Collection and Use of Personal Information
This refers to credit or debit card numbers, personal financial account information, governmental identification numbers, passport numbers, driver’s licence numbers or similar personal identifiers, racial or ethnic origin, physical or mental health condition or information, or other employment, financial or health information.
Personal information we collect
When You Visit our Website
You are free to explore our Website without providing any personal information about yourself. When you visit our Website, we collect Navigational Information and when you register for our Mobile Application, we request that you provide Personal Information about yourself to create a HeadUp Member Account and to populate your account.
When You Use our Mobile Application
We use mobile analytics software to allow us to better understand the functionality of our Mobile Application on your mobile device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. In addition to information we collect on our Website, when you use our Mobile Application we may also collect your city location, device model and version, device identifier (or “UDID”), OS version, and your HeadUp credentials and Member Account information.
We send push notifications from time to time in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
We may link information we store within the analytics software to Personal Information you submit within the Mobile Application. We do this to improve the product and content offering we provide and to improve our marketing, analytics and Mobile Application functionality.
Personal Information collected about you
In order for HeadUp to provide you with our services, We collect both anonymous and Personal Information about you. Personal Information constitutes data that can be used to identify or contact a single person. You are under no obligation to provide any Personal Information to HeadUp at any time.
Your HeadUp Member Account
The information added to your Member Account, either by your providing the information or when a Linked Service adds the information with your permission, is stored and managed on our Service Providers’ servers. This information is then used to provide you with analysis of your data and personalised insights and recommendations to facilitate greater understanding of your health. HeadUp provides the Member Account to our members for their own personal information needs, and we use it to meet HeadUp’s related needs.
- For the purposes of your use of the HeadUp Website or your Member Account, Personal Information includes, without being limited to, the following:
- Your contact information, including your first name and last name, phone number, email address, and contact preferences
- Information you provide about your health, fitness, mood, and related wellbeing activities
- Your gender, height, weight, age, and date of birth
- Linked Service data, such as physical activity, sleep, and heart rate from an external wearable device you link to the HeadUp Mobile Application
- Demographic data, such as your county, suburb, and city
- Additional information you may provide in the course of submitting queries to HeadUp or responding to HeadUp Mobile Application surveys, questionnaires, or other product / market research surveys HeadUp may send you from time to time
- Mobile Application tracking data, such as your device(s) identifiers and IP address
As a HeadUp Member, you are able to connect one or more smart devices, third party data sources or activity trackers to your Member Account. These devices and data sources track, among other things, your steps activity, sleep patterns, heart rate, and other health or related data, as well as self-entered data, such as your height, weight, and age, and calculated or inferred data such as BMI. From this information, HeadUp is able to calculate an overall wellbeing / health score for provided data points and analyse your sleep, activity, heart rate and other health-related patterns to provide you with insights into trends and comparisons against benchmarks.
You may be able to link your Member account to Social Media Sites (“SMS”) accounts such as your Facebook account when using HeadUp Services. By linking your SMS account with your HeadUp account, you permit us to access your information on that SMS. The information we collect from your SMS account may depend on your privacy settings with that SMS, which may enable you to control the information we collect via the SMS account by adjusting your privacy settings on that SMS. You can also de-link your SMS account from HeadUp at any time.
How we use your personal information
For the purposes of your use of the HeadUp Website or your Member Account, Personal Information includes the following:
Information you provide when you register an account with HeadUp
We receive certain information from you when you create a HeadUp account. To create an account, you have two options:
You can choose to create a new account directly by registering information about your name, date of birth, email address, and password. You may optionally choose to provide information about your height, weight, and gender, as well as upload a photo of yourself for your profile.
Login with 3rd party providers
You can choose to use Facebook, Google, Yahoo or Outlook/Hotmail to create an account. Through these methods, we collect information about your name, date of birth, email address and gender.
Information you provide when you use the application
When you use the HeadUp application you can choose to share certain information related to your health, settings and preferences, and lifestyle, which comprise:
- Your contact information, including your first name and last name, phone number, email address, and contact preferences. HeadUp uses this to personalise your app experience and to send you communications.
- Linked Service data, such as physical activity, sleep, and heart rate from an external wearable device you link to the HeadUp Mobile Application (see Linked Services below). HeadUp uses this data to provide you with your Dashboard ratings in the app.
- Demographic data, including your country, suburb, and postal code. HeadUp uses this data to provide relevant health-related insights based on your geographic location.
- Biometric information: you can choose to share your height, weight, hip circumference, and waist circumference. HeadUp uses this information to determine your BMI and body fat percentage.
- Information about your nutrition habits. You can choose to share information relating to your nutrition habits, such as the types of food you typically eat and your snacking habits. HeadUp uses this information to recommend ways of maintaining and / or improving your nutrition habits and behaviours.
- Information about your physical activity. You can choose to share information about your exercise and physical activity, such as information about the type of exercise you do. HeadUp uses this information to personalise insights based on the types of activities you typically perform.
- Information about the questionnaires that you complete. You can choose to respond to various questionnaires in the application, such as questionnaires related to emotional wellbeing and work environment. The results of these tests are based on the information you provide. HeadUp uses this information to allow you as a user to keep track of your test results and to personalise health insights based on your responses.
- Information about your vital signs. You can choose to share information related to your vital signs, such as your blood pressure, cholesterol, personal and family medical history, and diabetes status. HeadUp uses this information to allow you as a user to keep a record of your vital signs and record changes in these measurements over time, as well as to personalise health insights based on your responses.
- Information about how you use the application. To improve the user experience of the application, we also collect tracking information on how you use the Mobile Application, such as your device(s) identifier and IP address.
- Service information. Additional information you may provide in the course of submitting queries to HeadUp or responding to HeadUp Mobile Application surveys, questionnaires, or other product / market research surveys HeadUp may send you from time to time. This data is used to fulfil service requests for you and for research and development purposes.
- Daily mood: you can enter your mood and emotions in the app. HeadUp will use this information to provide a rating for your overall mood and send you Insights revealing correlations with other health markers you may choose to provide
We do not share Personal Information with unaffiliated Third Parties for their own marketing purposes, except that we may share Personal Information with select companies to jointly sponsor or offer products or services to you or conduct research and development.
We also use Personal Information to help us improve, develop, and support our Mobile Application and to inform potential new HeadUp product and service development and innovation, as well as for other internal purposes, such as research and data analysis.
We may use your personal information, including date of birth, to verify identity, assist with identification of users, and to meet legal requirements. For example, we may use date of birth to determine the age of HeadUp Account Members.
We may also use your Personal Information to create Anonymous Data records by first de-identifying your Personal Information, which means removing any information that would allow the remaining data to be linked back to you. We may use Anonymous Data for internal purposes, such as analysing overall health and Mobile Application usage patterns and preferences to improve our product. Subject to applicable laws and regulations, HeadUp reserves the right to disclose Anonymous Data at its sole discretion.
HeadUp may also combine Non-Personal Information (data which cannot be linked back to you) with Personal Information. In the event of combining this data, the combined information will be treated as Personal Information for as long as it remains combined.
Cookies and Other Technologies
HeadUp’s Website, Mobile Application, email messages, and Service Providers may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help HeadUp improve its understanding of Member Account behaviour and tell us which parts of our Website or Mobile Application people have visited and functionality that has been used and personalise and customise content, so that your settings are ‘remembered’ when you log in (for example, knowing your name enables HeadUp to personalise content to you). To the extent that Internet Protocol (IP) addresses or similar identifiers are considered Personal Information by local law, we treat these as Personal Information. As is true of most internet services, we also track some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, language settings, browser type Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.
If you wish to find out more about cookies and find out how to disable them, you can visit www.aboutcookies.org.uk/.
In some of our email messages, we use pixel tags to inform us whether an email has been opened or not. We may use this information to optimise or reduce future messages sent to customers.
Data Storage and Security of your Personal Information
We use a variety of security technologies and procedures to help protect your Personal Information from unauthorised access, use or disclosure and preserve the confidentiality, integrity and availability of your Personal Information. This includes the encryption of your Personal Information in transit via Transport Layer Security (TLS) and at rest, salting and hashing of all passwords, and a range of information security and data privacy policies and procedures within the HeadUp organisation which all relevant staff and contractors must follow. To ensure your Personal Information is secure, we communicate our privacy and security guidelines to all HeadUp employees and contractors and strictly enforce information security and privacy safeguards within the organisation.
We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When your personal data is stored by HeadUp, we use secure third party computer systems with limited access housed in facilities using physical security measures. Personal Information and data uploaded to HeadUp is stored in a secure data centre in the Netherlands operated by our third-party cloud hosting provider, Microsoft Azure (“Azure”).
Disclosure to Third Parties
HeadUp may make certain Personal Information available to Third Parties to enable us to provide you with the Mobile Application or to provide ongoing support or to help HeadUp market to customers or for research purposes. Where HeadUp needs to share your Personal Information with a Third Party, the information we disclose will be limited to the minimum amount necessary to ensure the quality and provision of the services HeadUp provides you. We do not sell or rent your Personal Information to Third Parties.
HeadUp shares Personal Information with designated Third Parties that provide services such as managing Member data, providing customer service, conducting product, research or satisfaction surveys, and sending email to you. These companies are required to protect your Personal Information and may be located wherever HeadUp operates.
Government entities, Agents / Contractors, and Others
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for HeadUp to disclose your Personal Information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate under warrant or subpoena.
Our policy is to notify you of legal processes seeking access to your information, such as search warrants, court orders, and / or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganisation, merger, or sale we may transfer any and all personal information we collect to the relevant third party.
In some instances, HeadUp may disclose your Personal Information with agents or contractors that work on HeadUp’s behalf to assist HeadUp in providing and supporting the services offered. This may include analysing your data or helping HeadUp to communicate important information to you.
Automated Decision-Making and Profiling
HeadUp does not take any decisions involving the use of algorithms or profiling that significantly affects you.
Retention of your Personal Information
Access to, and deletion of, your Personal Information
For any Personal Information we hold, we will provide you upon request with access to your Personal Information in a standard format for any purpose, except where identified by local laws. HeadUp provides the ability for Members to edit or delete your information from our records and access and correct data via the Mobile Application itself or via submitting a request to firstname.lastname@example.org where the Mobile Application functionality is not available. You can also submit a deletion request to email@example.com to request the deletion of your data from our system, which will result in the permanent and irreversible de-identification of your Personal Information. We will respond to your request within a reasonable timeframe.
Correction and updating of your Personal Information
You have the right to be able to update or correct any Personal Information HeadUp holds. You can correct or update the information HeadUp holds by modifying it directly within Mobile Application. If you are unable to directly correct or update the information in the Mobile Application, you may contact firstname.lastname@example.org to request HeadUp to update or correct the information for you. We will respond to your request within a reasonable timeframe.
Data breach notification:
In case of an actual or suspected personal data breach, HeadUp will fulfil its obligations to notify of data and / or security breaches without undue delay, including managing the end-to-end process from the recognition of a breach up to notifying you as a user.
HeadUp has put in place appropriate procedures to deal with any personal data breach and will notify the supervisory authority and / or data subjects where we are legally required to do so. In the event of a data breach, HeadUp will notify the supervisory authority and the affected individuals without undue delay and within 72 hours of becoming aware of the situation.
If you know or suspect that your personal data may have been breached or otherwise compromised, or a personal data breach has occurred, please contact us at email@example.com to report it and obtain advice, and take all appropriate steps to preserve evidence relating to the breach.
Children’s Online Privacy Protection Rule (“COPPA”) and Protecting Children
HeadUp does not permit individuals under the age of 18 to create a Member Account or to use the HeadUp Mobile Application.
Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at firstname.lastname@example.org.
CALIFORNIA PRIVACY DISCLOSURES (“CCPA”)
If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act (“CCPA”).
HOW TO EXERCISE YOUR LEGAL RIGHTS
You have the right to understand how we collect, use, and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights using your account settings and tools as described in the Access to, and deletion of, your Personal Information section, for example:
- By logging into your account and using your account settings, you may exercise your right to access your personal information and to understand how we collect, use, and disclose it.
- You may also contact email@example.com to exercise your right to delete personal information.
If you require further assistance regarding your rights, please contact our Data Protection Officer at firstname.lastname@example.org, and we will consider your request in accordance with applicable laws.
CATEGORIES OF INFORMATION WE COLLECT, USE, AND DISCLOSE FOR BUSINESS PURPOSES
As described in the Personal Information We Collect section, we collect the categories of personal information listed below. We receive this information from you, your device, your use of the Services, linked services, and as otherwise described in this policy. We use and disclose these categories of information for the business purposes described in the How we use your personal information and Disclosure to Third Parties sections. The categories are:
- Identifiers, like your name, email address, IP address, device ID, and other similar identifiers.
- Demographic information, such as your gender, age, health information, and physical characteristics or description, which may be protected by law.
- Commercial information, including your payment information and records of the products or services you purchased, obtained, or considered (for example, if you added them to your shopping cart on the HeadUp online store but did not purchase them).
- Biometric information, such as your exercise, activity, sleep, or health data, including the number of steps you take, weight, heart rate, sleep stages, active minutes, female health data, and any similar information to which you grant us access from another service.
- Internet or other electronic network activity information, such as the usage data we receive when you access or use our Services. This includes information about your interactions with the Services and about the devices you use to access the Services.
- Electronic, visual, or similar information, such as your profile photo.
- Other information that you provide, including account information such as health and lifestyle survey information or country; and information recorded by your device which may vary depending on the device you use.
- Inferences drawn from any of the above, including the number of calories you burned, distance you travelled, sleep insights, and personalised health and activity goals.
We never sell the personal information of our users.
Addressing your Privacy Questions
The Data Protection Officer
HeadUp Global Pty Ltd
PO Box 913, South Melbourne, VIC, 3205