This policy may change periodically so please check back on a regular basis.
If you have comments or questions regarding this privacy statement, please contact: firstname.lastname@example.org or send us a letter via: PO Box 407 Bondi NSW 2026 Australia.
Created: 21 October 2017
Last updated: 21 October 2017
Key privacy points: The stuff you really care about
- This policy applies to all OceanFit enterprises, including OceanFit (oceanfit.com.au) and OceanFit Challenges (challenges.oceanfit.com.au).
- We don’t sell your data to third parties. OceanFit Pty Ltd (OceanFit) treats all information collected as if it were private. We don’t sell the information to anyone and we don’t use your data for our own purposes, except as outlined in this policy.
- We may share some data with trusted service providers. In order to manage and improve our services we may from time to time use a number of third party service providers; for example, we may use Google Analytics to track visits to our websites, Hotjar to see how users interact with our website and collect information via an online form, Survey Monkey to collect survey responses, or Mailchimp for users who self-subscribe to our database. A number of these service providers are located outside of Australia and therefore the data we pass to them will be processed outside of Australia.
- Most data is stored on servers located in Australia. Aside from the circumstances described in point three above, all data collected by us is stored on servers located in Australia.
- We will comply with all Australian laws. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond. We may also need to access data to prevent potentially illegal activities and to screen for undesirable or abusive activity.
- At OceanFit, we’re only human. We do our utmost to make sure OceanFit is a business which is highly valued by staff, the community, our participants, our members and all of our stakeholders, but being human, occasionally we make a mistake. On the rare occasion where we do slip up, we assure you that we will attend to the issue as soon as it is drawn to our attention, remedy the problem and advise you of the outcome.
Who does this policy apply to?
OceanFit is committed to protecting your privacy, and establishing a trusting relationship with our users is central to our business practices.
OceanFit websites and services are used by a wide range of groups and individuals. These include but are not restricted to staff, training participants, challenge members, and members of the public. The privacy provisions in this policy apply to all service and website users.
We will never share your data, except where
- It is legally required (such as the investigation of a criminal offence), or
- We have engaged a trusted service provider to assist us with a particular transaction (e.g. collection of survey responses).
We will never sell your data to a third party.
Generally, we use the information we collect from you only in connection with providing our services to you. However, there are some other limited uses, as listed below.
What data is collected by OceanFit and what do you do with it?
|Type of Data||Use||Need to know|
|Registration information. You may browse OceanFit websites freely, however, in order to become an OceanFit Challenges participant or a subscriber to one of our services, you need to register. This involves supplying us with some basic information, such as; name and email address. You will also be required to set a username and password.||To help you to access the most appropriate information and tools associated with our websites.
To provide you with support if you need technical assistance.
To communicate important service-related announcements, changes to our services or policies, password reminders, etc.
To deliver to you information about your account and newsletters that you have signed up to receive.
|We may use your email address to inform you about training and products that we think may be of interest; however you may opt out of such notices at any time.
We will never sell or disclose your registration information to a third party.
The default privacy settings when you register for an OceanFit challenge allow others in your training challenge to find you by your username, see that you are active & your activity, and view your profile.
Once registered you can change your privacy settings at My Profile > Settings > Profile Privacy. You can be as public or as private as you wish.
To be eligible for the Grand Prize, one of your tasks requires you to write/post at least three messages on the group activity stream during your challenge – this is a public facing activity.
|Organisation details: For event organisers who appear in our publicly displayed event calendar, we may require some additional information, such as organisation location, organiser name, and organiser phone number.||To assist you with promoting your event, event promotions, and to provide an information service to others.
To tailor our services to your needs.
|Information will only be used for the purposes stated.|
|Payment information. If you order a product or book some training with us, we may need to collect payment and billing and delivery information from you.||To allow you to book and pay for goods and services.||Such information will only be used to send you the product that you purchase and to bill you for that service or product.|
|Survey/form responses. From time to time we may seek responses to survey questions.||The use of each type of information varies depending on the purpose; however it will generally be used to gather aggregated information about our users and/or to help improve or tailor our services.||Completion of forms and surveys is entirely optional.
The information you provide in such forms and surveys may be collected and stored by other service providers (e.g. Mailchimp, Survey Monkey) who we have chosen on the basis that they will not use such information in a way that is contrary to this policy.
Information collected through forms and surveys is only disclosed to other third parties (e.g. OceanFit partners) in an aggregated, de-identified form.
|Customer support inquiries and other data you intentionally share. We may collect your personal information or data if you submit it to us in other contexts; for example, if you email an inquiry to us, we may record the contents of that email for later reference. We may also seek additional information that will assist us in catering for your needs when running events (e.g. dietary requirements, disability access).||To allow us to provide swift, efficient and appropriate customer service.||Data will never be sold and will be disclosed to a third party only where such disclosure is necessary for provision of that service (e.g. dietary requirements may be disclosed to a catering service contracted to cater to an event).|
|Feedback. OceanFit collects and stores the feedback you provide to us on the services we offer.||To administer, refine and (sometimes) promote our services.||We may use your feedback to improve or promote our services, but we will never publish your name or other identifying information in association with the feedback you provide without your explicit permission.|
To remember passwords for you so you don’t have to re-enter them each time you visit the site.
|You have the option of setting your browser to reject cookies. (However, some services may be unavailable if you do so.)|
|Metadata. We use the term ‘metadata’ to describe the context rather than the content of the data we collect. This might include, for example, the number of users who visit a particular website or a particular page of a website, when they visit and how long they stay, what they click on, where they have come from and where they go next. Additionally, like most websites today, our web servers keep log files that contain data about the nature of each access, including the IP address and type of device from which the contact originated. We may also infer your geographic location based on your IP address.||To perform statistical and other analysis, to study and measure user behaviour and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services.||We use de-identified metadata only (that is, data that cannot be identified as belonging to any specific individual or organisation).|
How does OceanFit store my data?
We do all we can to protect your privacy and provide a secure environment for your data. We take all reasonable steps to ensure the security of the personal data we hold is protected from such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
All registration information and related data are password-protected to provide additional security. We ask that you do not reveal or share your password with anyone. OceanFit will never ever ask for your password, either verbally or through phone or email contact (whether initiated by you or us).
Where we share data with other service providers, the data is stored in their systems and is subject to their security and privacy standards. We have been careful about selecting our service providers and believe they all take data privacy and security seriously.
In line with the Privacy Amendment (Notifiable Data Breaches) Act 2017 OceanFit will notify all clients of any data breach and act in accordance with the Notifiable Data Breaches (NDB) scheme in Australia.
Who controls the data and how do I access it or correct it?
When we talk about a data controller, we are referring to the legal entity or person with the right to make decisions regarding the purposes, and the methods, of processing collected data. This includes the security measures concerning the operation and use of the data.
Where OceanFit is the data controller you can request access to the personal information we hold about you, or request that we change that personal information. We will allow access or make the changes unless we consider that there is a sound reason under any relevant law to withhold the information, or not make the changes.
If we do not agree to make your requested changes to personal information, you may make a statement about the requested changes and we will attach this to the record.
You can obtain further information about how to request access or changes to the information we hold about you by contacting us (see contact details below).
Does OceanFit disclose information to service providers or people outside of Australia?
OceanFit uses a number of service providers to handle specific types of data that we collect. Some of these service providers are located outside Australia. Their details are listed below, including the jurisdiction in which the data will be processed.
|Data Collected||Service Provider|
|Usage Data, Device Data, Referral Data, Metadata||Google
Service provided: Google Analytics and Google Tag Manager are a web analysis services supplied by Google which use “cookies” to collect your navigation, behaviour and demographic data. This information is forwarded to, and deposited on, Google’s servers in the United States.
If you wish to opt out of Google tracking services, you are encouraged to visit: https://tools.google.com/dlpage/gaoptout
Data processing location: United States of America
|Survey/form responses||Survey Monkey
Service provided: Survey Monkey allows us to build customised online surveys and collect and analyse responses. Survey responses are processed and stored by Survey Monkey, which is located in America. We access this data via via the Survey Monkey website.
Data processing location: United States of America
|Email newsletter subscription||Mailchimp
Service provided: Mailchimp allows us to collect email addresses, and other information about a person so that we can send email communications. Types of communication includes; weekly newsletters, competitions, event promotions and OceanFit notices.
Data processing location: United States of America
How to contact us or make a complaint
- Emailing email@example.com
- Calling (+61) 433 082 541
- Sending a letter to us at: OceanFit, PO Box 407 Bondi NSW 2026
We will respond to your request usually within 48 hours and, at a maximum, within 30 days of receiving it, and treat seriously any claims of privacy breaches.