1. Data Processor and Data Controller
WELLCOME.ME PTY LTD, a limited liability company registered in Australia and any of its affiliates (hereinafter “Wellcome.Me”, “we”, “our”, “us”), is the data controller for the processing of your personal information collected via the Site and for the processing carried out when you subscribe to and/or use our Services and enter information when creating your account. Thus, Wellcome.Me will only be the data controller for the processing of personal information for its own purposes, such as the processing of personal information of our (potential) customers in relation to sales, service delivery, invoicing, customer relationship management and direct marketing.
On the other hand, if you are a User, other than the registered user, of our Services, or if you are an employee or visitor of one of our Customer, our Customer will be the data controller and Wellcome.Me will be acting as its Customer’s data processor. In such case, the Customer is the one assuming responsibility for the processing of personal information through our Services. To learn more about the data processing operations of our Customers and to enforce your rights related to their processing operations please consult the relevant privacy policies of the relevant Customers.
2. Personal Information
"Personal Information" is any information or a combination of pieces of information that can reasonably permit you to be identified, or that can reasonably be linked to you. Personal Information does not include anonymous or non-personal data (i.e., information that cannot be associated with or tracked back to a specific individual) or personal data that has been independently anonymized. By your use of the Services, you in any case consent to the processing and using of anonymous and non-personal information that is no longer associated with any natural person.
3. Collection of Personal Information
We collect Personal Information about you from a variety of sources. We collect Personal Information about you from in the following ways:
4. Information You Provide To Us
We collect, hold and process Personal Information which you provide to us. This may include your name, postal address, email address, phone number(s), username, password, photographs that you upload, your account information related to web tools (e.g. automation tools, messaging apps) that you utilize, time zone, demographic information, information related to your occupation (e.g. company, title, office location), and information related to visitors to your offices (e.g. name of visitor and arrival times). If you correspond with us via email, chat, Website form submission, in writing, or by telephone, we may retain the content of those communications and our responses, as well as your email address, mailing address, and/or telephone number. In addition, you may provide information about yourself by filling out forms or by completing surveys created by us.
5. Information We Automatically Collect About You
We (directly or through our third-party service providers) may automatically log information about you, Customer Equipment including ipad and employee’s and visitor’s computer, e. Log file information is automatically reported by your browser each time you access our Services. When you register with, view, or use our Services, our servers automatically record certain information. These server logs may include information such as your web request, IP address, operating system type, browser type, browser language, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, how long you spent on a page, access times, and other similar types of information.
We may also use a variety of technologies that automatically or passively collect information about your online activity.
Clear gifs information. When you use the Services, we may employ clear gifs which are used to track the online usage patterns of our users anonymously. No personally identifiable information is collected using these clear gifs. In addition, we may also use clear gifs in emails sent to our users to track which emails are opened by recipients.
- Information Received from Other Sources
Wellcome.Me may receive your personal information from third parties as follows:
- We may obtain information about you from other trusted third-party sources to update or supplement the information that you provide or that we collect automatically. This includes, for example, Public databases or data aggregators (that may include your demographic information, media consumption, previous subscriptions, loyalty program information or lifestyle preferences);
- Wellcome.Me partners and service providers (including, for example, business partners, analytics vendors, advertising networks and search information providers).
We may use this information to help us maintain the accuracy of the information we collect, personalize your experience with the Services, target our communications so that we can inform you of products and services or other offers that may be of interest to you, to measure ad quality and responses, and for internal business analysis or other business purposes.
- Combination of Information
6. How and Why We Use the Information We Collect
- For Customer Service and Transactional Purposes, such as to:
- respond to your questions or requests and provide customer service;
- manage your account and registration;
- troubleshoot issues, bugs or defects related to your account or activities;
- provide you with access to certain features of the Services;
- verify your identity or communicate with you about your activities with respect to the Services;
- use your credit, debit or payment card or other financial information only to process payments and prevent fraud;
- develop new products or services and to enhance current products and services;
- protect the security or integrity of the Services and our business, such as by protecting against and preventing fraud, claims and other liabilities, and managing risk exposure, including by identifying potential hackers and other unauthorised users; and
- for other purposes as disclosed at the time you provide your Personal Information or otherwise with your consent.
- For Advertising Customization and Analytics Purposes, such as to:
- perform market research, understand the effectiveness of our competition or promotions and Services analytics and operations;
- personalize and improve the Services and our products, services, offers and advertising made available on or outside the Services (including on other sites/ applications that you visit);
- provide you with customized content, advertisements, offers and promotions offered by Wellcome.Me or on behalf of our partners and affiliates;
- link or combine with information we receive from others to help understand your needs, use for interest-based or targeted advertising or re-targeting on your computers or other devices, and to provide you with better service;
- communicate with you, either directly or through one of our partners , for our marketing and promotional purposes via emails, notifications, or other messages, consistent with any consents you have given to us.
- For Exercising Our Rights
We may use your Personal Information to exercise or protect our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or our terms and conditions, to respond to requests from law enforcement or other third parties, and to secure the Services;
- For Complying With Our Obligations
We may process your Personal Information to comply with legal or regulatory requirements, where this is required by law, such as in response to court orders or to comply with privacy or financial regulations;
We rely on the following legal bases to process your Personal Information as described above:
- Provide our Services to you: Most of the time, the reason we process your information is to perform the contract that you have with us. For instance, as you go about using our Services, we use your information to maintain your account and provide services to you.
- Legitimate interests: We may use your information where we have legitimate interests to do so. For instance, we analyze users’ behavior on our services to continuously improve our offerings, we suggest offers we think might interest you, and we process information for administrative, fraud detection and other legal purposes.
7. Sharing of Personal Information
We do not share your Personal Information except in the limited circumstances described here. We may share your Personal Information with:
- Third Party Service Providers: We may share your Personal Information with third-party service providers that provide business, professional or technical support functions on our behalf. This includes, but may not be limited to, service providers that host or operate the Services; process payment; analyse data; provide customer service; postal or delivery services, and sponsors or other third parties that participate in or administer any promotions. We are not responsible for these sites or their content, products, services or privacy policies or practices. These other web sites may send their own cookies to your device and may independently collect data or solicit personal information and may or may not have their own published privacy policies. We may also transfer or disclose your Personal Information to another data controller to be used for similar purposes, at that data controller’s discretion and you hereby consent to such transfer or disclosure.
- Business Transfers: In the event that another entity acquires us or all or substantially all of our assets, or assets related to the Services, your information may be disclosed to such entity as part of the due diligence process and will be transferred to such entity as one of the transferred assets. Also, if any bankruptcy or reorganisation proceeding is brought by or against us, all such information may be considered an asset of Wellcome.Me and as such may be sold or transferred to third parties. Finally, information described in this paragraph may also be disclosed for due diligence purposes in connection with any proposed transaction of the sorts described in this paragraph.
- Legal obligations. In limited circumstances, Wellcome.Me may transfer and disclose your information to law enforcement and government authorities to comply with our legal obligations.
- With your Consent. We may disclose your Personal Information for any other purpose with your consent.
8. International Data Transfer
9. Deletion of Your Personal Information
10. Data Security
We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us.
11. Links To Other Sites
12. EEA Residents
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Our privacy practices intend to meet the requirements of the General Data Protection Regulation of the European Union ("GDPR"). If you wish to be informed about what Personal Information we hold about you and if you want it to be removed from our systems, please contact us. Under GDPR, EAA residents have specific rights related to their Personal Information.
- Right to access: You have the right to request access to your Personal Information held by us. Request is to be made in writing, electronically and information will be provided in a commonly used electronic format. Request will be handled within one month of receipt of the request, and free of charge with exception of where requests are manifestly unfounded or excessive, we hold the right to charge reasonably fee taking into account the administrative costs of providing that information.
- Right to rectification: You have the right to have Personal Information rectified if inaccurate or incomplete. Where the Personal Information in question has been disclosed to a third party, they will be made aware of the rectification where possible.
- Right to erasure: You have the right to request the deletion or removal of Personal Information in the following circumstances:
- Where the Personal Information is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When you withdraw consent.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- The Personal Information was unlawfully processed.
- The Personal Information has to be erased in order to comply with a legal obligation. This does not provide an absolute “Right to be forgotten”.
Where the Personal Information in question has been disclosed to a third party, we will inform them about the erasure of the Personal Information, unless it is impossible or involves disproportionate effort to do so. Personal Information will be erased by removal from our internal and cloud servers.
- Right to restrict processing: You have a right to “block” or suppress processing of Personal Information if you contest its accuracy; have objected to the processing; processing is unlawful and you oppose erasure; we no longer need the Personal Information but you require the data to establish, exercise or defend a legal claim. Where the Personal Information in question has been disclosed to a third party, we will inform them about the restriction on processing of the data, unless it is impossible or involves disproportionate effort to do so.
- Right to data portability: You have the right to obtain and reuse your Personal Information for your own purposes. Requests are to be made in writing, electronically, and will be handled within one month of receipt of the request.
- Right to object: You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. Requests will be dealt with by immediate effect with no right for refusal.
Should a data breach occur, we have complaint procedures in place to investigate and report the matter to the individual. In the event of a breach, it will be reported to you within 72 hours of discovery. A record of any breaches will be kept by us. For this reason, make sure that you have set the emails to go to your inbox and not to be filtered to a spam folder or other folder, so that you can see them easily.
If you wish to exercise any of these rights, please contact us. In your request, please make clear: (a) what Personal Information is concerned; and (b) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.
13. Californian Residents
This section applies to Californian residents and supplements the information contained in this Policy. It applies solely to all visitors, users, and others who reside in the State of California, the United States of America. We adopt this notice to comply with the California Consumer Privacy Act (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice. As a California resident, you have the rights listed below, however, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales. If we sell your Personal Information, you can opt-out. In addition, if you direct us not to sell your Personal Information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes. We share your Personal Information with third parties in the following circumstances, which California law classifies as a “sale” of your Personal Information:
- supplying your data to third parties with your express consent (e.g. where you opt in to receive third party marketing or where you have requested to be contacted by a third party);
- supplying your data to list brokers (but only where you have consented to be contacted by third parties);
- supplying attendee data to third parties who provide services in connection with our events, and sending your data to suppliers of certain products and services (where you have consented to hear from such third parties);
- like many companies, we use services that help deliver interest-based ads, content and services to you. California law classifies our use of these services as a “sale” of your Personal Information to the companies that provide the services. This is because we allow them to collect information from our website users (e.g., online identifiers and browsing activity) so they can help serve ads, content and services more likely to interest you.
- Minors. If we know that you are younger than 16 years old, we will ask for your permission (or if you are younger than 16 years old, your parent’s or guardian’s permission) to sell your Personal Information before we do so.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
You may exercise your California privacy rights by submitting a request form or emailing: email@example.com quoting ‘California Privacy Rights’ in the subject header.
We will need to confirm your identity and California residency to process your requests to exercise your information, access or deletion rights. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
To learn about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.
14. Opt Out Procedures
You can unsubscribe or opt-out of receiving marketing communications from the Services. This opt out messaging will appear at the bottom of every promotional email that is sent out. If you no longer wish to use our Services or receive any form of direct contact from us, whether it is email, discounts, newsletters, or other promotional offers or materials, contact us at: firstname.lastname@example.org. We will process opt-out requests within a reasonable period of time.
Please note that even if you opt-out of receiving marketing communication, we may continue to send you non-marketing emails and other types of communications, as permitted by law, such as response to your support requests, or service email relating to your account.
15. Changes To This Policy
16. Contact Us
We welcome your comments or questions about this Policy. You may contact us in writing at: email@example.com
Effective Date: 26 November 2020