Data Processing Schedule – Australian Customers
1. Definitions
1.1 Agreement: the contract between Psychology Tools and the Customer for the provision of the Services, which may be a bespoke Service Agreement or a contract incorporating Psychology Tools’ standard Terms and Conditions.
1.2 Australian Privacy Principles: the principles contained in Schedule 1 of the Privacy Act.
1.3 Customer: the customer to whom Psychology Tools provides Services under the Agreement.
1.4 Personal Information, Eligible Data Breach: as defined in the Privacy Act.
1.5 Privacy Act: the Privacy Act 1988 (Cth) and any other privacy law applicable in Australia.
1.6 Data Subject: the individual to whom Personal Information relates.
1.7 Psychology Tools: Psychology Tools Limited, a company registered in England and Wales under company number 10810854 with its registered office at Reading Bridge House, Fourth Floor, Suite 3, George Street, Reading, England, RG1 8LS.
1.8 Services: the services to be provided by Psychology Tools to the Customer as described in the Agreement.
2. Data protection
2.1 Both parties will comply with all applicable requirements of the Privacy Act. This clause 2.1 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Privacy Act.
2.2 The Customer remains responsible for its own compliance with the Privacy Act, including but not limited to providing any required notices and obtaining any required consents to enable lawful transfer of Personal Information to Psychology Tools, and the written instructions it gives to Psychology Tools.
3. Psychology Tools' obligations
3.1 Psychology Tools will use and disclose Personal Information only in accordance with the written instructions of the Customer and as otherwise allowed under its Privacy Policy, unless Psychology Tools is required by the Privacy Act to otherwise use and disclose that Personal Information in a certain manner.
3.2 Psychology Tools will ensure that all personnel who have access to and/or use and disclose Personal Information are obliged to maintain the confidentiality of Personal Information.
3.3 Psychology Tools will assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Privacy Act with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or relevant regulators under the Privacy Act.
3.4 Psychology Tools will notify the Customer without undue delay on becoming aware of an Eligible Data Breach.
3.5 Psychology Tools will maintain complete and accurate records and information to demonstrate its compliance with this clause 3.
3.6 Psychology Tools will delete Personal Information and copies thereof belonging to the Customer when it no longer needs the information for any purpose for which the information may be used or disclosed by Psychology Tools under the Privacy Act unless required by the Privacy Act to store Personal Information.
4. Security
4.1 Psychology Tools will ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful use or disclosure of Personal Information and against accidental loss or destruction, or damage to, Personal Information, appropriate to the harm that might result from the unauthorised or unlawful use of disclosure or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures.
5. Cross-border transfers of personal information
5.1 Psychology Tools will not transfer any Personal Information outside of Australia unless prior written consent of the Customer has been obtained or the following conditions are fulfilled:
(a) Psychology Tools has taken such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1);
(b) the recipient is subject to a law, or binding scheme, that has the effect of protecting Personal Information in a way that, overall, is at least substantially similar to the way in which the Data Protection Law protects Personal Information and the Data Subject has enforceable rights and effective legal remedies; or
(c) the disclosure of Personal Information is required or authorised by or under the Privacy Act.
5.2 Psychology Tools will comply with reasonable instructions notified to it in advance by the Customer with respect to the use and disclosure of Personal Information.
6. Suubcontractors
6.1 The Customer consents to Psychology Tools appointing the subprocessors listed on the Psychology Tools Subprocessors page at https://www.psychologytools.com/subprocessors as third-party processors of Personal Information under this schedule.
6.2 Psychology Tools will maintain an up-to-date list of its subprocessors on that Subprocessors page.
6.3 Psychology Tools may update its list of subprocessors from time to time.
6.4 Psychology Tools confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on (i) the third party's standard terms of business or (ii) bespoke terms which in either case reflect and will continue to reflect the requirements of the Privacy Act.
6.5 As between the Customer and Psychology Tools, Psychology Tools shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 6.
7. Details of the processing
| Category | Details |
|---|---|
| Scope | Psychology Tools is the processor of Personal Information in accordance with the Services it provides under the Agreement. |
| Nature and purpose of processing | As part of the Services the Customer will be able to grant users access to Psychology Tools’ Platform so that they may access and use Psychology Tools’ resources (Resources). This will involve users inputting Personal Information into the Platform which Psychology Tools will process to assist the Customer to provide services to their patients.
Psychology Tools will collect payment data in the first instance to facilitate payment of services, which is enacted by our payment processor. |
| Duration of the processing | The term of the Agreement or such longer term as may otherwise be agreed by the parties. |
| Types of Personal Information | • Identity Data which includes name. • Contact Data which includes email address. • Payment Data which includes payment card details. • Technical Data which includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices used to access the Platform. • Profile Data which includes username and password. • Usage Data which includes information about how users interact with and use the Platform and the Resources. • Special Category Data, namely data relating to physical and mental health which along with other Personal Information may be inputted into the Platform in the course of using the Resources. |
| Categories of Data Subject | The Customer, the Customer’s employees where applicable, and the Customer’s patients. On occasion data subjects may also include the Customer’s supervisees and students, and family members/carers of the Customer’s patients. |