Sahha is our cloud based engine, which, when integrated into a third party mobile app via our software development kits (Third Party App), collects, monitors and analyses a Third Party App ’s end user’s (End User) behavioural and other data. Click here to find out more about Sahha!
Sahha provides Third Party Apps with certain functionality that processes End User behavioural data collected from an End User’s mobile phone sensors and/or native software such as Apple HealthKit or Google Fit in order to allow the Third Party App to provide services based on that data (the Services).
WE DO NOT PROVIDE ANY MEDICAL ADVICE, RECOMMENDATIONS OR DIAGNOSES. WE RECOMMEND THAT YOU SEEK ALL NECESSARY MEDICAL ADVICE, RECOMMENDATIONS OR DIAGNOSES FROM YOUR HEALTHCARE PRACTITIONER. WE DO NOT PROVIDE, OR REPRESENT THAT WE PROVIDE, ANY MEDICAL SERVICE AND WE ARE NOT A PARTY TO ANY CONTRACT FOR THE PROVISION OR RECEIPT OF ANY MEDICAL SERVICE. FURTHER, WE DO NOT REPRESENT OR WARRANT THAT SAHHA WILL RESULT IN THE DIAGNOSIS, DETECTION, CURE OR PREVENTION OF ANY BEHAVIOURAL, PSYCHOLOGICAL, MENTAL OR OTHER MEDICAL DISORDER OR ILLNESS.
1.1 Third Party App Providers are required to comply with all applicable privacy laws.
1.2 We rely on Third Party App Providers to obtain the relevant privacy consents and authorisations required by law in order for the personal information that is entered by End Users into Third Party Apps to be collected, disclosed and otherwise processed by us. We provide Third Party App Provider with a template collection notice made under APP 5 for them to issue to their End Users as part of their End Users’ registration of an account with the relevant Third Party App. We do not verify any document signed between the Third Party App and their End User however, we require Third Party Apps to electronically verify that they have obtained their End User’s consent to the collection and processing of End Users’ personal information by us.
1.3 Third Party App Provides may not use personal information that is processed about their End Users via Sahha without obtaining all consents required by applicable law.
1.4 We rely on Third Party Apps to ensure that all information collected from End Users and held by us is accurate, up to date, complete, relevant and not misleading.
1.5 We encourage Third Party Apps to ensure that their End Users are familiar with their privacy policies so that their End Users understand how the Third Party App will collect, use and otherwise process personal information about them, via Sahha or otherwise.
2 The types of personal information we collect and hold about end users
2.1 We collect and hold the following types of personal information:
3 How we collect personal information
3.1 Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. We only collect personal information that is necessary to provide the functionality of Sahha and to otherwise operate our business.
3.2 We collect personal information, including health information, about End Users when it is transmitted to us via a Third Party APp in accordance with our obligations pursuant to a contract in place with the Third Party App Provider. This includes personal information entered by the End User into the Third Party App, End User behavioural data made available to the Third Party App by an End User via their mobile device, and when an End User voluntarily discloses personal information to the Third Party App (via the Third Party App, telephone, surveys, e-mail, online forms or otherwise).
3.3 Third Party Apps are responsible for ensuring that all End User consents and authorisations have been obtained or provided by them as required by law for the lawful collection of personal information that we collect from them
3.4 In the first instance, we do not directly collect personal information from End Users. Third Party App Providers are responsible for the lawful collection of their End User’s personal information. We receive an End User’s personal information from the Third Party App via our software development kit integrated into the Third Party App.
3.5 We collect information about Third Party Apps and their personnel when they voluntarily disclose it to us or when we collect it about them when they use Sahha. We collect personal information about Third Party Apps and their personnel when they enter into a contract with us, when they activate their account on Sahha, complete an online purchase via our online store, contact us for technical support and when they otherwise provide it to us.
4 How we use personal information
4.1 How we use personal information about End Users is set out in the following table:
|Category||How we use and process personal information that we collect||Why we collect personal information|
|Personal information about End Users||
|Personal information about Third Party Apps and their personne||
5 De-identified data analysis
5.1 Personal Information may also be de-identified by us and used for statistical analysis.
5.2 All such data is not held in a form that could reasonably be expected to identify an individual.
5.3 We use de-identified Personal Information to help us review, enhance and improve Sahha and the Services (for statistical or research purposes) and to develop case studies and marketing material without identifying any individual.
6 How we hold and secure personal information
6.1 We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities.
6.2 We take reasonable steps to protect personal information that we hold using such security safeguards as are reasonable in the circumstances to protect against loss, unauthorised access, modification and disclosure and other misuse, and we implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
7 Disclosure of personal information
7.1 We will disclose personal information to our employees, officers, advisors, suppliers, agents and/or related entities who assist us in the performance of the Services. We ensure that they are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations which apply to personal information that we provide to them.
7.2 We only disclose personal information that we collect to third parties as follows:
8 Interacting with us without disclosing personal information
8.2 You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about Sahha but not if you wish to actually use Sahha, the Services of any part thereof. It is not practical for us to provide you with access and/or use of Sahha or the Services (or any part thereof) if you refuse to provide us with personal information.
9 Offshore disclosure
9.1 We may transfer personal information to our contractors and service providers who assist us with the supply and provision of Sahaa and the Services, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will take reasonable steps to ensure that such recipients do not breach the APPs in relation to personal information or other relevant State and Territory laws (as applicable). At present we transfer your personal information to our interstate contractors and service providers within Australia. We do not currently use offshore contractors and service providers.
10 How to access and correct personal information held by us
10.1 Third Party App Providers and their personnel who wish to access and correct the personal information held by us about them should contact us. Prior to contacting us or submitting a request for access to correct any personal information held about them, Third Party Apps and their personnel can update their personal information by logging into their account on Sahha, where such functionality is available. However, we encourage you to contact us in any event and we would be happy to assist you.
10.2 End Users who wish to access and correct the personal information held by us about them should in the first instance contact the applicable Third Party App.
10.3 It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person's vital interests).
10.4 In addition to clause 10.3, we retain personal information in Sahha as follows:
10.5 As an alternative to deleting personal information, we may elect to de-identify it where permissible by law. We will de-identify certain types of personal information for the purpose of improving Sahha and for provision to third parties for marketing and research purposes.
10.6 Where you require personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter, unless applicable law requires us to retain the personal information, in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
10.7 We will handle all requests for access to personal information in accordance with our statutory obligations. You can request to receive a copy of your personal information by emailing [firstname.lastname@example.org]. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request. We will endeavour to provide a response to any request for access to personal information within 72 hours from the time a request is made.
11 Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:
11.1 Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:
Contact: Privacy Representative/ Data Protection Officer
11.2 We endeavour to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.
11.3 If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
Telephone: 1300 363 992
Address: GPO Box 5218, Sydney NSW 2001
12 NEW ZEALAND CUSTOMERS AND DATA SUBJECTS
13 Collection of personal information
13.1 We rely on Third Party Apps to only collect personal information for a lawful purpose which is connected to a function or activity of our businesses to the extent that it is necessary for such purpose.
13.2 We will only collect personal information about an End User from the Third Party App of which they are an end user.
13.3 We rely on Third Party App Providers to ensure that before we collect personal information from an individual or as soon as it becomes practicable to do so, the Third Party App Provider will disclose to the individual:
14 Provision of personal information to third parties
14.1 Where it is necessary for personal information to be given to a third party in connection with the provision of services that they provide to us, we will do everything reasonably within our power to prevent unauthorised use or unauthorised disclosure of the information by them.
15 Storage and security of personal information
15.1 If we hold personal information about you, we will ensure that the information is protected by such security safeguards as are reasonable in the circumstances to take against loss, access, use, modification, unauthorised disclosure and other misuse.
15.2 If it is necessary for the information to be given to a person in connection with the provision of a service to us, everything reasonably within our power is done to prevent unauthorised use or unauthorised disclosure of the information.
16 Requests for access to and correction of personal information
16.1 Individuals whose personal information is governed by the Privacy Act (New Zealand) are entitled to seek access to and correction of it in accordance with that legislation.
16.2 Third Party App Providers and their personnel who wish to access and correct the personal information held by us about them should contact us. Prior to contacting us or submitting a request for access to correct any personal information held about them, Third Party App Providers and their personnel can update their personal information by logging into their account on Sahha, where such functionality is available. However, we encourage you to contact us in any event and we would be happy to assist you.
16.3 We rely on Third Party App Providers to ensure that all personal information collected by them from End Users and held by us is accurate, up to date, complete, relevant and not misleading.
16.4 End Users who wish to access and correct the personal information held by us about them should at first instance contact the Third Party App Provider with which they are an end user.
16.5 You may request urgent access to your personal information in accordance with section 41 of the Privacy Act (New Zealand) and state why the request should be treated as urgent. We will on receipt of such request, consider the request and reasons, determine the priority given to it and ensure that we provide reasonable assistance to a person who makes such a request.
16.6 In the event that a person wishes to access their personal information and it is readily retrievable by us, they can also request from us either of the following: (a) to obtain confirmation from us as to whether or not we hold such personal information; (b) access to the personal information; and (c) be advised if they are able to correct such personal information.
16.7 We will as soon as possible and in any event no later than 20 working days from the date on which the request is made, decide to grant or refuse the request and provide the person who made the request with or post to them, our decision. We may in our discretion charge a reasonable fee for making information available in compliance with the request or for correcting any information in compliance with a request (in whole or in part) or for attaching a statement of any correction sought but not made, subject to our compliance with the IPPs.
16.8 If a person submits a request to access their personal information to us, we may refuse their request on one or more of the grounds set out in the Privacy Act (New Zealand). If we refuse to comply with a request to access their personal information, we will provide the individual who made the request with our reasons for our denial and an opportunity to file a complaint with the Commissioner, to seek an investigation and a review of the refusal.
16.9 Where we hold personal information governed by the Privacy Act (New Zealand) about an individual, they are entitled to request correction of the information and request that there be attached to the information a statement of the correction sought but not made.
16.10 We will only hold personal information for as long as is required for the purposes for which the information may lawfully be used.
17.1 If you are not satisfied with our response to any privacy-related concern that you may have, you can contact the Privacy Commissioner
Office of the Privacy Commissioner
PO Box 10-094, Wellington, New Zealand
Phone: 04 474 7590 / Fax: 04 474 7595
Enquiries Line (from Auckland): 302 8655 / Enquiries Line (from outside Auckland): 0800 803 909