We care about your data and we want you to be able to know and understand how we collect, use and disclose your personal information when you are on our Platform. We’ve provided you with some essential information below. Feel free to deep dive into the issues that matter to you, click the headings to find out more about the things that matter most to you.
About this Policy
The policy sets out how we collect, use and disclose your personal information.
We own and operate the Innowell platform – a customisable digital platform that helps you to manage mental health and wellbeing with the help of your care service provider, friends and family.
I’m a participant – how does Innowell collect my personal information?
The main way we collect your personal information is when you share it with us through the platform or our website. We may also collect information about you from your care service provider and family or support persons that you’ve invited to the platform, or from third parties that integrate into the platform (like FitBit).
I’m a staff member or contractor – how does Innowell use my personal information?
We collect your personal information when you create an account on the platform.
How does Innowell use my personal information?
We mainly use your information to provide the platform and our associated services to you. We may also use your information to develop and improve the platform and to provide technical support.
How do you disclose my personal information?
We may disclose your information to your care service provider via the platform or where we are required by law. We may sometime disclose your information to third parties but only to the extent necessary to perform our functions and activities.
How do I maintain my personal information?
So that we can continue to provide the best service to you, we ask that you keep your personal information updated through the functionality provided on the platform.
How do you keep my personal information secure?
We implement strict technical and procedural controls to protect your data from unauthorised access or disclosure.
How can I correct my personal information?
You can manage your personal information directly through the functionality provided on the platform or by contacting us at [email protected]
When is my data deleted?
We delete your data when it is no longer required for the purpose it was collected. In most cases, we keep your data for 7 years.
How do you deal with data breaches?
We will notify you and the OAIC of any unauthorised use or disclosure of data and take steps to remedy any data breach.
Who do I contact if I want to make a complaint?
You can contact us via [email protected] if you have any questions, complaints or feedback.
About this policy
We may amend or update this policy from time to time. If this happens, we will publish any updates on our web site and notify you by email or by posting a notice of the changes in the platform. If you do not agree with the changes, you must cease accessing the platform. If you continue to access or use the platform after the changes come into effect, we will assume that you have agreed to them.
Innowell delivers digital health solutions to promote mental health and wellness and help people receive the right care at the right time. Innowell is the owner of the Innowell platform. More information about Innowell can be found here
References in this policy to ‘we,’ ‘our’ or ‘us’ mean Innowell.
What is the Innowell platform?
The Innowell platform is a customisable digital platform that is designed to assist in assessing, monitoring and managing mental health issues and the maintenance of wellbeing. It does this by collecting and processing your personal information (including sensitive and health information).
The platform is available to:
- individuals who have first been invited to participate by a care service provider approved by Innowell (referred to as ‘participants’ throughout this policy).
- staff members or contractors who have been invited to join by a care service provider approved by Innowell; and family members and support persons - who have been asked to provide information about or on behalf of participants.
The Innowell platform is considered to be software as a medical device and does not of itself provide stand-alone medical or health advice, diagnosis or treatment. It is designed to be used in conjunction with the clinical decisions and care provided by your care service provider.
The Innowell platform is only available to people who are lawfully residing in Australia.
For participants – how do we collect your data?
If you decide to accept an invitation to participate, your care service provider will collect some personal information from you including your name and email address. Your care service provider will enter this information in the platform so that we can email you a link that enables you to create an account in the platform.
The platform is designed to provide services to you that suit your individual needs as assessed by your care service provider. Because of this, the exact nature of the personal information that the platform collects and handles will differ from person to person.
Information shared by you:
The main way we collect personal information about you is when you provide it to us. For example, when you create an account in the platform, you will be asked to complete an assessment with questions about you generally, and about your health and wellbeing in particular.
Information shared by support persons:
The platform can collect personal information about you from a family or support person only after you have expressly invited them (via the platform). This information from the family or support person will also be incorporated in to the dashboard and will be accessible to you. The family or support person invited by you to use the platform will not have access to any of your personal information other than receiving your invitation to use the platform.
Information shared by service providers:
The platform also collects personal information about you from your care service provider. This can include information that relates to your treatment, clinical information and advice and recommendations entered in to your record by your care service provider. This information will also be incorporated in to the dashboard and you will be able to access it.
Information shared by third parties:
We may, from time to time and only with your express prior consent, integrate third party services into the platform and your account. For example, we integrate with FitBit to allow you to share information collected by your FitBit device and app with the platform. This information will be incorporated in to the dashboard and you will be able to access it.
What other information does the Innowell platform collect?
The Innowell platform also collects other categories of data in order to provide services to you. These include:
- Technical data
The platform also collects technical data associated with your smartphone, tablet or computer (such as IP addresses, access provider, hardware configuration, software configuration, country of origin), or associated with the platform (such as log and history of all data exchanges, log and history of connections);
- Identity data
The platform collects personal data when you create an account. This data includes information about your identity (such as full name and email address) and demographics (such as date of birth, gender and socio-economic information);
- Self-reported health data
The platform collects data you enter in response to questions about your health when you use it (such as physical health, sleep-wake cycle, alcohol use, psychological distress, medical history)
- Care-related data
The platform collects personal care-related data through your care plan. This data includes care options you choose to use alone (such as fact sheets, apps or e-tools) as well as those agreed between you and your service provider (such as psychological therapies or other clinical interventions); and
- Behavioural data
the platform automatically collects behavioural data, including but not limited to, data on location, device (phone, tablet or computer) and usage.
For staff/contractors of care service providers
The platform collects information from you when you are asked to create an account in the platform. The information includes your name, email, and professional details and demographics.
How does the Innowell platform use personal information?
The main purpose for which we use your personal information is to provide you with the platform services.
For participants, your personal information and the information we create about you through processing, is made available to both you and your care service provider through the platform. The aim is to support your mental health and to promote collaborative care partnerships.
We also use personal information, including de-identified data, for several other related purposes, including: quality assurance; monitoring, assessing and enhancing the operation of the platform; and providing technology and help desk support.
If you have provided permission, we will de-identify your personal information so that it can be used for research purposes by the University of Sydney’s Brain and Mind Centre.
In addition, from time to time, we may contact you to request feedback on our Platform – this will help us improve the Platform and provide better services to you. Answering feedback questions is voluntary and does not in any way affect your access to the Platform.
How do we disclose your personal information?
For participants, the Innowell platform discloses your personal information to your care service provider. If you have invited a family or support person to use the platform they will not have access to any of your personal information other than receiving your invitation to use the platform.
We may also disclose your personal information for purposes permitted by the law (APPs).
These include disclosure:
- to third parties at your express request;
- where it is necessary to lessen a serious threat to the life, health, safety of any individual or to public health or safety and it is unreasonable or impractical for us to obtain your consent; and
- if required or authorised by or under an Australian law or a court/ tribunal order or regulatory authority. Innowell’s policy is that we will not disclose your personal information for such a purpose unless we are legally required to do so, for example by a court order or a law enforcement agency warrant.
For care service provider staff or contractors, we disclose your personal information to the care service provider for account oversight and maintenance purposes.
We may send information to third parties that are located overseas. These third parties are located in the United States of America, although this list may change from time to time. Disclosure is made to the extent that it is necessary to perform our functions or activities.
Innowell also uses TokBox, via the Innowell platform, to facilitate online sessions between individuals and clinicians. TokBox servers are located in the United States of America and some personal information, such as your IP address, may pass through these servers. We can confirm that other identifying information, such as your name, date of birth or address, aren’t shared with TokBox. Disclosure is only made to TokBox to the extent that it is necessary to provide the videoconference service.
Maintaining the integrity of your personal information
Some of your personal information that is collected by the platform is entered directly into the platform by you and is always accessible to you when you log in to the Innowell platform. If your contact details change, we ask that you update this information promptly.
For participants, for personal information entered by your care service provider, we take steps through training and education as well as platform design to ensure so far as we can, that the information they enter is accurate, complete and up to date.
If you wish to correct or amend any of your personal information, please read on (below).
How do we keep your personal information secure?
We take all reasonable steps to protect your personal information from misuse, interference and loss as well as from unauthorised access, modification and disclosure. We:
- only store your personal information on computer systems located in Australia;
- ensure that access to these systems is highly restricted and controlled;
- implement organisational, physical and logical security measures;
- use strong encryption to protect data communications between the platform services;
- encrypt data traffic via the Internet between the platform and the systems; and
- limit access to your data only to staff who have a need to access your information to perform a specific task or function are granted access to such information.
Although we take appropriate measures to safeguard the security of your personal information, we cannot guarantee its security. To assist in preventing unauthorised use or disclosure of your personal information, you must keep confidential any sign-in information and passwords related to the platform.
Further, you can protect the data in the platform on your smart device (phone, tablet or computer) by use of a PIN code to restrict unauthorised access. Whenever you have finished using the platform you should log out. You should not leave your device unattended while you are still signed into the platform.
In the event of any data breach, we will follow the specific requirements of the Privacy Act 1988 and the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) and notify you and other affected individuals as appropriate.
How can you access and correct your personal information?
For participants, you can access, view, manage and update your personal information, research data sharing consent-status, permissions associated with family or support persons, health domains and care options, at any time, via the dashboard or settings menu.
For staff/contractors of service providers you can access, view, manage and update your personal information, and research data sharing consent status at any time via the settings menu.
If you think that your personal information is inaccurate in the platform, please get in touch by emailing [email protected] and we will take reasonable steps to correct it. In order to protect your personal information we may require identification prior to processing your request.
How and when is my data deleted?
Innowell will only keep your personal information about you for as long as is necessary for the purposes of the Innowell platform, or as required by law. When your personal information is no longer needed for the purpose for which it was collected, we will take reasonable steps to destroy or permanently de-identify it. However, most of the personal information is or will be stored in client files which will be kept by us for a minimum of 7 years.
The Privacy Act 1988 requires us to notify you and the Office of the Australian Information Commissioner in the event of a serious data breach, for example if a database containing personal information is hacked or personal information is mistakenly provided to the wrong person.
Our notification to you will be sent as soon as practicable and will contain:
- a description of the data breach;
- the kinds of information concerned; and
- the steps we have or will take to rectify the data breach; and
- recommendations about the steps you should take in response to the data breach.
Innowell Privacy Officer
Call: +61 2 8627 6933
Email: [email protected]
Innowell Pty Ltd
Shop 1-3 66-70 Parramatta Road
We will quickly acknowledge access or correction requests, or complaints, and use our best endeavours to respond fully within 30 days of receipt of your request.
If you think that we have failed to resolve a complaint satisfactorily or you still have a concern, or would like more information you can contact the Office of the Australian Information Commissioner in any of the following ways:
Office of the Australian Information Commissioner
Call: 1300 363 992
Email: [email protected]
Fax: +61 2 9284 9666
Office of the Australian Information Commissioner
GPO Box 5218
(or GPO Box 2999, Canberra ACT 2601, Australia)
Last updated: 06 April 2020