Privacy policy.

At a glance

To provide and advertise our services, we store and process personal information. We outline how personal information is collected, when personal information is used, how people can access, correct, or destroy personal information, and how people can opt-out. We ensure personal information is protected by applying risk based security controls in accordance with the Australian Privacy Principles and the SOC2 security framework. We are audited by an independent third-party.

Scope

The Lookout Way (TLW) information systems that store and process personal information for the purposes of operating, supporting, and marketing our services.

Collection

We collect personal information to contact, transact and build relationships with people. The main way we collect personal information is directly from people with their consent, such as when they make an enquiry about our services, or when they engage our services. The secondary ways we collect personal information is from a person’s own promotion (e.g. LinkedIn), public records (e.g. Website), or their interactions with our marketing campaigns.

If the person is a Lookout Care Suite prospect or customer, the kinds of information we may collect are:

  • Personal information such as name, address, title, role, and IP address
  • Contact information such as email and phone number
  • Financial information such as credit card or bank account details
  • Statistical information such as the usage patterns (including access times), buying decisions, tracking pixels, tracking cookies, devices, networks, and operating systems
  • Information sent to us in general correspondence via email, web chat, or phone

For all other people the kinds of information we may collect are:

  • Information sent to us in general correspondence via email, web chat, or phone
  • Statistical information such as the usage patterns, tracking pixels, tracking cookies, devices, networks, and operating systems

We do not intend our services to be accessed by children under the age of 16. If a person is under the age of 16 they should not use our services. If we learn personal information has been collected from a person under the age of 16 we will take steps to destroy their personal information stored by us.

Use and disclosure

We may use personal information to:

  • Provide access to our services, including billing and support
  • Assist with enquries, statements of works, feedback, or complaints
  • Market our services, including targeted campaigns such as a “rostering feature” to a “rostering person”
  • Improve our services, conduct internal audits, and measure the effectiveness of our support channels and marketing campaigns
  • Comply with legal and regulatory obligations imposed on us

We may disclose personal information to:

  • Verify a person’s identity. We would do this in high risk scenarios such as resetting a person’s access to our services.
  • Prevent or lessen a serious and imminent threat to a person’s life, health or safety, or a serious threat to public health or public safety. We will only do this if there are reasonable grounds.
  • Comply with lawful instruction. We will tell the subject when this happens unless we are prevented from doing so.

We do not use or disclose personal information for any other purposes. We do not sell, rent, or lease personal information.

Access, correction, and destruction

We use best effort to keep personal information up-to-date and error free, but we ultimately rely on people to tell us when their personal information needs correcting.

If the person is a Lookout customer, then they may log in to our services to gain access to their personal information, make corrections to their personal information, or destroy their account. If destroying their account is not possible, then they may request for their account to be destroyed by making a request to privacy@thelookoutway.com.

If the person is an end user of Lookout, as in, they have been invited or added to Lookout via our customer who is a service provider, then they should contact the service provider directly and/or cite the Privacy Policy of the service provider.

For all other subjects, please send an email to privacy@thelookoutway.com to make a request to access, correct, or destroy personal information stored and processed by us.

We destroy personal information by either physically deleting the records containing personal information where possible, or by overriding personal information with “REDACTED” and resetting fields to blank/nonsensical values.

See our Trust Centre for a copy of our Data Management Policy.

Security and confidentiality

We ensure the security, confidentiality, and availability of our services by running a comprehensive information security programme conforming to the SOC2 security framework.

Our policies and security controls are audited by an independent third-party against the SOC2 security framework and publish the latest copy of the auditor’s report in our Trust Cetnre.

Our information security programme includes:

  • Subprocessors and location of where data is stored and processed
  • Code of conduct acknowledged by employees and contractors
  • Background checks performed on employees and contractors
  • Security awareness training implemented
  • Access reviews conducted
  • Data encryption utilised
  • Penetration testing performed
  • Incident response plan tested
  • Vulnerabilities scanned and remediated
  • Vendor management programme established
  • Customer data deleted upon leaving

See our Trust Centre for more details about our information security programme.

Recording and transcribing calls

We may offer to record or transcribe calls to summarise discussion, create tasks, and categorise for statistical purposes. We will ask for your consent before we commence the recording. If you change your mind, we can stop the recording and destroy it.

Contacting people

We may send important notices, such as changes to our terms, conditions and policies. Where such information is materially important to a person’s use of our services, they may not opt out of receiving these communications.

Notifiable breaches

We have an Incident Response Plan which outlines how we would respond to suspected or actual breaches of personal information.

Our plan includes:

  • Forming a response team and internal escalation pathways
  • Working to contain, remediate, and mitigate
  • Notifying affected people within 3 business days, including any recommended actions for people to take
  • Reporting to the Office of the Australian Information Commissioner within 30 calendar days
  • Cooperating with incident responders, customers, regulators, and the authorities

See our Trust Centre for a copy of our Incident Response Plan.

Opt-out

We will generally include a link or instruction on how to opt-out of communication from us. If a person believes they have received information from us that they did not opt-in to receive, please send an email to privacy@thelookoutway.com so we may correct it.

Feedback and complaints

We welcome and encourage feedback. If you have feedback about this policy, or if you would like to make a complaint under this policy, please send an email to privacy@thelookoutway.com.

Discover how Lookout can
transform your care business

View demoarrow_right_altContact & salesarrow_right_alt
Your people
Company
Resources
call1300 928 215
View demo video
Your people
Clients & familiesCare workersCare managementRosteringFinanceIT & securityOperations
Company
Contact usOur roadmapOur storyOur boardSupported devicesSupport commitmentRequest live demo
Resources
Support at HomeWebinars & eventsCustomer success storiesBlogAPIHelp centreTrust centreSystem status
Contact and salescall1300 928 215
View demo video
© 2024 The Lookout Way
Terms of servicePrivacy policy