacy complaint
If you have a complaint about how we collect, use, disclose, manage or protect your personal information, or otherwise consider there may be a breach of the Privacy Act or the APPs, please contact our Privacy Officer. You will need to provide us with sufficient details regarding your complaint as well as any supporting evidence and/or information.
The Privacy Officer will investigate the issue and determine the steps (if any) that we will undertake to resolve your complaint. We will contact you if we require any additional information and will notify you in writing of the outcome of the investigation. If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to the Australian Information Commissioner via www.oaic.gov.au.
15. How to contact us
If you have any questions about Respiri and privacy, wish to provide feedback about this Policy, would like to access information held by Respiri about you, or wish to make a privacy related complaint, please contact our Privacy Officer at:
|Phone:||+61 3 9653 9160|
|Postal address:|| The Privacy Officer|
10/446 Collins Street
Melbourne VIC 3000
Please submit any complaint in writing. Respiri will respond to your complaint as soon as possible.
16. Further information
Further information about the application of the Privacy Act can be found at the website of the OAIC at www.oaic.gov.au.
1. Residents of the European Economic Area
The European Union (EU) General Data Protection Regulation (GDPR) has harmonised the data privacy laws of each individual EU country, giving more rights to individuals located in the EU and more obligations to organisations holding their personal information. In this Appendix, “personal information” means any information relating to an identified or identifiable natural person (the meaning given to the term “personal data” in the GDPR).
Personal information must be processed in a lawful, fair and transparent manner. As such, if you are located in the EU, GDPR requires us to provide you with more information about how we collect, use, share and store your personal information as well as advising you of your rights as a ‘data subject’.
If you are located in the EU and have an enquiry relating to your rights under the GDPR, please contact email@example.com.
What personal information do we collect?
The GDPR provides additional protection for personal information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation. We will only process this type of personal information with your consent or where otherwise lawfully permitted.
We will only hold your information for as long as necessary to fulfil the purposes for which it was collected, before making it non-identifiable or deleting it.
How we use your personal information
We can only collect and use your personal information if we have a valid lawful reason to do so. For Respiri, these reasons are:
- For the performance of a contract
To perform our contractual obligations to you, including account registration, fulfilling orders or purchases you have made (including processing of payment), contacting you in relation to any issues with your order, in relation to the provision of the Services, when you take assessments, share content or achievements, or invite friends, when you ask us to customise products or Services, where we need to provide your personal information to our service providers, where we need to collect personal information from third party sources and when you access third party products and services, where we collect data from third parties or publicly-available sources, or to aggregate and centralise data for the performance of the Services.
- To meet legal obligations
To comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation.
- For Legitimate Interests
We need to process your personal information for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal information which overrides these legitimate interests.
For example, the following areas include processing covered by Legitimate Interests, subject to applicable law:
- Communication. To communicate with you regarding the Services, including to address your requests, inquiries, and complaints. We may send strictly necessary communications, including emails, even if you have opted out of receiving other Respiri emails or communications. These types of communications do not require consent. We also process your personal information for our legitimate interests when you communicate with us, including when you sign up for promotional materials and we have not asked you for your consent in that regard.
- Respond to your requests. To respond to your requests for technical support, online services, product information or to any other communication you initiate. This includes accessing your account to address technical support requests.
- Promotional messages. We process your non-sensitive personal information to provide you with promotional messages and personalised marketing, including: when you communicate with us or sign up for promotional materials; when you participate in special activities, offers, or programs; when you engage with our online communities or advertising; when we aggregate and centralise data; and when we share personal information with our service providers and vendors.
- Compliance with law and public safety. To assist in the investigation of suspected illegal or wrongful activity, including in-store tracking and sharing information with other entities for fraud, loss, and crime prevention purposes. To protect and defend our rights and property, or the rights or safety of third parties.
- Improvement and development. To develop, provide, enhance, and improve our Services and your experience, including to enable you to use the full range of our Services (e.g., processing of non-sensitive personal information related to your use or interaction with our products; when you access third party products and services; when we collect, use, or otherwise leverage cookies, device IDs, Location Data, data from the environment, and other tracking technologies; when you connect with us through social media; when we collect data from third parties or publicly-available sources; when we aggregate and centralise data; and when we share personal information with our service providers and vendors). For internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
Sharing your personal data
We have the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on Respiri. If there is a takeover, sale or purchase of our business, we may disclose your personal data to the new (or prospective) owner of the business.
Your rights as a data subject
Where permitted by applicable law or regulation, you have the right to:
|The right to be informed how personal information is processed||You have the right to be informed how Respiri collects, holds and uses your personal information. If we require your consent to process your personal information you can withdraw consent at any time. However, please note that if you withdraw consent, we may not be able to provide certain products or services to you.|
|The right of access to personal information||You can access your personal information that we hold by emailing: firstname.lastname@example.org.|
|The right to rectification||You have the right to have your personal information updated and corrected if it is inaccurate and/or incomplete.|
|The right to erasure||You have the right to ask us to delete your personal information from our records if it is no longer needed for the purposes indicated in Section 4. You can make the request by contacting our Privacy Officer.|
|The right to restrict processing||You have the right to ask us to restrict the processing of your personal data in certain circumstances (e.g. where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy).|
|The right to data portability||You have the right to receive the personal information that you have provided us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.|
|The right to object||In some circumstances you have the right to object to us processing your personal information, or tell us to stop processing it (including for the purposes of direct marketing).|
|The right to lodge a complaint with a supervisory authority||You have the right to complain to the regulator if you are not happy with the outcome of a complaint. See the ‘EU Data Protection Authorities’ section for more information. The individual regulator websites will tell you how to report a concern.|
Please note that while any changes you make to your personal information will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
You may choose not to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of our products and services.
Minors and children’s privacy
We will seek parent or guardian consent to collect the details of children under 16.
Right to lodge a complaint before the Data Protection Authority
Please refer to the European Commission website for details of the Data Protection Authority established in the relevant EU jurisdiction.
2. New Zealand
Respiri takes steps to keep your personal information accurate and up to date.
If you reside in New Zealand, you may request access to or correction of the personal information that we have collected about you. To access your personal information, please contact our Policy Officer. We may charge for this service and will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.
Respiri takes steps to keep your personal information accurate and up to date. If you reside in Malaysia, you may request access to, and modification, opposition, and deletion of the personal information that we have collected about you. To access your personal information, please contact our Policy Officer. Subject to applicable law, we may charge for this service and will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.
4. Hong Kong
Respiri takes steps to keep your personal information accurate and up to date. If you reside in Hong Kong, you may request access to or correction of the personal information that we have collected about you. To access your personal information, please contact our Policy Officer. We may charge for this service and will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.
Your consent for use or sharing of personal information for marketing purposes.
You may choose not to provide Respiri with your personal information. However, if you choose not to provide your personal information, you may not be able to enjoy the full range of Services. Respiri may use your personal information to communicate with you about Respiri products or Services you have purchased or used and to notify you of other products, promotions and Services we think may be of interest to you. We may also share personal information with business partners, vendors and suppliers who are providing you with products and Services for their marketing purposes. You may provide your consent through the methods described in the next section.
How to indicate your consent and opt-out
You may indicate your consent in a number of ways, including: (i) ticking a box to indicate your consent when providing us with your personal information through our Services or a form (including enrolling in promotions); or ticking a box to indicate your consent when registering with us or creating an account with us. You may opt-out from receiving marketing communications at any time, free of charge, through the methods described in ‘Manage Account Preferences’.
5. United States
Your California Privacy Rights
California Civil Code Section 1798.83 permits California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for that third party’s direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge.
Under Section 1798.83, we currently do not share any personal information with third parties for their direct marketing purposes. If we do decide to share your personal information with third parties for their marketing purposes, you may opt-out of this disclosure at any time by submitting a request to our Privacy Officer.
It is important to note that this opt-out does not prohibit disclosures made for non-marketing purposes or for purposes of assisting us with our own marketing.
Additionally, if you are a registered user under the age of 18 and a resident of California, you may request removal of content you have posted to the Services. Requests can be made to our Privacy Officer. Please note that making such requests does not ensure complete or comprehensive removal of the content. For example, we may retain the information for our own internal records, and it is also possible that a third party we do not own or control may copy the posting and repost it elsewhere.