Privacy Policy

Website, Mobile and Web Applications

1. INTRODUCTION

1.1. Any reference to “Greg,” “we,” “us” or “our” is to Mensana For Life Pty Ltd ACN 638 073 140.

1.2. The privacy and the security of your Personal Information is extremely important to us. We strive to be transparent with our explanation of how we use your Personal Information and take the upmost care in keeping your information safe and secure.

1.3. This Privacy Policy sets out the important details relating to your Personal Information and relates to all our services and any associated services. The terms governing your use of our website and to the purchase of goods from our website can be found here https://getgreg.app/terms-of-use/

1.4. This Privacy Policy is subject to the 13 Australian Privacy Principles (the APPs). The APPs apply to the collection and use of Personal Information as set out in the Privacy Act 1988 (Cth) (the Act) (as amended from time to time). Our handling of Personal Information is regulated by the Act. For the purpose of this Policy:

1.4.1. Personal Information means information, including financial information, or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is in a material form or not.

1.4.2. Sensitive Information means information or an opinion (that is also Personal Information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual practices, criminal record or health information.

1.5. This Policy can be found on our application and website and may be updated from time to time at our discretion. By continuing to use our application, website or otherwise continuing to deal with us, you accept this Policy as it applies from time to time.

1.6. This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage, even if you have accessed the websites or services of those companies through our website or application.

 

2. TYPES AND SOURCES OF PERSONAL INFORMATION

2.1. When you download our application or otherwise sign up through our website and create an account (“Account”), we may collect certain Personal Information about you directly from you, such as:

2.1.1. your name;

2.1.2. username;

2.1.3. date of birth;

2.1.4. contact details (including address, email address and telephone number);

2.1.5. personal preferences and interests;

2.1.6. photographs;

2.1.7. location;

2.1.8. login information and friends list from social media accounts that you can connect to your Account.

2.1.9. information about your computer or device and about your visits to and use of our application or website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation); and

2.1.10. credit and debit card type, expiration date, and certain digits of your card number.

2.2. When you use our services, we will collect information about wifi access points as well as other location information about your longitude and latitude and may save your device’s coordinates. If you have enabled location services, but wish to turn them off, you can do so by the following methods:

2.2.1. iPhone app — settings, privacy, location services, Greg; or

2.2.2. Android — settings, location, Greg, permissions, location.

2.3. We may collect data from other social media websites/applications. You may be able to use your social media login (such as Facebook login) to create and log into your Greg account. This allows you to share some Personal Information from your social media account with us.

2.4. We acknowledge that there is no obligation for you to provide us with Personal Information except as required by law. However, if you choose not to provide us with certain necessary details, we may not be able to provide you with the full range of our services.

 

3. HOW WE USE YOUR PERSONAL INFORMATION

3.1. The purpose for which we use Personal Information will depend on the circumstances in which it is collected. Generally, we use your Personal Information for the following purposes:

3.1.1. to administer your account and provide our services to you;

3.1.2. fulfil your requests for certain products and services;

3.1.3. help you connect to other users of our services;

3.1.4. contact you with information about Greg (e.g. updates and new offerings);

3.1.5. personalise the application and the content we deliver to you;

3.1.6. conduct research and analytics about how you use and interact with other Greg users;

3.1.7. resolve disputes between you and other users of our services; and

3.1.8. carrying out any activity in connection with a legal, governmental or regulatory requirement that we have to comply with, or in connection with legal proceedings, crime or fraud prevention, detection or prosecution.

3.2. We may anonymise your Personal Information so that you cannot be individually identified and provide that anonymised information to our partners. For example, we allow advertisers to choose the demographic information of users who will see their advertisements and you agree that we may use any of the information we have collected from you in non-personally identifiable form to allow our advertisers to select the appropriate audience for those advertisements. We might use the fact you have purchased or inquired about a certain brand of apparel, for instance, to show you advertisements for the company that sells that brand, but we will not disclose to that company your identity.

3.3. If you provide information about someone else, you must ensure that you are authorised to disclose that information. You must also take reasonable steps to ensure that person consents to their information being collected and stored in accordance with this Privacy Policy.

3.4. We may contact you by email or other means. For example, we may send you promotional offers on behalf of other businesses, or communicate with you about your use of the Site. Also, we may receive a confirmation when you open an email from us. If you do not want to receive email or other mail from us, please indicate your preference by changing your account settings accordingly.

 

4. HOW WE SHARE YOUR PERSONAL INFORMATION

4.1. We neither rent nor sell your Personal Information in personally identifiable form to anyone.

4.2. As our goal is to help create a men’s wellbeing movement, we want to help you create meaningful connections with other Greg users. Accordingly, we share your Personal Information with other users when you voluntarily disclose the information to us. Some of this information will be publicly displayed on your profile for other users to view. Without limiting the above:

4.2.1. In certain situations, businesses or third party websites we are affiliated with may sell items or provide services to you through the Site (either alone or jointly with us). You can recognise when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that we deem it related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review the policies of all such businesses or websites.

4.2.2. We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you. Unless we inform you otherwise, our agents do not have any right to use the Personal Information we share with them beyond what we deem necessary to assist us in performing such tasks.

4.2.3. As part of the buying and selling process, we will facilitate the sharing of Personal Information between the Seller and the Buyer involved in the transaction. As part of the buying or selling process, you may obtain another user’s email address, shipping address, payment information, and/or other information. As described in our Terms & Conditions, you have a limited licence to use this information only for transaction-related communications. We have not granted you a licence to use the information for unsolicited commercial messages or unauthorised transactions. Without express consent from that user, you must not add any user details to your email or physical mailing list or store or misuse any payment information.

4.2.4. Certain user profile information, including without limitation, a user’s username and the image content that such user has uploaded to the Site may be displayed to other users to facilitate user interaction within the Site or address your request for our services. Any content you upload to your public user profile, along with any Personal Information or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) may become publicly available, and can be collected and used by others. Your username may also be displayed to other users if and when you post comments or upload images through the Site and other users can

4.2.5. We may choose to transfer all or part of our business. In these types of transactions, information (which may include your Personal Information) is typically one of the business assets that is transferred. Also, if all of our assets (or substantially all of our assets) are acquired, or if we go out of business or enter bankruptcy, Personal Information may be one of the assets transferred to or acquired by a third party.

4.3. We also may provide third-parties with your Personal Information to help us operate and improve our services. If you choose to link your Greg account with a third-party application (such as Facebook) some Personal Information may be shared with that third-party application. We also may use third parties to assist with various tasks, including customer care, marketing, maintenance, advertisement and payment processing and security operations.

4.4. We may also share your Personal Information with third-parties in the following legal context:

4.4.1. if disclosure would mitigate our liability in an actual or threatened lawsuit;

4.4.2. as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties;

4.4.3. as required by law;

4.4.4. to enforce our agreements with you; and

4.4.5. to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

4.5. It is not likely that we will share Personal Information that we collect and hold about you to any overseas recipients (as defined in the Act). If we transfer your information to third parties, we will ensure that reasonable steps are taken to ensure that the overseas recipient does not breach the APPs in relation to the information and that the overseas recipient is in a jurisdiction that has an adequate level of protection for your data before we provide them with it.

 

5. SENSITIVE INFORMATION

5.1. In the event we collect Sensitive Information about you, you consent to us collecting, using and disclosing the Sensitive Information for the purpose for which it was disclosed and as permitted by the Act and other relevant laws.

 

6. SECURITY

6.1. We take commercially reasonable measures to protect your Personal Information against loss, misuse, unauthorised access and disclosure.

6.2. Unfortunately, no website or internet transmission can be 100% secure, so we do not promise, and you should not expect, that your Personal Information will always remain secure. Accordingly, we disclaim any representation or warranty, whether express or implied, with respect to any breaches of security, damage to your device, or any loss or unauthorised use of your registration information or other data.

6.3. We regularly monitor our systems for possible vulnerabilities and are always reviewing our processes and practices to keep your Personal Information securely stored.

6.4. We may suspend your use of all or part of any of our services without notice to you if we suspect a or detect any breach of security. If you ever think your account or information is not secure please notify us at [email protected] and change your password immediately.

 

7. SUB-PROCESSORS

7.1. To support the delivery of our services, we rely on third party service providers. Any service provider engaged by us might have access or process data that may contain your Personal Information.

7.2. Amazon Web Services (AWS) supplies web hosting and customer relationship management (CRM) services in relation to our application.

7.2.1. Details about AWS’ privacy and security protocols can be accessed here https://aws.amazon.com/privacy/.

7.2.2. Personal Information collected and managed by AWS on our behalf is stored securely in Australia.

7.3. With respect to our website, our website is hosted by Kinsta Inc (“Kinsta”).

7.3.1. Details about Kinsta’s privacy and security protocols can be accessed here https://kinsta.com/legal/privacy-policy/.

7.3.2. Kinsta engages third party sub-processors that may process your Personal information. A current list of Kinsta’s sub-processors can be accessed here https://kinsta.com/legal/data-processing-addendum/.

7.3.3. Personal Information collected and managed by Kinsta is held securely in Sydney, Australia.

 

8. RETENTION OF PERSONAL INFORMATION

8.1. We keep your Personal Information only as long as we need it to provide you with our services and as permitted by applicable law.

8.2. If we receive Personal Information where we have not taken any steps to collect such information, then within a reasonable time we will decide whether we could, under the APPs, have solicited that Personal Information ourselves. If we determine that we would not, under the APPs, have been permitted to solicit the Personal Information, we will as soon as practical (where lawful and reasonable to do so) destroy or de-identify that unsolicited Personal Information. If we could, under the APPs, have solicited the Personal Information then we may use and disclose the Personal Information for the purpose for which it was disclosed and as permitted by the Act and other relevant laws.

8.3. Where Personal Information held by us is no longer required to be held, and its retention is not required by law, then we will destroy such Personal Information by a secure means.

 

9. PEOPLE UNDER 18 YEARS OF AGE

9.1. Our services are restricted to people over the age of 18 and we do not knowingly collect Personal Information from anyone under the age of 18 or knowingly allow such persons to register for any service we offer. If you are under 18, please do not attempt to register any of the services we offer or send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 18 is permitted to provide any Personal Information to us including by way of any services we offer. If we learn that we have collected Personal Information from a child under the age of 18 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us at [email protected]

 

10. THIRD PARTY LINKS

10.1. Our application and website may from time to time contain links to other applications or websites. Without limiting anything set out in our Terms and Conditions here, these applications or websites may have a different privacy policy to ours and it is important that you check the policy of each website or application you visit. Once you leave our application or website, we have no control or responsibility over the privacy policies or data collection activities at another application or website.

 

11. ACCESS TO PERSONAL INFORMATION

11.1. You can gain access to your Personal Information, subject to certain exceptions contained in the Act. To request access to your Personal Information, or to update or correct that Personal Information, please send a written request to [email protected] (Contact Address). We will check the identity of individuals making requests to determine within 14 days whether the request will be met.

 

12. DIRECT MARKETING

12.1. We may send you marketing communications in line with your previously expressed marketing preferences or as otherwise permitted under the Act and other relevant laws. If you do not wish to receive such communications, please contact us via the Contact Address or follow the opt-out instructions contained in each marketing communication.

 

13. COMPLIANCE

13.1. If you are concerned that the way in which we collect, hold, use or disclose your Personal Information may be in breach of the APPs, please send written details of your complaint to the Contact Address.

13.2. After receiving a complaint, we will conduct internal discussions and evaluate whether we believe that such collection, holding, use or disclosure of your Personal Information was in breach of the APPs. We will endeavour to notify you of the results of our investigation of your complaint within 30 days of receiving your complaint. However, if your complaint involves complex issues or requires extensive investigation, it may not be possible to respond within this timeframe. If the conclusion of our investigation is that our collection, holding, use or disclosure of your Personal Information was in breach of the APPs, we will take steps to remedy the breach as soon as reasonably practicable. If after dealing with us you are still not satisfied, you are entitled to make a complaint to the Office of the Australian Information Commissioner.

 

14. UK AND EUROPEAN UNION RIGHTS

14.1. This section of the Privacy Policy applies to citizens and residents of a country that is a Member State of the European Union, or the UK, and supplements the information in this Privacy Policy.

14.2. European Union Law, called the General Data Protection Regulation (GDPR), gives certain rights to individuals in relation to their personal data. The United Kingdom has enacted its version of the GDPR which affords the same rights to its residents and citizens.

14.3. We are a data controller and processor for the purposes of the GDPR and by you consenting to this Privacy Statement, we are able to process your personal data as defined in the GDPR (Personal Data) in accordance with this Privacy Statement.

14.4. In providing our services to you, we may make use of a number of automated processes using your Personal Data in order to provide more tailored and relevant services to you.

14.5. In addition to your rights as set out above, you are entitled to a number of additional rights:

14.5.1. Right to be informed: what Personal Data an organisation is processing and why.

14.5.2. Right of access: you can request a copy of your Personal Data.

14.5.3. Right of rectification: if the data held is inaccurate, you have the right to have it corrected.

14.5.4. Right to erasure: you have the right to have your Personal Data deleted in certain circumstances.

14.5.5. Right to restrict processing: in limited circumstances, you have the right to request that processing is stopped but the Personal Data retained.

14.5.6. Right to data portability: you can request a copy of your Personal Data in a machine-readable form that can be transferred to another provider.

14.5.7. Right to object: in certain circumstances (including where Personal Data is processed on the basis of legitimate interests or for the purposes of marketing) you may object to that processing.

14.5.8. Rights related to automated decision-making including profiling: there are several rights in this area where processing carried out on a solely automated basis results in a decision which has legal or significant effects for the individual. In these circumstances your rights include the right to ensure that there is human intervention in the decision-making process.

14.6. Should you have any concerns in relation to our collection and/or processing of your Personal Data or wish to exercise any of your rights listed in paragraph 14.5 above please contact us.

14.7. Greg has designated a Data Protection Officer and they can be reached by emailing: [email protected]

14.8. In addition to paragraph 14.6 above, you also have the right to lodge a complaint with data protection regulators, and the Information Commissioners’ Office (ICO) is the UK’s lead regulator. You can find out how to raise a concern with the ICO by visiting their website at www.ico.org.uk. If you’re within the EU, you may also get in touch with your local Data Protection Regulator who may liaise with the ICO on your behalf.