Privacy Policy

1. Definitions and Interpretation

In this Privacy Policy, unless the context otherwise requires:

• "Personal Information" has the meaning given in the Privacy Act 1988 (Cth) and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable;
• "Services" means all products, applications, software, websites, and services provided by GDAYAI;
• "Healthcare Information" means health information as defined under applicable healthcare privacy legislation;
• "User" means any person who accesses or uses our Services;
• "Professional User" means veterinarians, physiotherapists, and other healthcare professionals using our Services.

2. Information We Collect

2.1 Information You Provide Directly

We may collect the following categories of Personal Information:

• Identity information (name, date of birth, professional registration numbers);
• Contact information (email address, telephone number, postal address);
• Professional information (qualifications, practice details, ABN/ACN);
• Account credentials (username, password - stored in encrypted form);
• Payment and billing information (processed through secure third-party providers);
• Communications (support requests, feedback, correspondence);
• Healthcare-related information (only as necessary for Service provision).

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

• Device information (IP address, browser type, operating system);
• Usage data (features accessed, time spent, interaction patterns);
• Log data (access times, pages viewed, system activity);
• Location data (with your consent, for service optimization);
• Cookies and similar tracking technologies (see Section 8).

2.3 Information from Third Parties

We may receive information from:

• Professional registration bodies (for verification purposes);
• Payment processors (transaction confirmations only);
• Integration partners (with your explicit consent);
• Publicly available sources (professional directories, business registries).

3. How We Use Your Information

3.1 Primary Purposes

We use Personal Information to:

• Provide, maintain, and improve our Services;
• Verify professional credentials and identity;
• Process payments and manage subscriptions;
• Provide customer support and respond to inquiries;
• Send service-related communications;
• Ensure compliance with professional standards and regulations;
• Detect, prevent, and address technical issues or fraud.

3.2 Secondary Purposes

With your consent, we may also use information to:

• Send marketing communications about new features or services;
• Conduct research and analysis to improve our Services;
• Develop new products and features;
• Provide aggregated, anonymized insights to the professional community.

4. Legal Basis for Processing

We process Personal Information based on:

• Contract Performance: To provide Services you've requested;
• Legal Obligations: To comply with applicable laws and regulations;
• Legitimate Interests: For business operations, security, and fraud prevention;
• Consent: Where you've provided explicit consent for specific purposes;
• Vital Interests: In rare circumstances involving health or safety.

5. Information Sharing and Disclosure

5.1 We DO NOT sell Personal Information

GDAYAI does not and will not sell, rent, or trade your Personal Information to third parties for their marketing purposes.

5.2 Limited Sharing

We may share Personal Information only:

• With Service Providers: Trusted third parties who assist in operating our Services (under strict confidentiality agreements);
• For Legal Compliance: When required by law, court order, or government request;
• For Safety: To protect rights, property, or safety of GDAYAI, users, or the public;
• With Consent: When you explicitly authorize us to share information;
• Business Transfers: In connection with merger, acquisition, or sale of assets (with notice to users).

6. Data Security

We implement comprehensive security measures including:

• End-to-end encryption for sensitive data transmission;
• AES-256 encryption for data at rest;
• Multi-factor authentication options;
• Regular security audits and penetration testing;
• Strict access controls and employee training;
• Compliance with ISO 27001 standards (in progress);
• Secure data centers in Australia with redundant backups.

Important: While we implement industry-leading security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. International Data Transfers

Your Personal Information is primarily stored and processed in Australia. If we transfer data internationally, we ensure:

• Compliance with Australian Privacy Principles (APPs);
• Implementation of appropriate safeguards (contractual clauses, adequacy decisions);
• Notification to users of any material changes in data location;
• Your rights remain protected regardless of data location.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for Service functionality;
• Performance Cookies: To understand Service usage and improve performance;
• Preference Cookies: To remember your settings and preferences;
• Analytics Cookies: To gather aggregated usage statistics.

You can control cookie preferences through your browser settings. Disabling certain cookies may limit Service functionality.

9. Your Rights and Choices

Under Australian privacy law, you have the right to:

• Access: Request a copy of Personal Information we hold about you;
• Correction: Request correction of inaccurate or incomplete information;
• Deletion: Request deletion of your Personal Information (subject to legal requirements);
• Portability: Receive your data in a structured, machine-readable format;
• Objection: Object to certain processing activities;
• Restriction: Request temporary restriction of processing;
• Withdrawal: Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@gdayprofessionalsgroup.com.au. We will respond within 30 days.

10. Data Retention

We retain Personal Information for:

• Active Accounts: Duration of service provision plus 7 years;
• Financial Records: 7 years as required by law;
• Healthcare Records: As required by applicable healthcare regulations;
• Marketing Data: Until consent is withdrawn;
• Anonymized Data: May be retained indefinitely for research and analytics.

11. Children's Privacy

Our Services are intended for professional use and are not directed to individuals under 18 years of age. We do not knowingly collect Personal Information from children. If we become aware of such collection, we will promptly delete the information.

12. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any Personal Information.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

• Email notification to registered users;
• Prominent notice within the Services;
• Update of the "Last Updated" date.

Continued use of Services after changes constitutes acceptance of the updated Policy.

14. Privacy Complaints

If you have concerns about our privacy practices:

1. Contact our Privacy Officer at privacy@gdayprofessionalsgroup.com.au;
2. We will investigate and respond within 30 days;
3. If unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

15. Contact Information

16. Governing Law

This Privacy Policy is governed by the laws of Victoria, Australia. Any disputes arising under this Policy will be subject to the exclusive jurisdiction of the courts of Victoria, Australia.