ResApp Health Ltd (“ResApp Health”, “we”, “our” or “us”) located at Level 12, 100 Creek Street, Brisbane, Queensland, Australia, 4000 provides the SleepCheck mobile application* (“mobile application”) and the SleepCheck website, https://sleepcheckapp.com (“website” and, together with the mobile application, the “services”).
This Privacy Notice (also, the “Notice”) describes our practices in connection with information that we, or our service providers, collect or process through the services operated and controlled by the mobile application, about visitors to the website and users of the mobile application and our services (“you,” “your,” “users”). We will handle your personal information in accordance with applicable privacy and data protection laws, including binding regulations and privacy principles under local law.
References to ‘personal information’ in this Privacy Notice refers to information that may reasonably be used to identify you, including any information that qualifies as ‘personal information’ or a similar term under applicable law.
*The mobile application is not a diagnostic device. It is for adults over age 18. Once installed and launched on a compatible smart device, it measures and analyses breathing and snoring sounds during sleep, using the device’s inbuilt microphone. The application then analyzes breathing and snoring sounds to help detect the presence and severity of Obstructive Sleep Apnoea (“OSA”).
1. PERSONAL INFORMATION WE COLLECT
We collect personal information about you from various sources.
Personal information we collect directly from you
We may directly collect the following categories of personal information from you prior to or during your use of the services:
Personal details, such as your gender, age, and neck size.
Recordings of your breathing and snoring sounds, which we collect using your device’s inbuilt microphone during your sleep.
Service usage information, such as order and browsing histories, information about your usage of our services, or other consumption histories or tendencies.
Communications, such as when you contact us with a question, comment, or request, or participate in other activities with us.
Other information we generate
The mobile application records and analyses the user’s breathing and snoring sounds during sleep, using the device’s inbuilt microphone. The mobile application then conducts an analysis of those breathing and snoring sounds to infer the duration of your sleep sessions and help detect the presence and severity of OSA. After the analysis is conducted, the user’s breathing/snoring sounds are deleted.
Special categories of personal information
Some of the categories of information that we process may include special categories of personal information (also known as ‘sensitive information’). In particular, the breathing and snoring sounds that are recorded on the user’s device, and the related inferences about your sleep, are used to help detect the presence and severity of OSA. However, the breathing and snoring sounds are only used to conduct the analysis to help detect the presence and severity of OSA and the recording is subsequently deleted. Where required by local law, we will only collect your sensitive information with your consent, and only if it is reasonably necessary for one of our functions or activities.
Information we may automatically collect about you
Detailed information on the Cookies and Tracking Technologies we use and the purposes for which we use them are provided set out in our Cookies Policy.
The categories of personal information collected through cookies and similar technologies include:
Identifiers, such as unique device identifiers, online identifiers, IP address, or other persistent identifiers;
Location data, meaning information about where you access our services from.
Data about your device, such as your screen resolution, operating system, device manufacturer and model, and language.
Internet or other electronic network activity information, such as browsing history, search history, device status and sensor data, or information regarding your interaction with any websites, applications, or devices associated with the website and mobile application. This may include content viewed, features used and the dates and times of your interactions.
Analytics. We may draw inferences from any of your personal information to create a profile about you, which may reflect your preferences, characteristics, psychological trends, predispositions, behavior, abilities, and aptitudes.
Unsolicited personal information
If we receive unsolicited personal information about you that we are not otherwise permitted to collect under local law, we will, as soon as practicable (if it is lawful and reasonable to do so), destroy the information or ensure that it is de-identified.
2. PURPOSES AND BASIS FOR USING YOUR PERSONAL INFORMATION
We may use your personal information for the following purposes:
To carry out our business operations and services. We process your personal information to provide you with access to the service, as you have requested.
To comply with our legal or regulatory obligations; including to monitor safety; manage adverse events; carry out prevention and investigatory activities; carry out administrative formalities, registration, declarations or audits; and cooperate with law enforcement agencies or regulatory authorities.
To conduct research and development; including to analyse demographic data; offer special programs, activities, trials, events or promotions via our services; and carry out market or consumer studies.
To provide you access to online services, application and platforms; including to ensure that our services, applications and products function correctly, and to provide you with information about our products.
To improve and develop our products and services; including to identify usage trends and develop new products and services; understand how you and your device interact with our services; track and respond to safety concerns; determine the effectiveness of our promotional campaigns, and conduct surveys.
To personalise your experience when using our products; including to ensure that our products are presented in the way that best suits you; understand your interests in our content, products and services or other content and adapt our content to your needs and preferences; and to present you with appropriate products and offers tailored to you.
To allow us to communicate with you; including to respond to your requests or inquiries; provide support for products and services; provide you with important information, administrative information, required notices, and promotional materials; and to send you news and information about our products, our services, our brands, our operations.
To respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; including to comply with a subpoena, required registration, or legal process (whether applicable to us or our affiliates or subsidiaries).
To protect our rights and interests; including to protect the health, safety, and security of ResApp Health personnel and premises; carry out internal audits, asset management, system and other business controls; manage business administration (finance and accounting, fraud monitoring and prevention); maintain the security of our services and operations; protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary; and to protect ourselves against possible fraudulent actions.
For marketing purposes. Subject to your consent where required by local law, we may use your personal information to build a profile about you and place you into particular marketing segments in order to understand your preferences better and to appropriately personalize the marketing messages we send to you. We may also use your identifiers to send you marketing communications about our services and products that may be of interest to you.
To undergo a business transition; enter into transactions involving a potential merger, acquisition by another company, or sale of all or part of our assets.
We will not use the information we collect from you for purposes that are not related to the purposes for which it was collected without your consent. In the case of sensitive information, we will not use the information for purposes that are not directly related to the purposes for which it was collected without your consent.
In some jurisdictions, we must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
To fulfil our contractual obligations to you, for example to operate the mobile application or to provide the services that you have requested.
To meet our legitimate interests, for example to understand how you use our services and to enable us to derive knowledge from that to develop new services. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to our direct marketing activities). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Notice.
3. OTHER PARTIES THAT HAVE ACCESS TO YOUR PERSONAL INFORMATION
ResApp Health may share your personal information with the following authorised third parties:
Our affiliates and subsidiaries for marketing purposes, security, optimization of mobile application, other products and services, internal reporting, improving services, and software development.
Oursuppliers, service providers, other partners or vendors (healthcare professionals and organisations, distributors, other members of the healthcare and biotechnology industry) for marketing services, and to optimise services, serve online behavioral advertising, send newsletters and marketing messages, support email and messaging services, analyze information, website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, and auditing.
Our professional advisors including auditing firms, lawyers, consultants and similar types of entities who may assist us with our internal functions or with compliance with laws.
Where required by law. We may share your personal information with law enforcement agencies, courts, regulatory entities, other government or quasi-governmental authorities or other third parties (in your jurisdiction or elsewhere) where we believe it is necessary to comply with a legal or regulatory obligation (applicable to us or an affiliate), or otherwise to protect our rights or the rights of any third party. Where it is reasonable to do so, we may also share your identifiers with any third party who makes a bona fide claim that material you have provided to our services violates their rights.
In the context of a transaction. We may share your personal information with potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business.
Where a permitted situation exists at law; such as to lessen or prevent a serious threat to the life health or safety of any individual, or to public health or safety; to take appropriate action in relation to suspected unlawful activity or serious misconduct; locate a person reported as missing; assert a legal or equitable claim; conduct an alternative dispute resolution process; or in any other situation permitted by law.
We will not disclose the personal information we collect from you to third parties for purposes that are not related to the primary purpose(s) for which it was collected without your consent, unless permitted to do so by law. In the case of sensitive information, we will not disclose the personal information for purposes that are not directly related to the primary purpose(s) for which it was collected without your consent, unless permitted to do so by law.
4. YOUR RIGHTS
Subject to local laws, you may have certain rights with respect to your personal information. Such rights may include the right to access your personal information and/or the right to request the correction of your personal information where it is inaccurate or incomplete.
Where required by local law, upon receipt of your request we may communicate to you: (i) the information required for your identification as well as the documents needed to be sent alongside your request; (ii) the time periods in which you will receive an answer to your request; (iii) how you should file your request, including the forms that you may use to file your request, if any, and; (iv) the form or means in which we will deliver you the information.
We will endeavor to respond to your request within any timeframe prescribed by local laws, or otherwise within 30 days or another reasonable period based on the nature of the request. If we do not fulfill your request, we will notify you in writing setting out the reasons.
If you are using the services from the United Kingdom or the European Economic Area, you may be entitled to exercise the following rights in accordance with local laws:
Right to access personal information. When you ask to access your personal information, we will use reasonable efforts to comply with your request; however, we may not be able to provide you to access to personal information where an exemption to this right applies under the local law. In such cases, we will provide you with a reasonable explanation of why it is not possible to grant access to your personal information. In some cases your personal information is made directly available to you, for instance within your personal account.
Right to data portability. You may receive your personal information, when provided electronically, in a readily-useable format.
Right to erasure. You may request erasure of your personal information.
Right to rectify. You may request rectification of inaccurate or incomplete personal information.
Right to restrict. Users exercising this right may request that we restrict our use of their personal information.
Right to withdraw consent. Users have the right to change their mind about consenting to the use, disclosure and transfer of their personal information in accordance with this Notice. If you withdraw your consent, we may not be able to provide you with our entire service.
You also have the right to lodge a complaint with your local data protection authority.
If you would like to exercise any of your available rights, please contact us as described in the “How to Contact Us” below.
5. INFORMATION SECURITY
We take steps as are reasonable in the circumstances to protect your personal information from misuse, interference, loss, and from unauthorised access, modification and disclosure. We implement technical and organisational measures designed to ensure a level of security appropriate to the risk to the personal information we process through the services. These measures are aimed at providing ongoing integrity and confidentiality for your personal information. We evaluate these measures on a regular basis. However, no information system can be 100% secure, so we cannot guarantee the absolute security of your information.
You should take steps to protect against unauthorized access to your password, devices, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
6. HOW LONG WILL WE RETAIN YOUR PERSONAL INFORMATION
ResApp Health will retain your personal information only for the period necessary to fulfil the purposes outlined in this Notice.
We will retain your personal information for as long as needed (or permitted) in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the service to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations, or to enable us to defend or bring any existing or potential legal claims); whether keeping data is necessary for integration of the products and services that you use with other products and services (applicable where you have requested or provided consent to us for doing so).
If we determine the personal information is no longer required for the purpose(s) for which it was obtained, we will take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified (to the extent permitted by applicable law).
If there is any personal information that we are unable, for technical reasons, to delete entirely from our back-up or other systems, we will ensure appropriate procedures are in place to help prevent any further processing or use of the data, including procedures to ensure the de-identification of the data.
7. INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to, or stored, accessed, or processed outside of, your jurisdiction of residence. Such other jurisdiction’s data protection laws may differ from the jurisdiction in which you live, and may not provide the same level of protection as your local laws. Such other jurisdictions may include, as applicable, Australia, Europe, Asia, and/or the United States. Recipients in these other jurisdictions may be us and our affiliates, or third parties.
When your personal information is transferred outside your jurisdiction of residence, it may be accessible to law enforcement and government agencies of that jurisdiction, despite our attempts to thwart or prevent such access.
Before transferring your personal information to a recipient outside of your local jurisdiction, we will take steps reasonably necessary to help ensure that your personal information is treated securely and in accordance with this Privacy Notice, your local privacy laws (to the extent applicable), and any other applicable privacy and data protection laws, including by using appropriate safeguards (such as contractual commitments). Where we have engaged international third parties to perform services in respect of any personal information collected from you, we will use contractual or other means to ensure such third parties offer a comparable level of protection in respect of the personal information.
Subject to local laws, we may also transfer your personal information to a recipient outside of your jurisdiction if we have obtained your consent, if it is required or authorised by a law or court order, or if a permitted situation exists at law (for example, to prevent a serious threat to the life, health or safety of any individual, or to public health or safety, to take appropriate action in relation to suspected unlawful activity or misconduct of a serious nature, to locate a person who has been reported missing, or to establish, exercise or defend a legal or equitable claim).
For more information on the appropriate safeguards in place, or if you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any data with us has been compromised), please notify us immediately in accordance with the “How to Contact Us” section below.
8. PERSONS UNDER 18
The services are intended for use by persons 18 years of age and older. Under no circumstances should the services be used by children under 18 years of age, and we will not knowingly collect personal information from any person we know to be in this age group.
If a parent or guardian becomes aware that his or her child has provided us with personal information, he or she should contact us as described in the “How to Contact Us” section below. We will take steps to delete, destroy or de-identify such information from our database in accordance with applicable legal requirements.
9. HOW TO CONTACT US
ResApp Health is the controller responsible for the personal information we collect and process.
ResApp Health welcomes any questions or comments you may have regarding this Notice or its implementation. You can send any request pertaining to your personal information, including requests to exercise rights available under local privacy laws, to our Data Protection Officer by emailing [email protected]
If you have any complaints about this Privacy Notice or consider there has been any breach of the applicable privacy laws, please contact us in writing using the contact email above. We will endeavour to respond to your complaint within a reasonable period (usually within 30 days).
You may also file a complaint before a competent data protection authority regarding the processing of your personal information. While we suggest that you contact us beforehand, if you wish to exercise this right, you should contact directly the competent data protection authority.
10. HOW WE WILL UPDATE THIS PRIVACY NOTICE
We may change this Privacy Notice. Any changes to this Privacy Notice will become effective when we post the revised Privacy Notice within the services. Your use of the services following these changes means that you accept the revised Privacy Notice. We recommend that you regularly review the Privacy Notice when you visit the website or use mobile application.
Cookies are a standard feature of websites that allow us to store small amounts of data on your computer about your visit to our website. Cookies help us learn which areas of the website are useful and which areas need improvement.
You can find information about cookies that we use and change your settings for cookies and similar technologies by clicking on the Cookie Consent Tool in the lower right corner of each page of our website. In addition, you can refuse or accept cookies from the website at any time by activating the settings on your browser. Information about the procedure to follow in order to enable or disable cookies can be found on your Internet browser provider’s website via your help screen. Please refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on commonly used browsers. Please be aware that if cookies are disabled, your experience on the website may be diminished, and not all features of the website may operate as intended.
We may also use technologies similar to cookies, such as:
Pixel Tags. Pixel tags (also known as web beacons and clear GIFs) are used to, among other things, track the actions of users of the website, measure the success of our marketing campaigns, and compile statistics about usage of the website and response rates.
Adobe Analytics. Adobe Analytics is a service provided by Adobe. We use Adobe Analytics to collect anonymized statistics in order to improve the website.
Learn more about Company Info (evidon.com). You can selectively disable Adobe Analytics by installing the opt-out component provided by Adobe on your browser.
Browser or Device Information. Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the website you are using. We use this information to ensure that the website functions properly.
To the extent any Personal Data is collected through cookies or similar technologies, the other sections of this Privacy Notice apply.
This Notice was last updated on 16 May 2023.