Privacy policy
1. Overview
CoolHed is a product which activates the vagus nerve and cools the head to reduce and minimise stress in the human body. In order to provide you with the best user experience and protect your interests, we require all users of the Site and/or App to comply with the following Terms of Use and this Privacy Policy.
This privacy policy (“Privacy Policy”) sets out how CoolHed Pty Ltd ACN 673 334 588 of 14 Eagle Avenue, Burleigh Waters QLD 4220 (“CoolHed”, “us”, “we”) collects, stores, uses, protects and shares your personal information. It applies to our website (https://www.coolhed.com) and all related websites, social media pages, applications, services and tools (together, the “Website”).
By visiting or using the Website you agree to the collection, storage, usage and disclosure of your personal information by us in the manner described in this Privacy Policy. Unless we obtain your written consent, we will not sell, disclose, licence or rent your personal information to a third party for that third party’s marketing purposes.
You must be over 18 years of age to use CoolHed or have express parental/guardian consent, whereby your parent/guardian is also agreeing to abide by our policies and terms and indemnify us for your breach of any policies or terms.
We comply with the Australian Privacy Principles and, for the benefit and security of our international customers, we also give consideration to privacy requirements of other countries.
Indonesia
We also comply with the privacy laws enacted in Indonesia, being Law No. 27 of 2022 regarding Personal Data Protection effective on 17 October 2022 (“PDP Law”). PDP Law specifies two subjects, with two separate functions, responsible for personal data: (i) Controller — any party (including individuals, public bodies and international organisations) who determines the purpose of and controls the processing of personal data; and (ii) Processor — any party who processes personal data. The distinction is relevant to respective obligations, liabilities and compliance requirements. You would be the Controller of your personal information and we act as the Processor when processing on your behalf. As the Controller, you determine the purpose of data processing based on lawful grounds and, as the Processor, we must conduct our services as directed by you — i.e., only use that information for those purposes stipulated in this Privacy Policy as agreed and approved by you prior to engaging our services.
Europe
In the event of our expansion into Europe, we intend to use Standard Contractual Clauses approved by the European Commission for transfers to the United States, Japan, India, Canada, Australia and South Korea in providing the services.
Asia-Pacific
Our privacy processes comply with the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system, which provides a framework for organisations to ensure protection of personal data transferred among participating APEC economies, and the PRP demonstrates an organisation’s ability to provide effective implementation of a personal data controller’s privacy obligations related to the processing of personal information.
By using any part of this Website, you consent to the terms of this Privacy Policy. If you do not agree to any part of this Privacy Policy or our Terms of Use, do not access our Website or use any of our services, as access and usage is conditional upon your acceptance of these terms as updated from time to time.
We reserve the right to amend this Privacy Policy at any time by posting the amended terms on the Website. If we make material changes to this policy, we will notify you by email and/or other means so that you may access and review the changes. If you object to any changes, you may close your account or discontinue communication with us; however, we will not facilitate a refund of the product cost. By continuing to use the Website after notice of changes has been sent to you or published on the Website, you are deemed to have consented to the changes.
“Personal Information” means information that can be associated with a specific person and can be used to identify that person and includes your information. Information that has been made anonymous or aggregated so that it cannot be used, whether in combination with other information or otherwise, to identify a specific user is not personal information.
You understand that many online software packages including, but not limited to, Microsoft, Atlassian, Google and Xero, store data in facilities which may not be wholly or in part based on Australian shores, and therefore may not fall under the jurisdiction of the Australian Privacy Principles. We and any third parties or software providers we engage now or may engage in the future will take all reasonable steps to provide for the security of such stored data to the extent possible and act in accordance with the terms provided by those third parties and software packages. You may refuse to work with us where you deem the risk of data breach to be greater than the convenience and cost-effectiveness of the solution provided. To disengage our services, please notify us in writing and we will take measures to remove your details from our system.
2. Collection of Information
We collect personal information in a number of ways, including:
• when you provide information directly to us in person, by phone or in writing (whether electronic, via our communication tools or otherwise);
• when you visit and/or use the Website, in which case we record information sent to us by your computer, mobile device or other access device;
• from third parties such as our related entities, service providers to us, operators of linked websites, applications and advertising on the Website;
• when you are communicating with us or one of our agents, or a relevant third party, in connection with our services.
Third parties we integrate with may also collect personal information in a number of ways under their own privacy policies (which you accept when engaging their services and integrating). Such collection may include the above information we collect plus:
• information relating to communications between you and your team, or between your team and the third party;
• information generated when you opt for third-party services, and data on your needs and experiences, or other considerations;
• information specific to their own privacy policy and system requirements for provision of services that may be different and in excess of the information requirements we have to enable service provision.
3. What We Collect
We collect the following types of personal information in order to provide you with access to and use of the Website and for the purposes provided for in this Privacy Policy:
• your name, telephone number, email address, physical address and other contact information;
• information you provide through our customer support;
• the type and volume of services you are using;
• what type of integrations you are using;
• your IP address, cookies and other tracking information;
• information about you — if applicable, your role with a company or position in a company, your security level within that company and whether that enables you to enter into a contract on behalf of that company when engaging and/or using our services;
• information we may receive from third-party providers or integrated systems;
• financial information such as credit card or bank account numbers provided by you (note: any information stored in Stripe is not stored with us nor collected by us personally);
• other services linked to your account such as a Microsoft account or any account with those parties noted in this policy as a third party;
• what devices you use for interacting with our services;
• pricing information for use in reporting once de-identified;
• records and content of communications with us or any other person including when using Website communication tools;
• personal information based on your activities on the Website;
• personal information you provide to us through any discussion boards, correspondence, user information pages, disputes, or shared by you from other social applications, services or websites;
• to the extent permitted by law, other personal information provided by or obtained from third parties (such as a credit bureau) including navigation and demographic data and credit check information;
• additional personal information we ask you to provide to verify your identity or when we suspect that you are in breach of our Terms of Service, this Privacy Policy or other Website policies (including your personal ID and your answers to any questions we pose to you); and
• personal information from your interaction with the Website and its content and advertising, including device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Website, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address and standard web log data.
4. Data You May Provide to Third Parties
When interacting with us, you may be asked by third-party providers to provide personal information in order to access and use the Website and for the purposes provided in this Privacy Policy. We do not store this information. When you provide information to third parties (including but not limited to Stripe for payments and Microsoft Teams for communication), you do so in accordance with and acceptance of each third party’s privacy policy and terms of use.
5. How Personal Information Is Used
Our principal purpose in collecting, using and storing your personal information is to provide you with access to and use of the Website in a personalised, safe and efficient manner. You consent to us collecting, using, storing and sharing your personal information to:
• operate the Website, the CoolHed product and application, generate content and provide customer support and billing services (including updates and improvements);
• provide the services requested by you;
• provide you with information via blogs, general email and online correspondence and newsletters;
• research, develop and improve our services;
• conduct surveys to determine use of and satisfaction with our services;
• generate statistics in relation to the Website;
• detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Terms of Service, this Privacy Policy or other policies;
• enforce our Terms of Service, this Privacy Policy or other policies;
• verify information for accuracy or completeness (including by way of verification with third parties);
• report internally and to investors regarding revenue and financial metrics of CoolHed;
• combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out in this Privacy Policy;
• contact you via voice call, post, text message or email;
• aggregate and/or make anonymous your personal information so that it cannot be used to identify you;
• collect fees, resolve disputes and identify, test and resolve problems;
• notify you about the Website and any updates to it or to our policies and Terms of Use from time to time; and
• supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications based on your preferences, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences.
6. How We Store and Secure Your Personal Information
While we use best endeavours to implement safeguards to protect your information, given the nature of the internet, no security system is impenetrable. We cannot provide guarantees of absolute safety of that information from others, whether stored with us or transmitted through integrated systems. However, we minimise the type of data stored by us and only integrate our systems with solutions that appear to us to be making an effort to comply with the Australian Privacy Principles.
We will not collect your identification documents (e.g., driver licence or passport), your date of birth or bank account details. If you receive an email bearing our logo or similar identifying mark requesting such details, this is highly likely to be a phishing scam and you should not respond. If you have concerns or queries, contact us to discuss.
It is your responsibility to secure storage and access to the information you provide when using our service. You should speak with your IT division about using SSL, two-factor authentication and other security methods in your own systems, and exercise caution when integrating into our systems.
7. How We Transfer Your Personal Information
If we need to transfer and/or store your collected information outside your country of residence — generally for the purpose of enabling services to be provided via third-party integrations you have selected — we will take care in protecting that information within our control. Given privacy laws may vary by region, we comply with the privacy laws of Australia and also take guidance from those in the region your information may be transferred to, to a reasonable extent, given the type and sensitivity of information being transferred.
8. How to Access and Control Your Personal Information & Opting Out
You have the right to request a copy of your information and for your information to be deleted or restricted at any time. Given we store limited information, you may be required to make the same request from those third parties you have integrated into our services. This is your responsibility to communicate directly with those third parties, as such information is not in our control nor do we have rights to supply, amend or delete it.
You can access your personal information from your profile. You may deactivate your account at any time; however, we are legally required to retain some information for record-keeping purposes and may be required to retain information to finalise provision of services provided to you. If you think your information has been used by another person to provide our services, you may request that we delete your account. You are solely responsible for ensuring the safety and security of your account and password storage. Should you request deletion of your account, we reserve the right to investigate before deleting the account to ensure the integrity and safety of our system and to provide information on any unauthorised access if legally required.
You may opt out of personalised communications. Even after opting out, you may still receive some general communications. You will be responsible for opting out of communications sent by third parties (we are unable to make these requests on your behalf), and opting out may impact the services that can be provided to you. You may also request to opt out from third parties who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioural Advertising or are members of the Network Advertising Initiative. For more information: http://www.youronlinechoices.eu, http://www.aboutads.info, and http://optout.networkadvertising.org/.
9. Disclosure to Third Parties
Notwithstanding section 6 above, you agree that we may disclose your personal information to:
• enable you to use our services that integrate with third parties;
• enforce our Terms of Service, this Privacy Policy and other policies;
• comply with any applicable law, request by a governmental agency or regulatory authority, or a legally binding court order;
• respond to or resolve claims that a member has violated the rights of others;
• protect a person’s rights, property or safety;
• report to, train, work with and/or obtain advice from our directors, staff, contractors, professional advisers and related entities;
• outsourced service providers who assist us to provide our services (e.g., information technology providers and marketing advisers, including in relation to fee collection, fraud investigations and Website operations);
• third parties to whom you expressly ask us to send, or consent to us sending, your personal information;
• credit agencies (including regarding missed and late payments or other defaults or breaches on your account); and
• entities with which we propose to merge or by which we may be acquired (the new entity following a merger or acquisition will be required to adhere to this Privacy Policy).
10. Use of Cookies
We (or a third party providing services to us) may use cookies, pixel tags, “flash cookies”, or other local storage provided by your browser or associated applications (each a “Cookie” and together “Cookies”). A Cookie is a small file that stays on your computer or device until, depending on whether it is a sessional or persistent cookie, you turn your computer or device off or it expires (typically between 7 and 30 days depending on user settings).
Cookies may be used to provide you with our range of services, including to identify you as a user or member of the Website, remember your preferences, customise and measure the effectiveness of the Website and our promotions, advertising and marketing, analyse your usage of the Website, and for security purposes.
Cookies may collect and store your personal information. This Privacy Policy applies to personal information collected via Cookies. You may adjust your internet browser to disable Cookies. If Cookies are disabled, we may not be able to provide you with the full range of our services.
You may also encounter Cookies used by third parties and placed on certain pages of the Website that we do not control and have not authorised (such as webpages created by another user). We are not responsible or liable for the use of such Cookies.
The Website may also include links to third-party websites (including links created by users or members) and applications, and advertising delivered to the Website by third parties (“Linked Sites”). Organisations who operate Linked Sites may collect personal information, including through the use of Cookies. We are not responsible or liable for Linked Sites and recommend that you read the privacy policies of such Linked Sites before disclosing your personal information.
If you wish to restrict or block Cookies you can set your internet browser to do so — see: www.aboutcookies.org.
11. No Spam, Spyware or Spoofing
You are prohibited from engaging in spam, spyware or spoofing activities, whether directed towards us or other users.
You must not use the Website to send, upload or distribute spam, viruses or malicious, illegal or prohibited content to the Website or otherwise send content that would breach our Terms of Service or this Privacy Policy.
You are not permitted to add a user or member to our mailing list (postal or email) without the written consent of that user or member.
We may (or we may engage a third-party service provider to) take steps to scan and filter messages to check for spam, viruses, phishing attacks and other malicious activity or unlawful or content prohibited by this Privacy Policy and our Terms of Service.
To report spam, spyware or spoofing activities to us, please email us using the details below.
12. Storage and Security
We store and process your personal information on our host’s servers, currently located in multiple locations around the world. You consent to the transfer, storage and retention of that information on the servers of our host provider used from time to time by us, regardless of the location of those servers.
We have taken steps to protect your personal information by contracting with a third party to provide technical and security measures. These measures are designed to mitigate — but do not guarantee against — the risk of loss, misuse, unauthorised access, disclosure and alteration.
The third-party providers will advise in their own policies and terms where data is stored. Where possible, we will use best endeavours to store data in the country where your business operations are (for example, if you are an Australian company, we will consider Australia the better option for storage of your data). However, we reserve the right to store the data in any location that is secure and deemed the right option by our development team from time to time.
13. Contact Us
If you have a question regarding this Privacy Policy, would like to amend your Personal Information stored securely by us, or you would like to make a complaint, please contact the Privacy Manager at:
Email: support@coolhed.com