My Dementia Companion (“MDC”,“we”, “us”, “our”) operates a platform where users can obtain certain information and support in relation to dementia. We offer a range of products to suit different needs, including the My Dementia Companion website (the “Products”). We also operate the My Dementia Companion App, which is available on the internet as a webapp (app.mydementiacompanion.com.au) (the “App”). For more information about My Dementia Companion and our different Products, please visit our website: www.mydementiacompanion.com.au (the “Website”).
1. What personal data do we collect and process, and how do we use it?
We collect and process personal data for the following purposes:
1. What personal data do we process? Why do we process this personal data? What is our lawful basis for processing?
Identity Data: this includes your title, first name, surname, date of birth, identity documentation, nationality. We process this data to set up your account and enable you to use the Services; to comply with our anti-money laundering and “know your customer” obligations; to maintain comprehensive and accurate records. The lawful basis for processing is to fulfill our contractual obligations to you; to comply with a legal obligation.
Data concerning health, social and welfare: this includes your health and social status and history. We process this data to set up your account and enable you to use the Services. The lawful basis for processing this data is to fulfill our contractual obligations to you; we will only process your Data concerning health, social or welfare if you have provided your express consent for us to do so.
Financial Data: this includes your bank account number and sort code. We process this data to process your payments. The lawful basis for processing this data is to fulfill our contractual obligations to you.
Usage Data: we may process data regarding your use of the Services, including but not limited to incidences of download and deletion, average time spent, means of connection, operating system, any problems reported, your IP address, favourites, archiving, clicks, scrolling through and progressing through support information. We process this data to identify any problems, defects or issues with the Services; to optimise the performance of the Services to ensure you have the best user experience; to provide and improve our customer services. The lawful basis for processing this data is to satisfy our legitimate interests; to fulfil our contractual obligations to you.
2. How do we protect your personal data?
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of any personal data we collect or you provide.
Any personal data uploaded by you or collected by us via the Website happens over a Secure Socket Layer (SSL) -secured communication channel and is encrypted and protected with digital signatures. We store your personal data securely throughout the life of your MDC account on our computers in Australia and elsewhere in the world where MDC facilities or our service providers are located (for more information on data transfers see section 4 below).
Payment card data is securely transferred and hosted off-site by a payment partner in compliance with Payment Card Industry Data Security Standards (PCI DSS). This information is not accessible to MDC.
3. Who do we share your personal data with?
When you use the Services, we may need to disclose your personal data to the following categories of third parties in order for us to provide our service to you:
Fraud prevention and identity verification;
Contracted service providers, such as analytics providers, technology platforms and providers, IT support, compliance services and marketing providers;
Banks and financial institutions;
Payment processing service providers;
Professional service providers; and
Other third parties with your express consent or instruction to do so.
We may also need to disclose your personal data in the following limited circumstances:
To comply with a legal requirement, such as a law, regulation, subpoena, warrant, court order, legal proceedings or in response to a law enforcement agency or regulatory request;
If the disclosure of your personal data is or may be necessary to prevent physical harm or financial loss, to report suspected illegal activity or to enforce the terms of any agreement we may have with you.
The personal data we share with these third parties and in these circumstances will in each case be limited to that strictly necessary to satisfy the reasons set out in the table above.
4. Transfers of your personal data
We will not transfer your personal data outside of Australia except to selected third parties that we have instructed to help us provide the Services to you. Such third parties may process and store your personal data in geographically distributed data centres.
In the case of transfers of your personal data outside of Australia, where the transfers are not to countries that provide an adequate level of protection (for example, we may rely on a Privacy Shield certification where the transfer contains a US entity), we will put in place appropriate safeguards to cover transfers of your personal data which may include, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission. Please click here for a link to the standard contractual/data protection clauses and click here for more information about the Privacy Shield for US companies.
Cookies are small text files that are placed on your device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.
name: eFlashSite. Duration: Session. Purpose: When viewing a mobile site (old mobile under m.domain.com) it will force the server to display the non-mobile version and avoid redirecting to the mobile site
name: hs. Duration: Session. Purpose: Security name: smSession. Duration: Persistent (Two days or two weeks). Purpose: Identifies logged in site members
name: XSRF-TOKEN. Duration: Session. Purpose: Security
name: svSession. Duration: Persistent (Two years). Purpose: Identifies unique visitors and tracks a visitor’s sessions on a site
name: SSR-caching. Duration: Session. Purpose: Indicates how a site was rendered.
name: smSession. Duration: Persistent (Two weeks). Purpose: Identifies logged in site members
name: TS*. Duration: Session. Purpose: Security
name: TS01*******. Duration: Session. Purpose: Security
name: TSxxxxxxxx (where x is replaced with a random series of numbers and letters). Duration: Session. Purpose: Security
name: TSxxxxxxxx_d (where x is replaced with a random series of numbers and letters). Duration: Session. Purpose: Security
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
You can change your cookie preferences at any time on popular browsers using the links below:
To find information relating to other browsers, visit the browser developer's website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
6. Our Website
7. Data Retention
We store your personal data in line with legal, regulatory, financial and good-practice requirements. If you deactivate your MDC account, we will mark your account in our database as "Deactivated," but will keep your account information in our database for eight years from your last date of entry. This is necessary in order to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account.
8. Accessing your Personal Data and your rights
As a result of us collecting and processing your personal data, you have the following legal rights:
to access personal data held about you;
to request us to make any changes to your personal data if it is inaccurate or incomplete;
to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances;
to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is carried out by automated means, and it is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party to; or (iii) steps taken at your request prior to entering into a contract with us;
to object to, or restrict, our processing of your personal data in certain circumstances;
if we ever use your personal data for direct marketing, you can ask us to stop and we will comply with your request;
if we use your personal data on the basis of having a legitimate interest (as set out in the table above), you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;
to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and
to lodge a complaint with the relevant authority.
To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us via our contact form at our Website.
9. contacting us and changes to your personal data
Please keep us informed of any changes to your personal data at any time by updating your details in your account.