In this document we explain what personal information is collected about you, how that information is used, how we protect your information and your rights in relation to information held by us.
What personal information do we collect when you sign up?
YourCare provides a network of mutual aid and a marketplace for social services.
When you sign up to YourCare we may collect and process your account data (“account data”) The account data may include some mandatory information, like your name and email address, which is required to create your account. Other account data, like your suburb, postcode and interests can be provided on a voluntary basis. This information is used to personalise your account.
The account data may be processed for the purposes of operating the YourCare website, providing services, ensuring the security of the YourCare website and communicating with you.
The legal basis for the collection and processing of the account data is your consent and/or our legitimate interests, namely the proper administration of the YourCare website.
YourCare does not collect any sensitive data relating to your medical history, health, racial or ethnic origin, political opinions, religious or philosophical beliefs.
While some personal financial details, like credit card numbers, are entered into the YourCare website, we do not store this information in our system.
What information do we collect when you are browsing the site?
When you visit YourCare, our system, which includes third party applications like Segment.io, collects information as you browse the site (“analytics data”).
The information includes your IP Address, internet service provider, domain name, date and time of visit, search items entered, pages visited on our site, browser type and operating system type.
This analytics data is used to help identify what parts of our website are accessed most frequently and how we can create a better service for users.
We also use this analytics data to personalise your experience, which could include onsite recommendations or targeted email campaigns.
The legal basis for this processing is our legitimate interests, being the maintenance and improvement of our website and services.
What other information may be collected by the site?
We may collect and process information that you post for publication on the YourCare site (“publication data”). This publication data may be processed for the purpose of enabling the publication of your posts and the administration of the YourCare site. The legal basis for this processing is your consent and our legitimate interests, namely the monitoring and improvement of our website and services.
We may collect and process information contained in any enquiry you submit to us regarding your use of the YourCare site or service, or contained in any communications that you send to us (“contact data”). The contact data may be processed in order to communicate with you, address your enquiry or handle your complaint. The legal basis for this collection is our legitimate interests, being the maintenance and improvement of our website and services.
Do you have to provide your personal information to yourcare?
When you sign up to YourCare, you are required to enter some mandatory personal information. Other information on sign up is voluntary.
Membership and participation is voluntary. Without some personal details it would mean that we are unable to provide products or services to you.
How does YourCare use personal information?
The personal information you provide to us will only be used for the purpose for which it is collected.
We do not share your data with any external party who may have a commercial interest in your information.
We do however use several SAAS (Software As A Service) products to coordinate your data, so that it is secure and available to optimise your experience.
SAAS products include;
Segment.io - used for the collection and distribution of personal information.
Google Analytics - use for collection of aggregate data
Customer.io - used for email marketing.
Slack - used for the management of member acquisition.
Amazon Web Services - Used to host our website and for the provision of database services, like Redshift - which allows for aggregate and anonymised data analysis.
Tableau - used for the visualization of aggregate and anonymised data.
Facebook - where a limited subset of a members personal details may be stored with Facebook to enable engagement and remarketing campaigns.
International transfers of your personal data
The hosting facilities for our website are situated in the United States of America. The European Commission has made an “adequacy decision” with respect to the data protection laws of this country. Transfers to this country will be protected by the Privacy Shield framework and standard data protection clauses adopted by the European Commission.
You acknowledge that personal data that you publish on the YourCare site may be published and made available throughout the world. We cannot prevent the use, collection or misuse of such data by other parties.
Your rights under the General Data Protection Regulation
YourCare takes data privacy very seriously and we have been monitoring the recent development of the General Data Protection Regulation (GDPR) which commenced operation in the European Union in May 2018.
Being based in Australia, YourCare does not fall under the new GDPR rules, however we believe they set a high standard and we will voluntarily be seeking to comply.
Under the GDPR, EU residents will be able to exercise a number of rights that give them more control over their personal data. The principal rights under the GDPR are as follows:
the right to access: provided that no rights of others are affected, we will supply to you a copy of your personal data within 30 days of a request. The first copy of such data will be provided without any charge but further copies may be subject to a reasonable administrative fee.
the right to rectification: you have the right to rectify/correct any inaccurate personal data that we hold about you and have any incomplete data completed.
the right to erasure (“right to be forgotten”): In certain circumstances you may have the right to the erasure of your personal information stored by us, including where the personal data is not necessary in relation to the purpose for which it was collected or processed; you have withdrawn your consent to processing where our legal basis of collection is consent. We may not be able to honour your right to erasure where processing and retention is necessary for compliance with a legal obligation or legal claim or defence.
the right to restrict processing: Where you contest the accuracy, unlawful processing or you oppose erasure for a valid reason, you may request the restriction of processing until we have verified the validity of that right.
the right to data portability;
the right to complain to a supervisory authority; and
the right to withdraw your consent.
YourCare is currently using Segment.io to manage data collection and distribution to other SAAS providers.
Segment.io have recently released new tools to allow assist with GDPR compliance. With Segment’s assistance we will be able to;
Delete a user from Segment and the third party SAAS providers Segment sends this data.
Suppress data collection for specific users who have requested data not be collected.
Monitor deletion and suppression status from a user interface.
If any member or supplier would like their data deleted, YourCare will oblige as quickly as possible. YourCare can be contacted on firstname.lastname@example.org.
YourCare is committed to data security and your privacy. We store your data securely and in the strictest confidence.
All reasonable administrative, technical and physical measures have been taken to protect personal information from loss, theft, unauthorised use or modification.
The Australian Privacy Principles (APPs)
YourCare also aims to uphold The Australian Privacy Principles (APPs), which are contained in schedule 1 of the Privacy Act 1988 (Privacy Act). The APP’s cover;
The ability of users to transact anonymously or using a pseudonym.
The collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection.
The use of personal information and how that information can be used and disclosed (including overseas).
Maintaining the quality of personal information.
Keeping personal information secure.
Right for individuals to access and correct their personal information.
The collection and use of sensitive information.
Privacy on other websites linked to this site
YourCare may contain hyperlinks to other websites. This privacy statement does not apply to those sites. YourCare is not responsible for the privacy practices of other website operators and suggests that before providing any personal information to linked websites you examine their privacy policies.
It should be noted YourCare is not intended for, or designed to attract, people under the age of 18. We do not intentionally collect personally identifiable information from any person we actually know is under the age of 18.
Currency of this privacy statement
A “cookie” is a file that contains an identifying string of letters and numbers that is sent by our web server and stored by your browser. The cookie then sends identifying information back to the server each time you access a relevant web-page.
Cookies do not typically contain any information that personally identifies you as a user, but personal information that we store about you may be linked to information obtained from cookies.
We use the following cookies for the following purposes:
Most browsers allow you to refuse to accept cookies and to delete any cookies that are stored on your computer. The methods to make these changes vary from browser to browser and you should visit the support page of your chosen browser if you wish to block or delete cookies.
Blocking all cookies may have a negative impact on the usability of the YourCare site and may disable certain features or make the website feature inacessible to you.
Data Protection Officer
Our data protection officer’s contact details are: Simon Schwab, who can be contacted at email@example.com