FULL PRIVACY STATEMENT
This Privacy Statement applies to the www.fluathome.org.au website owned and operated by Audere, a non-profit organisation in the United States (“Audere”) and any other websites, pages, features, or content Audere owns or operates, and to your use of the flu@home App owned and operated by Audere, and any related services (collectively, the “Services”). In this Privacy Statement, terms such as “we,” “us,” and “our” refer to Audere, collectively. Our Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services.
Please carefully review this Privacy Statement. By using our Services, you acknowledge all of the policies and procedures described in the foregoing documents. If you do not agree with or you are not comfortable with any aspect of this Privacy Statement you should immediately discontinue use of our Services.
1. Key Definitions
Aggregate Information: information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.
Unidentified Information: information that does not contain directly identifying information, such as a name and email address.
Personal Information: information that can be used to identify you, either alone or in combination with other information. We collect and store the following types of Personal Information:
a. Self-Reported Information: information you provide directly to us, including your illness conditions, other health-related information, and other information that you enter into surveys, forms, or features while using our website or mobile application.
b. Sensitive Information: information about your health, and certain Self-Reported Information such as racial and ethnic origin and sex.
c. Web-Behavior Information: information on how you use our Services collected through log files, cookies, web beacons, and similar technologies, (e.g., browser type, domains, IP addresses, page views).
d. Individual-level Personal Information: information related to a specific individual that may be used to identify you in combination with other information.
2. Information we collect
Information you provide directly to us
i. Self-Reported Information. You will be asked to provide us with additional information about your health condition. This information will be used by us to determine whether you have flu-like symptoms.
ii. Participant Care. When you contact the Human Research Ethics Committee or correspond with us about our Service, we collect information to: track and respond to your inquiry; investigate any breach of our Privacy Statement, Consent Form or applicable laws or regulations; and analyze and improve our Services.
Information related to our flu testing services
i. To volunteer as a participant in our Research Study, you must download our flu@home App on your mobile device and register your kit. You will be guided through taking a nasal swab, performing a test on the swab, and allowing the application to take a photo of the test strip.
Web-Behavior Information collected through tracking technology (e.g. from cookies and similar technologies)
a. help us recognize you when you use our Services;
b. customize and improve your experience;
c. provide security;
d. analyze usage of our Services (such as to analyze your interactions with the results, reports, and other features of the Service);
e. gather demographic information about our user base;
f. offer our Services to you; and
g. monitor the success of awareness programs.
If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.
We may receive reports based on the use of these technologies from third party service providers as unidentified Individual-level Information or as Aggregate Information.
Other Types of Information
We continuously work to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Statement and/or obtain your prior consent to new processing, as needed.
3. How we use your information
We will use and share your Personal Information with third parties only in the ways that are described in this Privacy Statement and the flu@home App Consent Form. Our legal basis for processing your Personal Information for the purposes described above is based on your consent..
With your consent, we may use and share your Personal Information as follows:
a. To conduct our research, to provide you with Services and to analyze and improve our Services
We use the information described above to conduct our research and to operate, provide, analyze and improve our Services. These activities may include, among other things, using your information in a manner consistent with this Privacy Statement to:
i. communicate with you, and implement your requests;
ii. enable and enhance your use of our website and mobile application, including authenticating your visits and tracking your usage of our Services;
iii. contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);
iv. enforce our rights under the Licensed Application End User License Agreement found in the App Store (the “EULA”) and other agreements;
v. monitor, detect, investigate and prevent prohibited or illegal behaviors on our Services, to combat security risks; and
vi. perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.
b. To process and analyze your testing results for our research purposes
As described above, to participate in our Research Study you must use the flu@home App, register your kit, take a nasal swab sample, and use the application to take a photo of the test strip which uses the sample. We will then provide an interpretation of your test strip to indicate whether the flu virus may be present. You should seek any needed medical care from your primary medical services provider.
c. To allow us to share your Personal Information for our own and other research purposes
Once you have consented to participate in our Research Study, any information provided by you may be used in the study and unidentified information may be used in other research aimed at publication in peer-reviewed journals conducted by us or third parties as described in the Consent Form.
Our research may be sponsored by, conducted on behalf of, or in collaboration with third parties, such as non-profit foundations, academic institutions or pharmaceutical companies. Our research may study a specific group or population, identify potential areas or targets for diagnostics or therapeutics development, conduct or support the development of drugs, diagnostics or devices to diagnose, predict or treat medical or other health conditions, work with public, private and/or non-profit entities on flu research initiatives, or otherwise create, commercialize, and apply this new knowledge to improve health care. We use Aggregate and/or Individual-level Personal Information , as explained in greater detail below.
Your Unidentified Information and Self-Reported Information may be used for our research only if you have consented to this use by agreeing to the Consent Form. If you have agreed to the Consent Form:
i. Your Personal Information will be used for research purposes, but it will be unidentified as we are not collecting Registration Information for this study.
ii. We may share summary statistics, which do not identify any particular individual or contain individual-level information, with our qualified research collaborators.
d. To provide user support
When you contact us, we may use or request Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints.
4. Information we share with third parties
a. General service providers.
We share the information described above in Section 2 with our third party service providers, as necessary for them to provide their services to us and help us perform our research. Service providers are third parties (other companies or individuals) that help us to provide, analyze and improve our Services. While we directly conduct the majority of data processing activities required for our Research Study, we engage some third party service providers to assist in supporting our Research Study, including in the following areas:
i.Human Research Ethics Committee support. Our Human Research Ethics Committee uses a number of tools to help organize and manage the requests we receive. These tools help to ensure we provide timely, high quality support.
ii.Cloud storage, IT, and Security. Our cloud storage providers provide secure storage for information in our databases, ensure that our infrastructure can support continued use of our data by researchers, and protect data in the event of a natural disaster or other disruption to the Service. Our IT and security providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks. We have these third party experts perform penetration tests and periodically audit our security controls.
iii.Marketing and analytics. When you use our Services, including our website or mobile app(s), our third party service providers may collect Web-Behavior Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our marketing campaigns. Per applicable data protection regulations, our EU, UK, and International websites present visitors with a cookie opt in to allow the processing described above via Functionality and Advertising Cookies.
NOTE: Our service providers act on our behalf. We implement procedures and maintain contractual terms with each service provider to protect the confidentiality and security of your information. However, we cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically.
b. Aggregate information
We may share Aggregate Information, which is information that is unidentified and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from Individual-level Information and is not Personal Information because it does not identify any particular individual or disclose any particular individual’s data. For example, Aggregate Information may include a statement that "30% of our research participants correctly self-identified their flu symptoms" without providing any data or testing results specific to any individual user. In contrast, Individual-level Self-Reported Information consists of data about a single individual's health status or other traits/characteristics information.
c. As required by law
Under certain circumstances your Personal Information may be subject to processing pursuant to applicable laws, regulations, judicial or other government subpoenas, warrants, or orders. For example, we may be required to disclose Personal Information in coordination with regulatory authorities in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We will preserve and disclose any and all information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that we may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce our rights under the EULA and other policies; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of the University of Adelaide, UW Institute, Audere, their respective employees, users, clients, and the public.
d. Business transactions
In the event that Audere goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets your Personal Information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Statement.
5. Withdrawing your Consent
Participation in this project is completely voluntary. If you agree to participate by agreeing to the Consent Form in the flu@home App, anonymous data will be collected based on your interactions with the application. It will not be possible to withdraw your unidentified data once collected.
What happens if you do NOT consent to participate in our Research Study? If you choose not to complete the Consent Form or any additional agreement with us, you will not be required to complete the home testing kit, and your Personal Information will not be used for our research.
6. Security measures
We take seriously the trust you place in us. We implement physical, technical, and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Information.
● We produce secure applications by design. We incorporate explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment.
● Unidentification/Pseudonymization. Self-Reported Information is stripped from Sensitive Information and stored in a separate location. This data is then assigned a randomly generated ID so an individual cannot reasonably be identified.
● Encryption. We use industry standard security measures to encrypt Sensitive Information both at rest and in transit.
● Separation of Environments. We ensure processing, production, and research environments are separated and access is restricted. Data, including Registration Information and Self-Reported Information are segmented across logical database systems to further prevent re-identifiability.
● Limiting access to essential personnel. We limit access to Personal Information to authorized personnel, based on job function and role. Our access controls include multi-factor authentication.
● Detecting threats and managing vulnerabilities. We have a vulnerability disclosure program (https://auderenow.org/security), and also have vulnerability scanning in our codebase using automated tools that detect new vulnerabilities that we then patch.
● Managing third party service providers. We require service providers to implement and maintain accepted industry standard administrative, physical and technical safeguards to protect Personal Information.
Your Responsibility. Please recognize that protecting your Personal Information is also your responsibility. You should not share your flu@home App with others to whom you do not wish to give access to your Personal Information. We cannot secure Personal Information that you release on your own or that you request us to release.
Your information collected through the Service may be stored and processed in the United States or any other country in which Audere or their respective subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.
7. Children's privacy
We are committed to protecting the privacy of children as well as adults. Neither our Research Study nor any of our Services are designed for, intended to attract, or directed toward children under the age of 18.
8. Linked websites
We provide links to third party websites operated by organizations not affiliated with us. We do not disclose your information to organizations operating such linked third party websites. We do not review or endorse, and are not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by us and our service providers on our behalf.
9. Information for Customers in Designated Countries
Section 9 only applies to individuals located in the European Economic Area (“EEA”), United Kingdom, or Switzerland (the “Designated Countries”). We aim to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal data.
If you wish to be informed about what personal data we hold about you and if you want it to be removed from our systems, please contact us at firstname.lastname@example.org.
In certain circumstances, you have the following data protection rights:
The right to access, update or delete the information we have on you. This can be done by contacting us at email@example.com.
The right of rectification. You may have your information corrected if it is inaccurate or incomplete.
The right to object. You have the right to ask us to discontinue our processing of your personal data.
The right of restriction. You are entitled to request that we restrict the processing of your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the EEA.
The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfillment of such right would, among other things:
o cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
o breach or prejudice the rights of confidentiality and security of others;
o prejudice security or grievance investigations, corporate re-organizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or
o otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.
If you believe that we have infringed your rights, we encourage you to contact us so that we can try to address your concerns or dispute informally.
10. Changes to this Privacy Statement
11. Contact us
If you have questions about this Privacy
Statement, or wish to submit a complaint, please email our Privacy
Administrator at firstname.lastname@example.org, or contact: Monique
Phone: +61 8 8313 3463
Effective date: 1 July 2019