Privacy Notice

CPAP Sales

CPAP SALES Privacy Policy

1. About

Welcome to www.cpapsales.com.au (our “Website”). Our Website supplies Continuous Positive Airway Pressure (CPAP) machines for the treatment of Obstructive Sleep Apnea (OSA) together with masks, accessories and health gear.

In this Privacy Policy, “we”, “our,” or “CPAP SALES” or “us” means CPAP Sales Pty Ltd (ACN 164 927 539). Any reference to “you” or “your” means you, as a user (“User”) of our products and/or services (together “Products’)

Protecting your personal information is very important to us. When you share your personal information with us, we treat it with care and take our responsibility to protect it seriously. We only use or disclose your personal information for the purpose for which it was collected.

We adhere to the Australian Privacy Principles contained under the Australian Privacy Principles (“APPs”) in the Privacy Act 1988 (Cth), the Privacy and Personal Information Protection Act 1998 (NSW) (“PPIP”) and thePrivacy Amendment (Notifiable Data Breaches) Act 2017 (“ NDB”) (collectively “Privacy Laws”).

This Privacy Policy will give you an understanding of:

(a) the types of personal information we collect;

(b) how and when we collect, use, store, disclose and otherwise handle personal information;

(c) the purposes for which we collect, use, and disclose personal information;

(d) how you may access your personal information;

(e) how to update your personal information;

(f) how you can make a complaint and how we deal with any such complaint; and

(g) how to contact us.

We may update this Privacy Policy from time to time to reflect changes in how we handle Personal Information and to reflect any changes to the Privacy Laws. Updates to this Privacy Policy will be effective upon posting to the Website.

 

2. The meaning of Personal Information

Personal information means information about an individual whose identity is apparent or can reasonably be ascertained from that information (“Personal Information”).

 

3. Purposes

Please read this Privacy Policy carefully as it sets out how we collect, store, use and safeguard your Personal Information in relation to the Products and Services that we offer on our Website in compliance with the Privacy Laws.

 

4. Acceptance

When you access or use the Website for the supply of our Products, we may automatically receive, collect, and record Personal Information about you. The Personal Information we collect from you is so that we can supply you with our Products.

By registering for a login account (Account) on our Website, you will be required to accept our Terms and Privacy Policy by clicking the “Create Account” button. By clicking the “Create Account” button you agree to our Website Terms and our Privacy Policy which gives you notice through the user interface as follows:

By Joining , you agree that you've read and accept our Website Terms and Conditions and you consent to our Privacy Policy. If you are under 18 years of age you must have and warrant to the extent permitted by law that you have your parent or legal guardian’s permission to register and create an account on our Website.

 

5. What Personal Information is collected?

The Personal Information we collect from you may include:

(a) title, first name and last name;

(b) date of birth; height, weight, age, gender, body mass index (“ BMI”);

(c) address (unit/apartment no., street no., P.O. Box, town/city, state, post code, country)

(d) phone (mobile/home);

(e) email address;

(f) supplier/doctor/specialist name;

(g) health related information including medical conditions, medications and treatment, CPAP SALES therapy treatment information (including device and usage data) (collectively, “ Sensitive Information”);

(h) marketing information (including Products purchased, amounts and payment data)

(i) any other information as specified in the Account interface, or for any other contact with us.

(“CPAP SALES Application Information”)

We only collection your Sensitive Information with your consent. We will not collect your Sensitive Information unless that Sensitive Information is reasonably necessary for our functions or activities.

Our legal basis for collecting your Sensitive Information is based on your consent. We will not collect your Sensitive Information without your consent except where the collection is required or authorised by law.

You may withdraw your consent at any time by requesting the deletion of your Account but the withdrawal of your consent will not affect the lawfulness of processing your Sensitive Information based on consent before its withdrawal. We and our third-party service providers do not use your Sensitive Information for targeted advertising and marketing.

We may collect additional information from you at other times, including but not limited to, when you provide marketing information (including Products purchased, amounts and payment data), when you provide feedback, when you change your content or email preference, and when you respond to our surveys and/or promotions, or communicate with our customer support.

When we collect your Personal Information for marketing purposes, it will be in circumstances where you would reasonably expect the data to be used for marketing purposes, and we will always give you a means to “opt out” of any marketing communications. You can opt out of our mailing list if you choose the ‘unsubscribe’ service provided by us in every email.

You also have the option of not providing your Personal Information to us. If you choose to withhold your Personal Information, it may not be possible for us to provide you with our Products or for you to access certain parts of our Website and for us to respond to your query.

You are entirely responsible for the security of your Account and Login Details. It is important that you keep your Account secure with your user name and password (“Login Details”). You must not give your Login Details to any other person. You must notify us immediately if you are aware, or believe, that someone other than yourself has access to your Account. You should also take measures, such as changing your Login Details regularly, so that your Account is secure.

 

6. How we collect your Personal Information

CPAP SALES collects Personal Information from you in a variety of ways, including when you interact with us electronically or in person, through customer support on the phone, when you access our Website, and when we provide our Products to you.

We may also collect Personal Information through the receipt of prescriptions, doctors and health professionals and clinic letters, reports and referrals.

Personal Information may be provided by you directly or may be sent to us automatically when you use our Website or purchase our Products.

We may also receive Personal Information from third parties in connection with the supply of our Products. If we do, we will protect your Personal Information in accordance with this Privacy Policy.

 

7. How we use your Personal Information

We may use the Personal Information collected from you to supply you with our Products, for patient healthcare support and ongoing sales and support.

We may also use your Personal Information for marketing purposes to make you aware of new and additional Products, Services and opportunities available to you.

We may contact you by a variety of measures including, but not limited to telephone, email, SMS, mail or social media sites.

We may send you Website-related emails, mobile-phone push notifications and messages (e.g., updates of our Terms, account information, confirmation of your registration, changes and updates to features of our Products and/or Services and this Privacy Policy, and technical and security notices).

 

8. Disclosure of your Personal Information and Third Parties with access to it

We may share your Personal Information or disclose your Personal Information to any of our vendors, service providers, employees, officers, insurers, professional advisers, agents, suppliers, third-party service providers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy.

We may from time to time need to disclose Personal Information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any Personal Information and non-Personal Information contained in those databases. This Information may be disclosed to a potential purchaser under an agreement that maintains confidentiality.

 

9. Cross-border disclosure of Personal Information

Subject to and in accordance with the Privacy Laws, you expressly agree that your Personal Information may be transferred to third-party service providers in the United States, the European Union and China for cloud data and India for Website maintenance and development.

We also take reasonable steps to ensure that an overseas recipient of your Personal Information offers an adequate level of privacy protection and is subject to a substantially similar law or binding scheme that has the effect of protecting your Personal Information in the way the APPs protect your Personal Information in Australia. In this regard, we take reasonable steps to ensure that the third-party service provider has controls relating to software security, cloud security, access security and network security.

We will also take reasonable steps to ensure that your Personal Information is used for legitimate purposes and will not be used or disclosed by a third-party service provider for a purpose other than that for which it was provided.

You should be aware that third-party service providers may not be accountable under the Privacy Laws and you may not be able to seek redress under the Privacy Laws in jurisdictions outside of Australia.

You have the right to contact us to withdraw your consent to the above cross-border transfers at any time.

 

10. Data Ownership

You, as a User of the Website own all right, title and interest in the Personal Information that you provide to us (your “ Data”). You are solely responsible for the accuracy, quality, legality, integrity, reliability and appropriateness of your Data.

You grant to us a perpetual, worldwide, exclusive, fully paid-up and royalty-free, unlimited, revocable, sub-licensable and transferable licence whilst you are a User of the Website to use, copy, transmit and store your Data in accordance with this Privacy Policy and, where applicable, our Terms.

We and any related entities own all right, title and interest in any data or information that we create, generate, compile, derive, or produce in connection with our Website, including data and information that is:

(a) aggregate or raw or statistical relating to usage, analyses and results of the Website;

(b) for the purpose of optimising delivery, commercialisation and performance of our Website; and

(c) samples and prototypes, conclusions, techniques, know how, methods, and undocumented findings generated in the usual course of our business.

 

11. Use of cookies and similar technologies

When you use, or access our Website or any third-party platform, including third party service providers, such as Google Analytics, or third-party advertising and links, there may be cookies and similar technologies that store log files to collect information about your use of the Website.

Cookies are small text files (often including a unique identifier) that can be stored on your computer, tablet or mobile device when you visit a Website. A cookie stores a small amount of data on your device about your visit to a Website.

These small files contain information about your browsing activity. Cookies are also used to identify you when you come back to the Website and store details about your use of the Website. They are widely used to make Websites work more efficiently, to improve user experience and also to provide information to Website operators.

In addition, cookies can be used to analyse traffic and may be used to serve relevant ads to Website visitors through third party services such as Google AdWords.

To understand more about cookies and how they are set, visitwww.aboutcookies.org or www.allaboutcookies.org

We use the following cookies to help the functioning of the Website and to improve User experience:

(a) Strictly necessary cookies: These cookies are necessary for the functioning of the Website and help to improve the efficiency of the Website for Users.

(b) Analytical/performance cookies: These cookies monitor your use of the Website. For example, they collect information about Website traffic and use, unique Users, unique sessions and store information about Users’ sessions and Website campaigns.

(c) Targeting/advertising cookies: These cookies help us to provide useful and more targeted advertising.

(d) Preference cookies: These cookies help us to identify Users, so that we remember your preferences on the Website.

(e) We may also use web beacons, action tags, and tracking devices to provide analytical and User data that can help us monitor usage and improve the Website.

Non-personal information is information about you or your activities which cannot be used to personally identify you. We may collect non-personal information through your browser, through text files (cookies), applications (e.g. mobile applications), and your IP address. We use non-personal information to compile statistical information about the use of our Website (or for maintenance purposes) which may include (but is not limited to) recording your server address, your top-level domain name, the date and time of your visit to the Website, the pages you accessed and downloaded, the previous site you visited and the types of browser you are using.

You may accept or refuse cookies from our Website or any other Website by managing the settings on your browser. You can opt-out from accepting our cookies by editing your browser options, but certain features of our Website will not function if you disable cookies. You can find out how to manage and opt-out from cookies on popular browsers by visiting the specific browser developer’s Website.

Any third-party advertisements and links that are provided to you on the Website may also use cookies and other similar technologies to gather your information. When you leave the Website to visit a link or advertisement provided to you via the Website, any information you provide to such advertisements or links, whether voluntarily or involuntarily, will not be governed by this Privacy Policy. You should visit the relevant third-party privacy policy to find out how they use your information.

 

12. Third-Party Analytics Tools and Third-Party Remarketing Tools

We use technologies and third-party services that may use cookies, pixels, tags and web beacons (code snippets) on our Website to customise content and advertising, to provide social media features and to analyse traffic to the Website, including about how you use and interact with our Website or when you open or access emails.

We also share information about your use of the Website with our trusted social media, advertising and analytics partners.

Analytics Tools

We use third-party analytics tools to:

(a) analyse usage trends on the Website including the tracking and reporting of Website traffic, ad conversion tracking, traffic analysis and marketing optimisation

(b) collect this data in aggregate form so that it cannot identify any particular individual user.

Google

Google Analytics (Google Inc.)

Google AdWords conversion tracking (Google Inc.)

Google Tag Manager (Google Inc.)

We may link or combine the information we receive from these tools with information you submit to us, in which case we will treat that information as Personal Information.

We are not responsible for the accuracy of the information provided by third parties or how such third parties collect, use, and share such information.

Facebook

Facebook Ads conversion tracking (Facebook, Inc.)

Information about Facebooks Ad conversion tracking can be located at Facebook’s Terms for Conversion Tracking located at the following Website address:

https://developers.facebook.com/docs/facebook-pixel/implementation/conversion-tracking/

Remarketing Tools

We may use third-party remarketing tools to position targeted ads to visitors that have already visited our Website, or to advertise to customers that we already have an existing relationship with, in accordance with Facebook’s terms which are located at Facebook’s Terms for Custom Audiences from their Website located at the following Website address:

https://www.facebook.com/legal/terms/customaudience

We may use our email database to create Custom Audiences on social media and online platforms, including but not limited to, Facebook, LinkedIn, Instagram to find new customers and promote our campaigns.

These third-party remarketing tools might include but are not limited to:

AdWords Remarketing (Google Inc.)

Facebook Custom Audience (Facebook, Inc.)

Facebook Remarketing (Facebook, Inc.)

We reserve our rights to change, modify, add or remove any third-party analytics tools and third-party remarketing tools. By using our Website, you consent to the processing of any non-personal information these tools will collect in the way and for the purposes described above.

 

Geoanalytics

Geodata refers to any dataset where data points include a location or digital geographical data. We may use a geographic information system (“GIS”) digitally to gather, manage and analyse the location data of visitors to our Website.

 

13. Third-party Services

MailChimp

CPAP SALES uses the MailChimp subscription service for its marketing communications and newsletters (‘Subscriptions’). MailChimp is based in the United States of America (‘ USA’).

When you sign up to CPAP SALES Subscriptions, your Personal Information will be:

(a) transmitted to MailChimp and stored by MailChimp on servers located outside Australia, and,

(b) subject to USA law.

MailChimp may transfer your Personal Information to third parties overseas where required to do so by law or where third parties overseas process information on MailChimp’s behalf.

By volunteering to subscribe to the Subscriptions, you agree to the transfer of your Personal Information. This means you will need to seek redress under USA law or an overseas jurisdiction for any privacy breaches by MailChimp.

You can find out more about how MailChimp handles your Personal Information at the following Website address: https://mailchimp.com/legal/privacy/

MailChimp is subject to the operation of the Privacy Act 1988 (Cth) if you are a member who lives in Australia. When you sign up to our Subscriptions, you consent to your Personal Information being collected, used, disclosed and stored as set out in MailChimp’s Privacy Policy including for Users located in Australia.

You can opt out of our mailing list if you choose the ‘unsubscribe’ service provided by MailChimp in every email.

 

TargetFlow

CPAP SALES uses a system called TargetFlow for its Website visitor monitoring, marketing communications and newsletters (‘ Subscriptions’). TargetFlow uses some components where data is stored in the United States of America (‘USA ’).

When you sign up to CPAP SALES’s Subscriptions, your Personal Information will be:

(a) transmitted to TargetFlow and stored by TargetFlow on servers located inside and outside Australia, and,

(b) be subject to USA law.

TargetFlow may transfer your Personal Information to third parties overseas where required to do so by law or where third parties overseas process information on TargetFlow’s behalf.

By volunteering to subscribe to the Subscriptions, you agree to the transfer of your Personal Information. This means you will need to seek redress under USA law or an overseas jurisdiction for any privacy breaches by TargetFlow.

You can find out more about how TargetFlow handles your Personal Information at the following Website address:https://targetflow.com.au/privacy/

TargetFlow is subject to the operation of the Privacy Act 1988 (Cth) if you are a member who lives in Australia. When you sign up to our Subscriptions, you consent to your Personal Information being collected, used, disclosed and stored as set out in TargetFlow’s Privacy Policy including for Users located in Australia.

You can opt out of our mailing list if you choose the ‘unsubscribe’ service provided by TargetFlow in every email.

 

14. Security

We are committed to ensuring that the Personal Information you provide to us is secure. We have taken reasonable steps to ensure the security of your Personal Information.

We employ appropriate technical, administrative and physical procedures to protect Personal Information from misuse, interference and loss, unauthorised disclosure or alteration.

These measures include where appropriate or required by law, computer safeguards and secured, Internet firewalls, intrusion detection, anti-virus protection, network monitoring and Transport Layer Security (“TLS”) or similarly encrypted browsers.

While we take precautions against possible security breaches of our Website and servers, no Website or Internet transmission can be guaranteed to be totally secure.

You acknowledge that we are not responsible for the privacy or security practices of any third-party (including third parties that we are permitted to disclose your Personal Information to in accordance with this Privacy Policy or any applicable laws). The collection and use of your information by such third parties may be subject to separate privacy and security policies.

You also acknowledge that the security of communications sent to or from us by any means cannot be guaranteed. You provide this information to us at your own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to your Personal Information where the security of information is not within our control.

 

15. Notifiable Data Breach

The security of your data is important to us, but remember no method of transmission over the Internet is 100% private and secure. We do not guarantee or warrant the absolute privacy or security of any data we collect from or about you.

The Internet is an insecure medium and Users should be aware that there are inherent risks transmitting information across the Internet. Information submitted unencrypted via electronic mail or web forms may be at risk of being intercepted, read or modified.

A reportable “Data Breach” is a security incident where the integrity of Personal Information is compromised through being destroyed, lost, altered, corrupted, disclosed or accessed by an unauthorised person where it is likely to result in serious harm to any individual affected.

We have procedures and systems in place including a data breach incident response plan, specific data breach policies and procedures and personnel to deal with an actual or suspected “Data Breach” and will notify you and the applicable regulator in accordance with our obligations under the Privacy Laws and NDB.

Please report to CPAP SALES any actual or suspected data breaches for investigation by using the contact details provided in the Contact Us page of our Website.

 

16. Disclaimer and Limitation of Liability

Your use of our Website is at your own risk. The Website is provided on an “as is” basis.

We will take all reasonable steps to keep your Personal Information secure, but to the maximum extent permitted by law, we exclude all liability for the consequences of any unauthorised access to your Personal Information. This includes (but is not limited to) loss or damage you might suffer because of any of the following:

(a) reliance on the completeness, accuracy, suitability or currency of the Website (including third-party material and advertisements);

(b) failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, virus or other harmful component, loss of data, communication line failure, unlawful third-party conduct, or theft, destruction, alteration or unauthorised access to records;

(c) accessing any sites or servers maintained by other organisations through links on the Website or any communication from the Website. Links are provided for the convenience of Users of the Website only and without responsibility for the content or operation of those sites (unless otherwise stated, linked sites and the Services are not endorsed by us and your linking to any such site is at your own risk);

(d) the provision of financial information, the failure to complete (or delay in completing) any transaction, or other loss or damage arising from any e-commerce transacted, or attempted to be transacted, on the Website.

We do not warrant that the Website will be uninterrupted or free from error or that any defects on the Website will be corrected or that the Website or servers are free of viruses or other harmful conditions or components.

To the extent permitted by law, we disclaim liability, whether based in contract, tort, negligence, strict liability or otherwise, for damages of any kind (including, but not limited to indirect, incidental, consequential, special, punitive or exemplary damages) in any way arising from the functionality, operation or the information provided by the Website including, but not limited to, damages arising from interruptions of service or delays in operation or transmission even if we are expressly advised of the possibility of such damages.

 

17. Access to and how you can control your Personal Information

You may request details of Personal Information that we hold about you in accordance with the provisions of the Privacy Laws. We give you access to your Personal Information for the purpose of correcting any Personal Information that is inaccurate, incomplete or not up to date.

Please update your records and your Account via the Website. If you would like a copy of your data or believe that your data is inaccurate, out of date, incomplete or irrelevant, please contact us using the contact details provided.

Please be aware that you may need to provide proof of identity before we can change your records or update your details. We may refuse to provide you with certain information where permitted or required by law.

We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act 1988 (Cth).

 

18. Opting-Out

If we use your Personal Information to market and promote our Products, you may notify us at any time that you do not wish to receive marketing or promotional material by contacting us directly or through the “ unsubscribe” mechanism in our marketing or promotional emails.

 

19. Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with Australian law. You irrevocably submit to the jurisdiction of the Courts of New South Wales and any court that may hear appeals from any of those courts for determining any dispute concerning this Privacy Policy and waive any right you may have to claim that those courts are an inconvenient forum.

 

20. Complaints

If you think we have breached the Privacy Act, or wish to make a complaint about the way we have handled your Personal Information, or other information connected to your Account, or if you have any questions or concerns about our collection, use or disclosure of your Personal Information, please contact us using our details provided.

 

21. Contact Us

You can contact us:

(a) by post at P.O. Box 118, Riverstone, NSW 2765;

(b) by telephone at 1300 04 2727;

(c) by email at support@cpapsales.com.au.

© 2019 CPAP Sales Pty Ltd. ALL RIGHTS RESERVED.

 

Privacy Policy last updated 11th July 2019