top of page

Privacy Policy

My Dementia Companion Privacy Policy

 

My Dementia Companion (“MDC”,“we”, “us”, “our”) operates a platform where users can obtain certain information and support in relation to dementia. We offer a range of products to suit different needs, including the My Dementia Companion website (the “Products”). We also operate the My Dementia Companion App, which is available on the internet as a webapp (app.mydementiacompanion.com.au) (the “App”). For more information about My Dementia Companion and our different Products, please visit our website: www.mydementiacompanion.com.au (the “Website”).

 

We take your privacy seriously and are committed to protecting and respecting your personal data. This privacy policy (“Privacy Policy”) sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us. Please read the following carefully to understand how we will use your personal data. For the purpose of data protection legislation in the relevant jurisdiction, we are the controller of the personal data collected through your use of our Products, App and Website.

 

In this Privacy Policy, the Products, the App and the Website shall be collectively referred to as the “Services”.

 

1. What personal data do we collect and process, and how do we use it?

 

When you use our Services, you may provide us with the following personal data, and we may collect and process such personal data in accordance with this Privacy Policy. We may also collect and process personal data from you about someone else, such as a family member who may have been diagnosed with dementia. If you choose to submit such information, you must have that person’s prior permission.

 

We collect and process personal data for the following purposes:

 

1. What personal data do we process? Why do we process this personal data? What is our lawful basis for processing?

 

  • Identity Data: this includes your title, first name, surname, date of birth, identity documentation, nationality. We process this data to set up your account and enable you to use the Services; to comply with our anti-money laundering and “know your customer” obligations; to maintain comprehensive and accurate records. The lawful basis for processing is to fulfill our contractual obligations to you; to comply with a legal obligation.

 

  • Data concerning health, social and welfare: this includes your health and social status and history. We process this data to set up your account and enable you to use the Services. The lawful basis for processing this data is to fulfill our contractual obligations to you; we will only process your Data concerning health, social or welfare if you have provided your express consent for us to do so.

 

  • Contact Data: this includes your address (business and/or residential), phone number(s), email address and any other contact details you may provide. We process this data to set up your account and enable you to use the Services; to contact you if you have any problems or queries; to provide our customer support services; to inform you of any changes we make to any of the Services, the terms that govern them or this Privacy Policy; to maintain comprehensive and accurate records; to inform you of any new features or products, or updates to existing Services, we may make available from time to time. The lawful basis for processing this data is to fulfill our contractual obligations to you; to comply with a legal obligation; te will only process your Contact Data for marketing purposes if you have provided your express consent for us to do so.

 

  • Financial Data: this includes your bank account number and sort code. We process this data to process your payments. The lawful basis for processing this data is to fulfill our contractual obligations to you.

 

  • Usage Data: we may process data regarding your use of the Services, including but not limited to incidences of download and deletion, average time spent, means of connection, operating system, any problems reported, your IP address, favourites, archiving, clicks, scrolling through and progressing through support information. We process this data to identify any problems, defects or issues with the Services; to optimise the performance of the Services to ensure you have the best user experience; to provide and improve our customer services. The lawful basis for processing this data is to satisfy our legitimate interests; to fulfil our contractual obligations to you.

 

 2. How do we protect your personal data?

 

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of any personal data we collect or you provide.

 

Any personal data uploaded by you or collected by us via the Website happens over a Secure Socket Layer (SSL) -secured communication channel and is encrypted and protected with digital signatures. We store your personal data securely throughout the life of your MDC account on our computers in Australia and elsewhere in the world where MDC facilities or our service providers are located (for more information on data transfers see section 4 below).

 

Payment card data is securely transferred and hosted off-site by a payment partner in compliance with Payment Card Industry Data Security Standards (PCI DSS). This information is not accessible to MDC.

 

3. Who do we share your personal data with?

 

When you use the Services, we may need to disclose your personal data to the following categories of third parties in order for us to provide our service to you:

 

  • Fraud prevention and identity verification;

 

  • Contracted service providers, such as analytics providers, technology platforms and providers, IT support, compliance services and marketing providers;

 

  • Banks and financial institutions;

 

  • Payment processing service providers;

 

  • Professional service providers; and

 

  • Other third parties with your express consent or instruction to do so.

 

We may also need to disclose your personal data in the following limited circumstances:

 

  • To comply with a legal requirement, such as a law, regulation, subpoena, warrant, court order, legal proceedings or in response to a law enforcement agency or regulatory request;

 

  • If the disclosure of your personal data is or may be necessary to prevent physical harm or financial loss, to report suspected illegal activity or to enforce the terms of any agreement we may have with you.

 

The personal data we share with these third parties and in these circumstances will in each case be limited to that strictly necessary to satisfy the reasons set out in the table above.

 

4. Transfers of your personal data

 

We will not transfer your personal data outside of Australia except to selected third parties that we have instructed to help us provide the Services to you. Such third parties may process and store your personal data in geographically distributed data centres.

 

In the case of transfers of your personal data outside of Australia, where the transfers are not to countries that provide an adequate level of protection (for example, we may rely on a Privacy Shield certification where the transfer contains a US entity), we will put in place appropriate safeguards to cover transfers of your personal data which may include, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission. Please click here for a link to the standard contractual/data protection clauses and click here for more information about the Privacy Shield for US companies.

 

5. Cookies

 

Cookies are small text files that are placed on your device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.

 

  • name: eFlashSite. Duration: Session. Purpose: When viewing a mobile site (old mobile under m.domain.com) it will force the server to display the non-mobile version and avoid redirecting to the mobile site

 

  • name: hs. Duration: Session. Purpose: Security name: smSession. Duration: Persistent (Two days or two weeks). Purpose: Identifies logged in site members

 

  • name: XSRF-TOKEN. Duration: Session. Purpose: Security

 

  • name: svSession. Duration: Persistent (Two years). Purpose: Identifies unique visitors and tracks a visitor’s sessions on a site

 

  • name: SSR-caching. Duration: Session. Purpose: Indicates how a site was rendered.

 

  • name: smSession. Duration: Persistent (Two weeks). Purpose: Identifies logged in site members

 

  • name: TS*. Duration: Session. Purpose: Security

 

  • name: TS01*******. Duration: Session. Purpose: Security

 

  • name: TSxxxxxxxx (where x is replaced with a random series of numbers and letters). Duration: Session. Purpose: Security

 

  • name: TSxxxxxxxx_d (where x is replaced with a random series of numbers and letters). Duration: Session. Purpose: Security

 

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

 

You can change your cookie preferences at any time on popular browsers using the links below:

 

 

 

 

 

 

 

To find information relating to other browsers, visit the browser developer's website.

 

 

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

 

6. Our Website

 

Our Website may contain links to third party websites and apps. If you follow a link to a third party website or app, please note that this Privacy Policy does not apply to that website or app. We are not responsible or liable for the privacy policies or practices of any third party websites or apps, so check their policies before you submit any personal data to those websites.

 

7. Data Retention

 

We store your personal data in line with legal, regulatory, financial and good-practice requirements. If you deactivate your MDC account, we will mark your account in our database as "Deactivated," but will keep your account information in our database for eight years from your last date of entry. This is necessary in order to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account.

 

If you do deactivate your account, your personal data will not be used by us for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law or in accordance with this Privacy Policy.

 

8. Accessing your Personal Data and your rights

 

As a result of us collecting and processing your personal data, you have the following legal rights:

 

  • to access personal data held about you;

 

  • to request us to make any changes to your personal data if it is inaccurate or incomplete;

 

  • to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances;

 

  • to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is carried out by automated means, and it is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party to; or (iii) steps taken at your request prior to entering into a contract with us;

 

  • to object to, or restrict, our processing of your personal data in certain circumstances;

 

  • if we ever use your personal data for direct marketing, you can ask us to stop and we will comply with your request;

 

  • if we use your personal data on the basis of having a legitimate interest (as set out in the table above), you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;

 

  • to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and

 

  • to lodge a complaint with the relevant authority.

 

To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us via our contact form at our Website.

 

9. contacting us and changes to your personal data

 

If you have any questions, comments and requests about this Privacy Policy or your personal data, please contact us via our contact form at our Website.

 

Please keep us informed of any changes to your personal data at any time by updating your details in your account.

 

10. changes to our privacy policy

 

Any changes we may make to this Privacy Policy in the future will be displayed within the App, on the Website and, where appropriate, notified to you by email. Please check back regularly to keep informed of updates or changes to this Privacy Policy.

 

This Privacy Policy was last updated on 30 June 2020.

bottom of page