Register
Login

Privacy Policy

Swivel Pty Ltd (“Swivel”, “we”, “our”, or “us”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, services, and website.

What Personal Information We Collect

We may collect the following types of personal information:

  • Contact details, such as name, email address and organisation
  • Account details, such as login credentials and user ID
  • Device and usage data, such as IP address, browser type and session activity
  • Workspace, home working and environmental details, such as desk setup, equipment, work area conditions, and safety or security-related responses
  • Photos voluntarily submitted by users to illustrate their workspace or work environment, which may include identifiable features or personal items
  • Ergonomic, comfort and health-related information, including posture, workstation setup, physical comfort, reported pain or discomfort, symptom duration, treatment status, self-management strategies and related work habits
  • Wellbeing information, including self-reported sleep, energy, movement habits and wellbeing indicators

Some information you provide through Swivel assessments may constitute sensitive health information, including pain or discomfort, treatment status and wellbeing indicators. Swivel uses this information to provide platform functionality, generate personalised reports and recommendations, and support organisational insights where applicable.

Some modules may also collect information about your home or work environment, including safety or security-related factors. This information may not be health information, but may still be personal information where it relates to an identifiable user.

Swivel does not collect this information to provide medical diagnosis, treatment, physiotherapy, psychological advice, occupational health advice, emergency advice, legal advice, property advice or security advice.

If you choose to upload photos as part of an assessment, these will be used to support assessment functionality and generate reports or recommendations. Please avoid including other people, confidential documents, personal health information, valuables, security devices or other private details unless necessary.

For enterprise customers, Swivel may generate aggregated or de-identified insights derived from user data to support organisational reporting. Individual wellbeing responses, wellbeing scores and wellbeing reports are private to the user and are not shared with enterprise customers. Enterprise customers may only receive aggregated or de-identified wellbeing insights where available and where there is sufficient data to protect individual privacy.

Where an enterprise customer requests and is approved for individual-level report access, authorised organisation administrators may be able to view selected individual report information from ergonomic assessment and home safety/security modules. Ergonomic report information may include priority ratings, identified ergonomic issues, selected behaviour tips, cohort messages, and relevant discomfort or treatment-related context where used to explain recommendations. Home safety/security report information may include identified safety or security issues. This access is intended for workstation support, ergonomic follow-up, home workspace safety/security review, risk review or related workplace support purposes. Reports collected before activation will not be made available retrospectively unless expressly stated and consented to.

How We Collect Your Information

We collect personal information through:

  • Direct input from users during assessments and onboarding
  • Automated data collection through the use of our services
  • Communication and support interactions

How We Use Your Information

We use your personal information to:

  • Provide tailored ergonomic and wellbeing assessments
  • Generate personalised recommendations and reports
  • Improve our platform, services, and user experience
  • Communicate with you about your account and updates
  • Ensure platform functionality and security
  • Produce aggregated, de-identified or anonymised analytics for enterprise clients, platform improvement and internal research
  • Support authorised organisation follow-up where individual-level report access has been enabled and disclosed to users
  • Produce aggregated or de-identified wellbeing and workplace insights for enterprise customers where appropriate privacy thresholds are met

Legal Basis for Processing (for EU/UK Residents)

Under the GDPR and UK GDPR, our legal bases for processing include:

  • Consent (where applicable)
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests, such as improving platform features and user experience

Sharing Your Information

We do not sell or rent your personal data. We may share it with:

  • Trusted third-party service providers (e.g., hosting, analytics) under strict confidentiality agreements
  • Authorities where legally required (e.g., law enforcement)
  • Affiliates or successors in the event of a business transfer
  • Enterprise clients, in aggregated, de-identified or anonymised form for organisational reporting purposes, including aggregated wellbeing insights where available
  • Authorised organisation administrators, where individual-level report access has been enabled and disclosed to users, but only for selected individual report information from ergonomic assessment and home safety/security modules, which may include relevant discomfort or treatment-related context in ergonomic reports.
We do not share individual wellbeing responses, wellbeing scores or wellbeing reports with enterprise customers.
 

International Data Transfers

If you are located outside of Australia, your information may be transferred to and processed in countries with different data protection laws. We ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place for such transfers.

Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Routine security assessments and monitoring

Data Retention

We retain personal data only as long as necessary for the purposes described in this policy or as required by law. You may request deletion of your data at any time (subject to legal obligations).

Where individual report access is disabled or not enabled, this does not automatically delete existing user data, but it prevents organisation administrators from accessing individual reports unless otherwise stated. Reports collected before organisation data sharing is enabled are not made available retrospectively unless expressly stated and consented to.

Your Rights

Depending on your location, you may have the right to:

  • Access, update, or delete your personal data
  • Withdraw consent where processing is based on consent
  • Object to or restrict certain types of processing
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at info@heyswivel.com

You may request access to or correction of personal information held about you, including information used to generate your Swivel reports. Where processing is based on consent, you may withdraw consent, noting this may affect your ability to use certain platform features. If your organisation uses Swivel, you may also contact your organisation about its use of organisation-accessible report information.

Cookies & Tracking Technologies

We use cookies to:

  • Enable core platform functionality
  • Analyse usage and improve performance
  • Remember user preferences

You may manage cookie settings through your browser. Disabling certain cookies may affect functionality.

Third-Party Links

Our platform may contain links to third-party sites or tools. We are not responsible for their privacy practices and encourage you to review their policies.

Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect data from children without parental consent.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or within the platform. Continued use of our services constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Swivel Pty Ltd
Email: info@heyswivel.com

Last updated: May 2026