You can view our terms and conditions on our application and contact us at email@example.com.
1. Our Commitment
We are committed to protecting your privacy and respecting and upholding your rights under the Australian Privacy Principles (“APP”) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (the “GDPR”) (collectively, “Privacy Laws”), as applicable depending on where you live.
We are a data controller for the purposes of the GDPR. We ensure that we will take all necessary and reasonable steps to comply with the relevant Privacy Laws and to deal with inquiries or complaints from individuals about compliance with the relevant Privacy Laws.
2. Your Personal Information
We will collect Personal Information only by lawful and fair means and not in an unreasonably intrusive way.
Personal information is any information relating to an identified or identifiable natural person (“Personal Information”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The type of personal information we collect from you includes, without limitation, the following:
your full name;
date of birth;
your approximate location via our Platform;
any other information you choose to share or upload to the Platform, or which you otherwise share with us.
We may also collect Personal Information from you when you enter a draw for the randomly generated opportunity to buy a product displayed on the Platform (“Draw”), fill in a Platform form, communicate with us, visit our Platform, provide us with feedback, complete online surveys or participate in competitions. We may collect Personal Information about you that you have provided to our business partners or from third parties and in respect of which you have given the third-party permission to share with us.
If you use a pseudonym when dealing with us or you do not provide identifiable information to us, we may not be able to provide you with any or all of our services as requested. If you wish to remain anonymous when you use our Platform, do not create an Account, sign into the Platform or provide any information that might identify you.
We require individuals to provide accurate, up to date and complete Personal Information at the time it is collected.
3. Your Health Information
Personal information may also include “sensitive information”. Sensitive information is information or an opinion about an individual that is highly sensitive or has a heightened importance for the individual, and often can relate to an individual’s health, genetic or biometric information. The only sensitive personal information we collect from you will be health information limited to your height, weight and health habits, such as your health goal (“Health Information”).
We will only collect Health Information directly from you when you fill out a questionnaire on your Platform, and only to the extent necessary to provide our services requested by you and to carry out our administrative functions or as required by a relevant Privacy Law.
We will collect Health Information only by lawful and fair means and not in an unreasonably intrusive way. Any Health Information collected from you (as set out above) will only be collected directly from you with your consent.
4. Information about children under 18
Our Platform is not to be used by any minor under the age of 13. Where a user of the Platform is under 18, minors may use the Platform where they have the consent of a guardian and/or parent. We acknowledge that the definition of a “minor” changes between jurisdictions, however we do not knowingly seek or collect Personal Information or Health Information from any children below the age of 18 years where they do not have guardian and/or parental consent.
5. What is our legal basis?
Under the GDPR, we must have a legal basis to process Personal Information and Health Information collected from individuals residing in the European Union. We rely on several legal bases to process your Personal Information, including:
where it is necessary to provide you with access to, and use of, products, services and the Platform;
for our legitimate interests to provide, operate and improve our products, services or the Platform;
where you have freely and expressly consented to the processing of your Personal Information by us, which you may withdraw at any time; or
where we are under a legal obligation to process your Personal Information.
6. How your information is used
We use, process and disclose your Personal Information for the purposes for which the information is collected, or for a directly related purpose, including (but not limited to):
providing our Platform, products and services to you;
administering, protecting, improving or optimising our Platform, products and services (including performing data analytics, conducting research and for advertising and marketing purposes);
creating industry reports from de-identified data;
verifying your age;
informing you about our Platform, competitions, products, services, rewards, surveys, contests, or other promotional activities or events sponsored or managed by us, or our business partners;
responding to any inquiries or comments that you submit to us;
verifying your identity;
verifying your location to determine the country and city you are visiting us from; any other purpose you have consented to; and any use which is required or authorised by a relevant Privacy Law.
have your express consent (which you may withdraw at any time by contacting us in writing at firstname.lastname@example.org);
have a legal basis; or
are otherwise permitted by relevant Privacy Laws,
we may use and process your Personal Information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at email@example.com.
We use and process your Health Information for the purposes of providing our services to you.
7. Disclosure of Personal Information
We may disclose your Personal Information to:
third parties we ordinarily engage from time to time to perform functions on our behalf for the above purposes;
our third party service providers such as Amplitude and Google Analytics;
any person or entity to whom you have expressly consented to us disclosing your Personal Information to;
our external business advisors, auditors, lawyers, insurers and financiers; and
any person or entity to whom we are required or authorised to disclose your Personal Information to in accordance with the relevant Privacy Laws.
Google Analytics: We have enabled Google Analytics Advertising Features for our website, but not the Platform. We and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.
You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.
Cookies are small files that can be stored on and accessed from a user’s device when the user accesses a Platform. They enable authorised web servers to recognise you across different Platforms, services, devices and browsing sessions.
identify users of our Platform and Services;
process user requests;
improve user experience;
remember user preferences on our Site;
monitor the use of our Site and for analysis of our user base;
facilitate communication with users;
control access to certain content on our Site; and
protect our Site.
The data collected through Cookies will not be kept for longer than is necessary to fulfil the purposes mentioned above. We will handle any Personal Information collected by Cookies in the same way that we handle all other Personal Information.
9. Steppen Platform
When transmitting Personal Information from your computer to our Platform, you must keep in mind that the transmission of information over the internet is not always completely secure or error-free.
Other than liability that cannot lawfully be excluded, we will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of that information.
10. Data Storage
We may hold your Personal Information and Health Information in either electronic or hard copy. We take reasonable steps to protect your Personal Information and Health Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information. For example, our authentication handled via Amazon Cognito, which is HIPAA eligible and PCI DSS, SOC, and ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.
However, we cannot guarantee the security of any Personal Information and Health Information transmitted over the internet and therefore you disclose information, Personal Information and Health Information to us at your own risk. We will not be liable for any unauthorised access, modification or disclosure, or misuse of your Personal Information or Health Information.
11. Access to information
Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:
require us to correct any Personal Information and Health Information held about you that is inaccurate or incomplete;
require the deletion of Personal Information and Health Information concerning you in certain situations;
data portability for Personal Information and Health Information you provide to us;
object or withdraw your consent at any time to the processing of your Personal Information and Health Information;
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or
otherwise restrict our processing of your Personal Information in certain circumstances.
Subject to some exceptions provided by the relevant Privacy Laws, you may request access to your Personal Information and Health Information in our customer account database, or seek correction of it, by contacting us. See Section 13: Contact information. Should we decline you access to your Personal Information and Health Information, we will provide a written explanation setting out our reasons for doing so. We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information and Health Information from our customer account database. We will not charge you for making the request.
If you believe that we hold Personal Information and Health Information about you that is not accurate, complete or up-to-date then you may request that your Personal Information and Health Information be amended. We will respond to your request to correct your Personal Information and Health Information within a reasonable timeframe and you will not be charged a fee for correcting your Personal Information and Health Information.
12. Third Party Sites
13. Contact information
14. Notices and Revisions
We will cooperate with any relevant regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personally identifiable information that cannot be resolved between us and the individual.