Our privacy obligations and your rights
1. Brain Resource Limited and its related companies (“BRC”) comply with privacy laws and regulations of countries that BRC is bound by as a result of its activities in those countries or any agreements.
2. Privacy laws generally apply to information or an opinion about an individual or reasonably identifiable individual (“Personal Information”). That identity can be ascertained from personal details such as your name, e-mail address, date of birth, credit card number or other information which can be used to identify an individual.
3. You have a right to understand BRC’s information privacy practices which are explained in this policy prior to providing BRC with any of your Personal Information.
Why do we collect Personal Information?
4. BRC only collects Personal Information that is reasonably necessary for the purposes of its business activities which include provision of brain health and brain fitness assessments, reports and solutions including ownership and operation of websites including www.brainresource.com and www.mybrainsolutions.com and
conducting brain research on its own behalf or on behalf of others.
5. The Personal Information collected includes personal details such as your name, e-mail address, data of birth, credit card number as well as other information about individuals.
6. BRC may through its websites receive and store certain types of information when you interact with its websites and services including your internet browser and IP address and BRC may also use “Cookies” to enable features for you on its websites and to analyse and understand the traffic on its websites. You may set your browser to block Cookies but this may prevent use of some of the relevant website services. BRC does not link information stored in Cookies to other Personal Information you may submit during the use of its websites.
How do we collect Personal Information?
7. BRC will not collect Personal Information from children under the age of 13 years or use or disclose such Personal Information without obtaining verifiable parental consent from the child’s parent.
8. BRC will only collect Personal Information about an individual from the individual unless it is unreasonable or impractical to do so.
9. BRC will only use fair and lawful ways of collecting the information and will obtain consent of the individual to collection of their Personal Information and only collect Personal Information that is reasonably necessary for its activities.
10. When collecting the information BRC will take reasonable steps to make the individual aware of why it is collecting the information and how it will be handled. This information may be provided by referring them to this policy.
11. BRC will implement processes to ensure that when obtaining the consent of an individual to use of Personal Information the consent is provided voluntarily and the person is adequately informed and has capacity to understand, provide and communicate their consent.
What do we do with Personal Information we collect?
12. BRC will only use or disclose Personal Information for the primary purpose for which it was collected or for a directly related secondary purpose within the individual’s reasonable expectations, if consent is obtained to use or disclose or where disclosure is required by law.
13. BRC will not resell Personal Information and BRC will keep Personal Information it collects strictly confidential and it will never disclose Personal Information to any other person without the consent of the individual except as set out in this policy or required by law.
14. BRC may disclose Personal Information for clinical assessment or treatment purposes including disclosing Personal Information of an individual to a person involved in the clinical assessment or treatment of the person or to a person that ordered the BRC assessment.
15. BRC may disclose Personal Information of an individual to an authorised representative of an individual or Personal Information of a minor to the minor’s parents or guardians.
16. BRC may disclose Personal Information if necessary to prevent or reduce the risk of a serious and imminent threat to the health or safety of an individual or the general public.
17. BRC may disclose Personal Information to third parties that provide services to BRC but only on a strictly confidential basis and as required for the purpose of the services.
18. BRC may inform the party responsible for paying for or sponsoring the use of any BRC product or service the fact that an individual has registered for the product or service and the extent of use of the product or service.
19. In certain circumstances BRC may de-identify information it collects by removing any information that could reasonably be used to identify the individual (“De-identified Information”). De-identified Information is not Personal Information.
20. For product development and scientific research purposes and to demonstrate the use and performance of any of its websites and services and for other scientific research, clinical or commercial purposes, the Company may store,
use and disclose data it gathers through its websites and services but only in de-identified form including the de-identified results of any brain assessments and other de-identified data gathered through use of its websites and services.
You may request that the Company not use data gathered through your use of any of its websites or services for these purposes by sending a
request to the support line for the service you are using (email@example.com or firstname.lastname@example.org) and the Company will comply with any such request.
21. BRC will not use or disclose Personal Information for the purpose of direct marketing without the consent of the individual unless the Personal Information is not sensitive information and the individual would reasonably expect it to be used or disclosed for the purpose of direct marketing. When engaging in
direct marketing BRC will provide a simple means by which an individual may easily request not to receive direct marketing communications from BRC and BRC will include a prominent statement that an individual may make such a request. BRC will comply with any such request.
22. Some services provided by BRC include features such as “Blogs” or “Chat Rooms” or “Leader Boards” that permit an individual to enter and broadcast information, including Personal Information, to other members in a community or publicly. Any information entered and disclosed within such features becomes public information and an individual will assume responsibility for deciding to disclose information by use of such features.
Rights to access your Personal Information and correct or delete it
23. BRC will at the request of an individual whose Personal Information is held by BRC, provide that person with access to their Personal Information, unless certain circumstances apply that by law allow BRC to deny access in which case BRC will provide the individual with reasons why access is denied. BRC may recover from an individual its reasonable costs of providing such access.
24. BRC will take reasonable steps to ensure that Personal Information it collects and uses is accurate, complete, up-to-date, relevant and not misleading. If you believe that any Personal Information BRC holds about you is not accurate, complete, up-to date or relevant or is misleading please contract BRC’s Privacy Officer whose details are below.
25. If you would like BRC to delete your Personal Information that is stored in any of its databases you may contact the support line for the service you are using (email@example.com or firstname.lastname@example.org) with a request to do so. To opt out of any future communications, email or otherwise please send an email request to the support line for the service you are using (email@example.com or firstname.lastname@example.org) .
How is your Personal Information protected?
26. BRC will implement processes to protect Personal Information from misuse, interference, loss, unauthorised access, modification or disclosure.
27. BRC will implement processes to destroy or permanently de-identify Personal Information that is no longer needed, subject to complying with laws requiring data retention.
28. BRC will implement all reasonable physical and electronic data security safeguards to ensure that it complies with this policy including computer system safeguards (including password protection with required regular changes), lockable physical security, ensuring information is transferred securely and monitoring information systems to test and evaluate data security.
29. BRC will not transfer Personal Information outside of the country in which it is collected unless BRC takes such steps as are reasonable in the circumstances to ensure that the recipient complies with this policy and any laws or binding privacy schemes in place where the information is collected; or the recipient is subject to a comparable information privacy law or binding scheme to that which applies in the country where the information is collected; or the individual has provided informed consent to the transfer.
Third party websites
31. BRC will take steps to implement practices, procedures and systems to ensure that it complies with this policy.
32. BRC will implement an internal training program to ensure that its employees are informed of and comply with this policy.
33. BRC will update this policy as its business requirements or the law changes and it will make it available free of charge on its websites (email@example.com and firstname.lastname@example.org) and to anyone who asks for it.
34. Any questions or complaints regarding this policy or BRC’s privacy practices or requests for further information on how BRC manages Personal Information should be directed to BRC’s Privacy Officer:
Brain Resource Limited
235 Jones Street
Ultimo Sydney 2007
Tel: +61 (02) 9213 6666