- Administrator means any person who has login credentials to a PERMAH Wellbeing Survey Customer account to manage that account, create surveys, and review and share depersonalized survey results.
- The Wellbeing Lab, we, us or our means Michelle McQuaid Pty Ltd (ACN 094 250 053) of 69 Hambleton Street, VIC, 3206, Australia, and any of its related corporate or affiliated entities.
- Customer or Company means the person or entity that has licensed with The Wellbeing Lab to use The Wellbeing Lab’s Services. The Customer or Company will generally be your employer or an identified subgroup (i.e., division, department, etc.) within your employer.
- Respondent and/or Participant means any person who accesses our Services to answer the PERMAH Wellbeing Surveys (either wholly or partially) conducted by a Customer using the Services.
- Services mean all products (including related mobile applications), services, and websites offered by The Wellbeing Lab, including but not limited to The PERMAH Wellbeing Survey platform.
- Visitor means any person who visits our website(s).
- You or your means either an Administrator, Respondent/Participant, or Visitor, as applicable.
2. A note about children
Unless permitted by applicable law, you must not provide any child under the age of 16 with access to our Services. We do not intentionally gather personal information from minors under the legal age. If a minor submits personal information and we learn that the personal information is the information of a child under the legal age, we will attempt to delete the information as soon as possible. If you believe that we may have any personal information of a child under the legal age, please contact firstname.lastname@example.org.
3. What information do we collect?
We collect information relating to you and your use of our Services from a variety of sources. Some of this information is collected directly from you and some of this information is collected from your interaction with our Services. How and what information we collect about you will depend on the way that you use our Services, for example whether you are an Administrator, Respondent, or Visitor.
(a) Information we generally collect:
- Contact information. When you provide us with your contact information, whether through the use of our Services, creation of an account, a form on our website, or an interaction with our sales or customer support team, we collect your contact information. This information may include, for example, your name and email address.
- Usage information. We collect usage data about you whenever you interact with our Services. This may include which web pages you visit, what you click on when you performed those actions, and other activities.
- Device and browser data. We collect data from the device you use to access our Services, such as your IP address, operating system, browser details, and time of visit. This information may also tell us your location.
- Log data. We keep log files that record data each time a device accesses our servers. The log files contain data about the nature of each access, including the originating IP address. We do this to maintain an audit trail of activity, to improve our Services, or to monitor or improve functionality.
- Referral data. If as a Visitor, you navigate to our websites from an external source (such as a link on another website or via an email), we record information about the source that referred you to us.
- Other data you submit. We may collect your personal information or data if you submit it to us in other contexts. For example, by giving us a testimonial, attending an event we host, opting in for free downloads, or purchasing our products or services. If you contact us we will also collect any information that you provide to us voluntarily in order for us to respond to your request.
- Interacting with us on social media. We may collect personal information about you when you interact with us using social media. For example, if you post material to our LinkedIn page or tweet us on Twitter.
(b) Information specific to Administrators and Respondents We may collect the following information about Respondents:
- Personal information. When you create a login for the PERMAH Wellbeing Survey we may collect the following information from you: your Company, your name, your phone number, encrypted password and email address.
- Sensitive information. When you complete the PERMAH Wellbeing Survey you will be asked to provide us with sensitive demographic information, such as information about your ethnicity. In all cases, you have the option to select “Prefer Not To Answer.”
- Your content. When you use the PERMAH Wellbeing Survey, we will store all of your survey responses unless you ask us to remove them by contacting email@example.com.
(c) Information specific to Administrators
- Registration details. When you register an account or another Administrator creates an account for you, we collect your name, company name, email address, password, and other information.
- Survey data. When you create and launch surveys using the Services, we will store those survey questions and other information related to those surveys.
- Billing details. If you use a credit card for billing, our credit card processor may collect information such as the cardholder’s name, billing address, email address, credit card number, expiry date, and credit card security code.
- Account settings. You will be able to set or update various preferences and personal details on your account settings page or your profile, for example your name, email address, default language, or time zone.
4. Who is the data controller or processor?
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. For Administrators and Respondents, your company, which is our Customer, will be the controller of your personal information, and The Wellbeing Lab will be the processor. For Visitors, The Michelle McQuaid Group will generally be the controller of your personal information.
5. How do we hold the information we collect?
(a) Security of your personal information
- However, please note that transmitting information over the Internet is never completely secure. Although we do our best to protect your personal information, we cannot guarantee that your personal information is absolutely secure in all situations.
- Security is a collaborative effort, so we also recommend that you create a sophisticated password for logging in to our services and keep that password secret.
- If you suspect there has been any unauthorized access or misuse of your personal information, immediately contact us at firstname.lastname@example.org.
- If you have any concerns about the security of our platform, contact our Information Security Team at email@example.com.
(b) Where your personal information is located
- We are a global service and your data is stored at the closest location based on your country. Our servers are located in Sydney (Australia), Singapore (Singapore), Iowa (USA), London (The United Kingdom), Eemshaven (The Netherlands), and Frankfurt (Germany).
- All personal data is stored in two different locations which are split across two different servers. In addition, Survey response data is stored on a third server so that personal data and survey response data are always kept separate.
Our servers are protected by 24×7 human security, biometrics, access control man traps, bulletproof lobbies, and video surveillance.
(c) European Union or Swiss users
- The Wellbeing Lab offers the European Union Standard Contractual Clauses (EU SCCs), also known as Model Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of information.
6. How do we use the information we collect?
We use your personal information for a variety of purposes. How and what information we collect about you will depend on the way that you use our Services, for example whether you are an Administrator, Respondent, or Visitor. In each case, the information we collect and the process is reasonably necessary for our business, including providing you with the Services you would expect from us. We never sell any of the data we collect to third parties.
(a) Use of European Union user information collected:
- When you use our Services as a Respondent or Visitor we process your personal information either: with your consent to fulfill our contractual responsibility to deliver the Services to the Customer, or to pursue The Wellbeing Lab’s legitimate interests of improving our Services or developing new products and features.
- When you use our Services as an Administrator, we may use your personal information to create an account with us. We need to collect and use your personal information to allow you to create an account and log in to that account.
(b) Use of Administrator information collected:
- To provide you with our Services. This includes providing you with access and use of our platform and customer support, which may require us to access your personal information so that we can assist you, such as with survey design or technical issues.
- To manage our Services. We use your personal information so we can provide our Services and improve those Services. These purposes may include: to monitor, maintain, and improve our Services and features; to personalize or customize your experience when you use our Services (including presenting The PERMAH Wellbeing Survey platform in the best format for you or a device you use to access The Wellbeing Lab platform); to create new services or features; to send you an email when you have been assigned as an administrator of your Company account; to enforce our contracts and policies when we are made aware of potential breaches; to prevent potentially illegal, undesirable, or abusive activities; to make telephone calls to you, or send you SMS messages from time to time; or to respond to legal requests.
- To contact you about the Services or your account. At times we may need to contact you via email, mail, or telephone to tell you about matters such as changes to our Services, terms, or policies.
- For marketing purposes. We may also send you news and information about our products or Services that you either request from us, or we believe may interest you. In most cases, we will contact you via email.
- To respond to legal requests and prevent harm. If we receive a legal request or are informed of a situation that may cause harm, or potential harm, to someone, we may need to inspect your personal information or data to respond appropriately to that request or threat.
(c) Use of Respondents information collected:
- To create an account with us. We need to collect and use your personal information to allow you to create an account and log in to that account.
- To manage our Services. We use your personal information so we can provide our Services and improve those Services. These purposes may include: to monitor, maintain, and improve our Services and features; to personalize or customize your experience when you use our Services (including presenting our Services in the best format for you or a device you use to access our Services); to create new services or features; to enforce our contracts and policies when we are made aware of potential breaches; to prevent potentially illegal, undesirable, or abusive activities; to send you a welcome email to verify ownership of the email address provided when your account was created; to respond to legal requests; or to publish research.
- To report de-identified aggregated data. To provide Customers with a better understanding of their survey results, we use survey data in a de-identified aggregated form to provide organizational results reports. We also use your survey data to continually improve our Services, to publish research, and create population scores.
(d) Use of Visitors information collected:
- To contact you for marketing purposes. We may send you news and information about our products or Services that you either request from us, or we believe may interest you (unless prevented by law). In most cases, we will contact you via email.
- To manage our Services. We use your personal information so we can provide our Services and improve those Services. These purposes may include: to personalize or customize your experience when you use our Services (including presenting our websites in the best format for you or a device you use to access our websites); to create new services or features; to monitor, maintain, and improve our Services and features; to enforce our contracts and policies when we are made aware of potential breaches; to prevent potentially illegal, undesirable, or abusive activities; or to respond to legal requests.
7. Anonymity and pseudonyms
In most cases, it will be very difficult for us to provide you with our Services if you do not provide us with your real name and contact details (primarily email). Situations where we might have difficulty interacting with you anonymously, or via a pseudonym, are when you use our Services as an Administrator or Respondent.
8. Who has access to your personal information?
In most cases, the information that we disclose to our staff or service providers will be directly necessary to provide our Services to you. However, there may be occasions where we need to disclose your personal information to our staff, service providers, professional advisors, or other third parties, including:
- To provide the Services. In providing the Services, we may need to disclose your personal information to people who work for us or to one of our service providers. Our agreements with third parties include obligations to protect the security and confidentiality of your personal information. These disclosures may be related to activities such as filling orders, processing payments and mail-outs, storing and managing documents, research, providing professional advice, facilitating creation of accounts, sending you service emails, providing technical support, or providing other services to you.
- When we disclose your personal information to third parties such as our service providers, we sign confidentiality and data processing agreements with them to ensure they maintain confidentiality and have privacy and security standards to protect your personal information.
9. What are your rights to your personal information?
- If you live in certain countries (for example, European Union member states) you may have rights regarding your personal information, including the right to access, correct, delete, port, limit, or stop the use or disclosure of your personal information. We will respond to requests to access and correct (if necessary) your personal information as soon as possible. You have the following options when exercising your rights:
- Updating your account details. You can update your registration and other account information on your account settings page or your profile page and information is updated immediately. To update any other information, please contact firstname.lastname@example.org.
- Access, correction, and deletion. Upon request, we will provide you with information about whether we process, or provide to a third party to process on our behalf, any of your personal information. If you want to review, correct (if necessary) or delete the information that we have collected and hold about you, please contact email@example.com.
- Data exports. If you request an export of the information that we hold about you, we will provide you with the data in a standard CSV format. This data format may not be applicable or compatible with all uses. To request a data export, please contact firstname.lastname@example.org.
- Limiting or stopping use or disclosure. If you want to limit or stop our use or the disclosure of your personal information to third parties, please contact email@example.com. However, please note that by limiting or stopping the use of your personal information by us, or its disclosure to third parties, you may also limit our ability to provide you with our Services.
- Newsletter and other communications. If you subscribe to our newsletter(s) or other communications, you may choose to stop receiving those communications by using the unsubscribe instructions included our emails, or by contacting firstname.lastname@example.org.
- Other queries or requests. If you have a question or want to make a request that is not listed above, please contact email@example.com.
10. How long do we retain your personal information?
(a) Administrators and Respondents
We retain your personal information indefinitely.
We will retain your personal information for as long as is necessary to provide our Services to you, or to comply with our legal obligations, resolve disputes, and enforce our legal rights.
11. How do you make a complaint?
(a) Contacting our Privacy Officer
(b) European Union complaints
(c) Australian Privacy Act complaints
If you live in Australia and have any complaints regarding our compliance with the Australian Privacy Act, please contact our Privacy Officer at firstname.lastname@example.org. However, if you are dissatisfied with our handling of your complaint, you may raise your complaint with the Office of the Australian Information Commissioner by contacting them at: https://www.oaic.gov.au/about-us/contact-us.
12. Additional information.
(a) Sensitive Personal Data
If you send or disclose any sensitive personal information (e.g. information related to racial or ethnic origin, sex life, or physical or mental health condition) to us when using the Services, you consent to our processing and use of such sensitive personal data as necessary to provide the Services.
If you do not consent to our processing and use of such sensitive personal information, you must not submit sensitive personal information to our Services.
(b) Cookies and tracking technologies
We and our marketing partners, affiliates, or analytics or service providers, use technologies such as cookies, beacons, tags, and scripts, to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.
(c) Links to other websites
We display Customer or user testimonials and other endorsements on our websites. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial or any other endorsement, please contact us at email@example.com.
13. The Wellbeing Lab contact details.