We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (“GDPR”).
Who We Are
We are the HelpMe Feed Foundation Ltd ACN 626 589 179, a registered charity in Australia a company limited by guarantee established and existing under the laws of Australia (referred to here as “HelpMe Feed”, “we”, “us” or “our”) and having its registered office at Level 1, 12 O’Connell Street, Sydney NSW 2000 Australia.
At HelpMe Feed, our global mission is to support breastfeeding using smart, modern and accessible technologies including our website, applications and connected products and services (the “Services”).
HelpMe Feed is the licensee of two applications [bb1] used by health professionals and coaches to gather information from, and/or provide information to parents. Both applications are linked to www.helpmefeed.org (collectively referred to as the “Application”).
"Personal Data" is information that can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, email address, phone number, precise location, device IDs, certain cookie and network identifiers.
“Sensitive Data” is any information, including Wellbeing and Feeding Data and Interaction and Program Data, that we collect that is considered personal health data or biometric information.
· operating and improving the Services, the Application and our business;
· conducting research related to improving our Services; and
A parent can refuse to have their data de-identified and used by HelpMe Feed by contacting us at [firstname.lastname@example.org] at any time. From the point that a parent specifies in writing to HelpMe Feed that they refuse to have their data de-identified (“withdrawal”), no further Personal Data for that parent will be de-identified and used by HelpMe Feed. However, subject to law, the withdrawal does not apply retrospectively, and any data collected prior to withdrawal will continue to be stored and used by HelpMe Feed on a de-identified basis.
Transfers of Your Personal Data to Other Countries
The Services, and all associated information technology systems, are housed on servers in a number of countries. Please be aware that if you access the App in your country of residence, generally the information we collect (including cookies and device data) will be processed and stored in a server located in that country. If you access the App or Services outside of your country of residence, the information we collect (including cookies and device data) may be transferred to, processed, and/or stored in the country you access the App or Services from, rather than your country of residence.
It is important for you to note that your data may be transferred, processed and stored in a country or region in which the data protection and privacy laws, including your rights, may not give you the same level of protection as you have in the country or region where you live or are a citizen. We request in the App that you give express consent to the transfer, processing and storage of your data outside of your country of residence. If you choose not to consent to the transfer of data you will not be able to access the App or Services outside of your country of residence.
How We Collect and Use Personal Data
We collect your Personal Data in a number of ways and for various purposes, including:
When you register for an Account
In order to make use of the Services including the Application, it is necessary to create a personal account (“Account”). We collect Personal Data when you use or interact with our Services, including when you create your Account and make purchases from us (including processing of payment). This Personal Data may include name, address, phone number, date of birth, username and password, email address, postcode, payment information and Location Data. "Location Data" means either approximate location or, with your consent, precise location. If you are a parent we collect Personal Data on your baby or child including name, gender and date of birth. Some fields are obligatory for completion in order to ensure we can enable your activity in the Service, and where this is the case we will clearly identify these fields as mandatory. For health professionals who register on behalf of an entity, information about that entity (name, contact details and location) are also required.
We use this data to create your Account, enable your activity within our Services, and to provide the services generally, including to develop, enhance and improve our Services and your experience. We also use this data for internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
The information contained in your Account is not visible to third parties. As a parent user your assigned health professional can see your data. When you choose to use a coach through the Services, the coach will be able to see your data for the duration of the coaching session only.
Use of the Services
By using the Services, the health professional provides information about the program they have prescribed for each parent and the parents provide information about their progress with the program and their experiences while undertaking the programs and interacting with the health professional and coaches (“Interaction and Program Data”). This information is shared between the parent and the health professional via HelpMe Feed and may be shared with a coach if a parent chooses to commence a coaching session for the duration of the coaching session only. However this data may also be de-identified by HelpMe Feed and used for its own purposes.
HelpMe Feed will store and process identified Wellbeing and Feeding Data and Interaction and Program Data only on behalf of the health professional. HelpMe Feed will only use any parent information for its own purposes or share it with authorised third parties if it is anonymised.
If the parent is a minor (as determined by their home country), the parents or legal guardians of the minor parent will be asked to give their consent for the processing described above. This includes consenting to the anonymisation of the Personal Data of the minor parent. [bb3]
When you give us permission to collect Location Data
We may collect precise Location Data as part of the functionality of our Services, such as to provide information on nearby services, support or other geographically relevant Services and to conduct analytics to improve the Services. We may collect precise Location Data in several ways, such as through your wireless carrier, based on WiFi access point location, via Bluetooth beacons, through a connected device, or directly from the device on which you use the Services. If you are accessing the Services through the Application, the way we collect precise Location Data will differ depending on your mobile device's operating system. In all events, we do not collect precise Location Data unless you have consented to its collection. If you choose not to consent to Location Data collection in the Application, we will not collect your precise Location Data unless you manually enter it in.
When you communicate with us
We may use your Personal Data to respond to your requests for technical support, online services, product information or to any other communication you initiate. This includes accessing your Account to address technical support requests. We may also use your Personal Data to address your requests, inquiries, and complaints.
5. When you participate in special activities, offers, or programs
We may request or otherwise collect Personal Data, including Wellbeing and Feeding Data, when you participate in offers, surveys, or research activities or initiatives (including for academic, commercial and community planning and research study purposes). This includes Personal Data, such as name, address, email address, telephone number and age, and other information that may be appropriate in order to participate.
When you engage with our online communities or advertising
We may collect your Personal Data when you engage with our online communities. This includes when you click on advertisements, interact with our social media pages, submit content, leave reviews, or otherwise enter information into comment fields, blogs, message boards, events, and other community forums sponsored by or affiliated with us. Please note that our community forums may be public, so we recommend that you exercise care in deciding what information and content you wish to disclose.
When we leverage and/or collect cookies, device IDs, Location, data from the environment, and other tracking technologies
We may collect certain Personal Data using cookies and other technologies such as web beacons, device IDs, advertising IDs, geolocation, HTML5 local storage, Flash cookies, and IP addresses. We specifically use browser cookies for a range of purposes, including cookies that are strictly necessary for functionality, and cookies that are used for personaliszation, performance/analytics, and advertising.
You can configure your browser so that you do not receive any cookies the next time you use the Services. However it is possible that changing your browser’s cookie settings may impact the functionality of the Services on your browsing device.
When we aggregate or centralisze data
We aggregate and centralisze Personal Data and other parent information for purposes of analytics, innovation, and to provide enhanced Services to our users.
When we provide you geographically relevant Services, offers, or advertising
Where you have provided consent to collection, we process your precise Location Data to provide you with Services that are relevant to your location.
When we comply with legal requirements or obligations, law enforcement, and for public safety purposes
How We Disclose Personal Data
1. To Health Professionals: to allow the health professional to use the Services (including the Application), for purposes including the management of the programs for parents, the management of the parents’ progress with the program, and the provision of support by health professionals to the parents, including the exchange of additional content provided by the health professional to the parents. We may also disclose Personal Data to health professionals if we are contractually obliged to do so;
2. To Parents: To allow the parent to use the Services (including the Application), for purposes including to access programs and other content uploaded and provided by the health professional, provide feedback on progress, seek and obtain support from the health professional and coaches, and provide feedback to the health professional;
3. To Coaches: To allow the coach to use the Services (including the Application), for purposes including to provide parents with support, including the exchange of content within the Application to the parents;
4. To our employees, agents and administrators for purposes including to provide and administer the Services;
5. To our accountants, financial advisors and legal advisors for purposes including the maintenance of the Services and our business generally;
6. To our parent company, subsidiaries and affiliates for purposes including to provide and administer the Services;
7. To our service providers and contractors for purposes including to help us provide, manage, administer, monitor, distribute, operate or facilitate the Services and/or the Application, to develop, market or provide our products and Services, and to further our business efforts (for example, web hosting companies, website administrators, mobile app distribution platforms, support services companies, data analytics and analysis companies, advertising partners and payment processing venders);
9. To any other third parties:
(a) if HelpMe Feed considers it necessary to do so in defense of its own rights;
(b) if you have given permission for us to do so;
(c) for the purpose of processing payments by health professionals;
(d) to configure the Services and/or Application to your wishes and needs; and
(e) to generate anonymous statistical data.
HelpMe Feed may additionally post customer testimonials, comments or reviews on our website, which may contain Personal Data of health professionals. HelpMe Feed will obtain the health professional’s consent via email prior to posting the testimonial. It is implied by posting the testimonial, comment or review that the parent consents to the publication of any Personal Data of the parent and/or of their baby or child which is disclosed in the content.
Our disclosure is limited to situations where we are permitted to do so under applicable data protection laws and regulations, including national laws and the GDPR.
Legal Basis for Processing
WHERE WE DO NOT REQUIRE CONSENT
1. For the performance of a contract: to perform our contractual obligations to you, including: Account registration; contacting you in relation to any issues in relation to the provision of the Services, including when you use or interact with the Application and in relation to location-based Services (for example providing you geographically relevant Services); to connect you with health professionals and coaches; where we need to provide your Personal Data to our service providers; where we need to collect Personal Data from third party sources; when you access third party products and services; where we collect data from third parties or publicly-available sources; and to aggregate and centralize data for the performance of the Services.
2. To meet legal obligations: to comply with laws, regulations, court orders or other legal obligations, or to assist in an investigation.
Subject to applicable laws, our legitimate interests include:
· Respond to Your Requests: to respond to your requests for technical support, online services, product information or to any other communication you initiate. This includes accessing your Account to address technical support requests.
· Promotional Messages: to provide you with promotional messages and personalized marketing on the basis of your Personal Data (but not your Sensitive Data), including: when you communicate with us or sign up for promotional materials; when you participate in special activities, offers, or programs; when you engage with our online communities or advertising; to provide you geographically relevant Services and offers; when we aggregate and centralize data; and when we share Personal Data with companies or ventures that are owned or controlled by us and with our service providers and vendors.
· Surveys: to send you surveys in connection with our Services, unless commercial in nature. In those cases, a survey request may be sent to you if you have given us your consent to receive marketing from us.
· Compliance with Law and Public Safety: to assist in the investigation of suspected illegal or wrongful activity, including by disclosing in-store tracking information and other information with law and enforcement entities for fraud, loss and crime prevention purposes. We may similarly disclose information to protect and defend our rights and property, or the rights or safety of third parties.
· Improvement and Development: to develop, provide, enhance, and improve our Services and your experience, including enabling you to use the full range of our Services. Our improvement and development purposes include certain internal research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
· Conducting analytics: When we conduct analytics, we process such data on the basis of our legitimate interest which is to enhance your experience and to develop and improve our Services.
· Merger or Acquisition. To support a contemplated or actual reorganization of our business, in connection with financing, a sale, or some other transaction involving the disposal of all or part of our business or assets, including for the purpose of conducting due diligence in connection with such a transaction.
WHERE WE REQUIRE CONSENT
In other cases our legal basis for processing your Personal Data is that you have provided consent. In those cases we will ask for your consent to process your Personal Data. You may indicate your consent in a number of ways, including, as permitted by law, by ticking a box (or an equivalent action) to indicate your consent when providing us with your Personal Data through our Services or a form (including enrolling in Promotions). The legal requirements for consent may differ across regions.
Generally, we will request your consent to process your Personal Data in the following circumstances:
1) When we collecting mobile device IDs, advertising IDs, and data from sensors (which may be captured at the operating system level). You can give or withdraw your consent for the collection of this type of data in the preferences settings of the Service or App. However, if you choose not to provide this information, certain features may be unavailable or not function properly.
2) When we contact you to determine your interest in participating in certain research initiatives and to share identifying results from research initiatives you have participated in.
3) When you input Wellbeing and Feeding Data and Interaction and Program Data within our Services.
4) When we collect precise Location Data.
5) When you communicate with us or sign up for promotional materials.
6) When you participate in special activities, offers, or programs, and doing so involves the use of Sensitive Data.
7) When you connect with us through social media.
8) When we leverage and/or collect cookies, device IDs, Location Data, data from the environment and other tracking technologies.
9) When you sign up for our services that consist of social sharing and communication with others.
10) When we provide you geographically relevant Services, offers, or advertising.
11) When we disclose Personal Data to our affiliates and partners, and to our service providers and vendors.
12) Transfer of Data to countries other than your country of residence.
13) To enable social sharing and connect with us on social media.
Despite the above, in some circumstances we may process your Personal Data for any of the above purposes without requesting or receiving your express consent. In these cases, the basis of our processing is any or all of the following:
· necessity in order to provide the Service;
· our legitimate interests; or
· implied consent by you, including but not limited to circumstances where it would be reasonable for you to expect that we would use your Personal Data for that purpose when you provide it to us.
LEGAL BASIS OF PROCESSING UNDER THE GDPR
1) HelpMe Feed as processor on behalf of health professionals
HelpMe Feed will store and process your Personal Data on behalf of health professionals who are users and who pay for the Application. For this processing, the health professional will act as the "data controller" within the meaning of the European Privacy Directive (1995/46) and is responsible for the lawful processing of your personal data.
Please refer to your health professional for information on the way the health professional will process your Personal Data. Whilst HelpMe Feed takes the protection of personal data very seriously, HelpMe Feed is not responsible for the compliance with applicable privacy laws in any jurisdiction by the health professional.
2) HelpMe Feed as controller
You may at any time withdraw your consent with future effect. You can withdraw your consent by contacting us at email@example.com at any time. Such withdrawal will not affect the lawfulness of any processing of your Personal Data which was collected prior to your withdrawal. You can exercise other controls regarding website and online data collection, interest-based advertising, your communication settings, and app preferences. Depending on the Services, collection and use of Personal Data may be required for the Services to work.
We will retain your Personal Data for as long as you maintain an Account, or otherwise for as long as necessary to provide you the Services. We will also retain your Personal Data as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where permissible, we will also delete your Personal Data upon your request. Information on how to make a deletion request can be found here.
If you have questions about our data retention practices, please contact us via email at firstname.lastname@example.org.
Your Rights & Exercising Your Rights
If you elect not to provide Personal Data
You may choose not to provide HelpMe Feed with your Personal Data. However, if you choose not to provide your Personal Data, you may not be able to enjoy the full range of Services or use the Application.
You have certain rights in relation to your Personal Data, which may include:
· Right of access: the right to make a written request for details of your Personal Data and a copy of that Personal Data.
· Right to rectification: the right to have inaccurate information about you corrected or removed.
· Right to erasure ('right to be forgotten'): the right to have certain Personal Data about you erased.
· Right to restriction of processing: the right to request that your Personal Data is only used for restricted purposes.
· Right to object: the right to object to processing of your Personal Data unless our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest. You can object to our use of your information for profiling purposes where it is in relation to direct marketing.
· Right to data portability: the right to ask for the Personal Data you have made available to us to be transferred to you or a third party in machine-readable formats.
· Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your Personal Data. If you withdraw your consent, this will not affect the lawfulness of HelpMe Feed’s use of your Personal Data prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you with your chosen product or service including the Application.
· Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.
All rights other than your right to object to the use of your Personal Data for direct marketing (and profiling to the extent used for the purposes of direct marketing) are not absolute. They may not apply in all cases, depending on, among other things, the laws applicable in your region. Although we will endeavor to uphold the rights set out in this section, we may not be able or legally compelled to do so in all circumstances.
Where you make a request to us in relation to any of the rights set out in this section, we will let you know how we will be able to comply with your request.
How to exercise your rights
To exercise your rights to your Personal Data please contact us at email@example.com or at the address listed below. Subject to applicable law and in exceptional circumstances only, we may charge for this service. We will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.
If you make a request, we may ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we cannot meet your request, we will explain why.
Should you wish to raise a concern about our use of your Personal Data (and without prejudice to any other rights you may have), you have the right to do so with the applicable privacy authority in your region.
We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing, destruction, loss, alteration, disclosure, or access to or of Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
You are responsible for maintaining the security of your Account to the best of your ability, including by using a complex password and regularly updating your password. You must notify us at firstname.lastname@example.org as soon as you become aware of any actual or suspected loss, theft, or unauthorized use of your account or account password. We are not responsible for any loss resulting from unauthorized use of your username and password if that unauthorized use was due to your failure to maintain the security of your Account.
How to Contact Us
If you have any questions, comments, or concerns about how we handle your Personal Data, you may contact us through email at email@example.com or write to us at:
HelpMe Feed Foundation Ltd
Attention: Privacy Office, Level 1 12 O’Connell Street Sydney NSW 2000 Australia
If we are required under applicable law to appoint a data protection officer (DPO), you can contact the DPO that is responsible for your country/region at firstname.lastname@example.org
Residents of California, United States of America
Your California Privacy Rights
California Civil Code Section 1798.83 permits California residents to request and obtain from us a list of what Personal Data (if any) we disclosed to third parties for that third party's direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge.
Under Section 1798.83, we currently do not share any Personal Data with third parties for their direct marketing purposes. If we do decide to share your Personal Data with third parties for their marketing purposes, you may opt-out of this disclosure at any time by submitting a request to our support team, or in writing to:
HelpMe Feed Foundation Ltd
Attention: Privacy Office, Level 1 12 O’Connell Street Sydney NSW 2000 Australia
It is important to note that this opt-out does not prohibit disclosures made for non-marketing purposes or for purposes of assisting us with our own marketing.
Additionally, if you are a registered user under the age of 18 and a resident of California, you may request removal of content you have posted to the Services. Requests can be made by email to email@example.com. Please note that making such requests does not ensure complete or comprehensive removal of the content. For example, we may retain the information for our own internal records, and it is also possible that a third party we do not own or control may copy the posting and repost it elsewhere.
TO THE FULLEST EXTENT PERMITTED BY LAW, WE ARE NOT RESPONSIBLE FOR, AND YOU HEREBY RELEASE US FROM, ANY AND ALL LIABILITY WHICH MAY ARISE FROM SUCH THIRD PARTIES’ UNAUTHORIZED COLLECTION OF YOUR PERSONAL DATA.
Last updated: May 2019