INFORMATION COLLECTION AND USE
Users must be at least 18 years old to use the MentalHappy site. If we become aware that a person under 18 has provided us with Personal Information, we will delete such information from our files.
INFORMATION SHARING AND DISCLOSURE
We will not disclose to any unauthorized third party a member’s name or contact information. We will also not monitor, edit or disclose the contents of any member’s information unless required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process served on us; (2) protect and defend our rights or property; (3) act under exigent circumstances to protect the personal safety of our users or the public; (4) to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable; or (5) fix or debug problems with our servers/software/service.
Members. In addition to your username, any comments or submissions that you post to the Site will be publicly available. You post and share your Personal Information and content on the Site at your own risk. While we go to great lengths to create a safe and enjoyable experience on the Site, we cannot control the actions of other users with whom you may choose to share your content and/or profile information. In addition, we cannot anticipate other users’ ability to circumvent privacy settings. You understand that, even after removal of your Personal Information and content from the Site, copies of your information may remain viewable in cached or archived Web pages or on the local computers of users who may have downloaded or stored your information. Even with all the appropriate precautions we take to protect your information, we recommend you refrain from sending private information or Personal Information by email, chat, or other messaging services.
Aggregate Information and Non-Identifying Information. We may share aggregated information that includes non-identifying information and Log Data with third parties for industry analysis, demographic profiling, and to deliver targeted advertising about other products and services.
Service Providers. We may employ third party companies and individuals to facilitate our services, to provide the services on our behalf, to perform services related to administration of the Site (including, without limitation, maintenance, hosting and database management services, web analytics and administration). These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Business Transfers. We may sell, transfer or otherwise share some or all of its assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
If you choose to invite your friends to use our Services, using our invitation options, we may ask for information such as an e-mail address. We will automatically send your friend(s) a one-time email invitation to visit the Site. We store this information to send this one-time invitation, and to track the success of this referral feature.
CHANGING OR DELETING YOUR INFORMATION
All members may review, update, correct or delete the Personal Information in their registration profile by logging into their account and changing the “user preferences” associated with their account. If you completely delete all such information, your account may be deactivated. We may retain an archived copy of your records as required by law or for legitimate business purposes.
We employ administrative, physical and electronic measures designed to safeguard and protect your information from unauthorized access and disclosure including encrypting your communication by utilizing Secure Sockets Layer (SSL) software. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on this Services in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Your information may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please be advised that we transfer Personal Information to the United States and process it there.
LINKS TO OTHER SITES
The Site and Services may contain links to other websites. If you choose to visit an advertiser by “clicking on” any type of advertisement, or click on another third party link, you will be directed to that third party’s website. The fact that we link to a website or present an advertisement is not an endorsement, authorization or representation that we are affiliated with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
At ChapterUp, we have a deep respect for data. We have always had a strong commitment to privacy, security, and transparency towards our customers. This translates into an already well-considered and sensible attitude in our approach to data. Here is an overview of our approach to GDPR compliance, and what it will mean for you as a ChapterUp customer.
WHAT IS THE GDPR?
The General Data Protection Regulation is a new European data regulation which will replace the current EU Data Protection Directive. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. It is designed to give organisations a consistent framework on how personal data can be collected, processed, used, and shared across EU member states The GDPR provides individuals with more control over how their personal data can be processed
Will our users be able to use ChapterUp products and services without risking a breach of the GDPR?
Customers to whom the GDPR applies will need to make sure their business is compliant with the GDPR in its own right. If it is, the customer will not risk a breach of the GDPR solely by using ChapterUp products and services.
What are your data protection rights?
ChapterUp would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request ChapterUp for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that ChapterUp correct any information you believe is inaccurate. You also have the right to request ChapterUp to complete information you believe is incomplete.
The right to erasure – You have the right to request that ChapterUp erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that ChapterUp restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to ChapterUp ‘s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that ChapterUp transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org.
Personally identifiable information
ChapterUp does not collect any personally identifiable information, nor do we sell or distribute email addresses. We only collect address, email address and other minimal information required for administrative purposes and (where applicable) to retrieve your password and username in case they are lost. The ChapterUp website has an optional electronic newsletter service which keeps people informed about our work. If you register for the newsletter service your email address and other information given when registering will be held on the system for the purpose of providing this service. You may opt not to receive administrative ChapterUp emails and newsletters.
ChapterUp collects only aggregate information pertaining to visitors to its website, including visited pages, referring URLs, and other publicly available information. ChapterUp uses this information to help improve its website and services, and to customize the content of its pages for individual consumers or newsletters. ChapterUp studiously implements methods of securing its user information databases from unauthorized access or alteration.
A cookie is a small piece of data that is sent to your browser from the site you are visiting and stored on your computer’s hard drive. Cookies are very common and are being used by most websites. Cookies do not harm your computer nor can they access information stored on your computer. The primary purpose of cookies is to maintain your customized settings on the site. The site login process (“Remember my password”, for example) and member functionality requires that your browser accept cookies.
CHAPTERUP collects and administers a range of personal information for the purposes of human resources management, client care and stakeholder engagement. The organisation is committed to protecting the privacy of personal information it collects, holds and administers. CHAPTERUP recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies and also reflected in
• Collect only information which the organisation requires for its primary function;
• Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
• Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;
• Store personal information securely, protecting it from unauthorised access; and
• Provide stakeholders with access to their own information, and the right to seek its correction.
• Only collect information that is necessary for the performance and primary function of CHAPTERUP.
• Notify stakeholders about why we collect the information and how it is administered.
• Notify stakeholders that this information is accessible to them.
• Collect personal information from the person themselves wherever possible.
• Collect Sensitive information only with the person’s consent. (Sensitive information includes health information and information about religious beliefs, race, gender and others). If the person has any kind of mental disability that affects their capacity to consent, CHAPTERUP will collect consent from a representative of the person instead.
• Determine, where unsolicited information is received, whether the personal information could have collected it in the usual way, and then if it could have, it will be treated normally. (If it could not have been, it must be destroyed)
Use and Disclosure
• Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
• For other uses, CHAPTERUP will obtain consent from the affected person.
• In relation to a secondary purpose, use or disclose the personal information only where:
– a secondary purpose is related to the primary purpose and the individual would reasonably have expected us to use it for purposes; or
– the person has consented; or
– certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety.
• In relation to personal information which has been collected from a person, use the personal information for direct marketing, where that person would reasonably expect it to be used for this purpose and CHAPTERUP has provided an opt-out and the opt-out has not been taken up.
• In relation to personal information which has been collected other than from the person themselves, CHAPTERUP will use the personal information collected for direct marketing and provide an easy and accessible opt-out option.
• Provide all individuals access to personal information except where it is a threat to life or health or it is authorized by law to refuse and, if a person is able to establish that the personal information is not accurate, up to date or complete, then CHAPTERUP must take steps to correct it. CHAPTERUP may allow a
person to attach a statement to their information if CHAPTERUP disagrees it is inaccurate.
• Where for a legal or other reason we are not required to provide a person with access to the information, consider whether a mutually agreed intermediary would allow sufficient access to meet the needs of both parties.
• Not charge a person for making a request to access personal information or to correct personal information, neither for giving access to the requested personal information, or for correcting or associating a statement.
• CHAPTERUP will implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorized access, interference, unauthorized modification or disclosure.
• Before CHAPTERUP discloses any personal information to an overseas recipient including a provider of IT services such as servers or cloud services, ensure that they are privacy compliant.
• Ensure that CHAPTERUP data is up to date, accurate and complete. Destruction and de-identification
• Destroy personal information once is not required to be kept for the purpose for which it was collected, including from decommissioned laptops and mobile phones.
De-identify personal information to preserve the privacy of the person, if so required by the person whose information CHAPTERUP holds. The de-identification process includes the removal of personal identifiers, such as an person’s name, address, date of birth or other identifying information, and the removal or alteration of other information that may allow the person to be identified, for example, because of a rare characteristic of the person, or a combination of unique or remarkable characteristics that enable their identification. CHAPTERUP will not use any government related identifiers unless they are reasonably necessary for our functions.
• Take reasonable steps to ensure the information CHAPTERUP collects and holds is accurate, complete, up to date, and relevant to the functions we perform.
Data Security and Retention
• Only destroy records in accordance with the organisation’s Information Management Policy.
• Make this information freely available in relevant publications and on the organisation’s website. Access and Correction
• Ensure individuals have a right to seek access to information held about them and to correct it if it is
inaccurate, incomplete, misleading or not up to date.
• Allow people from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis.
Making information available to other organisations
• Release information to third parties where it is requested by the person concerned.
Your privacy is important
technology, changes to CHAPTERUPs operations and practices and to make sure it remains appropriate to the changing legal environment. What kind of personal information does CHAPTERUP collect and how does CHAPTERUP collect it?
The type of information CHAPTERUP collects and holds includes personal information, including sensitive information, about:
• Email address
• Medical and or mental health history ( for those in Residential Programs)
Personal Information you provide:
CHAPTERUP will generally collect personal information held about an individual by way of phone calls, forms, meetings, surveys. You do have the right to seek to deal with us anonymously or using a pseudonym, but in some (not all) circumstance it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general enquiries unless you identify yourself.
Personal Information provided by other people:
In some circumstances, CHAPTERUP may be provided with personal information about an individual from a third party, for example, a case manager or government employee.
In relation to employee records:
the Victorian Health Records Act 2001.
How will the CHAPTERUP use the personal information you provide?
CHAPTERUP will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented. In relation to direct marketing, CHAPTERUP will use your personal information for direct marketing where you have provided that information, and you are likely to expect direct marketing: only then you will be sent direct marketing containing an opt-out. If we use your personal information obtained from elsewhere we will still send you direct marketing information where you have consented and which will also contain an opt-out. We will always obtain your consent to use sensitive information as the basis for any of our direct marketing.
We may use video surveillance for security purposes and the footage will be used only by CHAPTERUP and by the providers of our security services for security purposes. Surveillance videos are not used by CHAPTERUP for other purposes and the footage is not publicly available. Surveillance cameras are not located in any bathrooms or change room facilities.
Job applicants, staff members and contractors:
In relation to personal information of job applicants, staff members and contractors, CHAPTERUPs primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be. The purposes for which CHAPTERUP uses personal information of job applicants, staff members and contractors
• for insurance purposes;
• for payroll purposes
• for Tax purposes
• to satisfy CHAPTERUPs legal obligations,
Where CHAPTERUP receives unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
CHAPTERUP also obtains personal information about volunteers who assist the CHAPTERUP in its functions or conduct associated activities, such as to enable the CHAPTERUP and the volunteers to work together.
Marketing and fundraising:
CHAPTERUP treats marketing and seeking donations for the future ChapterUPth and development of the CHAPTERUP as important. Personal information held by the CHAPTERUP may be disclosed to an organisation that assists in the CHAPTERUPs fundraising and the CHAPTERUP reasonably expects that any third party organisations we rely on attend to applicable privacy regulatory requirements.
To whom might CHAPTERUP disclose personal information?
CHAPTERUP may disclose personal information, including sensitive information, held about an individual to:
• government departments;
• people providing clinical or professional health services to the CHAPTERUP and
• anyone you authorise the CHAPTERUP to disclose information to.
Where CHAPTERUP is providing health service to an individual and discloses health information about the individual, CHAPTERUP will do so if necessary and to the extent necessary for the provision of the services.
Sending information overseas:
The CHAPTERUP will not send personal information about an individual outside Australia without:
• obtaining the consent of the individual (in some cases this consent will be implied), or
• otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
How does the CHAPTERUP treat sensitive information?
In referring to ‘sensitive information’, CHAPTERUP means:
“information relating to a person’s racial ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual”. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
CHAPTERUPs staff are required to respect the confidentiality of personal information and the privacy of individuals.
The Australian Privacy Principles and the Health Privacy Principles require the CHAPTERUP not to store personal information longer than necessary. In particular, the Health Privacy Principles impose certain obligations about the length of time health records must be stored. Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to obtain access to any personal information which the CHAPTERUP holds about them and to advise the CHAPTERUP of any perceived inaccuracy. There are some exceptions to this right set out in the applicable legislation. To make a request to access any information the CHAPTERUP holds about you, please contact the Privacy Officer in writing.
CHAPTERUP may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, the CHAPTERUP may charge a fee to retrieve and copy any material. CHAPTERUP If the information sought is extensive, the CHAPTERUP will advise the likely cost in advance. How long will the CHAPTERUP keep my information? Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed.
Enquiries and privacy complaints
If you have any privacy enquiries or would like to make a complaint about the way we have managed your personal information, or if you think there has been a breach of privacy, please contact the Company Secretary. We will endeavor to reply to your requests within 30 days. Accessing and correcting information CHAPTERUP holds about you If you would like to have access to the information we hold about, or would like to request correction of an information we hold about, please contact the Privacy Officer. We will follow our internal Privacy & Confidentiality Policy and Procedure when dealing with your case and will endeavor to reply to your requests within 30 days.