1.1 This policy sets out how Thrivor Pty Ltd ABN 84 611 522 144 (we, us or our) collects, uses, manages, and stores personal information in connection with our Thrivor web & mobile system (Thrivor).
1.2 In this Policy:
(a) Patient means an individual who so registers with Thrivor as a person who is diagnosed with cancer, serious condition or a chronic disease;
(b) personal information means any information or opinion about a natural person (whether or not true) which is reasonably identifiable;
(c) health information has the meaning given in section 6FA of the Privacy Act 1988, and may include (without limitation) information on the diagnosis and treatment of a Patient's cancer, including information regarding the Patient’s experiences, symptoms, appointments and the like;
(d) Primary Carer means an individual authorised by the Patient in Thrivor to have enhanced access to the Patient's information, including the ability to alter that information, and the ability within Thrivor to lodge jobs and act on the Patient's behalf;
(e) sensitive information means information about an individual’s race, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preference, criminal record, or health, genetic or biometric information;
(f) Support Crew means an individual who so registers with Thrivor as a person caring or otherwise supporting a Patient;
(g) “you” and “your” means a user of Thrivor whose personal information we have knowingly collected.
2. The personal information we collect
2.1 We may collect personal information, including health information and other sensitive information, about you, the Patient, from:
(a) you to the extent that you, or any person who has access to your Thrivor account, may upload that information into Thrivor as a Patient; or
(b) third parties who have been nominated to receive access to a Patient's Thrivor account in the capacity as a Carer.
2.2 We will not collect health information, or other sensitive information, about an individual unless that individual has provided consent, whether directly or by a person who ostensibly has authority to give consent, to our collection of that personal information.
2.3 We may otherwise collect personal information that is not sensitive information about an individual such as:
(a) general information: such as an individual’s name, location, date of birth, nationality, family details;
(b) contact information: such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
(c) financial information: such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
(d) usage information: such as information about an individual's dealings with features and functionality of, and within, the Thrivor app;
(e) publicly available information: information available from publicly available sources, including any information available on social media accounts you use (subject to privacy settings on those accounts) that you have authorised to interact with Thrivor;
(f) submitted information: such as any other personal information that an individual provides us, or that is provided to us by others about the individual’s activities (for example, referees you nominate in a job submission).
2.4 If you do not wish for your personal information to be collected in a way anticipated by our Policy, we will use reasonable endeavours to accommodate your request. If we do comply with your request, or if you provide us with inaccurate or incorrect information, we may not have sufficient information to:
(a) allow you to continue to receive the Thrivor service or maintain an account or profile in Thrivor;
(b) perform the services, namely provide the intended experience and benefit of Thrivor;
(c) keep you informed of updates and service information;
(d) properly conduct our operations;
(e) consider your application for employment with us; or
(f) respond to your inquiry or request.
3. How personal information is collected
3.1 We will only collect health information and other sensitive information from you, from any other person who has your apparent authority, and as otherwise permitted by law.
3.2 Most information will be collected in association with an individual’s use of Thrivor, an enquiry about Thrivor, or generally dealing with us. However we may also receive personal information (other than sensitive information) from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners.
3.3 In particular, information is likely to be collected as follows:
(a) Using Thrivor. When an individual (or a person who has access to the invididual's Thrivor account) enters personal information into Thrivor for any reason.
(b) Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction.
(c) Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us.
(d) Supply. When an individual supplies us with goods or services.
(e) Contact. When an individual contacts us in any way.
(f) Access. When an individual accesses us physically, we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
(g) Web Beacons. Web beacons (such as pixel tags) enable us to send email messages in a format recipients can read and report to us whether mail has been opened.
3.4 Where we obtain personal information in an unsolicited manner, we will either delete/destroy the information unless we may otherwise have been able to collect the information had we solicited that information.
3.5 To the extent within our control, uses client-side, transmission, and server-side encryption for all electronic exchanges of personal information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
3.6 We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s personal information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
3.7 If, at any time, an individual provides personal information or other information about someone other than himself or herself, the individual warrants that:
(a) with respect to personal information about a child, they are that child’s “responsible person” as defined in the Privacy Act (namely a parent or guardian); and/or
(b) they have that person’s consent to provide such information for the purpose specified.
4. Purpose of collection, use and disclosure of personal information
4.1 Thrivor is intended to be used by Patients, Primary Carers and their Support Crew. The primary purpose of Thrivor is to allow:
(a) a user (Patient) to record, and disclose to those authorised by the Patient as Support Crew or Primary Carers, and to the extent so authorised by the Patient, information on the diagnosis and treatment of the Patient's cancer, including experiences, symptoms, appointments and the like;
(b) users to communicate with other users to the extent enabled by Thrivor's functionality;
(c) Patients to create appointments;
(d) users to connect and share information within their Support Crew or with the wider Thrivor community if they so choose.
(e) users to receive invitations to, and agree to, volunteer to take part in medical research studies conducted by research organisations
(f) share information via social media; and
(g) access such other information and features, as we may make available via Thrivor from time-to-time in accordance with the Thrivor Terms of Service.
4.2 In general, the primary principle is that we will not use any personal information other than for the purpose for which it was collected, except with the individual’s permission or as otherwise permitted by law. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
4.3 We will retain personal information for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law.
4.4 Except to the extent foreshadowed under this Policy, we will not disclose or sell an individual’s personal information to unrelated third parties under any circumstances.
4.5 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
(a) The provision of goods and services between an individual and us;
(b) Verifying an individual’s identity;
(c) Communicating with an individual about:
(i) Their relationship with us;
(ii) Our goods and services;
(iii) Our own marketing and promotions to customers and prospects;
(iv) Competitions, surveys and questionnaires;
(v) Research studies;
(vi) Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
(vii) As required or permitted by any law (including the Privacy Act).
4.6 There are some circumstances in which we may disclose an individual’s information:
(a) As part of a sale (or proposed sale) of all or part of our business;
(b) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity of which a governmental authority should be made aware; and/or
(c) As required or permitted by any law (including the Privacy Act).
4.7 We will not disclose an individual’s personal information to any entity outside of Australia except that personal information, to the extent permitted by the individual by way of Thrivor's privacy settings, may be visible to other users of Thrivor who are situated overseas.
4.8 If an individual suspects any misuse or loss of, or unauthorised access to, their personal information, they should let us know immediately.
4.9 We are not liable for any loss, damage or claim arising out of another person’s use of the personal information where we were authorised to provide that person with the personal information.
5. How to access and/or update person information
5.1 We will use reasonable steps to ensure the personal information we hold is complete, up to date and accurate, so far as it is practicable for us to do so.
5.2 You may request access to the personal information we hold about you by contacting our Privacy Officer. We may, at our discretion, provide you with access to your personal information and we reserve the right to charge you an inexcessive fee for giving access.
5.3 Subject to paragraph 5.4, if personal information we hold about you is incorrect, we will, on your request to correct it or where we are satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading, take such steps as are reasonable in the circumstances to ensure that the information is corrected.
5.4 If you request us to correct personal information that we hold about you and we refuse to do so, we will, to the extent reasonable, provide you a written response as to our reasons.
6. Complaints and disputes
6.1 If an individual has a complaint about our handling of their personal information, they should address their complaint in writing to the details below.
6.2 If we have a dispute regarding an individual’s personal information, we both must first attempt to resolve the issue directly between us.
6.3 If we become aware of any unauthorised access to an individual’s personal information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
7. Contacting individuals
7.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, and does not amount to direct marketing, they may not opt out of receiving these communications.
8. Contacting us
8.1 All correspondence with regards to privacy should be addressed to:
Thrivor Pty Ltd
580 Church St Richmond
9. Additions to this policy