PRIVACY POLICY FOR MINDWAY EAP
Last updated: 13 April 2025
Mindway Group PTY LTD, trading as Mindway EAP (ABN: 29682230075) ("Mindway EAP," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and safeguard your personal information when you use the Mindway EAP services (the "App").

1. Key Definitions

• Mobile Application: The Mindway EAP App designed for mobile devices (iOS, Android, etc.).
• Personal Data: Any information about you that identifies you, including data you provide or data collected automatically.
• User: Any person who downloads, activates, or uses the App and/or utilises counselling services.
• Cookies: Small files used to enhance functionality and performance.
• We/Us/Our: Mindway Group PTY LTD, trading as Mindway EAP, located in Victoria, Australia.

2. Applicability
This Privacy Policy applies to all personal data collected through the App and/or counselling services. By downloading, installing, or using the App, you acknowledge and agree to the terms outlined herein. If you do not agree with this policy, you must immediately cease using the App and its services.

3. Data We Collect
We collect the following types of information:
3.1. Device Data:

• Device ID, IP address, operating system, and network details. This helps us optimise the App’s performance across various devices and platforms.

3.2. Voluntary Data:

• Information provided during signup or usage, such as your name, email address, phone number, notes, journal entries, and any other data you choose to submit through the App.

3.3. Employer Data Sharing on Signup:

• Your name and email address are shared with your employer during the signup process to manage access to Mindway EAP services. This occurs regardless of whether you subsequently use counselling services. Some employers may also provide departmental breakdowns to enhance the allocation of resources and services.

3.4. First-Time Client Form:

• Information submitted via the First-Time Client Form is shared with your assigned counsellor. This data remains strictly confidential and is used solely for providing tailored counselling services.

3.5. Cookies:

• Cookies are utilised to enhance the user experience, track app performance, and improve functionality. These may include both session cookies (temporary) and persistent cookies (stored for future visits).

4. Purpose of Collecting Data
We process your data for the following purposes:

• To enhance your user experience and analyse app usage patterns.
• To provide technical and customer support, ensuring seamless operation of the App.
• To communicate updates or changes related to your account or the App’s features.
• To securely store notes, journal entries, and other personal data submitted through the App.
• To validate and log counselling sessions for accurate record-keeping and compliance.
• To monitor app performance and usage trends using Google Analytics, helping us continuously improve service quality and user experience.

4.1. Confidentiality Exception:

• Aggregated and anonymised data, such as usage trends or general statistics (e.g., "percentage of employees citing 'work stress'"), may be shared with employers to provide insights into workforce wellbeing. Such data will never include identifiable personal information.

5. Data Security
We implement industry-leading measures to safeguard your data, including:

• Encryption of sensitive information during data transmission and storage.
• Regular updates and security patches to minimise vulnerabilities.
• Stringent access controls to ensure data is accessed only by authorised personnel.

While we strive for robust security, no system is entirely infallible. By using the App, you acknowledge the inherent risks associated with data transmission over the internet.

6. Data Retention
We retain data only as long as necessary or as required by law. Specific retention periods include:

• Counselling Session Data: Retained for seven (7) years from the last interaction to comply with legal and professional standards.
• User Account Data: Retained while the account remains active and deleted within thirty (30) days after account closure, unless retention is required by law.

To request data deletion, please contact support@mindwayeap.com.au.

7. Confidentiality of EAP Services
We prioritise the confidentiality of our Employee Assistance Program services. Identifiable information from counselling sessions is not shared with employers under any circumstances, unless;

• You provide written consent for disclosure.
• Disclosure is legally required (e.g., court orders).
• Disclosure is necessary to prevent serious harm to yourself or others.
• There is evidence or suspicion of child or elder abuse.

7.1. Data Not Shared with Employers:

• Counselling session details, including notes taken.
• Individual app usage data or counselling usage.
• Specific personal information shared during counselling sessions.

7.2. Limited Exceptions:

• Aggregated or anonymized data trends, such as session reasons may be shared with employers without revealing personal information.
• Billing-related information, such as the date of a counseling session, may be disclosed in compliance with legal or contractual obligations.
• Your name and email are shared with your employer during the signup process, but this is not linked to counselling usage.
• We may use this aggregated and anonymised data to give further breakdowns of company departments (if collected and applicable), which provides the employer with insights into specific areas of the business in relation to employee wellbeing.

8. User Rights
You have the following rights regarding your personal data:

• Access: Request details on how we process your data and receive a copy of the data we hold about you.
• Correction: Request updates or corrections to inaccurate or incomplete data.
• Deletion: Delete your account directly via the App or by contacting us at support@mindwayeap.com.au.
• Objection: Object to the processing of your data under specific circumstances, as outlined in applicable privacy laws.
• Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format.

9. Data Storage
Your data is securely stored on industry-leading platforms to ensure its safety and integrity. Specifically:

• AWS (Amazon Web Services): A globally trusted hosting provider offering advanced security measures, including encryption and access control.
• Firebase (Google): A secure and reliable platform for data management, known for its robust privacy and security features.
• Google Analytics: Used for analysing app usage, performance, and user behaviour in an aggregated, non-identifiable form. Data collected through Google Analytics is subject to strict access and retention controls.

Third-Party Services:

• Brevo: Used to facilitate email delivery and communication messaging. Brevo adheres to stringent privacy and security standards to protect your information.
• CognitoForms: Utilised for consent and intake forms, ensuring secure handling of sensitive data in compliance with privacy laws and regulations.

Data Processing Agreements (DPAs)
To ensure your data is processed securely and lawfully, Mindway EAP has signed Data Processing Agreements with each of the providers listed above. These DPAs outline each provider’s data protection obligations and ensure compliance with Australian and international privacy laws, including the GDPR where applicable.

10. Minors
The App and its services are intended for users aged 18 years and over. Users under the age of 18 must discontinue use immediately. We do not knowingly collect or store personal data from minors.

11. Data Breaches
In the event of a data breach:

1. We will promptly assess the impact and notify affected individuals if there is a risk of serious harm within 72 hours.
2. We will report the breach to the relevant data protection authority or government body based on the jurisdiction of the affected individuals, including but not limited to the OAIC (Australia) or ICO (UK).
3. We will provide updates as necessary and take steps to mitigate the impact of the breach.

12. Policy Updates
This policy is effective as of 13 April 2025. We may update this policy periodically to reflect changes in laws, regulations, or our practices. The latest version will always be accessible via the App or our website.

13. Contact Us
For questions or concerns regarding this policy, please contact us at:

• Email: support@mindwayeap.com.au

Disclaimer: While we employ stringent security measures, no internet transmission can be guaranteed as completely secure. By using the App or counselling services, you acknowledge and accept this inherent risk.