Pixtech Pty Limited
Fitbotic App - Privacy Policy

  1. Introduction

    1. This Privacy Policy outlines how Pixtech Pty Limited ABN 41 633 502 511 (‘Pixtech’, ‘we’, ‘us’ or ‘our’) collects, manages and uses personal information. Pixtech is committed to complying with the Privacy Act 1988 (Cth) (‘Privacy Act’), the Australian Privacy Principles (‘APPs’) and the EU General Data Protection Regulation (‘GDPR’).

    2. This Privacy Policy applies to personal information collected, used or retained by us (and our authorised agents). It applies to all information we hold about you including information obtained via the Fitbotic mobile application (‘Fitbotic App’), via any website operated by Pixtech (‘Website’) and via the services we provide, and the transactions that you enter into, that are accessible through the Fitbotic App or Website (‘Services’).

    3. You must have attained the age of majority in the location where you use the Fitbotic App or Website or Services (which in Australia is 18 years of age). You must not use the Services or provide us with any personal information if you have not attained the age of majority in the location where you intend to use the Fitbotic App or Website or Services.

    4. By providing personal information to us, you consent to our collection, use and disclosure of that information on the terms of this Privacy Policy and any other contractual or other arrangements (if any) that may apply between us.

    5. Pixtech welcomes the GDPR in streamlining data protection requirements across the European Union (‘EU’) and, to the extent applicable, Pixtech will comply with applicable GDPR regulations. From time to time, Pixtech may transfer data it stores and uses to locations around the world, which may have no data protection laws. In all such cases, we transmit such information only to entities that comply with this Privacy Policy and applicable privacy law.

    6. This Privacy Policy may be overridden in certain circumstances. For example, when we collect personal information from you, we may notify you of a specific purpose for collecting that personal information, in which case we will handle your personal information in accordance with that stated purpose.

    7. If you have any queries about our collection, use or retention of your personal information, you should contact our Privacy Officer for further information (contact details for our Privacy Officer are set out in paragraph 13 of this Privacy Policy).

  2. What personal information we collect

    1. The types of personal information that we collect and hold when you register for and/or use the Services includes (but is not limited to) your full name, email address, date of birth, gender, social media login details, telephone number, IP address, unique device identifiers, financial and credit card information and any photographs or images you upload to your user profile.

    2. With your consent and when you grant us permission, we will collect audio, images and video footage of you via any cameras and microphones fitted to the electronic device you use to access the Fitbotic App, Website or Services. The Fitbotic App will ask you for permission to access your cameras and microphones when you use the exercise features of the Fitbotic App. You may turn camera and microphone permissions for the Fitbotic App on and off from time to time using the settings of your operating system on your electronic device. If you disable this functionality, we will not be able to collect information relating to exercise repetitions, which will prevent tracking and/or conversion of your movement into credits or other rewards which may be redeemable via the Services. You will also be able to turn on and off permission for an auto-recording video feature in the Fitbotic App. The auto-recording feature allows you to automatically record your activity for your own purposes. We will collect audio, images and video footage of you for the purposes outlined in paragraph 3.3 of this Privacy Policy, even if you turn off the auto-recording feature. We de-identify images and video footage by pixelating a user’s face and by taking other measures.

    3. With your consent and when you grant us permission, we will collect geolocation data from your electronic device including GPS signals and your location, steps taken, and distance travelled. We may also derive your approximate location from the IP address of your electronic device. The Fitbotic App may ask you for permission to collect geolocation, exercise or activity data from other services, including Google Fit and Apple Health. You can stop sharing that information from the other service by removing our permission to access to that other service. If you disable this functionality, we will not be able to collect information relating to exercise repetitions, which will prevent tracking and/or conversion of your movement into credits or other rewards which may be redeemable via the Services.

    4. Additionally, we collect any other personal information you choose to add to your user profile, including account and billing details (such as your Apple iTunes account, Google Play account, Windows account, PayPal account or other third-party payment channel account).

    5. We may also hold any other personal information that you may volunteer to us.

    6. To the extent that information we collect is health or sensitive information, we do not collect from you (or, if it is provided by you to us, retain) any health or sensitive information without first obtaining your consent.

  3. How we collect, hold, use and disclose personal information

    1. Collecting personal information

      1. We may collect or ask you to provide personal information when you use the Fitbotic App, our Website or the Services.

      2. We may also collect your personal information from third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) who may provide to us information about you. This may include your purchase history from business partners who supply you with rewards made available to you, or redeemed by you, via the Fitbotic App or Website. Where we collect personal information from third parties, we will take reasonable steps to notify you or otherwise ensure you know we are collecting personal information about you and the circumstances of its collection.

      3. When collecting personal information, we will take reasonable steps to make you aware of certain details including the purposes for which personal information is being collected by us, the organisations to which we would usually disclose your information, the main consequences for you if you fail to provide any information that is requested by us, and whether we are likely to disclose your information to overseas recipients as well as the countries any such recipients are located in. This Privacy Policy provides these details as they typically apply in most cases, however different details may apply depending on our specific interaction with you. If we do not notify you of such other details, the information in this Privacy Policy applies.

      4. There may be a range of consequences if you fail to provide information requested by us. For example, the Fitbotic App may not function properly or be able to monitor and verify forms of eligible movement. The provision of personal information by you is purely voluntary.

      5. By providing us with personal information, you consent to the supply of that information subject to the terms of this Privacy Policy.

    2. Holding personal information

      1. We take reasonable industry-standard steps to ensure that your personal information is protected from loss, unauthorised access, modification or disclosure, and other misuse.

      2. Specific security measures we employ include:

        1. maintenance of computer technology, people and process-based security measures, including firewalls, network security configurations and the use of passwords;

        2. restriction of access to data to only those staff that need access to carry out their duties;

        3. internal procedures to protect physical documents;

        4. staff training and internal policies regarding confidentiality of personal information; and

        5. monitoring of our practices and systems to ensure the effectiveness of our security policies.

      3. We will endeavour to destroy or de-identify your personal information as soon as it is no longer required by us (and as permitted by law).

    3. Using and disclosing personal information

      1. From time to time, we will collect, use and disclose your personal information for a particular purpose (‘the primary purpose’). We generally collect, hold and use your personal information:

        1. to verify your physical movement and location and issue Fitbotic App credits or rewards on the basis of this verified data;

        2. to analyse and improve our exercise recognition algorithms used in connection with the Fitbotic App;

        3. to streamline and personalise your experience within the Fitbotic App and Website, or tailor our information to you;

        4. to create aggregate data about the Fitbotic App or Website visitors and other statistics to allow for more efficient operation of the Fitbotic App or Website;

        5. to analyse the usage of, and improve, the Services;

        6. to communicate with you, including to inform you of updates to the Fitbotic App, the Website, the Fitbotic App Terms of Use, and/or this Privacy Policy;

        7. to communicate with you about other matters relating to our Services;

        8. to perform market and user research;

        9. to market the Services to you;

        10. to correct errors and problems with the Services;

        11. to investigate and/or prevent suspected fraudulent or other criminal activities;

        12. to engage in other activities where required or permitted by law; or

        13. for any other purpose related to the above.

      2. We may use or disclose the personal information we hold about you for other purposes (‘secondary purpose’). We may use or disclose your personal information for a secondary purpose when you consent, or we may do so without your consent, when:

        1. the secondary purpose is related to the primary purpose, and you would reasonably expect us to use or disclose the information for that secondary purpose;

        2. without limiting paragraph 3.3.2(a), the secondary purpose involves direct marketing and:

          1. we collected the information from you, and you would reasonably expect us to use that information for direct marketing; or

          2. we did not collect the information from you, or you would not otherwise reasonably expect us to use the information for direct marketing, but you have nevertheless consented to receive direct marketing communications or it is impracticable for us to obtain your consent in the circumstances, but in each case only if we provide you with a simple means to opt out; or

          3. the use or disclosure is otherwise permitted under the Privacy Act.

    4. If you consent to receive marketing material, your consent will remain current until you advise us otherwise. You may request not to receive these communications by contacting our Privacy Officer (contact details for our Privacy Officer are set out in paragraph 13 of this Privacy Policy), or by using the opt out function as provided in those communications.

    5. There are no consequences for opting out of receiving our marketing and promotional communications except that you will no longer receive them, and you may elect to re-join our marketing list at a later stage if you wish.

    6. We may disclose your personal information to any of our related entities, employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy.

  4. Access and correction of personal information

    1. You have the right to obtain access to any personal information we hold about you. You have the right to contact our Privacy Officer to request access to or correction of your personal information held by us (contact details for our Privacy Officer are set out in paragraph 13 of this Privacy Policy). We will respond to your request for access or correction within a reasonable period of time from receiving your request.

    2. We may require you to verify your identity before we allow you to access your personal information, for the protection of your privacy and the privacy of other individuals whose personal information we hold.

    3. We may refuse to allow you to access or to correct your personal information if we are legally required or entitled to do so. If we do so, we will provide you with written reasons for the refusal (unless it is unreasonable to do so) and the options available to you to complain about our refusal.

    4. If you lodge a request for access, we may provide you with access to your personal information in any of a number of ways (including, for example, supplying you with a copy or providing you with the opportunity to inspect our records).

    5. We take reasonable steps to ensure that the personal information that we collect, use and disclose is accurate, up to date and complete. If we are satisfied that any personal information that we hold about you is inaccurate, out of date or incomplete, we will amend our records accordingly.

    6. We do not impose any fee on you to make a request to access personal information we hold. However, we may require you to pay a reasonable fee to cover the cost of verifying an application for access and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, we will advise you of the likely cost in advance.

  5. Dealing with us anonymously

    You may deal with us anonymously, or by using a pseudonym, when making general enquiries with us.

  6. Online privacy

    1. Automatic server logs

      1. The Fitbotic App or Website servers may automatically collect various items of information when you access the Fitbotic App or Website. For example, we may collect information about your electronic device’s operating system, Internet Protocol (IP) address, access times, browser type and language, and, if applicable, the website that referred you to us. We may also collect information about your usage and activity on the Fitbotic App or the Website.

      2. When you use the Fitbotic App or visit the Website, ‘cookies‘ may be stored on your electronic device. Cookies are small data files that are placed on your device to identify your device in the future and help us better understand user behaviour, personalise preferences, perform research and analytics, deliver tailored advertising, and improve the delivery of our Services. The settings on your electronic device’s browser software can be adjusted to prevent cookies being stored on your electronic device, if you wish. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Services.

      3. Although, in some circumstances, it may be possible to identify you from the information we collect as described in paragraph 6.1.1, we do not attempt to do so, and only use this information for statistical analysis, system administration, and similar purposes.

    2. Email and enquiry forms

      We may collect personal information from you if you send us an email, subscribe to our email newsletter or if you submit information to us using an enquiry form via our Website. We will use this personal information to contact you, respond to your message, to send you our email newsletter or information that you request, and for other related purposes we consider you would reasonably expect. We will not use or disclose any personal information for any other purpose without your express consent.

    3. Storage and transmission of personal information online

      1. There are inherent risks in transferring information across the Internet. If you provide any personal information to us via our Website or if we provide such information to you by such means, the privacy, security and integrity of this information cannot be guaranteed during its transmission unless we have indicated beforehand that a particular transaction or transmission of information will be protected (for example, by encryption).

      2. If we receive your personal information, we will take reasonable steps to store it such that unauthorised access, modification, disclosure, misuse and loss are prevented.

    4. Other online services

      If the Fitbotic App or Website contains links to other online services that are not maintained by us, or if other services link to the Fitbotic App or Website, we are not responsible for the privacy practices of the organisations that operate those other services, and by providing such links we do not endorse or approve the other services. This Privacy Policy applies only in respect of the Fitbotic App or Website.

    5. Third party advertising

      We may allow third parties to use cookies or other tracking technologies to collect non-personal information about your use of the Fitbotic App and our Website, including your IP address, pages viewed and conversion information. This information may be used, among other purposes, to deliver advertising targeted to your interests and to better understand the usage and visitation of our Website and other websites tracked by these third parties. Third party vendors, including Google, may show our advertisements on sites across the Internet. This Privacy Policy does not apply to, and we are not responsible for, third party cookies or other tracking technologies. We encourage you to check the privacy policies of advertisers and/or advertising services to learn more about their privacy practices.

  7. Cross-border data transfer

    1. Information that we collect from you may from time to time be stored, processed in, or transferred between overseas recipients or websites hosted in overseas countries.

    2. From time to time we may use web-based programs in relation to the Fitbotic App, the Website and our Services for particular activities, including data processing. Such web-based programs may be hosted overseas.

    3. Internet web traffic information we collect using Google Analytics may be stored overseas.

    4. Before we disclose your personal information to an overseas recipient, we will take reasonable steps to ensure that the overseas recipient does not breach the APPs or GDPR in relation to your personal information. In all such cases, we transmit such information only to entities that comply with this Privacy Policy and applicable privacy law.

    5. While we take steps to protect your personal data in accordance with this Privacy Policy, you acknowledge that data that you submit to, or via, the Fitbotic App or Website may be available or accessible via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

  8. Notifiable data breaches

    1. A data breach occurs when personal information is lost or subject to unauthorised access, modification, disclosure, or other misuse or interference. A data breach may be intentional or unintentional.

    2. Examples of a data breach which may meet the definition of an eligible data breach under the Privacy Act include when:

      1. a device (such as a laptop) containing personal information is lost or stolen;

      2. a database containing personal information is accessed without authorisation; or

      3. personal information is mistakenly provided to the wrong person.

    3. The Privacy Act only requires notification when an ‘eligible data breach’ occurs. An eligible data breach occurs when:

      1. there is unauthorised access to or disclosure of personal information that we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur); and

      2. this is likely to result in serious harm to any of the individuals to whom the information relates; and

      3. we have been unable to prevent the likely risk of serious harm with remedial action.

    4. Where we suspect that an eligible data breach may have occurred, we will carry out a reasonable and prompt assessment of whether there are reasonable grounds to believe that an eligible data breach has occurred. If, based on that assessment, there are reasonable grounds to believe that an eligible data breach has occurred, we will:

      1. immediately take appropriate steps, decided on a case-by-case basis, to contain the breach and prevent further breaches;

      2. prepare an eligible data breach statement (‘Statement’) as prescribed under the Privacy Act, and submit the Statement to the Office of the Australian Information Commissioner (‘OAIC’);

      3. notify individuals to whom the relevant information relates or who are at risk from the breach either:

        1. directly, by taking reasonable steps to notify the contents of the Statement to each of the affected individuals; or

        2. if that is not possible, by publishing the contents of the Statement on our Website and taking reasonable steps to publicise the contents of the Statement; and

        3. review the incident and consider action to prevent future breaches.

  9. GDPR

    1. We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use. We process your personal information as a ‘Processor’ and/or to the extent that we are a ‘Controller’, as defined in the GDPR.

    2. We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

    3. We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

    4. We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

    5. We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

    6. We do not collect or process any personal information from you that is considered ‘Sensitive Personal Information’ under the GDPR, such as personal information relating to your sexual orientation or ethnic origin, unless we have obtained your explicit consent, or if it is being collected subject to, and in accordance with, the GDPR.

  10. Your rights under the GDPR

    1. If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We will comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.

    2. Except as otherwise provided in the GDPR, you have the right:

      1. to be informed how your personal information is being used;

      2. to access your personal information (we will provide you with a free copy of it);

      3. to correct your personal information if it is inaccurate or incomplete;

      4. to delete your personal information (also known as ‘the right to be forgotten’);

      5. to restrict processing of your personal information;

      6. to retain and reuse your personal information for your own purposes;

      7. to object to your personal information being used; and

      8. to object against automated decision making and profiling.

    3. If you wish to exercise your rights under the GDPR, please contact our Privacy Officer (contact details for our Privacy Officer are set out in paragraph 13 of this Privacy Policy). We may ask you to verify your identity before acting on your request.

  11. Changes

    1. We reserve the right, as it may be necessary, to review, revise or make changes to this Privacy Policy at any time. We will notify you of material changes to this Privacy Policy by posting a notice through the Fitbotic App or the Website. Please check the Privacy Policy from time to time. In the event of any such change, by continuing to use the Fitbotic App or Website, you agree to the relevant change.

    2. You may request a hard copy of the current version of our Privacy Policy by contacting our Privacy Officer (contact details for our Privacy Officer are set out in paragraph 13 of this Privacy Policy).

  12. Complaints

    1. If you would like further information about the way we manage personal information we hold, or wish to complain that you believe we may have breached the APPs or GDPR, please contact our Privacy Officer in writing (contact details for our Privacy Officer are set out in paragraph 13 of this Privacy Policy). We will investigate any complaint and will notify you of a decision in relation to your complaint as soon as is practicable.

    2. If you are not satisfied with our decision, you may contact the OAIC to lodge a complaint. The contact details of the OAIC are:

      Post: GPO Box 5218, Sydney NSW 2001

      Telephone: 1300 363 992

      Email: enquiries@oaic.gov.au

      Fax: (02) 9284 9666

  13. Privacy Officer – contact information

    You may contact our Privacy Officer by:

    Telephone: (08) 7006 3226

    Post: Level 3/97 King William Street, Kent Town SA 5067

    Email: contact@fitbotic.com