This Privacy Policy applies to Ability Range, our iOS and Android mobile application (our “App”). In the below policy, we inform you about the scope of the processing of your Personal Data.
General Information
When designing our App, we have made sure that little information that directly identifies you is collected. As however some countries have a broader definition of Personal Data this policy covers it. In this sense we would need to first of all explore the definition of Personal Data.
Our use of your Personal Data is subject to both the Australia’s Privacy Act (“PA”), the Australian Privacy Principles (“APPA”) and the EU General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address and device ID.
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.
"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
Responsible for data processing is N3S Pty. Limited of 180 Lonsdale Street, Melbourne, VIC 3000 with ABN:62633449279 (“we”, “us”, or “our”).
If you have any questions or if you wish to exercise your rights, please contact us using mailto:hello@abilityrange.au
In accordance with the above-mentioned laws, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfilment of a contract / pre-contractual measures, c) the data is necessary for the fulfilment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
Processing of Automatically Collected Data
The APP can be downloaded from the "Google Playstore" a service offered by Google LLC, or the Apple App service "App Store" a service of Apple Inc. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
As far as we are aware, Google collects and processes the following data: Licence check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which Personal Data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.
As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which Personal Data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.
Google and Apple may collect information from and about the device(s) you use to access the APP, including hardware and software information such as IP address, device ID and type, device-specific and APP settings and properties, APP crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass and Payment Data and Billing confirmations.
We may request permission to store your APP data including your Internet Connection and Network, Location, Push Notifications. In addition we ask a) Therapist users to access their device’s storage when downloading a child’s report; and b) Users (NDIS participant) for Gallery/Photos and Files permissions to store photos/videos and recording their favourite sections. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our APP may not function as intended.
When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via the device settings of your device. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.
To send push messages the APP uses components of the Firebase Realtime Database and Messaging tools, which is part of the Firebase APP of Google LLC. By integrating Google services, Google may collect and process information (including Personal Data). It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google actually collects and processes. However, Google states that, among other things, the following information (including Personal Data) may be processed in principle: Log data (in particular the IP address, Location-based information, Unique application numbers, Cookies and similar technologies for information on the types of cookies used by Google, please visit https://policies.google.com/technologies/types.
All data collected is generally transferred to our Server and our MySQL Database. The legal basis for the data processing is our legitimate interest in providing our App. We ensure that processing is governed by Processing Agreements that include Standard Contractual Clauses to ensure a high level of data protection. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.
Data processing by us
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our overriding legitimate interest in processing your request.
If you register, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form (Full Name, Email Address, Account Type (Therapist or NDIS participant), Phone Number). We also send you a One-time password (OTP) per SMS using the services of Twilio.
Twilio may collect and process information (including personal data). It cannot be excluded that Twilio also transfers the information to a server in a third country. We cannot influence which data Twilio actually collects and processes. The entry of your data is encrypted so that third parties cannot read your data when it is entered. The basis for this storage is our legitimate interest and to fulfil our contractual obligations. Within your profile you are able to edit and delete your account at any time.
We process the data of our registered users in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further. The scope of the data processed also depends on the data provided during your use of our APP. Users (Therapist or NDIS participant) may also provide bios, interests; profile photos and images; your child's name; your child's gender identity; your child's age; education and employment history;health information including diagnosis/es; Tax File Number; Australian Business Number; business name; copies of your government issued ID; passport;or drivers licence; National Disability Insurance Scheme (NDIS) number; NDIS plan details or credit card information.
Some of the data you choose to provide may be considered non-Personal Data and/or “special” or “sensitive” in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data.
Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us.
Unless otherwise specified the purposes of processing are contractual performance and service, contact requests and communication, office and organisational procedures, administration, and response to requests, visit action evaluation. The legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations as well as your consent.
You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us in writing.
General Principles
Persons under the age of 18 should not transmit any Personal Data to us without the consent of their parents or legal guardians. We do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.
Automated decision-making including profiling does not take place.
We do not sell your Personal Data.
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure, c) or the disclosure of data is permitted by relevant legal provisions. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if Ability Range or N3S Pty. Limited (or a part of Ability Range or N3S Pty. Limited) is sold to or merged with another company; or if we have reason to believe that disclosure is necessary to protect Ability Range or N3S Pty. Limited.
We usually do not transfer Personal Data, however, if we do we ensure that processing is governed by Processing Agreements that include Standard Contractual Clauses to ensure a high level of data protection.
Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.
Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Your Rights and Privileges
Under the Privacy Act, you can exercise the following rights:
Under the GDPR, you can exercise the following rights:
If you wish to exercise any of your rights, please contact us.
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. You may contact your local data protection supervisory authority or the Office of the Australian Information Commissioner (“OAIC”), GPO Box 5288 Sydney, NSW 2001, https://www.oaic.gov.au However, we would appreciate the opportunity to deal with your concern in the first instance.
Updates
We may update this policy from time to time. If we make changes, we will revise the effective date at the end of this section. If you would like to contact us regarding our privacy practices for any reason, please do so using mailto:hello@abilityrange.au We encourage you to periodically review this policy to be informed of how we use and protect your Personal Data. This policy was last updated on Monday, 10th of July, 2023.