Menu

Anonymous

 

Headline:
Your data is not reasonably identifiable.

Body (≈60 words):
We don’t ask for your name or contact details. Before any analysis, your results are grouped with many others and minimum group sizes are enforced. Unique codes used inside the app are removed before reporting. This means no one can pick out your individual results or link them back to you. Your information is used only to improve heart‑health prevention. OAIC

2. Terms & Conditions / In‑App Statement

Data De‑Identification & Use
We collect a limited set of attributes (month/year of birth, sex, country) and assign a randomly generated internal identifier for app functionality. Before analysis or disclosure, identifiers are removed or rotated and dates of birth are converted to 5‑year age bands. We aggregate results and enforce minimum group sizes (k≥5). As a result, released datasets are not reasonably identifiable under the Australian Privacy Act. OAIC

De‑identified, aggregated data may be used to improve our services, support research and inform public health initiatives. If our practices change in ways that could affect identifiability, we will update these Terms and provide notice where required.

3. Regulator‑Ready Privacy Statement (with GDPR & HIPAA Sections)

Purpose & Scope

This statement explains how we collect, de‑identify, use and disclose health‑related information to support cardiovascular prevention analytics, while complying with (or aligning to) the Australian Privacy Act, the EU/UK GDPR and HIPAA where applicable.

1. Information We Collect (Operational Layer)

  • Month and year of birth (no day)

  • Sex (M/F/Other/Prefer not to say)

  • Country of residence

  • Random, non‑reusable internal identifier (UPI)

  • Health indicators (e.g., blood pressure, weight)

Not collected: Names, full DOB, contact details, government IDs, IP addresses, device serial numbers.

2. De‑Identification Process

  • Internal identifiers are removed or replaced with non‑linkable batch tokens prior to analysis or disclosure.

  • DOB is converted to 5‑year age bands; other quasi‑identifiers are generalised as needed.

  • We apply k‑anonymity (k≥5) and statistical disclosure controls (primary/secondary suppression).

  • Optional noise/rounding may be applied for public statistics.
    Outcome: Released datasets are assessed as not reasonably identifiable. OAIC

3. GDPR Alignment

  • Under GDPR, anonymous data falls outside the Regulation. gdpr-info.eu

  • Pseudonymised data is still personal data if it can be attributed to a person with additional information. Information Commissioner’s Officegdpr-info.eu

  • We restrict personal-data processing to the operational layer only; outputs shared externally are anonymised and therefore not subject to GDPR principles. If we ever process personal data in the EU/UK context, we will establish a lawful basis, provide transparency and honour data subject rights.

4. HIPAA Alignment (U.S. Deployments)

  • HIPAA recognises two de‑identification methods: Safe Harbor (removal of 18 identifiers) and Expert Determination (very small re‑identification risk). HHS.goveCFR

  • Our released datasets remove direct identifiers and are subjected to expert-style risk assessment to ensure a very small risk of identification. If we operate as/for a HIPAA Covered Entity or Business Associate, we will document compliance with 45 CFR §164.514.

5. Use & Disclosure of De‑Identified Data

De‑identified, aggregated data may be used for service improvement, research, public reporting and policy development. Identifiable data are not disclosed to third parties. Any future linkage with identifiable datasets will trigger a new privacy impact assessment and updated notices/consents.

6. Governance & Review

  • Internal Anonymity Assurance Statement maintained and reviewed at least annually or upon material change.

  • Periodic re‑identification risk testing using recognised attacker models. HHS.govNetwork for Public Health Law

  • Privacy-by-design and security controls aligned with industry standards.

7. Rights & Contacts

Operational-layer personal data (if any) can be accessed or corrected on request, subject to applicable law. For questions or complaints:

Privacy Officer
privacy@yourdomain.com
<Postal address>

If unresolved, you may contact the OAIC (AU), your local EU/UK supervisory authority, or the U.S. Office for Civil Rights (OCR) as relevant.