Privacy Policy
www.cedarhealth.com.au

Effective date: 10/03/2016

ENSURE YOU READ THE FOLLOWING TERMS OF THIS PRIVACY POLICY BEFORE USING THE WEBSITE

The highest level of importance is placed on the privacy of our subscribers information (”Personal Information”) by Cedar Health Pty Ltd (ABN 56 607 542 585) of 88 St. James Road, Heidelberg 3084, VIC, Australia (“Cedar”, “we”, “us”, “our”). Cedar is bound to comply with the Australian Privacy Principles (“APPs”) outlined in the Privacy Act 1998 (Cth) (“Privacy Act”) and the Health Privacy Principles (“HPPs”) set out in the Health Records Act 2001 (Vic) (“Health Records Act”). This policy outlines how we deal with, collect, store and use Personal Information and Health Information you provide to us via www.cedarhealth.com.au or any other method such as via a mobile application or through social media (collectively, “Website”).

This Privacy Policy forms part of the Cedar Health Terms and Conditions (“Terms and Conditions”) available at www.cedarhealth.com.au/terms and any agreement between you and Cedar (“Agreement”). If any inconsistency arises between the Terms and Conditions and/or any Agreement and this Privacy Policy, to the extent permitted by law, the Terms and Conditions and/or the Agreement shall prevail. Capitalised terms not defined in this Privacy Policy shall have the meanings set forth in the Terms and Conditions.

If you have any queries with regard to any aspect of our Privacy Policy or your Personal Information or Health Information held by us, please contact us at support@cedarhealth.com.au or at the postal address above.

2. Personal Information Collection, Storage and Use

i. What does Cedar collect, store and use?

General

Cedar will only collect Personal and Health information that is necessary to perform its services, including providing you with health related services. We will always try to collect information in a fair, lawful and non-intrusive manner.

Wherever possible, information will be collected directly from you rather than from third parties. In most cases we will require you to specifically consent to any collection, use or disclosure of your Personal or Health Information by Cedar. Your consent will usually be required in writing, but we may also accept your verbal consent. Sometimes your consent may also be implied through your conduct with us.

If you do not provide us with information that we request or if the information you give us is incorrect, we may not be able to provide you with appropriate services and you may place yourself at risk of injury.

You may choose to not identify yourself when interacting with Cedar through the use of pseudonyms. However, there may be circumstances where Cedar is unable to deliver the Cedar System without identifying you, and we may subsequently seek identifying information from you. If you do not comply with this request, your access to the Cedar System may be terminated.

If Cedar receives individual Personal or Health Information that has not been requested (“Unsolicited Personal Information”), we will act in a reasonable manner to determine if the information is relevant for delivery of the Cedar System to you. If Cedar would not ordinarily request this type of information, and it is lawful and reasonable to do so, the information will be destroyed.

Where Cedar is lawfully able to retain Unsolicited Personal Information, we will notify the individual of the information collection and will deal with that information in accordance with this Privacy Policy and applicable privacy laws.

Cedar interacts with current, potential and previous subscribers in multiple ways. Circumstances where Cedar collects Personal and Health Information include (but are not limited to):

Standard subscriptions

When you register for a Program or register interest in a future Program, you will be required to submit basic information about yourself through the Cedar Website. Such information may include:

  1. your full name;
  2. contact details;
  3. physical characteristics (such as height and weight);
  4. program goals;
  5. responses to fitness related questions;
  6. responses to health related questions
  7. responses to nutrition related questions;
  8. payment information (on behalf of payment processing company);
  9. brief personal details (such as sporting interests, occupation and household status); and
  10. details of any website, social media services or blogs you use.

Promotions

If we have a subscriber’s consent, subscribers may be invited to participate in Cedar promotions. To participate in promotions, you may be required to supply personal details such as your name, contact details, physical characteristics, personal goals, fitness information and nutritional information.

If you decide not to provide us with information we seek in relation to a promotion, or if the information you provide is inaccurate, your ability to participate in certain promotions and competitions may be limited or excluded. In, addition if information is incomplete or inaccurate, any personalised promotions you receive may not be suitable for you and you may put yourself at risk of injury.

Geo-Location

Cedar may prompt you to enable location tracking if you access the Cedar System from a mobile device. We may use this information to customise your Cedar experience. If you choose not to enable location tracking on your mobile device when we ask, you may not be able to access certain services, even if you have paid for those services. Location information is only used to provide services to you. We do not store any location information.

Alternate subscriptions

Certain Cedar programs may involve additional products. If you subscribe to a program which requires delivery of products, you will be required to provide certain details via our website to facilitate delivery. In addition to the information required from standard subscribers, you may be required to provide the following additional information:

  1. your complete delivery address;
  2. your day-time contact details; and
  3. any unique delivery instructions.

User submitted content

Cedar’s Website allows you to submit and upload Personal and Health Information to your profile page. Content available for upload may include photos, physical characteristics, age, fitness level, nutritional preferences and living circumstances.

We may also collect Personal and Health Information from any correspondence you have with us, such as emails, phone calls and physical mail.

Information you place on your profile page may be viewable by any person with internet access.

ii. What does Cedar do with your personal information?

Cedar collects, store and uses your Personal or Health information to enable us to deliver the Cedar System. The information you provide to us, assists with:

  1. contacting you;
  2. customising your experience of the Cedar System;
  3. facilitating the provision of products and services;
  4. displaying accurate Website content and Program materials; and
  5. delivering additional content, such as: newsletters, promotions and new Cedar developments.

If you are a supplier of Cedar, we may use your Personal Information to facilitate our business relationship with you, such as review a commercial proposal that you have provided Cedar.

We may use IP addresses to analyse trends, administer the Cedar System, track subscribers’ movements and gather broad demographic information.

General uses

Cedar may use the Personal and Health Information it collects from you:

  1. to compile statistical reports and analysis with all personal information de-identified before completing such analysis;
  2. to advertise the Cedar System. We will never use your Personal or Health Information without seeking your consent beforehand;
  3. to develop marketing material;
  4. to facilitate internal planning;
  5. to facilitate general administration of Cedar; and
  6. for purposes that are expressly permitted under any agreement with you.

Running promotions

With your consent, we may use your information to promote the Cedar System to potential, current and past subscribers.

iii. Who will Cedar disclose my Personal Information to?

Cedar will generally obtain subscriber consent before we disclose any Personal or Health Information. Consent may be express or implied by conduct. Depending on the circumstances, Personal or Health Information may be disclosed to:

  1. third party clients of Cedar and other promotional partners who participate in delivering the Cedar System;
  2. insurers, for the purpose of health research trials. In this circumstance, we will only disclose any research data collected from you, and will only do so with your consent. Your information will only be used for research purposes, and will be de-identified if published;
  3. social media companies such as Facebook, and any other public forums in which you choose to participate and through which you access Cedar’s services; and
  4. any other person authorised, implicitly or explicitly, when the personal information is provided to or collected by Cedar.

3. Information collected by Cedar’s Website

In addition to collecting information directly from subscribers, we collect information on our subscribers through the following methods. We note that many services are governed by third party privacy policies. You should understand these policies before using the Cedar System.

i. Analytics

We use Google Analytics to collect data on traffic through Cedar’s Website. Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the information collected to track and examine the use of the Website, to prepare reports on its activities and share them with other Google services.

Google may use the information collected to contextualize and personalize the ads of its own advertising network.

Personal Information collected: Cookie and Usage Data.

Place of processing: USA – Privacy Policy – Opt Out

Google Analytics Additional Features

Google AdWords remarketing (Google)

AdWords Remarketing is a Remarketing and Behavioural Targeting service provided by Google. It connects the activity of www.cedarhealth.com.au with the AdWords advertising network.

On our behalf, Google shows our ads across their network, targeted to previous visitors. This is done by collecting cookie data from subscribers visit to the Website.

You can opt out of the cookie tracking by reviewing your ad settings here:

www.google.com/settings/ads

Personal Information collected: Cookie and Usage Data.

Place of processing: USA. – Find the Privacy Policy

Google Analytics Demographics and Interest Reporting

Google will provide us with demographic information of visitors to this website - specifically information on age, gender and interests. This is done by collecting cookie data from a subscribers visit to the Website.

We will use the data provided by Google Analytics Demographics and Interest Reporting to develop the site and content around our users’ interests.

You can opt out of the cookie tracking by reviewing your ad settings here:

www.google.com/settings/ads

Personal Information collected: Cookie and Usage Data.

Place of processing: USA. – Find the Privacy Policy

Intercom

Use of Intercom Services: We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as your email address and sign-up date) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. Intercom analyzes your use of our website and/or product and tracks our relationship so that we can improve our service to you. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s).

As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience. For more information on the privacy practices of Intercom, please visit http://docs.intercom.io/privacy. Intercom’s services are governed by Intercom’s terms of use which can be found at http://docs.intercom.io/terms. If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.

Place of processing: USA

Facebook Conversion Tracking Pixel

We use a technology called Facebook Conversion Tracking. Facebook Conversion Tracking is a Remarketing and Behavioural Targeting service provided by Facebook, Inc. (“Facebook”). This allows us to track visitors who have been referred through a Facebook page, application or advertisement and then visited our website.

We will share information regarding your visit to our website with Facebook but this will not include any identifiable personal information. Facebook will use this information to monitor on our behalf the effectiveness of our advertising.

The information we share with Facebook will only be used in accordance with Facebook’s data use policy. Facebook Conversion Tracking may also enable us and our partners to serve ads on and off Facebook.

Personal information collected: Cookies, Pixel tags and Usage Data

Place of processing: USA. Find the Data Use Policy

You can opt out of Facebook conversion tracking by reviewing your settings here:
https://www.facebook.com/settings/?tab=ads

ii. Managing email addresses and sending messages

Cedar uses services which make it possible to manage a database of email contacts to communicate with subscribers via email.

The services are used to collect data concerning the date and time when the mail is viewed by the subscriber, as well as when the subscriber interacts with incoming mail, such as by clicking on links included in the email.

MailGun

MailGun is an email address management and message sending service provided by Rackspace US Inc.

Personal Data collected: Email.

Place of processing: USA. – Find the Privacy Policy

iii. Social media

Cedar’s website is integrated with multiple social media platforms. Platforms such as Facebook use cookies to facilitate functionality and may track your page views and collect data such as your IP address. Social media functions are hosted by third parties or directly on our Website and any interactions between you and these functions are governed by the Privacy Policy of the company providing them, not Cedar.

4. Marketing Material

Cedar may provide you with marketing and promotional material about the Cedar System and additional related materials based on the Personal Information you provide us. This communication will only ever come from Cedar and not from any third parties. We will never on-sell your information to other providers without seeking your consent.

We will only send you marketing information if you have consented to us sending you such information. You are able to unsubscribe from receipt of all marketing materials at any time by contacting us at support@cedarhealth.com.au

5. Security of Personal Information

Cedar will take all reasonable steps to protect your Personal and Health Information from any loss, modification, unauthorised access, disclosure, interference or misuse. Any information which is held by Cedar following the cessation of a subscription will be maintained by Cedar in accordance with the Privacy Act and Health Records Act and, where lawful to do so, the records will be destroyed after the statutory retention periods.

Cedar employs certain security measures within our Website such as industry standard Secure Sockets Layer (SSL) encryption when we collect Personal and Health Information. However, certain pages within the Cedar Website are not protected by encryption. Although Cedar Health complies with its obligations under the Privacy Act to keep your information secure, we cannot guarantee the security of information you send via the internet.

The risk associated with the transmission of Personal and Health Information to Cedar is borne entirely by the subscriber. Cedar encourages subscribers to have up-to-date security measures activated on their computers and mobile devices when accessing the internet or using the Cedar System. Further information about transmission of Personal Information and data security can be obtained by contacting Cedar.

6. International data transmission

In certain circumstances, Cedar may disclose information to overseas parties. Cedar may use services or have related parties or promotional partners who operate servers outside of Australia which may result in international data transmission. In addition, if a third party platform such as Facebook is used to interact with the Cedar System, the servers for these platforms may also be located internationally. In general, disclosure is limited to organisations based in Europe and North America.

Cedar takes reasonable steps to protect Personal and Health Information. However, individuals should be aware that Australian Privacy Law and similar laws may not apply to the use of Personal and Health Information by offshore entities and that an individual may not be able to seek redress under Australian Law in the event of an offshore privacy breach.

By using the Cedar System you consent to us disclosing information to offshore entities and that by giving us your consent, you acknowledge that we cannot ensure all offshore entities comply with the APPs, that we will not be liable for any breach of the APPs by offshore entities, and that if an offshore entity breaches the APPs, you will not be able to seek redress under the Privacy Act.

If you do not wish for your Personal or Health Information to be disclosed outside Australia we may not be able to provide you with a complete range of services.

7. Access to and correction of Personal and Health Information

It is the responsibility of the subscriber to advise Cedar of any changes required to your Personal or Health Information to ensure that all records we hold are correct. You may access your Personal and Health Information we hold by raising a request with support@cedarhealth.com.au or by logging into your account to view and update your details.

If you believe that the Personal Information we have on file is inaccurate, you are entitled to request that we update your details. We will deal with any requests for access and correction of your Personal and Health Information in accordance with the Health Records Act.

8. Changes to this Policy

We may update and amend this Privacy Policy from time to time and the current version will be available for access on the Cedar Website.

9. Complaints

We take your privacy seriously. If you suspect there has been or may have been a breach of your privacy, you can complain directly to us at support@cedarhealth.com.au or by writing to us at:

Cedar Health Pty Ltd

88 St. James Road, Heidelberg 3084, VIC, Australia

In the event of a privacy breach, we will comply with applicable guides or guidelines issued by the Office of the Australian Information Commissioner for the handling of privacy breaches.

If you would rather not raise the matter with Cedar directly you can complain directly to the Office of the Australian Information Commissioner.

Privacy and general complaints about health services can also be directed to the Victorian Health Services Commissioner.