Privacy Policy & Disclaimer

This Privacy Policy explains how The Wellbeing Lab (a division of Michelle McQuaid Pty Ltd) collects and handles your personal information, and applies to all of our Services, which includes this website. Through our product offerings, employees have the ability to provide individual, team, and organizational wellbeing feedback for themselves and their companies. We value your trust and take our privacy obligations seriously. We have developed this Privacy Policy to provide you with clear answers to your questions so you can understand how your personal information and data is collected, securely held, and processed by The Wellbeing Lab.

1. Definitions

In this Privacy Policy, a reference to:

Administrator means any person who has login credentials to a PERMAH Wellbeing Survey Customer account to manage that account, create surveys, and review and share depersonalized survey results.
The Wellbeing Lab, we, us or our means Michelle McQuaid Pty Ltd (ACN 094 250 053) of 69 Hambleton Street, VIC, 3206, Australia, and any of its related corporate or affiliated entities.
Customer or Company means the person or entity that has licensed with The Wellbeing Lab to use The Wellbeing Lab’s Services. The Customer or Company will generally be your employer or an identified subgroup (i.e., division, department, etc.) within your employer.
Respondent and/or Participant means any person who accesses our Services to answer the PERMAH Wellbeing Surveys (either wholly or partially) conducted by a Customer using the Services.
Services mean all products (including related mobile applications), services, and websites offered by The Wellbeing Lab, including but not limited to The PERMAH Wellbeing Survey platform.
Visitor means any person who visits our website(s).
Websites mean, collectively, www.permahsurvey.com, www.thewellbeinglab.com, and www.michellemcquaid.com as well as the other websites that the Michelle McQuaid Group operates and that link to this Privacy Policy.
You or your means either an Administrator, Respondent/Participant, or Visitor, as applicable.

We may update this Privacy Policy from time to time and the most current version will be posted on our website. If we make any material changes, we will notify you by email (to the address associated with your account) or when you next log in to your account prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. If you have any questions or concerns about our Privacy Policy, or with the handling of your personal information, please contact our Privacy Officer at support@permahsurvey.com.

2. A note about children

Unless permitted by applicable law, you must not provide any child under the age of 16 with access to our Services. We do not intentionally gather personal information from minors under the legal age. If a minor submits personal information and we learn that the personal information is the information of a child under the legal age, we will attempt to delete the information as soon as possible. If you believe that we may have any personal information of a child under the legal age, please contact support@permahsurvey.com.

3. What information do we collect?

We collect information relating to you and your use of our Services from a variety of sources. Some of this information is collected directly from you and some of this information is collected from your interaction with our Services. How and what information we collect about you will depend on the way that you use our Services, for example whether you are an Administrator, Respondent, or Visitor.

(a) Information we generally collect:

Contact information. When you provide us with your contact information, whether through the use of our Services, creation of an account, a form on our website, or an interaction with our sales or customer support team, we collect your contact information. This information may include, for example, your name and email address.
Usage information. We collect usage data about you whenever you interact with our Services. This may include which web pages you visit, what you click on when you performed those actions, and other activities.
Device and browser data. We collect data from the device you use to access our Services, such as your IP address, operating system, browser details, and time of visit. This information may also tell us your location.
Log data. We keep log files that record data each time a device accesses our servers. The log files contain data about the nature of each access, including the originating IP address. We do this to maintain an audit trail of activity, to improve our Services, or to monitor or improve functionality.
Referral data. If as a Visitor, you navigate to our websites from an external source (such as a link on another website or via an email), we record information about the source that referred you to us.
Other data you submit. We may collect your personal information or data if you submit it to us in other contexts. For example, by giving us a testimonial, attending an event we host, opting in for free downloads, or purchasing our products or services. If you contact us we will also collect any information that you provide to us voluntarily in order for us to respond to your request.
Interacting with us on social media. We may collect personal information about you when you interact with us using social media. For example, if you post material to our LinkedIn page or tweet us on Twitter.

(b) Information specific to Administrators and Respondents We may collect the following information about Respondents:

Personal information. When you create a login for the PERMAH Wellbeing Survey we may collect the following information from you: your Company, your name, your phone number, encrypted password and email address.
Sensitive information. When you complete the PERMAH Wellbeing Survey you will be asked to provide us with sensitive demographic information, such as information about your ethnicity. In all cases, you have the option to select “Prefer Not To Answer.”
Your content. When you use the PERMAH Wellbeing Survey, we will store all of your survey responses unless you ask us to remove them by contacting support@permahsurvey.com.

Registration details. When you register an account or another Administrator creates an account for you, we collect your name, company name, email address, password, and other information.
Survey data. When you create and launch surveys using the Services, we will store those survey questions and other information related to those surveys.
Billing details. If you use a credit card for billing, our credit card processor may collect information such as the cardholder’s name, billing address, email address, credit card number, expiry date, and credit card security code.
Account settings. You will be able to set or update various preferences and personal details on your account settings page or your profile, for example your name, email address, default language, or time zone.

4. Who is the data controller or processor?

Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. For Administrators and Respondents, your company, which is our Customer, will be the controller of your personal information, and The Wellbeing Lab will be the processor. For Visitors, The Michelle McQuaid Group will generally be the controller of your personal information.

5. How do we hold the information we collect?

(a) Security of your personal information

The security of your personal information is very important to us. All your data is private and confidential and we take reasonable steps to ensure that your personal information is handled securely and in accordance with this Privacy Policy. We follow generally accepted security standards, to protect the personal information submitted to us, both during transmission and once it is received.
However, please note that transmitting information over the Internet is never completely secure. Although we do our best to protect your personal information, we cannot guarantee that your personal information is absolutely secure in all situations.
Security is a collaborative effort, so we also recommend that you create a sophisticated password for logging in to our services and keep that password secret.
If you suspect there has been any unauthorized access or misuse of your personal information, immediately contact us at support@michellemcquaid.com.
If you have any concerns about the security of our platform, contact our Information Security Team at support@michellemcquaid.com.

(b) Where your personal information is located

We are a global service and your data is stored at the closest location based on your country. Our servers are located in Sydney (Australia), Singapore (Singapore), Iowa (USA), London (The United Kingdom), Eemshaven (The Netherlands), and Frankfurt (Germany).
All personal data is stored in two different locations which are split across two different servers. In addition, Survey response data is stored on a third server so that personal data and survey response data are always kept separate.

Our servers are protected by 24×7 human security, biometrics, access control man traps, bulletproof lobbies, and video surveillance.

The Wellbeing Lab offers the European Union Standard Contractual Clauses (EU SCCs), also known as Model Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of information.

6. How do we use the information we collect?

We use your personal information for a variety of purposes. How and what information we collect about you will depend on the way that you use our Services, for example whether you are an Administrator, Respondent, or Visitor. In each case, the information we collect and the process is reasonably necessary for our business, including providing you with the Services you would expect from us. We never sell any of the data we collect to third parties.

(a) Use of European Union user information collected:

When you use our Services as a Respondent or Visitor we process your personal information either: with your consent to fulfill our contractual responsibility to deliver the Services to the Customer, or to pursue The Wellbeing Lab’s legitimate interests of improving our Services or developing new products and features.
When you use our Services as an Administrator, we may use your personal information to create an account with us. We need to collect and use your personal information to allow you to create an account and log in to that account.

(b) Use of Administrator information collected:

To provide you with our Services. This includes providing you with access and use of our platform and customer support, which may require us to access your personal information so that we can assist you, such as with survey design or technical issues.
To manage our Services. We use your personal information so we can provide our Services and improve those Services. These purposes may include: to monitor, maintain, and improve our Services and features; to personalize or customize your experience when you use our Services (including presenting The PERMAH Wellbeing Survey platform in the best format for you or a device you use to access The Wellbeing Lab platform); to create new services or features; to send you an email when you have been assigned as an administrator of your Company account; to enforce our contracts and policies when we are made aware of potential breaches; to prevent potentially illegal, undesirable, or abusive activities; to make telephone calls to you, or send you SMS messages from time to time; or to respond to legal requests.
To contact you about the Services or your account. At times we may need to contact you via email, mail, or telephone to tell you about matters such as changes to our Services, terms, or policies.
For marketing purposes. We may also send you news and information about our products or Services that you either request from us, or we believe may interest you. In most cases, we will contact you via email.
To respond to legal requests and prevent harm. If we receive a legal request or are informed of a situation that may cause harm, or potential harm, to someone, we may need to inspect your personal information or data to respond appropriately to that request or threat.

To create an account with us. We need to collect and use your personal information to allow you to create an account and log in to that account.
To manage our Services. We use your personal information so we can provide our Services and improve those Services. These purposes may include: to monitor, maintain, and improve our Services and features; to personalize or customize your experience when you use our Services (including presenting our Services in the best format for you or a device you use to access our Services); to create new services or features; to enforce our contracts and policies when we are made aware of potential breaches; to prevent potentially illegal, undesirable, or abusive activities; to send you a welcome email to verify ownership of the email address provided when your account was created; to respond to legal requests; or to publish research.
To report de-identified aggregated data. To provide Customers with a better understanding of their survey results, we use survey data in a de-identified aggregated form to provide organizational results reports. We also use your survey data to continually improve our Services, to publish research, and create population scores.

(d) Use of Visitors information collected:

To contact you for marketing purposes. We may send you news and information about our products or Services that you either request from us, or we believe may interest you (unless prevented by law). In most cases, we will contact you via email.
To manage our Services. We use your personal information so we can provide our Services and improve those Services. These purposes may include: to personalize or customize your experience when you use our Services (including presenting our websites in the best format for you or a device you use to access our websites); to create new services or features; to monitor, maintain, and improve our Services and features; to enforce our contracts and policies when we are made aware of potential breaches; to prevent potentially illegal, undesirable, or abusive activities; or to respond to legal requests.

7. Anonymity and pseudonyms

In most cases, it will be very difficult for us to provide you with our Services if you do not provide us with your real name and contact details (primarily email). Situations where we might have difficulty interacting with you anonymously, or via a pseudonym, are when you use our Services as an Administrator or Respondent.

If lawful and practicable, you may use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about our Services or this Privacy Policy, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with our products or Services or respond adequately to you.

8. Who has access to your personal information?

(a) General

We will share your personal information with third parties only in the ways that are described in this Privacy Policy. To provide you with our Services we will often need to disclose your personal information to our staff or the service providers we use to operate our business. Examples of our service providers include: hosting services, project management software, email service providers, system monitoring services, customer support services, and website analytics. These companies are only authorized to use your personal information as necessary for us to provide our Services to you and/or the Customer.

In most cases, the information that we disclose to our staff or service providers will be directly necessary to provide our Services to you. However, there may be occasions where we need to disclose your personal information to our staff, service providers, professional advisors, or other third parties, including:

To provide the Services. In providing the Services, we may need to disclose your personal information to people who work for us or to one of our service providers. Our agreements with third parties include obligations to protect the security and confidentiality of your personal information. These disclosures may be related to activities such as filling orders, processing payments and mail-outs, storing and managing documents, research, providing professional advice, facilitating creation of accounts, sending you service emails, providing technical support, or providing other services to you.
To perform actions you request or consent to. You may specifically authorize us to disclose your personal information to a third party. For example, to resolve a dispute regarding our Privacy Policy or to integrate a third-party service. We may also disclose your personal information to a third party with your prior consent.
To merge or sell our business. We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition, or dissolution transaction or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the personal information collected by us and will assume and be subject to all the rights and obligations regarding your personal information as described in this Privacy Policy. If The Wellbeing Lab is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information.
When we disclose your personal information to third parties such as our service providers, we sign confidentiality and data processing agreements with them to ensure they maintain confidentiality and have privacy and security standards to protect your personal information.

9. What are your rights to your personal information?

(a) General

If you live in certain countries (for example, European Union member states) you may have rights regarding your personal information, including the right to access, correct, delete, port, limit, or stop the use or disclosure of your personal information. We will respond to requests to access and correct (if necessary) your personal information as soon as possible. You have the following options when exercising your rights:
- Updating your account details. You can update your registration and other account information on your account settings page or your profile page and information is updated immediately. To update any other information, please contact support@michellemcquaid.com.
- Access, correction, and deletion. Upon request, we will provide you with information about whether we process, or provide to a third party to process on our behalf, any of your personal information. If you want to review, correct (if necessary) or delete the information that we have collected and hold about you, please contact support@michellemcquaid.com.
- Data exports. If you request an export of the information that we hold about you, we will provide you with the data in a standard CSV format. This data format may not be applicable or compatible with all uses. To request a data export, please contact support@michellemcquaid.com.
- Limiting or stopping use or disclosure. If you want to limit or stop our use or the disclosure of your personal information to third parties, please contact support@michellemcquaid.com. However, please note that by limiting or stopping the use of your personal information by us, or its disclosure to third parties, you may also limit our ability to provide you with our Services.
- Newsletter and other communications. If you subscribe to our newsletter(s) or other communications, you may choose to stop receiving those communications by using the unsubscribe instructions included our emails, or by contacting support@michellemcquaid.com.
- Other queries or requests. If you have a question or want to make a request that is not listed above, please contact support@michellemcquaid.com.

10. How long do we retain your personal information?

(a) Administrators and Respondents
We retain your personal information indefinitely.

(b) Visitors

We will retain your personal information for as long as is necessary to provide our Services to you, or to comply with our legal obligations, resolve disputes, and enforce our legal rights.

11. How do you make a complaint?

(a) Contacting our Privacy Officer

Please contact our Privacy Officer if you have any complaints about our compliance with this Privacy Policy or relevant privacy laws. We will treat your complaint seriously, and will investigate any alleged breach, including how it occurred, and how best to prevent future breaches (if relevant). You can contact our Privacy Officer at support@michellemcquaid.com.

(b) European Union complaints

If you live in the European Union and have any complaints regarding our compliance with our Privacy Policy, please contact our Privacy Officer at support@michellemcquaid.com. However, if you are dissatisfied with our handling of your complaint, please contact the relevant EU Data Protection Authority in your country.

If you live in Australia and have any complaints regarding our compliance with the Australian Privacy Act, please contact our Privacy Officer at support@michellemcquaid.com. However, if you are dissatisfied with our handling of your complaint, you may raise your complaint with the Office of the Australian Information Commissioner by contacting them at: https://www.oaic.gov.au/about-us/contact-us.

12. Additional information.

(a) Sensitive Personal Data

If you send or disclose any sensitive personal information (e.g. information related to racial or ethnic origin, sex life, or physical or mental health condition) to us when using the Services, you consent to our processing and use of such sensitive personal data as necessary to provide the Services.

If you do not consent to our processing and use of such sensitive personal information, you must not submit sensitive personal information to our Services.

You may subsequently modify or withdraw your consent to the use and processing of sensitive personal data in accordance with applicable laws in certain jurisdictions and according to Section 8 of this Privacy Policy.

(b) Cookies and tracking technologies

We and our marketing partners, affiliates, or analytics or service providers, use technologies such as cookies, beacons, tags, and scripts, to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

We use cookies to remember users’ settings and preferences, and for session management. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Services, but your ability to use some features or areas of our Services may be limited.

Our websites may include links to other websites. The privacy practices of those other websites may differ from The Wellbeing Lab’s privacy practices. If you submit personal information to any of those websites, your personal information is governed by their privacy policy. We encourage you to carefully read the privacy policy of any website you visit.

(d) Testimonials

We display Customer or user testimonials and other endorsements on our websites. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial or any other endorsement, please contact us at support@michellemcquaid.com.

13. The Wellbeing Lab contact details.

If you have any questions, concerns or complaints about our Privacy Policy or our data collection or data processing practices, or if you want to report any data privacy concerns or data security issues, please contact us at support@michellemcquaid.com, where we will assist or refer your question, concern, or complaint to the appropriate party.

THE PERMAH WELLBEING SURVEY