Privacy Policy
Effective Date: October 29, 2025
Introduction
Finswiss Research Pty Ltd trading as Pozitioned (“we”, “us” and “our”) is committed to protecting the privacy of your personal information and managing it openly and transparently in accordance with the *Australian Privacy Act 1988 (Cth)* (as amended, including by the *Privacy and Other Legislation Amendment Act 2024*) (“Privacy Act”) and the 13 Australian Privacy Principles (“APPs”). This Privacy Policy explains how we collect, hold, use, disclose, and protect personal information about our customers, job applicants, and other individuals who interact with us, and how we comply with our legal obligations under the Privacy Act. It also outlines your rights, including access to and correction of your personal information, and how to contact us with questions or complaints.
This Privacy Policy applies to personal information we collect, hold, and use in the course of our business activities, including when you purchase goods or services from us, visit our website or other digital platforms, communicate or interact with us (including via social media), enter competitions, complete surveys, apply for employment, or visit our applications.
In this Policy, “personal information” has the same meaning as defined in the Privacy Act (i.e., information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not). “Sensitive information” (a subset of personal information, such as health information or racial/ethnic origin) is handled with additional protections under the Privacy Act.
We may update this Policy at any time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated version on our website and, where practicable, by direct communication (e.g., email). Your continued use of our services after such changes constitutes acceptance of the revised Policy.
We are not responsible for the privacy practices of third-party websites or platforms linked to our site (e.g., via hyperlinks or social media integrations). We encourage you to review their privacy policies separately.
What Personal Information Do We Collect?
We collect only the personal information necessary for our business purposes. The types of information we may collect include:
Customer information: Your name, delivery/billing address, date of birth, phone number, email address, payment details (e.g., credit card information, which is securely tokenized and not stored by us), purchase history, and any other details you provide during interactions (e.g., via social media, surveys, or in-app or website visits).
Demographic and preference information: Non-unique data such as postcode, age range, gender, shopping preferences, interests, and favorites (which may become personal information if linked to you).
Website and digital usage information: When you visit our websites or apps, we may collect technical data such as your IP address, device type, browser details, date/time and duration of visits, pages accessed, referring URLs, and usage patterns. This helps us improve our services but is anonymized where possible.
Employment application information: For job applicants, we may collect resumes, cover letters, references, qualifications, work history, and sensitive information (e.g., health details for role suitability, with your explicit consent).
Sensitive information: We do not routinely collect sensitive information but may do so (e.g., dietary preferences for product recommendations) only with your express consent or as strictly necessary and permitted by law.
We do not collect personal information about children under 16 without verifiable parental consent, in line with APP 3.
How Do We Collect and Hold Personal Information?
Where reasonable and practicable, we collect personal information directly from you (e.g., when you provide it via our website, app, customer service center, phone, email, mail, in-store interactions, surveys, competitions, promotions, or social media platforms like Facebook or Instagram). We may also collect it indirectly (e.g., from third parties such as payment processors or analytics providers) but only if it is unreasonable or impracticable to collect it directly from you, and we will notify you of the source under APP 5.
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure (APP 11), including:
- Using secure servers, encryption, firewalls, and access controls.
- Regularly reviewing and updating security measures, including in response to data breach notification requirements under the *Notifiable Data Breaches scheme*.
- Retaining information only as long as necessary for our purposes or legal requirements, after which it is securely destroyed or de-identified.
Your information is stored in our secure customer relationship management (CRM) database and other systems hosted in Australia (or overseas, as noted below). We will not release your personal information without your authorization or legal requirement.
Why Do We Collect, Use, and Disclose Personal Information?
Under APP 6, we use and disclose your personal information only for the primary purpose for which it was collected or a secondary purpose you would reasonably expect (or with your consent). Common purposes include:
- Communicating with you, answering queries, and providing information, advice, or support.
- Personalizing and improving your experience (e.g., tailored recommendations in-store, online, or via email).
- Understanding customer needs through research, trend analysis, demographics, and surveys to enhance products/services and offer relevant promotions.
- Administering promotions, competitions, events, direct marketing, and loyalty programs (you can opt out of direct marketing at any time—see below).
- Processing payments, transactions, refunds, discounts, feedback, and complaints.
- Managing store operations, supply chain, inventory, warranties, and product recalls.
- Undertaking administrative, operational, and fraud prevention activities (e.g., detecting theft or breaches of terms).
- Complying with legal obligations, such as investigations into unlawful activity.
- For job applicants: Assessing suitability, conducting reference checks, and onboarding (with destruction of unsuccessful applications after 12 months unless consented otherwise).
For direct marketing (APP 7), we may use your details to send offers via email, SMS, or post if you have consented or it is reasonably expected. You can easily opt out at any time by:
- Clicking "unsubscribe" in communications.
- Contacting us (details below).
- Updating preferences in your account settings.
We will not charge you for opting out and will honor requests promptly.
How Do We Disclose Personal Information?
Under APP 6 and 8, we disclose personal information only as necessary for the purposes above or where required/permitted by law. Recipients may include:
Internal and service providers: Our employees, contractors, and third-party providers (e.g., IT administrators, payment processors like Stripe, couriers like Australia Post, marketing agencies, lawyers, and advisors) to fulfill their roles. We ensure they are bound by confidentiality and APP-equivalent obligations via contracts.
Business partners: Suppliers for delivery, warranty, or recall purposes.
Legal authorities: Where required, to Australian government departments, regulators (e.g., Australian Competition and Consumer Commission), law enforcement (e.g., Australian Federal Police), or emergency services (e.g., ambulance services) for compliance, investigations, or public safety.
We do not sell your personal information.
Cross-Border Disclosure (APP 8)
We may transfer personal information overseas (e.g., to cloud providers in the US or EU, or international payment processors) where:
- You request a service with an international element.
- We use overseas-based service providers.
- Required for legal/regulatory compliance.
Before any such transfer, we take reasonable steps to ensure the overseas recipient does not breach the APPs (e.g., via binding contracts, GDPR-equivalent standards, or adequacy decisions). If we cannot ensure this, we will not proceed without your informed consent. You have the right to request details of overseas recipients.
Your Rights: Accessing, Correcting, and Managing Your Information
Under APPs 12 and 13, you have the right to:
Access your personal information we hold (we will respond within 30 days, free of charge unless requests are excessive).
Correct inaccurate or incomplete information (we will update promptly and notify any recipients).
Anonymize or delete where possible (subject to legal retention obligations).
To exercise these rights, contact us (details below). We may require identity verification and may deny access/correction in limited cases (e.g., legal privilege), with reasons provided.
Complaints and Questions
If you have questions about this Policy, please contact us:
Email: privacy@myhealthlake.com
We aim to resolve complaints within 30 days. We are committed to ethical privacy practices.