People creating a location in this platform (referred to as "location managers") to provide a check-in portal for their staff or customers agree to different terms policies than the people using the check-in portal (referred to as "end-users").
For location managers
Selling/sharing Personally Identifiable Information (PII)
COVID Comply commits to publicly and strictly declaring end-user data provided for contact tracing purposes has never been, and will never be shared/sold/rented/etc.
Australian Privacy Principles (APP) and the Privacy Act 1988
COVID Comply is compliant with and bound by the Australian Privacy Principles (APP) and the Privacy Act 1988 - read more
The Privacy Act 1988 covers organisations with an annual turnover of more than $3m and some other organisations. We have an annual turnover of less than $3m and so in line with OAIC guidance and our organisation's core principles, we applied for, and have been accepted by the OAIC to formally opt into coverage.
The Privacy opt-in register confirming our opt-in status can be found here (Entity name: ALLSTARTUPS PTY. LTD., ABN/ACN: 70 608 863 396).
OAIC guidance for contact tracing providers
COVID Comply follows the Office of The Australian Information Commissioner's (OAIC) guidance for digital check-in providers collecting personal information for contact tracing - read more
COVID Comply is supportive of the draft guidelines provided by the OAIC for requirements to collect personal information for contact tracing purposes, including the concept of harmonisation of key requirements federally - read more
Specific declarations (per state/territory)
COVID Comply is compliant with the following state/territory privacy principles, with a single exception - that all data is stored in our servers in Sydney, NSW.
[VIC] OVIC Information Privacy Principles (IPPs) - read more
[QLD] OIPC Information Privacy Principles (IPPs) - read more
[NSW] IPC Information Protection Principles (IPPs) - read more
[TAS] Ombudsman Personal Information Protection Principles (PIPPs) - read more
[NT] IC information Privacy Principles (IPPs) - read more
[ACT] OAIC Territory Privacy Principles (TPPs) - read more
[SA] DPC Information Privacy Principles (IPPs) - read more
Why is Western Australia missing? Whilst WA does have a privacy act, it does not appear to specifically have a set of principles specifically for personal information.
Why is the data stored in Sydney? This is the only place in Australia where data centres exist that meet our commitments to data security and server redundancy.
For enterprise customers based in a specific jurisdiction, we are happy to include a statement in the contract whereby COVID Comply agrees to be "bound" by the IPPs.