Skip to main content

Baseline’s approach to privacy and data

 

Here at Baseline, we have opted for a full consent-based privacy model: real consent, from you.  

While some uses of and disclosures concerning data in the Baseline platform are likely to fall within exceptions to the relevant privacy law prohibitions or restrictions even without consent, the informed consent model provides transparency, enhancing trust across all the stakeholders who might enjoy or benefit from the Baseline platform; acts as a further basis of comfort for you; and is simply often necessary for many of the uses contemplated and the disclosures and uses proposed (section 3 below).

How do we do this?

 

  1. We have endeavoured to be warm, informal and yet direct in our language.  So you actually understand our commitment to you.
  2. When we share data with medical and health research bodies or with insurance companies, we will only ever do so on an anonymised basis, unless we have your consent.
  3. We will enter into agreements with clubs and schools to preserve the overall integrity of the service (including making explicit their privacy obligations), and with a particular focus on the appropriate access controls within the school or club to your data.
  4. We have security measures within the Baseline platform that meet the Australian Standard [         ], and a cybersecurity policy that [       ] 
  5. We have a policy on how to manage the consent of minors (the foundational premise being that we will certainly need the consent of the parent/guardian and also the child’s consent if they are or reach an age of being legally able to give consent).
  6. We have a very clear policy on how we manage a decision by an individual to withdraw consent and stop using the platform, including when the associated data will be destroyed or de-identified.
  7. We are able to accommodate the circumstance where you might consent to some uses or disclosures and not others.
  8. We have customer support resources which will provide further guidance about all your privacy and data protection questions.

Your rights as a Baseline user

 

With Baseline, you have the following rights.

  1. Right of access – your right to be informed of, and request access to, the personal data we process about you;
  2. Right to rectification – your right to request that we amend or update your personal data where it is inaccurate or incomplete;
  3. Right to erasure – your right to request that we delete your personal data;
  4. Right to restrict – your right to request that we temporarily or permanently stop processing some or all of your personal data;
  5. Right to object – your right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
  6. Right to object – your right to object to your personal data being [processed] for direct marketing purposes;
  7. Right to data portability – your right to request a copy of your personal data in electronic format and  to transmit that personal data for use in another party’s service; and
  8. Right not to be subject to automated decision-making – your right to not be subject to a [decision based solely on automated decision-making (including profiling), where the decision would have a legal effect on you or produce a similarly significant effect.

Ok, so you keep talking about ‘data’; what does this mean?

 

There are three key types of data within the Baseline platform.

  1. User Data – This is the personal data sitting within the Baseline platform that is either provided by you or collected by us to enable you to sign up for and use the platform
  2. Usage Data – This is the personal data that is collected about you each time you are accessing and/or using the Baseline platform
  3. Verification Data – There may be occasions when it may be helpful, indeed critical, for Baseline to use a third party application (such as Google Maps) and/or your device’s location service to help you verify your location. 

And how and why does Baseline use this data?

 

The Baseline platform makes use of this data in order to provide the service we provide to you – and we want to be honest with you exactly how and why we do it. 

We use this data to:

 

  1. provide and personalise the service we provide within the Baseline platform;
  2. better understand, diagnose, troubleshoot and fix issues with the service;
  3. evaluate and develop new features, technologies, and improvements to the service;
  4. for marketing, promotion and advertising purposes associated with the service;
  5. comply with our legal obligations and all valid law enforcement and regulator requests concerning the data;
  6. fulfill contractual obligations with third parties; for example, licensing agreements and to take appropriate action with respect to reports of intellectual property infringement and inappropriate content;
  7. conduct business planning, reporting and forecasting;
  8. process payments made on or through the Baseline platform;
  9. detect fraud, including fraudulent payments and fraudulent use of the service;
  10. facilitate research into concussion, sports injuries and injury mitigation measures;
  11. facilitate the better understanding by insurance companies operating in the sports space of the real incidence of head injuries in sport (particularly concussion), the completeness of player care and the associated risk management, with a view to keeping insurance premiums affordable, cover provided and bespoke policies developed – please note, all data is always anonymised and aggregated before we share with any third party;
  12. conduct user surveys;
  13. conduct competitions, ‘sweepstakes’ and the like.

Specific Platform features about Privacy and Data 

 

  1. Privacy Settings (accessed via XX) – allows you to exercise real choices about the processing or utilisation of your personal data; and also provides an automated ‘Download your data’ function so you can download basic account and usage information
  2. Privacy Centre (accessed via XX) – provides a convenient central location where you can find more information about how we might use your personal data, your rights in relation to your personal data and, very importantly, how to exercise those rights
  3. Notification Settings (accessed via XX) – allows you to choose which marketing communications you receive from us.  You may toggle between these settings to opt in or out of receiving different types of email and push notifications.  Please note that all email marketing messages from us will include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to you). Clicking on the link in an email will opt you out of further messages of that category (e.g. Club Updates).  You can use this Notification Settings page to exercise choices about all categories of email and push marketing communications
  4. Cookies Policy – provides more information on how we use cookies, including for interest-based advertising.  You will also find information about how you can manage your cookie preferences and opt-out of certain types of tracking.

Some of the key applicable legislation… if you are interested!

 

The platform captures information concerning the occurrence of sports injuries, particularly in relation to concussion – so it falls within the definition of ‘health information’ for the purpose of privacy legislation in Australia.  

Health information privacy is regulated by: 

  • The Privacy Act, as “sensitive information”; and
  • State and Territory Health Privacy Legislation (such as the NSW Health Records Information Privacy Act 2002)

As no health care identifiers are collected, used or disclosed within the service, the Healthcare Identifiers Act 2010 (Clth) is not applicable.

As the platform is not connected to the Commonwealth My Health Record system, then the My Health Record Act 2012 (Clth) is not applicable.

As no Medicare numbers are collected within the service, then legislation relating to those numbers is also not applicable.