Turntohealth Pty Ltd ('Turnto', 'we', 'us ', 'our’ 'or ‘Platform’) values your privacy and is committed to safeguarding the privacy of our users. This policy sets out how we collect and treat your personal, sensitive and technical information.
By using the Turnto Platform, you agree to be bound to the terms and conditions of this Privacy Policy.
This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth). In addition to the Australian laws, individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK.
The information we collect
(a) Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.
The types of personal information we may collect about you include:
- Identity Data including your name, age, and gender.
- Contact Data including your address and email.
- Financial Data including bank account and payment card details (through our third party payment processor, who stores such information and we do not have access to that information).
- Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
- Profile Data including your username and password for our mobile and website platform, profile picture, purchases or orders you have made with us, content you post, send receive and share through our platform, information you have shared with our social media platforms, and support requests you have made.
- Interaction Data including information you provide to us when you participate in any interactive features, including surveys, contests, promotions, activities or events.
- Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
- Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience.
(b) "Sensitive information" is personal information that includes information or an opinion about an individual's racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, trade union membership or associations, sexual orientation or practices, criminal record, health or genetic information, and some aspects of biometric information.
We collect this information so that we can provide our Services to you which include building your health profile, visualising your health history, and sharing your treatment reviews with other members of the platform. The types of sensitive information that we collect include:
- your medical conditions;
- condition subtypes;
- comorbidities;
- symptoms you are experiencing or have experienced; and
- details of previous treatments you have tried including how long you did the treatment for, how much the treatment cost and how you rated the treatment.
(d) “Technical information” is information that is derived from your interaction with an electronic piece of equipment. Technical information may consist of information such as your IP address, your browser settings, your operating system (OS) and also information relating to how you engage with our platform, such as how long you spend on each page, how long you spent in a session and which buttons you clicked on.
Through your engagement with the platform, technical information such as your IP address, your browser and settings, your operating system, your referral URL and outbound URL, and information about how you use our platform such as where you click, scroll and navigate may be collected.
(e) The Turnto webapp ('Platform') will sometimes have users that will be legal guardians or carers of a minor or someone without the legal capacity to provide the informed consent. Once the consent is given, this privacy policy will apply to both the legal guardian or carer and the person under their guardianship or care.
We may collect additional information at other times, including but not limited to, when you provide feedback, when you provide information about your personal or health history, engage in social activity within the platform, change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.
(f) You may contact us at any time via email at [email protected] for further information about this Privacy Policy.
3. How we collect your personal / sensitive / technical information
(a) Turnto collects personal and sensitive information from you in a variety of ways, including:
- when you join the Platform and create a profile;
- when you use our Platform;
- when you engage in interactive content;
- when you interact with us electronically or in person for the purposes of feedback and complaints;
- when you complete treatment reviews; and
- when you engage socially on the Platform.
(b) By providing us with personal and sensitive information, you consent to the supply of that information subject to the terms of this Privacy Policy.(c) When you come to our platform (https://Turnto.ai), we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
(d) Where possible we will collect personal information and sensitive health information directly from you with your consent. However, we may receive personal and sensitive information from third parties. If we do, we will protect it as set out in this Privacy Policy.
(e) We collect technical information during your engagement with the platform.
(f) By providing us with personal and sensitive information, you consent to the supply of that information subject to the terms of this Privacy Policy.
(g) You may choose to join our Platform anonymously or by using a pseudonym. However, you acknowledge that if you do not provide us with accurate information, our ability to provide the Services, or to otherwise fulfill the reason for which you have provided your information may be severely limited.
4. How we use your personal / sensitive / technical information
(a) Turnto may use personal information collected from you to provide you with information about our products or services. We may also make you aware of new and additional products, services, insights and opportunities available to you.
(b) Turnto may use personal information collected from you to share with our commercial partners if you opt-in to communication and marketing opportunities from those partners. Turnto does not control or specifically endorse any partner created content. When you opt-in to communication for sources external to Turnto you should check the terms and conditions of the commercial partner to ensure you approve their use of your personal information.
(c) Turnto may use elements of your personal and sensitive information to create datasets designed for research. Whenever possible your personal and sensitive information will be de-identified and aggregated with other user's data to create these datasets. Insights and information developed through the use of your de-identified information is designed to be fed back into the platform in the form of content and treatment updates.
(d) Turnto may use your technical information to understand what features are working or not working, what content is most important to you and other users, and enhance your overall experience with the platform.
(e) Turnto will use personal, sensitive and technical information only for the purposes that you consent to. This may include to:
- (i) build your personal and health profile for use within the platform while engaging socially with others;
(ii) provide you with products and services during the usual course of our business activities; - (iii) administer our business activities;
(iv) manage, research and develop our products and services;
(v) provide you with information about our products and services; - (vi) provide you with an opportunity to opt-in to engage with health condition leaders and researchers;
- (vii) communicate with you by a variety of means including, but not limited to, by
- telephone, email, sms or mail; and
- (viii) investigate any complaints.
5. Disclosure of your personal information
Personal information: We may disclose personal information to:
- our employees, contractors and/or related entities;
- IT service providers, data storage, web-hosting and server providers;
- marketing or advertising providers;
- professional advisors, bankers, auditors, our insurers and insurance brokers;
- payment systems operators or processors;
- our existing or potential agents or business partners;
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
- courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties to collect and process data, such as analytics providers and cookies; and
- any other third parties as required or permitted by law, such as where we receive a subpoena.
Sensitive information: We only collect, hold, use and disclose sensitive information for the following purposes:
- any purposes you consent to;
- the primary purpose for which it is collected including building your health profile, visualising your health history, and sharing your treatment reviews with other members of the platform;
- secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary to do business with you;
- to contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent; and
- if otherwise required or authorised by law.
Google Analytics: We have enabled Google Analytics Advertising Features. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. These cookies and identifiers may collect Technical and Usage Data about you.
You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.
To find out how Google uses data when you use third party websites or applications, please see here.
6. Hosting and International Data Transfers
(a) Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include, but are not limited to the United States of America, Canada, countries of the European Union and countries of Asia.
(b) We and our other group companies may have offices and/or facilities in Australia, the United States of America, Canada, countries of the European Union and countries of Asia. Transfers to each of these countries will be protected by appropriate safeguards.
(c) The hosting facilities for our platform may be situated in Australia, the United States of America, Canada, countries of the European Union and countries of Asia. Transfers to each of these Countries will be protected by appropriate safeguards.
(d) Our Suppliers and Contractors may be situated outside of Australia and may be in the United States of America, Canada, countries of the European Union and countries of Asia. Transfers to each of these Countries will be protected by appropriate safeguards.
(e) You acknowledge that personal data that you submit for publication through our platform or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
7. Security of your personal information
(a) Turnto is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
(b) The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.
8. Cookies
We may use cookies on our Platform from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online Platform and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online Platform with personal information, this information may be linked to the data stored in the cookie.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Platform.
For more information about the cookies we use, please see Cookies page.
9. Links to other websites
Our Platform may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.
10. Personal information from social network accounts
If you connect your account with us to a social network account, such as Facebook, Google, we will collect your personal information from the social network. We will do this in accordance with the privacy settings you have chosen on that social network.
The personal information that we may receive includes your name, ID, user name, handle, profile picture, gender, age, language, list of friends or follows and any other personal information you choose to share.
We use the personal information we receive from the social network to create a profile for you on our platform.
If you agree, we may also use your personal information to give you updates on the social network which might interest you. We will not post to your social network without your permission.
Where we have accessed your personal information through your Facebook account, you have the right to request the deletion of personal information that we have been provided by Facebook. To submit a request for the deletion of personal information we acquired from Facebook, please send us an email at the address at the end of this Privacy Policy and specify in your request which personal information you would like deleted. If we deny your request for the deletion of personal information, we will explain why.
11. Use of Google API Services (this section applies to personal information accessed through Google API Services)
We use Google’s Application Programming Interface (API) Service to retrieve your email address and profile information for your Turnto account.
Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements (set out in the Google API Services User Data Policy).
We limit our use of the personal information that we collect to providing or improving our business. We do not use the personal information for any other purposes.
We only transfer the personal information to others if it is necessary to provide or improve our business or as necessary to comply with applicable law or as part of a merger, acquisition or sale of assets where we notify you of this.
We do not use or transfer the personal information for serving ads, including retargeting, personalised or interest based advertising.
We don’t allow humans to read the personal information unless
- we have first received your consent to view specific messages, files or other data;
- it is necessary for security purposes (such as investigating a bug or abuse);
- our use is limited to internal operations and the personal information (including derivations) have been aggregated and anonymised.
These restrictions apply to the raw data we obtain from the restricted scopes and data that is aggregated, anonymised or derived from them.
We have policies and procedures in place setting out appropriate safeguards for protecting your personal information obtained with the Google APIs. We will also ensure that our employees, agents, contractors and successors comply with the Google API Services Data Policy.
12. Use of location services data
We collect your precise or approximate location via our mobile application for the following purposes:
- for security and safety;
- to prevent and detect fraud; and
- as permitted by law.
We collect this information when you enable our mobile application to use your device’s location services. If you do not want us to use your location for the purposes above, you should turn off the location services in your account settings in the mobile application or in your mobile phone settings. If you do not provide geolocation data to us, it may affect our ability to do business with you.
13. Your rights and controlling your personal information
Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.
Access to your personal information: You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth). If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at [email protected]. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.
14. Complaints about privacy
If you have any questions or complaints about our privacy practices, please feel free to send in details of your complaints to [email protected]. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.
15. Changes to Privacy Policy
We may revise or update the Platform or any of our policies and procedures without prior notice, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our platform, website or notice board. If we do so, we will post the revised Privacy Policy and update the “Last Updated” date at the bottom. Your continued use of Turnto signifies your continued agreement to the terms of this Privacy Policy, as updated or amended at that time. Please check back from time to time to review our Privacy Policy.
For reference, see also our Privacy Collection Notice here.
Last updated: August 16, 2023
APPENDIX 1: ADDITIONAL RIGHTS AND INFORMATION FOR INDIVIDUALS LOCATED IN THE EU OR UK
Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.
What personal information is relevant?
This Appendix applies to the personal information set out in the Privacy Policy above. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.
Purposes and legal bases for processing
We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.
- Access and use of software: We use your Identity Data and Contact Data to enable you to access and use our software, including providing you with a login. This is done based on the performance of a contract with you.
- Membership: We use your Identity Data and Contact Data to do business with you, including providing you with a membership on our platform. This is done based on the performance of a contract with you.
- Communication: We use your Identity Data, Contact Data, and Profile Data to contact and communicate with you about our business, including in response to any support requests you lodge with us or other inquiries you make with us. This is done based on the performance of a contract with you.
- Platform inquiries: We use your Identity Data and Contact Data to contact and communicate with you about any inquiries you make with us via our Platform. This is based on legitimate interests to ensure we provide the best client experience by answering all your questions.
- Record keeping and administration: We use your Identity Data, Contact Data, Financial Data, and Transaction Data for internal record-keeping, administrative, invoicing, and billing purposes. This is done based on the performance of a contract with you, to comply with a legal obligation, and legitimate interests to recover debts due to us and notify you about changes to our terms of business and other administrative points.
- Analytics and business development: We use your Profile Data, Technical and Usage Data for analytics, including profiling on our Platform, market research, and business development, including operating and improving our business, associated applications, and associated social media platforms. This is based on legitimate interests to keep our Platform updated and relevant, develop our business, improve our business, and inform our marketing strategy.
- Advertising and marketing: We use your Identity Data, Contact Data, Technical and Usage Data, Profile Data, and Marketing and Communications Data for advertising and marketing, including sending you promotional information about our events and experiences and information that we consider may be of interest to you. This is based on legitimate interests to develop and grow our business.
- Employment application: If you have applied for employment with us, we use your Identity Data, Contact Data, and Professional Data to consider your employment application. This is based on legitimate interests to consider your employment application.
- Compliance with legal obligations: We may also use your data to comply with our legal obligations or if otherwise required or authorized by law.
- Note: Always ensure you have your users' consent and adhere to applicable data protection laws when processing personal data.
If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer doing business with us. Further information about your rights is available below.
Data Transfers
The countries to which we send data for the purposes listed above may be less comprehensive that is what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy Policy and Appendix 1. This includes:
- only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or
- including standard contractual clauses in our agreements with third parties that are overseas.
Data retention
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Extra rights for EU and UK individuals
You may request details of the personal information that we hold about you and how we are process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation.
If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance via our email address at: [email protected].
Contacting Turnto
If you have any questions, please contact Turnto at [email protected]