Privacy Policy
Introduction
This Policy is issued by Converge International Pty Ltd ABN 12 113 688 627. In this Policy, the expressions ‘we’, ‘us’, ‘our’ and ‘Converge’ means Converge International Pty Ltd and our subsidiary companies.
This Policy was last updated on 29 May 2023.
We are committed to respecting your privacy and wish to ensure that you are not only aware of our Privacy Policy but provide your informed permission for us to collect, use and disclose your personal information for the purpose of us providing you with health information, assessments, or other products or services.
In addition to this Privacy Policy, we provide additional data and privacy information embedded in our Converge Mobile Application (Mobile App) and Website online booking system for certain features that ask to use or collect your personal information.
Your personal information is important to us
Converge recognises that your privacy is very important to you and that you have a right to control your personal information. We know that providing personal information is an act of trust and we take that seriously. Unless you give us explicit consent to act otherwise, the following policy will govern how we handle your personal information and safeguard your privacy. Converge is committed to protecting your personal information and giving you a choice in who can use your personal information and how it can be used.
Collecting personal information about you
WHEN YOU USE OUR SERVICES
If you are referred to Converge for any of the following services, we collect personal information about you to help us plan and deliver a high-quality service:
- Employee assistance program
- Management consulting
- Psychometric assessments
At the outset, we collect information from you directly that is reasonably necessary for us to plan and deliver a high-quality service. This may include your name, address, contact details and information relevant to the purpose of providing the services or information, and sensitive information about you including your gender, date of birth, health, ethnic group which are relevant for the proper provision of the high-quality service we deliver. If necessary information is not provided, we will be unable to ensure the successful implementation of the requested service.
Once you are a client, some information about you is recorded in paper files that we store securely. We also keep summary information about you electronically on our database. This electronic information is only used to assist us to plan and provide services to you as well as to assist with administration activities such as file allocation, quality management and invoicing. Individuals accessing services under an employee assistance program are electronically registered as numbers to ensure anonymity for invoicing purposes.
WHEN YOU USE OUR WEBSITE AND/OR MOBILE APP
We will also collect personal information about you if you install and create an account on our Mobile App and/or create an account on the Converge website online booking system.
When you use the Website and/or Mobile App you can choose to share certain information related to your health, settings and preferences, and lifestyle, which comprise:
- Your contact information, including your first name and last name, phone number, email address, and contact preferences.
- Linked Service data, such as physical activity, sleep, and heart rate from an external wearable device you link to the Mobile Application (see Linked Services below).
- Demographic data, including your country, suburb, and postal code.
- Biometric information: you can choose to share your height, weight, hip circumference, and waist circumference.
- Information about your nutrition habits relating to your nutrition habits, such as the types of food you typically eat and your snacking habits.
- Information about your physical activity such as information about the type of exercise you do.
- Information about the questionnaires that you complete in the Mobile App, such as questionnaires related to emotional wellbeing and work environment.
- Information about your vital signs such as your blood pressure, cholesterol, personal and family medical history, and diabetes status.
- Daily mood: you can enter your mood and emotions in the app.
- Information about how you use the application.
We use mobile analytics software to allow us to better understand the functionality of our Mobile App on your mobile device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. When you use our Mobile App we may also collect your city location, device model and version, device identifier (or “UDID”), OS version, and your Converge credentials and Member Account information.
USING YOUR PERSONAL INFORMATION
We collect, hold and use your personal information so that we can:
A. verify your identity;
B. provide you (or your employer organization, if they have a contract with us) with information, products and services, and manage our relationship with you (or your employer organization). Information provided to your employer organisation shall be de-identified to protect your privacy;
C. contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;
D. improve, develop, and support our Mobile App and to inform potential new product and service development and innovation, as well as for other internal purposes, such as research and data analysis; and
E. comply with our legal obligations and assist government and law enforcement agencies or regulators.
We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.
In addition, when you use the Website and/or Mobile App:
- We may link information we store within the analytics software to personal information you submit within the Mobile App.
- The information added to your Member Account, either by you providing the information or when a Linked Service adds the information with your permission, is stored and managed on our Service Providers’ servers.
For the purposes of your use of your Member Account, personal information includes:
- Your contact information, including your first name and last name, phone number, email address, and contact preferences.
- Information you provide about your health, fitness, mood, and related wellbeing activities.
- Your gender, height, weight, age, and date of birth.
- Linked Service data, such as physical activity, sleep, and heart rate from an external wearable device you link to the Mobile App.
- Demographic data, such as your country, suburb, and city.
- Additional information you may provide when submitting queries to us or responding to Mobile App surveys, questionnaires, or other product / market research surveys we may send you from time to time.
- Mobile App tracking data, such as your device(s) identifiers and IP address.
We may also use your personal information to create Anonymous Data records by first de-identifying your personal information, which means removing any information that would allow the remaining data to be linked back to you. We may use Anonymous Data for internal purposes, such as analysing overall health and Mobile App usage patterns and preferences to improve our products and services. Subject to applicable laws and regulations, we reserve the right to use and disclose Anonymous Data at our sole discretion.
We may also combine Non-Personal Information (data which cannot be linked back to you) with personal information. In the event of combining this data, the combined information will be treated as personal information for as long as it remains combined.
LINKED SERVICES
When you use the Mobile App and become a user of the Converge Mobile App, you can connect one or more smart devices, third party data sources or activity trackers to your Member Account. These devices and data sources track, among other things, your steps activity, sleep patterns, heart rate, and other health or related data, as well as self-entered data, such as your height, weight, and age, and calculated or inferred data such as BMI.
We will not link your device or third party data source data with the Mobile App without your explicit and informed consent to do so. You may withdraw your consent at any time by contacting us and providing notice that you wish to withdraw your consent to this Privacy Policy or you may revoke permissions for the Mobile App from within your device or data source settings.
Activity tracking, smart device manufacturers or third party data sources have their own specific privacy policies available, which outline what data the device or software collects. We urge you to review the corresponding privacy policy for your device or third party data source to know what specific data points your device or third party data source collects about you.
COOKIES AND OTHER TECHNOLOGIES
Our Website, Mobile App, email messages, and Service Providers may use “cookies” and other technologies such as pixel tags and web beacons, so that your settings are ‘remembered’ when you log in (for example, knowing your name enables us to personalise content to you).
To the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we treat these as personal information. As is true of most internet services, we also track some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, language settings, browser type Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.
If you wish to find out more about cookies and find out how to disable them, you can visit www.aboutcookies.org.uk.
STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
We store most personal information about you in computer systems and databases operated by either us or our external service providers (including our hosting provider, Microsoft Azure). Some personal information about you is recorded in paper files that we store securely.
We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
These processes and systems include:
- the use of identity and access management technologies to control access to systems on which information is processed and stored;
- the encryption of your personal information in transit via Transport Layer Security (TLS) and at rest;
- requiring all employees to comply with internal information security policies and keep information secure;
- requiring all employees to complete training about information security; and
- monitoring and regularly reviewing our practise against our own policies and against industry best practice.
WHO DO WE DISCLOSE YOUR PERSONAL INFORMATION TO?
We may disclose personal information for the purposes described in this Policy to:
- our employees and related bodies corporate;
- third party suppliers and service providers (including providers for the operation of our website and/or our business or in connection with providing our products and services to you);
- our existing or potential agents, business partners or professional advisors;
- another health service provider – if you request that this occur.
We only disclose, or share your personal information with third parties where indicated in this Privacy Policy, or with your consent, or as required or authorized by law.
Where we are permitted to disclose your personal information to other third parties, we will take reasonable steps to make sure such third parties will not breach the Privacy Act 1988 (Cth) and applicable privacy laws in their jurisdiction.
OVERSEAS DISCLOSURE
Some of the third parties noted above may be outside Australia.
DATA QUALITY
Converge will take reasonable steps to ensure that personal information it collects, uses or discloses is accurate, complete and up to date.
RETENTION OF YOUR PERSONAL INFORMATION
We retain your personal information only for the period necessary to fulfil the purposes set out in this Privacy Policy. When assessing the retention periods for any personal information we collect, we review our need to collect personal information at all and, subject to establishing a relevant need, only retain it for the shortest period possible to realise the purpose of collection, unless a longer retention period is required by law.
ACCESS TO INFORMATION COLLECTED
Converge has a procedure in place that allows you to have access to personal information that is collected about you. To gain access to this information, simply contact our Privacy Officer. You will need to complete a Release of Information Request Form. However, there are limited circumstances in which access to an individual’s personal information will be allowed. If access to information is denied, Converge will provide reasons for the denial. All requests for access will be acknowledged within 14 days. Access to any information requested will take place within 30 days.
Please note Converge may impose a charge for providing access to information where copying or additional administration is required.
CORRECTION OF INFORMATION
Converge endeavours to ensure that all information is accurate and kept up to date. Therefore, you are encouraged to telephone or write to Converge International to advise us of any change in your personal circumstances.
MANDATORY NOTIFIABLE DATA BREACHES
In case of an actual or suspected personal data breach, we will fulfil our legal obligations to notify of data and / or security breaches without undue delay, including managing the end-to-end process from the recognition of a breach up to notifying you as a user.
We have put in place appropriate procedures to deal with any personal data breach and will notify the supervisory authority and / or data subjects where we are legally required to do so. In the event of a data breach, we will notify the supervisory authority and the affected individuals without undue delay and within 72 hours of becoming aware of the situation.
If you know or suspect that your personal information may have been breached or otherwise compromised, or a personal data breach has occurred, please contact us at privacy@convergeintl.com.au to report it and obtain advice, and take all appropriate steps to preserve evidence relating to the breach.
WHAT TO DO
If Converge becomes aware of any ongoing concerns or problems you may have, we will take these matters seriously and work to address these concerns. If you have further queries relating to our Privacy Policy, or you have a problem or complaint please contact the Privacy Officer at: Post: Privacy Officer, Converge International, Level 16, 180 Lonsdale St, Melbourne, Victoria, 3000
Email: privacy@convergeintl.com.au
Phone: 1300 687 327
FUTURE CHANGES
From time to time, our policies will be reviewed and may be revised. Converge reserves the right to change its privacy policy at any time. If you would like to access prior versions of this Policy, please contact privacy@convergeintl.com.au.
FURTHER INFORMATION ON PRIVACY
For more information, you may approach an independent advisor or contact the Office of the Australian Information Commissioner www.oaic.gov.au for more information.
## Additional Terms for USA users
### *United States Children’s Online Privacy Protection Rule (“COPPA”) and Protecting Children*
We do not permit individuals under the age of 18 to create a Member Account or to use the Mobile App.
Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at privacy@convergeintl.com.au.
### *California Privacy Disclosures (“CCPA”)*
If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act (“CCPA”).
HOW TO EXERCISE YOUR LEGAL RIGHTS
You have the right to understand how we collect, use, and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights using your account settings and tools as described in the Access to, and deletion of, your Personal Information section, for example:
- By logging into your account and using your account settings, you may exercise your right to access your personal information and to understand how we collect, use, and disclose it.
- You may also contact privacy@convergeintl.com.au to exercise your right to delete personal information.
If you require further assistance regarding your rights, please contact our Privacy Officer at privacy@convergeintl.com.au, and we will consider your request in accordance with applicable laws.
CATEGORIES OF INFORMATION WE COLLECT, USE, AND DISCLOSE FOR BUSINESS PURPOSES
As described in the Personal Information “We Collect” section, we collect the categories of personal information listed below. We receive this information from you, your device, your use of the Services, linked services, and as otherwise described in this policy. We use and disclose these categories of information for the business purposes described in the “How we use your personal information” and “Disclosure to Third Parties sections”. The categories are:
- Identifiers, like your name, email address, IP address, device ID, and other similar identifiers.
- Demographic information, such as your gender, age, health information, and physical characteristics or description.
- Commercial information, including your payment information and records of the products or services you purchased, obtained, or considered.
- Biometric information, such as your exercise, activity, sleep, or health data, including the number of steps you take, weight, heart rate, sleep stages, active minutes, female health data, and any similar information to which you grant us access from another service.
- Internet or other electronic network activity information, such as the usage data we receive when you access or use our Services.
- Electronic, visual, or similar information, such as your profile photo.
- Other information that you provide, including account information such as health and lifestyle survey information or country; and information recorded by your device which may vary depending on the device you use.
- Inferences drawn from any of the above, including the number of calories you burned, distance you travelled, sleep insights, and personalised health and activity goals.