Privacy Policy

Last updated: 1 December 2020 

Creative Thinking Institute Pty Ltd (CTI, us/we/our), a corporation incorporated pursuant to the laws of Australia, takes the privacy and security of your personal information seriously. This Privacy Policy (Policy) describes how CTI collects, uses, transfers and discloses your personal information that we collect from you when you access and use:  

  • our website, located at (Website); 
  • our health platform known as “Regenemm” (Platform); and 
  • our other products and services.   

CTI provides access to the Platform, which facilitates assessment and recommendations to improve a user’s work and life performance. By taking a combination of physiological and psychological inputs from a user, a performance score is derived, and recommended work-based and personal strategies are provided to lower an individuals’ personal stress levels and attempt to offset adverse stress responses. The data will be aggregated and analysed with algorithms and machine-based learning, to identify patterns or trends and improve specific recommendations for stress reduction and maximised performance. 

We are bound to comply with the following privacy laws:   

  • if you are located in Australia, the Australian Privacy Principles in the Privacy Act 1988 (Cth) (PA); 
  • if you are located in the European Union, Lichtenstein, Norway or Iceland, the EU General Data Protection Regulation (GDPR); and 
  • if you are located in the United States of America, and provide us with personal health information, the Health Insurance Portability and Accountability Act (HIPAA). For further information about our privacy practices when the HIPAA applies, please view our Notice of Privacy Practices. 

We have adopted internal policies and procedures to ensure that personal information that we collect, store, use and disclose is dealt with in accordance with the PA, GDPR and HIPAA.  

If we change the terms of this Policy, we will display the changes on the Website and Platform, or otherwise notify you in writing.  

What personal information do we collect? 

CTI may collect information that identifies you as an individual or relates to an identifiable individual (known as “personal information”) for the following reasons: 

  • to provide the Website, Platform, and our other products and services (collectively, Our Products and Services), to you;   
  • when you have enquired about Our Products and Services or otherwise communicated with us in person, in writing or by telephone;  
  • where you are interacting with our Website, through the use of browser “cookies” or trackers; and 
  • in such other situations, where we collect personal information that is reasonably necessary for the proper supply of Our Products and Services.  

The types of personal information we collect about you depends on your relationship with us and the nature of your interaction with us. In general, CTI may collect the following types of personal information:  

  • name, addresses, e-mail addresses, contract phone numbers; 
  • biometric, psychometric and health history information (via using the Platform); 
  • analytics details in order to identify trends, usage and activity patterns within the Platform, such as how you are interacting with the Platform, and the version of the Platform you are running on your device; and 
  • other personal information that you may voluntarily provide in communicating with us.  

You have the option of not providing any personal information that we request, or using a pseudonym. If this occurs, we may not be able to provide Our Products and Services to you, provide you with certain information or correspond with you.  

Do we collect sensitive information? 

We may also collect sensitive information from you, which is a sub-set of personal information that includes information about a person’s physical or mental health, information about your medical symptoms or diagnosis and treatments given, or genetic or biometric information. We collect sensitive information only where reasonably necessary to provide Our Products and Services to you, or to provide one or more of our functions or activities. 

Where it is practicable to do so, we will seek your consent before collecting your sensitive information for the purposes described above. Your consent to collection of sensitive information may be implied in the circumstances. 

How will we use your personal information?    

If you supply your personal information us, we may collect and hold that information:  

  • for our usual business purposes,  
  • to fulfil our legal obligations and as otherwise necessary to provide Our Products and Services, including the Platform and its functionality; 
  • to provide you with insights and recommendations on your health and performance within the Platform; 
  • inform you of any updates to the Platform or changes to the Policy; 
  • for other secondary purposes you might reasonably expect us to use your personal information for in connection with the primary purposes listed above. 

We may share information, which was originally personal information which we collected from you (including your biometric, psychometric and health history information via the Platform), in a depersonalised or aggregated form to third parties, which cannot be used to identify you personally.  

We will not disclose your personal information for reasons other than those listed above unless: 

  • you have consented to the specific disclosure; 
  • there are reasonable grounds to believe that disclosure is necessary to prevent or lessen a threat to your life or health of that of another person; 
  • the disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; or 
  • the disclosure is permitted, required or authorised by law.  

How do we store your personal information and for how long?  

CTI securely stores your personal information in highly secure AWS databases (e.g., DB dynamo, S3 and uses AWS Incognito), which is encrypted according to HIPAA and GDPR guidelines.  

CTI will retain your personal information for as long as we have an ongoing legitimate business need to do so. For example, we retain your Personal information for as long as your account with the Platform is active or as needed to provide you with Our Products and Services which you have requested. Once your personal information is no longer needed by us, and unless we are required by law to retain that information, we will destroy or de-identify that information.  

Will we send you direct marketing communications?  

Personal information may be used by us to offer you new products and services, notify you of new developments and updates to Our Products and Services, or to make other promotional communications to you.  

If you do not wish to receive direct marketing communications from us, you may opt-out at any time by contacting at  

We will not disclose your personal information to a third party to enable that party to directly market their products or services to you, unless you have expressly consented to that disclosure.  

We will not use your sensitive information for direct marketing purposes unless you have consented to the use of that information for those purposes.  

How can I control the use of my personal information?  

CTI would like to make sure you are fully aware of all of your data protection rights, in line with HIPAA and GDPR (where these laws apply to our collection and use of your personal information).  

You have the following rights in connection with your personal information:   

The right to access – You have the right to request copies of your personal information that we hold.  

The right to rectification – You have the right to request correction of any personal information we hold that you believe is inaccurate or incomplete.   

The right to erasure – You have the right to request that we erase your personal information that we hold.  

The right to restrict processing – You have the right to request restrictions on the processing of your personal information by us.   

The right to object to processing – You have the right to object to our processing of your personal information.  

The right to data portability – You have the right to request that we transfers your personal information that we hold to another organisation, or directly to you. 

If you would like to exercise any of these rights, please contact us at our email:  

Do we send your personal information to parties outside the country of your location? 

If you supply your personal information to us, it may be stored on digital cloud storage or web hosting servers provided by third-party service providers. As these third-party service providers operate globally, we cannot say with certainty where their servers are located or the countries out of which they operate at any given time. Further, these locations may be subject to change without notice to us.  

By supplying your personal information to us, you expressly consent to storage of your personal information on digital cloud storage or web hosting servers located anywhere in the world. 

Do we collect personal information through cookies?  

When you visit our Website, we may collect information about your computer/device, browser, IP address, page visits and internet connection, using browser “cookies”.  

There are a number of different types of cookies, however, our website uses the following types of cookies:  

  • Functionality – We uses these cookies so that we recognise you on our Website and remember your previously selected preferences. These could include language preferences and your location. A mix of first-party and third-party cookies are used.  
  • User Feedback – CTI uses these cookies to collect information about your visit to our Website, the content you viewed, the links you followed and information about your browser, device, and your IP address.  

We will collect information from cookies in order to improve the operation of our Website, direct you to the most appropriate content, and to remember your preferences for the next time you access our Website. 

We may use Google Analytics to collect data about visitor traffic to our Website as part of our information gathering processes (for further details see Google Analytics only provides us with aggregated data and does not identify any user personally. 

We do not merge any personal information we have collected from you with data obtained through browser cookies or Google Analytics. 

You are able to opt-out of cookie technology through changing the settings on your browser, but this may affect the way you experience our Website. 

Are we responsible for the privacy practices of third parties? 

This Policy applies solely to personal information we collect with regard to Our Products and Services. We are not responsible for the collection of personal information and/or the privacy practices of any third parties whose platforms may be utilised in the provision of Our Products and Services, or whose websites may be linked on our Website.  

For more information about how relevant third parties collect, store and use your personal information, you should read their privacy policies.  

How to contact us  

If you have any questions or concerns about our handling of your personal information or this Policy, please contact us (addressed to the Privacy Officer) by e-mail at, or by post at 378 Victoria Parade, East Melbourne, Victoria 3002, Australia.  

If you have a complaint or a privacy-related concern in relation to this Policy, please provide us with the opportunity to resolve the matter by contacting us using the method outlined above. Once we have received a complaint or privacy-related concern, we will try to work with you to resolve the matter. 

For further information on privacy laws in Australia, you may wish to visit the website of the Office of Australian Information Commissioner (OAIC):

How to contact the appropriate authority  

You may also lodge a complaint or report an alleged infringement of applicable data protection law with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law has occurred.  

For Australia, the relevant data protection authority is the OAIC, and contact details are available on the OAIC website linked above.