Help Centre
What kind of help do you need?Privacy Policy
Effective date: 5 November 2021
SilverCloud (“SilverCloud”, “we”, “our” or “us”) respects the privacy of all individuals who interact with us and/or use our services. This privacy policy is for people who use the SilverCloud platform and programmes (SilverCloud Services) as a client or supporter (each also referred to in this document as “you” and “your”).
SilverCloud has obligations concerning the collection, use, disclosure and storage of personal information. These obligations are set out in the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act), and other applicable State and Territory privacy laws.
We ask that you read this privacy policy carefully as it describes our practices regarding the information we may collect from you or to which we may have access when you interact with the SilverCloud Services. You consent to us collecting, holding, using and disclosing your personal information in accordance with this policy. We will review and may update this Privacy Policy from time to time. The current version will always be available at Privacy Policy.
Contact details for SilverCloud are listed at the bottom of this notice.
1 Personal information
1.1 What is personal information?
“Personal information” is information or an opinion about an identified individual or reasonably identifiable individual, whether true or not or whether recorded in material form or not.
1.2 What personal information do we collect and hold?
The personal information we collect and hold includes information about you, your use and any individual's use of the SilverCloud Services.
The personal information that we collect and hold may include an individual's:
- name;
- email address;
- technical data, which may include details of your invitation, when you first signed up to the SilverCloud Service, pages and sections viewed, other actions you take on the SilverCloud Service, emails sent to you via the platform, server errors that affect you, details of when you log in and log out, your IP address, browser type and version, time zone and language, notification preferences and your login details (username, encrypted password);
- address;
- age;
- telephone number and other contact details;
- information provided to us via feedback or customer surveys, which may include user "progress points" at the end of each module, user experience questionnaires and other questionnaires where it is indicated that the recipient is SilverCloud; and
- other personal information about yourself that you give voluntarily, such as your interests, likes/dislikes or providing a profile image.
2 Sensitive Information
2.1 What is Sensitive Information?
“Sensitive information” is a sub-category of personal information which includes information about an individual’s racial or ethnic origin, political opinions, membership of political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or certain biometric information.
2.2 What Sensitive information do we collect and hold?
We also collect sensitive information, including information about:
- health data, which may include information pertaining to an individual's answers to psychological questionnaires and calculated results, entries to interactive tools such as a list of problems, recording mood over time, or journal entries, messages between clients and supporters, and, for adverse event reporting, details about adverse events including health symptoms;
- long term physical health condition;
- demographic information such as an individual's gender, race or ethnicity.
3 How we collect and hold your Personal Information
We may collect personal information from the individual concerned, from a third party (such as a client, a supporter or a referring professional) or automatically when you use the SilverCloud Service.
We may also collect this information when you communicate with us through our website, by telephone, by e-mail or through a written application.
We have processes in place to ensure that our records remain accurate, complete and up to date, including by verifying the information with you each time you use our services or from other sources.
These records are retained in accordance with our Personal Data Retention Policy for up to five years.
If the information is no longer required by us for any purpose for which it was collected and is no longer required by law to be retained by us, we will destroy or de-identify the information.
3.1 Can I remain anonymous?
You can always choose to deal with us anonymously or by using a pseudonym.
However, please note that if you choose to remain anonymous, this will affect your ability to access or use the SilverCloud platform.
If you wish to remain anonymous when dealing with us via a telephone call, please advise the SilverCloud representative assisting you.
4 Why do we collect, hold, use and disclose personal information?
4.1 Purpose
We collect, hold, use and disclose personal information, including sensitive information, for the following purposes:
- to enable us to establish and perform our engagements with you, such as providing you with services or programmes, which includes displaying programme pages, recording your activity on interactive tools and features, storing your preferences, sending notifications by email, text or push notification, calculating scores from questionnaires, inviting and managing clients and supporters and supporters reviewing client progress and results;
- in order to provide technical support to you to enable your use of the platform and programmes;
- in order to identify and understand
trends relating to the use of the SilverCloud platform and programmes and
provide statistical and market data to guide business development, which
may include calculating statistics / trends of response to a wellbeing
questionnaire.
Most analysis uses anonymous aggregate data (for example, average length of time spent on the platform). Some analysis uses individual data, with additional safeguards in place such as de-identification and limiting the set of individual data (data minimization). This analysis may include profiling, machine learning or other techniques. This de-identified data is not itself personal information, and we take care to ensure that individuals cannot be identified in the data; - conduct research and product development that is in the wider public interest;
- to enable you to access and use the SilverCloud platform and programmes;
- in order to comply and/or fulfil our obligation under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request, as well as our various terms of use or other agreements to which you are a party;
- in order to understand the efficiency and effectiveness of our services, maintain the platform, programmes and any services offered via the platform and to identify any opportunities to personalise or improve the user experience;
- for the purpose of conducting research using de-identified personal information provided via the platform, use of programmes or the demographic questionnaire;
- detecting, preventing or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our platform;
- complying with our legal obligations, and enforcing and protecting against legal claims, including investigation of potential violations of this privacy policy;
- to operate, improve and optimise our website and services and yours and other users' experience;
- to send support and administrative messages, reminders, technical notices, updates, security alerts, and information to you;
- to send marketing and promotional messages to you and other information that has been requested or which may be of interest;
- for support purposes, such as providing support or coaching during your use of the SilverCloud Services;
- for risk management purposes, such as managing clinical risks that present themselves during your use of the SilverCloud Services. This would include reporting a risk to yourself or others, or adverse events to relevant support services, emergency services or authorities;
- for the purposes of protecting the rights, property or personal safety of SilverCloud, its staff, any of our users or any member of the general public.
4.2 To whom do we disclose personal information?
We may disclose personal information to the following third parties for the purposes listed above:
- SilverCloud's other related companies and internally within our family of companies (Group Entities). In addition, should SilverCloud or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets, your personal information may be shared with the parties involved;
- trading partners and external service providers (of SilverCloud and Group Entities), whose services and solutions complement, facilitate and enhance our own and are required for us to provide our services as contemplated hereunder. These include any of the third parties providing hosting, database and cloud services, and our business, legal, financial advisors, consultants or research organisations that we work with from time to time;
- governmental, regulatory or law enforcement agencies;
- with others, including referring professional, emergency services, or other relevant authorities.
When we disclose personal information to third parties, we make all reasonable efforts to ensure that we disclose only relevant information and that it is accurate, complete and up to date and that the third party will comply with the Privacy Act in relation to that information.
We may disclose personal information in other circumstances, where the person concerned has consented to the disclosure, or where we are expressly permitted to do so by the Privacy Act.
These other disclosures may include where:
- you would reasonably expect the disclosure to occur (for example, quality assurance purposes or training);
- we are authorised or compelled by law to disclose;
- it will prevent or lessen a serious threat to someone's life, health or safety or a threat to public health or safety;
- it is necessary as part of the establishment or defence of a legal claim;
- it is requested by an enforcement agency such as the police; or
- it is a necessary part of an investigation following a complaint or incident.
4.3 Disclosure of Personal Information outside Australia
SilverCloud hosts personal information on the SilverCloud platform in Australia.
Some of the third parties to whom we may disclose personal information may be located overseas. The countries in which those third parties may be located are:
- Ireland; and
- United Kingdom.
Where possible, disclosures overseas are limited to de-identified data, which is not itself personal information
5 Cookies, Links, Other Technologies and Security
When you use the SilverCloud platform, we collect information by using cookies. A cookie is a text file containing small amounts of information which a server may download to your computer, mobile or tablet when you visit a website or use an app.
There are different types of cookies which are used to do different things. These include letting you navigate between different pages on a website efficiently, remembering preferences you have given and helping us to identify ways to improve your overall site experience. (An explanation of cookies can be found at the website of the Australian Information Commissioner at www.oaic.gov.au.)
5.1 Information collected via cookies and other technology
The cookies used on the SilverCloud platform do not collect directly identifiable personal information such as name, address, email address etc. However, certain cookies may collect information which relate to a unique ID or another identifier which, when combined with other information, could allow a profile to be created.
5.2 Cookies used on the SilverCloud platform
Please find below details of the cookies used on the SilverCloud platform and a brief description of the information they gather.
5.3 Necessary cookies
These cookies let you move around the SilverCloud platform and use essential features such as accessing secure areas of the SilverCloud platform and identifying you as being logged in. These cookies don't gather any information about you that could be used for marketing or remembering where you've been on the internet.
Cookie name |
Purpose & details |
Flags |
Category |
Expiry |
---|---|---|---|---|
sessionid |
Session authentication |
Secure: True |
Necessary |
Session |
csrftoken |
CSRF protection |
Secure: True |
Necessary |
1 year |
django_language |
Language preference |
Secure: True |
Necessary |
1 year |
5.4 Analytics cookies
Our site uses Google Analytics to help analyse how users use the site. Usage information is transmitted to Google in the USA. For more information see How Google uses your data.
Cookie name |
Purpose & details |
Flags |
Category |
Expiry |
---|---|---|---|---|
_ga |
Google Analytics. |
- |
HTTP cookie |
2 year |
_gat |
Used by Google Analytics to throttle request rate |
- |
HTTP cookie |
1 day |
_gid |
Google Analytics. |
- |
HTTP cookie |
1 day |
collect |
Used to send data to Google Analytics about the visitor’s device and behaviour. |
- |
Pixel |
Session |
5.5 How can you control the use of cookies?
Cookies can be set and controlled by the operator of a website which the user is browsing such as SilverCloud for the SilverCloud platform (known as a ‘first party cookie’) or a third party (known as a ‘third party cookie’).
You can use your browser settings to manage cookies including deleting previously stored cookies and blocking cookies from being set. If you delete or block cookies that are necessary for the SilverCloud platform you will not be able to log in to use the programmes or record information.
5.6 Links to other websites
Our sites may have links to other websites not controlled or owned by us. We have no control over that other website and are not responsible for these sites or any consequence of a person's use of those sites. In particular, we are not responsible for the privacy policies or practices of the operators of other websites. We recommend that you review the privacy policies of those external websites before using them.
5.7 Data security and storage
To protect personal information from misuse and loss, and from unauthorised access, modification or disclosure:
- our staff are trained in how to keep your information safe and secure, and are contractually and ethically bound to respect the confidentiality of any personal information held by SilverCloud;
- we have put in place suitable managerial policies and procedures;
- we store your electronic records in secure systems;
- we use trusted contracted service providers; and
- SilverCloud maintains ISO 27001 certification.
However, we advise that there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties. If you have security concerns, or wish to provide personal information by other means (e.g. by telephone or paper), may contact us using the contact details set out at the bottom of this Privacy Policy.
The personal information of our employees, systems and most of the third parties we share information with are located in Australia, Ireland and the United Kingdom, with some of this personal information stored in secure cloud systems.
6 Access and correction of Personal Information
We have measures in place to ensure that the information we hold about individuals is accurate, complete and up to date. If you learn that personal information we hold about you is inaccurate, incomplete or not up to date you should contact us so that the information can be updated.
If you wish to see what information we hold about you, you can ask us for a copy.
Sometimes it may not be possible to give you a copy of the information if it was provided anonymously, if it contains details about other people, or if it would be unsafe to provide the information (for instance, if it may lead to harm being done to another person).
If we refuse to provide you with access to your record or to update your record in the way you request, we will provide you with written reasons.
If we refuse to correct or update your information, you may request that we make a note on your record that you are of the opinion that the information is inaccurate, incomplete, out of date, irrelevant or misleading, as the case may be.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
You will be notified of any likely costs before your request is processed.
7 Complaints
If you have a complaint or concern regarding our handling of your personal information or think that your privacy has been affected you should contact us as detailed below for an examination of your complaint or concern. If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (OAIC). See www.oaic.gov.au for how to make a complaint.
8 Contact
If you wish to contact SilverCloud regarding use of your Personal Information or to exercise your rights, please contact us at:
SilverCloud Privacy Officer
Email: dataprotection@silvercloudhealth.com
Phone: +353 1 440 4065 (Ireland)
Postal address:
SilverCloud Health Australia Pty Ltd
7 Southport Street
West Leederville WA 6007