Growth Pursuit Consulting Pty Ltd
Website and App Privacy Policy

1. Introduction

1.1 This Privacy Policy relates to the Compassionate Parent website, privacy@thecompassionateparent.com.au and mobile phone application (together the App) operated by Growth Pursuit Consulting Pty Ltd (ACN 630 096 034) (we, us, our).

1.2 A reference to you, your or user is a reference to someone who has accessed the App.

1.3 We care about how your information is used and shared. We take protecting your privacy very seriously.

1.4 This Privacy Policy covers our treatment of personally identifiable information (Personal Information) gathered when you are accessing or using the App. This Privacy Policy does not apply to the practices of companies or institutions, we do not own or control, or to individuals we do not employ or manage.

2. What is this Privacy Policy about?

2.1 This Privacy Policy explains the key measures we have taken to implement the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

2.2 By using the App in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy. You hereby consent to collecting, use, and sharing of your information as described in this Privacy Policy.

2.3 We endorse fair information handling practices and uses of information in compliance with our obligations under the privacy laws in force in Australia from time to time.

2.4 We will treat all Personal Information in a manner consistent with this Policy unless you have provided your express consent otherwise.

3. Collection of Personal Information

3.1 We do not collect any Personal Information from users.

3.2 The App may however automatically receive technical information relating to your usage of the App such as your operating system, device, features used, content viewed and downloaded, the dates and times of your interactions with the App and other information. The user hereby consents to use of this information to understand, customise and improve user experience with the App. For example, we may engage analytics services to analyse this information in order to help us understand how visitors engage with and navigate the App, how and when features within the App are used and by how many users.

3.3 The collection and analysis of the data referred to in clause 3.2 above may be outsourced to a third-party contractor that operates on our behalf. We will ensure that any such third-party treats all Personal Information in accordance with this Privacy Policy and Australian law.

4. Use of Personal Information

4.1 We collect Personal Information for:
a) replying to correspondence from users;
b) processing orders and sending information and updates pertaining to orders to users;
c) advertising products or services being offered by us or any of our related companies or business partners; and
d) notifying users of updates of the App and this Privacy Policy.

4.2 When we use Personal Information to send you a commercial electronic message, we will:
a) always identify who has sent you the message;
b) never use false or misleading subjects or email addresses;
c) allow users to unsubscribe; and
d) honour opt-out/unsubscribe requests within five business days.

4.3 We may also use Personal Information we collect for related purposes such as:
a) to record information about a user’s usage, preferences and behaviour, as well as any feedback provided by users;
b) to perform statistical analyses of user behaviour;
c) to optimise marketing activities, user experience, and content;
d) protecting individuals and users from fraud; and
e) any other use for which we obtain express permission from you.

4.4 We do not pass on any Personal Information to a third party except in accordance with this Privacy Policy.

5. Disclosure of Personal Information

5.1 Access to Personal Information by our employees, subcontractors, suppliers and affiliates is governed by any agreements we may have in place with those parties and those parties’ obligations under the Privacy Act, General Data Protection Regulation (EU) 2016/679 (GDPR) and any other relevant law. Our agreements with employees, subcontractors, suppliers and affiliates require those parties to comply with these laws.

5.2 When sharing your Personal Information with service providers, we may be sharing this information outside Australia such as to the United States and other countries.

6. Confidentiality and data security

6.1 Our servers are hosted in Australia. We take all reasonable steps to manage data stored on our servers to ensure data security and to prevent the loss, misuse or alteration of Personal Information. Notwithstanding the above, we are not responsible for any third-party access to Personal Information as a result of:
a) interception while it is in transit over the internet;
b) spyware or viruses on the device (such as a computer or phone) from which you access the Site; or
c) as a result of your failure to adequately protect their user name or password (if applicable).

6.2 We are also not responsible for any losses, expenses, damages and costs, including legal fees or virtual currency in the App, resulting from such third-party access.

6.3 If we have reasonable grounds to believe that your Personal Information may be subject to unauthorised access or disclosure (eligible data breach), we will investigate and assess the suspected eligible data breach to determine whether the eligible data breach is likely to result in serious harm to you (Notifiable Data Breach). If a Notifiable Data Breach occurs, then we will notify you and the Australian Information Commissioner as soon as practicable after we become aware of the Notifiable Data Breach in accordance with our obligations under the Privacy Act 1988. We will comply in every way with our obligations under Part IIIC – “notification of eligible data breaches” of the Act.

6.4 Any information collected through the App will be sent to a secure Postgres database stored in a data centre. Your user data is tied to a unique user ID (UUID).

6.5 User passwords will be encrypted in the user database table using a hash. Data is sent to the App via a REST API that is secured using an SSL https connection.

6.6 All data is coded; accordingly, it will not be readily identifiable.

6.7 Access to the App on your smartphone is protected by your password you selected after you downloaded the App.

6.8 You should take all necessary steps to prevent unauthorised access to your account and Personal Information by protecting your ID and pass code and limiting access to your smartphone.

7. Retention and Disposal of Personal Information

7.1 We will retain your Personal Information for as long as is required to provide you with our services or assist you with your query and to comply with legal requirements.

7.2 If we no longer require Personal Information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or permanently de-identify the Personal Information.

8. Changing or deleting personal information

8.1 Through the App, you may access, edit or delete information you have provided to us. You may stop all collection of information by the App at any time by uninstalling the App.

8.2 You can access the Personal Information held about you at any time by contacting our Privacy Officer at privacy@compassionateparent.com.au.

8.3 We will always endeavour to meet requests for access. However, in some circumstances we may decline a request for access. This includes the following circumstances:
a) we no longer hold or use the Personal Information;
b) providing access would have an unreasonable impact on the privacy of other persons;
c) the request is frivolous or vexatious;
d) the Personal Information relates to existing or anticipated legal proceedings and would not normally be disclosed as part of those proceedings;
e) providing access would be unlawful;
f) providing access would be likely to prejudice the detection, prevention, investigation and prosecution of possible unlawful activity; and
g) the Personal Information would reveal other user’s commercially sensitive information.

8.4 If we decline a request for access, we will provide reasons for our decision when we respond to the request.

8.5 We reserve the right to charge you a reasonable fee for access to your Personal Information. These charges will be limited to the cost of recouping our expenses for providing you with your Personal Information, such as document retrieval, photocopying, labour and delivery.

8.6 We will take reasonable steps to ensure that Personal Information is accurate, complete and up to date at the time of collecting the Personal Information from you or during other interactions with you.

8.7 If you believe that any Personal Information, we hold about you is inaccurate, incomplete or out-of-date, you may contact our Privacy Officer.

8.8 We will do our best to correct any Personal Information that is inaccurate, incomplete or out-of-date or dispose of it in accordance with this Privacy Policy.

8.9 Despite anything contained in this Privacy Policy to the contrary, if the Freedom of Information Act 1982 (Cth) applies to your request for Personal Information, the access and correction requirements in the Privacy Act 1988 (Cth) operate alongside and do not replace other informal or legal procedures by which you can be provided access to, or correction of, your Personal Information.

8.10 Despite anything contained in this Privacy Policy to the contrary, this Privacy Policy will not limit any rights you may have under the GDPR regarding the access, correction or transfer of their Personal Information, if you are located in a jurisdiction where the GDPR applies.

9. Contact Information and Changes to Privacy Policy

9.1 If you have any further queries relating to this Privacy Policy, please contact us at privacy@compassionateparent.com.au. If we become aware of any ongoing concerns or problems with your Personal Information, we will take these issues seriously and work to address these concerns.

9.2 If you have a complaint in relation to the way we have handled your Personal Information, your complaint should be made in writing to privacy@compassionateparent.com.au in the first instance. We will investigate the complaint and prepare a response to you in writing within a reasonable period of time.

9.3 If you are located in a jurisdiction where the GDPR applies, you may have the right to request that we help you move your Personal Information to other companies or organisations where this is technically feasible provided that the Personal Information was collected by automatic means. If you would like to make such a request, you should contact privacy@compassionateparent.com.au. If we are required to do so at law, we will take reasonable steps to process your request.

9.4 From time to time, our policies will be reviewed and may be revised. We reserve the right to change this Privacy Policy at any time.

This Privacy Policy was last updated in June 2019.