Last updated: 1 May 2023
- our website, located at www.creativethinkinginstitute.com (Website);
- our health platform is known as "Regenemm" (Platform); and
- our other products and services.
CTI provides access to the Platform, which facilitates assessment and recommendations to improve a user's work and live performance. A performance score is derived by taking a combination of physiological and psychological inputs from a user, and recommended work-based and personal strategies are provided to lower individuals' stress levels and attempt to offset adverse stress responses. The data will be aggregated and analysed with algorithms and machine-based learning to identify patterns or trends and improve specific recommendations for stress reduction and maximised performance.
We are bound to comply with the following privacy laws:
- if you are located in Australia, the Australian Privacy Principles in the Privacy Act 1988 (Cth) (PA);
- if you are located in the European Union, Lichtenstein, Norway or Iceland, the EU General Data Protection Regulation (GDPR); and
- if you are in the United States of America, provide us with personal health information, the Health Insurance Portability and Accountability Act (HIPAA). Please view our Notice of Privacy Practices for further information about our privacy practices when the HIPAA applies.
We have adopted internal policies and procedures to ensure that the personal information we collect, store, use and disclose is dealt with by the PA, GDPR and HIPAA.
If we change the terms of this Policy, we will display the changes on the Website and Platform or otherwise notify you in writing.
What personal information do we collect?
CTI may collect information that identifies you as an individual or relates to an identifiable individual (known as "personal information") for the following reasons:
- To provide the Website, Platform, and our other products and services (collectively, Our Products and Services), to you;
- When you have enquired about Our Products and Services or otherwise communicated with us in person, in writing or by telephone;
- Where you are interacting with our Website through the use of browser "cookies" or trackers; and
- in other situations where we collect personal information that is reasonably necessary for the proper supply of Our Products and Services.
The types of personal information we collect about you depend on your relationship with us and the nature of your interaction with us. However, in general, CTI may collect the following types of personal information:
- name, addresses, email addresses, contact phone numbers;
- biometric, psychometric and health history information (via using the Platform);
- analytics details to identify trends, usage and activity patterns within the Platform, such as how you are interacting with the Platform and the version of the Platform you are running on your device; and
- other personal information that you may voluntarily provide in communicating with us.
You have the option of not providing any personal information that we request or using a pseudonym. If this occurs, we may not be able to provide Our Products and Services, provide you with specific details or correspond with you.
Do we collect sensitive information?
We may also collect sensitive information from you, including personal data about a person's physical or mental health, your medical symptoms or diagnosis and treatments, or genetic or biometric information. We collect sensitive information only where reasonably necessary to provide Our Products and Services to you or to provide one or more of our functions or activities.
Where it is practicable, we will seek your consent before collecting your sensitive information for the abovementioned purposes. Your consent to collect sensitive information may be implied in the circumstances.
How will we use your personal information?
If you supply your personal information to us, we may collect and hold that information:
- for our usual business purposes,
- To fulfil our legal obligations and, as otherwise necessary,y to provide Our Products and Services, including the Platform and its functionality;
- to provide you with insights and recommendations on your health and performance within the Platform;
- inform you of any updates to the Platform or changes to the Policy;
- for another secondary purpose,s you might reasonably expect us to use your personal information in connection with the primary purposes listed above.
We may share information original personal information we collected from you (including your biometric, psychometric and health history information via the Platform) in a depersonalised or aggregated form to third parties, which cannot be used to identify you personally.
We will not disclose your personal information for reasons other than those listed above unless:
- you have consented to the specific disclosure;
- there are reasonable grounds to believe that disclosure is necessary to prevent or lessen a threat to your life or the health of that of another person;
- the disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; or
- the disclosure is permitted, required or authorised by law.
How do we store your personal information,n and for how long?
CTI securely stores your personal information in highly secure AWS databases (e.g., DB dynamo, S, three and uses AWS Incognito), encrypted according to HIPAA and GDPR guidelines.
CTI will retain your personal information for as long as we have an ongoing legitimate business need to do so. For example, we retain your data for as long as your account with the Platform is active or as needed to provide you with Our Products and services you requested. Once we no longer need your personal information, and unless we are required by law to retain that information, we will destroy or de-identify that information.
Will we send you direct marketing communications? We may use personal information to offer you new products and services, notify you of new developments and updates to Our Products and Services, or make other promotional communications.
If you do not wish to receive direct marketing communications from us, you may opt-out by contacting firstname.lastname@example.org.
We will not disclose your personal information to a third party to enable that party to directly market their products or services to you unless you have expressly consented to that disclosure.
We will not use your sensitive information for direct marketing purposes unless you have consented to use that information for those purposes.
How can I control the use of my personal information?
CTI would like to ensure you are fully aware of your data protection rights, in line with HIPAA and GDPR (where these laws apply to our collection and use of your personal information).
You have the following rights in connection with your personal information:
The right to access – You have the right to request copies of your personal information that we hold.
The right to rectification – You have the right to request correction of any personal information we hold that you believe is inaccurate or incomplete.
The right to erasure – You have the right to request that we erase the personal information that we hold.
The right to restrict processing – You have the right to request restrictions on processing your personal information by us.
The right to object to processing – You have the right to object to our processing of your personal information.
The right to data portability – You have the right to request that we transfer your personal information that we hold to another organisation or directly to you.
If you want to exercise these rights, please get in touch with us at our email: email@example.com.
Do we send your personal information to parties outside the country of your location?
If you supply your personal information to us, it may be stored on digital cloud storage or web hosting servers provided by third-party service providers. As these third-party service providers operate globally, we cannot confidently say where their servers are located or the countries out of which they use at any given time. Further, these locations may be subject to change without notice to us.
By supplying your personal information to us, you expressly consent to store your data on digital cloud storage or web hosting servers anywhere in the world.
Do we collect personal information through cookies?
When you visit our Website, we may collect information about your computer/device, browser, IP address, page visits and internet connection using browser "cookies".
There are several different types of cookies. However, our Website uses the following types of cookies:
- Functionality – We use these cookies to recognise you on our Website and remember your previously selected preferences. These could include language preferences and your location. A mix of first-party and third-party cookies is used.
- User Feedback – CTI uses these cookies to collect information about your visit to our Website, the content you viewed, the links you followed and information about your browser, device, and your IP address.
We will collect information from cookies to improve our Website's operation, direct you to the most appropriate content, and remember your preferences for the next time you access our Website.
We may use Google Analytics to collect data about visitor traffic to our Website as part of our information-gathering processes (for further detail,s see www.google.com/analytics/). However, Google Analytics only provides us with aggregated data and does not identify any user personally.
We do not merge any personal information we have collected from you with data obtained through browser cookies or Google Analytics.
You can use cookie technology by byg the settings on your browser, but this may affect how we experience our Website.
Are we responsible for the privacy practices of third parties?
This Policy applies solely to the personal information we collect about Our Products and Services. We are not responsible for collecting personal data and the privacy practices of any third parties whose platforms may be utilised to provide Our Products and Service or whose websites may be linked to our Website.
It will help to read their privacy policies for more information about how relevant third parties collect, store,e and use your personal information.
How to contact us
If you have any questions or concerns about our handling of your personal information or this Policy, please get in touch with us (addressed to the Privacy Officer) by email at [firstname.lastname@example.org](email@example.com or by post at 378 Victoria Parade, East Melbourne, Victoria 3002, Australia.
If you have a complaint or a privacy-related concern about this Policy, please provide us with the opportunity to resolve the matter by contacting us using the method outlined above. Once we have received a complaint or privacy-related concern, we will try to work with you to resolve the matter.
For further information on privacy laws in Australia, you may wish to visit the Website of the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au.
How to contact the appropriate authority
You may also complain or report an alleged infringement of applicable data protection law with a data protection authority for your country or region or where an alleged violation of applicable data protection law has occurred.
Australia's relevant data protection authority is the OAIC; contact details are available on the OAIC website linked above.