Privacy Policy

Last Updated: 10 October 2025
Version: 1.1

1. Introduction

ScanMy.Band ("we," "our," or "us") operates the ScanMy.Band medical identification service. We are committed to protecting your privacy and handling your personal information responsibly in accordance with the Australian Privacy Act 1988 and applicable international privacy laws.

This Privacy Policy explains how we collect, use, store, and protect your information when you use our medical ID band and associated services.

Our contact details:

• Email: Privacy@ScanMy.Band
• Website: ScanMy.Band

2. Information We Collect

2.1 Account Information

When you register for our service, we collect:

• Email address (used for account login and communications)
• Your name and home address (for product delivery and optional navigation features)

2.2 Purchase Information

We record:

• Band colour(s) you have purchased
• Purchase and product shipping dates
• Payment information is processed by our payment provider and not stored by us

2.3 Medical Information You Choose to Display

You have complete control over what medical information to store on your band. This may include:

• Medical conditions
• Allergies
• Medications
• Blood type
• Doctor or emergency contact details
• Any other information you choose to add

Important: This information is displayed when anyone scans your band.

2.4 Scan Data (Collected Automatically)

When your band is scanned, we automatically collect:

• GPS location coordinates where the scan occurred
• Date and time of scan
• Device type used for scanning (if available)

This data collection is mandatory and occurs for all scans. We collect this information to:

• Provide emergency location alerts (if you enable notifications)
• Support law enforcement in missing person and criminal investigations
• Detect fraudulent, unauthorized, or suspicious use of bands
• Investigate disputes about band functionality or displayed information
• Maintain security audit trails
• Improve service reliability and safety features

Emergency Contact Notifications (Optional Feature): If you enable this feature, we will share scan location data with your designated emergency contacts via email when your band is scanned.

Show Me The Way Home (Optional Feature): If you enable this feature, we provide navigation directions from the scan location to your stored home address using third-party mapping services.

2.5 Technical Information

We collect standard technical data:

• IP address when you access our website or services
• Browser type and version
• Device information
• Usage logs for service improvement and security

3. How We Use Your Information

3.1 Primary Purposes

Essential Service Functions:

• Display your medical information when your band is scanned
• Collect and store scan location data for all scans
• Manage and maintain your account
• Process your band orders and arrange delivery
• Send important service updates and communications
• Provide customer support

Optional Features (only if you enable them):

• Send emergency location alerts to your designated contacts when your band is scanned
• Provide navigation directions from scan location to your home address

Legal Compliance and Protection:

• Respond to law enforcement requests and legal obligations
• Investigate and prevent fraud, security incidents, and unauthorized use
• Defend against legal claims and disputes
• Maintain records for statute of limitations periods

Service Improvement:

• Analyse usage patterns to improve our service
• Troubleshoot technical issues
• Ensure security and prevent fraud

3.2 Legal Bases for Processing

We process your personal information based on:

• Contract Performance: To provide the medical ID service you have purchased and registered for, including mandatory scan location tracking
• Consent: For optional features such as sharing location data with emergency contacts and navigation services
• Legitimate Interests: To improve our service, prevent fraud, maintain security, investigate disputes, and defend against legal claims. Our legitimate interest in collecting scan location data includes protecting our business from liability claims, supporting investigations, and improving safety features.
• Vital Interests: To protect your life or health in emergency situations where your medical information needs to be accessed, and to assist in investigations involving missing or endangered persons
• Legal Obligations: To comply with applicable laws, regulations, court orders, and law enforcement requests

4. How Your Medical ID Band Works

4.1 Emergency Access by Design

When someone scans your band with an NFC-capable device or via the QR code:

• Your medical information is displayed immediately
• GPS location of the scan is recorded automatically
• No password, login, or authentication is required
• This is intentional design to enable emergency access when you may be unconscious or unable to communicate

Important Security Note: Anyone with an NFC-capable smartphone or QR code reader can scan your band and view the medical information you have chosen to display. If you find a lost band, the information could be viewed by you. For this reason, we recommend only storing information necessary for emergency medical care.

4.2 Automatic Scan Location Recording

Every time your band is scanned:

• We automatically capture the GPS location and timestamp
• This occurs regardless of whether you have enabled optional notification features
• Scan records are stored for 5 years, then automatically deleted
• You will receive an email notification at your registered email address when your band is scanned

Why we collect this data:

• Emergency response coordination
• Law enforcement assistance in missing person investigations
• Security and fraud prevention
• Dispute resolution and legal protection
• Service improvement and safety features

4.3 Emergency Contact Notifications (Optional Feature)

If you enable this feature in your account settings:

• Your designated emergency contacts receive email notifications when your band is scanned
• Notifications include a map showing the scan location and timestamp
• This feature is disabled by default and can be enabled or disabled at any time

4.4 Show Me The Way Home (Optional Feature)

If you enable this feature:

• After a scan occurs, you can access directions from the scan location to your stored home address
• Navigation is provided using third-party mapping services
• This feature is disabled by default and must be explicitly enabled by you
• You can disable it at any time in your account settings

5. How We Share Your Information

5.1 When Your Band is Scanned

Anyone who scans your band can see:

• The medical information you have chosen to display
• This is accessible to anyone with an NFC or QR code capable device
• No identification of the scanner is recorded or required

You receive (always):

• Email notification that your band was scanned
• Location and time of the scan

Your designated emergency contacts receive (only if you enable alerts):

• Email notification that your band was scanned
• Location of the scan on a map
• Date and time of the scan

5.2 Service Providers

We share data with trusted third-party service providers who help us operate our service:

• Cloud hosting providers (for data storage)
• Email delivery services (for notifications)
• Mapping and navigation services (for location features)
• Payment processors (for purchases)

These service providers are contractually obligated to:

• Only use your data for the specific services they provide to us
• Protect your data with appropriate security measures
• Not share your data with others
• Comply with applicable privacy laws

5.3 Shipping and Fulfillment

To deliver your medical ID band, we share your name and delivery address with:

• Our shipping and logistics partners
• Postal services or courier companies

These providers only receive information necessary for delivery and are bound by confidentiality obligations.

5.4 Law Enforcement and Legal Requirements

We may disclose your information, including scan location data, when:

Required by law:

• Legal obligations, court orders, subpoenas, or warrants
• Valid law enforcement requests or government inquiries
• Regulatory investigations or compliance requirements

Necessary to assist investigations:

• Missing person cases
• Criminal investigations where scan data may be relevant
• Child safety or welfare concerns
• Serious threats to public safety

To protect rights and safety:

• Enforce our Terms of Service
• Protect our rights, property, or safety
• Protect your vital interests or those of others
• Prevent, investigate, or address fraud, security incidents, or technical issues
• Defend against legal claims or disputes

We respond only to formal requests from law enforcement. We do not proactively monitor or report scan data unless we receive a valid legal request or are legally required to do so.

Where legally permitted, we will notify you of law enforcement requests for your data, though notification may be delayed or prohibited in active investigations or where court orders require confidentiality.

5.5 Business Transfers

If ScanMy.Band is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

5.6 We Do NOT

• Sell your personal information to third parties
• Share your information for marketing or advertising purposes
• Provide your medical information to anyone except as displayed when your band is scanned
• Share your scan location data except as described in this policy

6. Data Security

We implement industry-standard security measures to protect your personal information:

Technical Safeguards:

• Encryption of data in transit using TLS/SSL protocols
• Secure authentication systems with one-time email code verification (6-digit login code)
• Regular security assessments and updates
• Access controls limiting who can view your data
• Monitoring and logging of system access

Organizational Safeguards:

• Staff training on privacy and security practices
• Strict access policies for personal information
• Regular review of our security practices

Important Limitation: While we implement strong security measures for our systems, the nature of medical ID bands means your medical information is intentionally accessible to anyone who physically scans your band. This is by design to enable emergency access. Please only store information on your band that you are comfortable being visible in emergency situations.

We cannot guarantee absolute security. No method of electronic storage or transmission is 100% secure. If you believe your account security has been compromised, contact us immediately at Privacy@ScanMy.Band.

7. Data Retention

We retain your personal information for the following periods:

While your account is active:

• Account information (email address, name, home address)
• Band purchase information (colours, purchase and shipping dates)
• Medical information you have chosen to display

After account deletion:

• All personal data is permanently deleted within 30 days of account closure
• Exception: Records may be retained longer if required by law (e.g., financial records for tax purposes, or records subject to legal holds)

Scan records (location, date, time):

• Retained for 5 years from the date of scan, then automatically and permanently deleted
• This retention period is necessary to:
• Comply with statute of limitations periods for contract and liability claims (6 years in most Australian jurisdictions)
• Enable investigation of disputes about band functionality or displayed information that may arise years after an incident
• Respond to law enforcement requests in missing persons or criminal investigations
• Maintain audit trail for security, fraud prevention, and pattern detection
• Provide historical data if needed for legal defense or insurance claims
• Records involved in active legal proceedings, law enforcement investigations, or disputes may be retained beyond 5 years until the matter is resolved
• You may request earlier deletion of scan records; however, we may decline if records are required for active disputes, investigations, or within applicable limitation periods

Technical logs:

• Retained for up to 12 months for security and troubleshooting purposes

You can request deletion of specific data or your entire account at any time by contacting Privacy@ScanMy.Band, subject to the exceptions noted above.

8. Your Privacy Rights

8.1 Rights Under Australian Privacy Law

Under the Australian Privacy Act 1988, you have the right to:

• Access: Request access to the personal information we hold about you, including your scan history
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information and account (note: your band will cease to function if your account is deleted, and some data may be retained as described in Section 7)
• Complaint: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your personal information

8.2 Additional Rights for EU/UK Users

If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

• Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Object: Object to processing based on legitimate interests (note: we may continue processing if we can demonstrate compelling legitimate grounds)
• Withdraw Consent: Withdraw consent at any time for optional features based on consent (such as emergency contact notifications and navigation features). Note that withdrawal of consent does not affect the mandatory collection of scan location data, which is necessary for our legitimate interests and legal obligations.
• Supervisory Authority: Lodge a complaint with your local data protection authority

8.3 How to Exercise Your Rights

To access, correct, delete, or download your personal information:

• Email us at: Privacy@ScanMy.Band

Please:

• Send the request from your registered email address
• Provide a clear description of what information you want to access, correct, or delete
• Include any relevant details to help us locate your information

Identity Verification: For your security, we will ask security questions to verify your identity before processing requests involving sensitive personal information. This may include questions about your account history, band colours purchased, or other account details.

Response Time: We will respond to your request within 30 days. For complex requests, we may extend this by an additional 30 days and will notify you of the extension.

No Fee: We do not charge a fee for reasonable requests. For manifestly unfounded or excessive requests, we may charge a reasonable administrative fee or refuse the request.

Limitations: We may decline deletion requests where we are required or permitted by law to retain the information, including:

• Active legal proceedings or investigations
• Compliance with legal obligations
• Within applicable statute of limitations periods
• Detection and prevention of fraud or security incidents

8.4 Account Management

You can manage much of your information directly through your account settings:

• Modify your medical information
• Enable or disable emergency contact notifications
• Enable or disable navigation features
• Add or remove emergency contacts

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

Essential Cookies (required):

• Session management for logged-in users
• Security and fraud prevention
• Basic functionality of the website

Analytics Cookies (optional):

• Usage statistics to improve our service
• Understanding how visitors use our website
• You can opt out of analytics cookies through your browser settings

We do not use:

• Advertising or marketing cookies
• Third-party tracking for advertising purposes
• Social media tracking pixels

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

10. Children's Privacy

Our service is not specifically designed for children. However, we recognise that minors may need medical ID bands for their safety or to help reunite them with their caretakers. In such cases, a parent or legal guardian must create and manage the account on the minor’s behalf.

For users under 18:

• A parent or legal guardian must create and manage the account
• The parent/guardian is responsible for all privacy settings and consent decisions
• The parent/guardian should carefully consider what medical information to display
• The parent/guardian consents on behalf of the minor to scan location tracking

We do not knowingly collect personal information from children without parental consent. If you believe we have inadvertently collected information from a child without proper consent, contact us immediately at Privacy@ScanMy.Band and we will delete the information.

11. International Data Transfers

Your personal information may be stored and processed in countries outside of Australia, including countries where our cloud hosting providers and service providers are located.

When we transfer data internationally, we ensure appropriate safeguards are in place:

For transfers to countries without adequate data protection:

• Standard Contractual Clauses approved by relevant authorities
• Binding corporate rules where applicable
• Other approved transfer mechanisms under applicable law

For EU/UK users:

• We comply with GDPR requirements for international data transfers
• We use appropriate transfer mechanisms such as Standard Contractual Clauses

By using our service, you acknowledge and consent to the transfer of your information to countries outside your country of residence, which may have different data protection standards.

12. Third-Party Links and Services

Our service may contain links to third-party websites or integrate with third-party services (such as mapping providers for navigation features).

Important: This Privacy Policy does not apply to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you use.

When you use third-party services through our platform (such as navigation features), your use may be subject to the third party's privacy policy and terms of service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes to our practices
• Legal or regulatory requirements
• New features or services
• Feedback from users

When we make changes:

Non-Material Changes (clarifications, contact details, minor updates):

• We will update the "Last Updated" date at the top of this policy
• We will post the updated policy on our website
• Continued use of our service constitutes acceptance

Material Changes (new data collection, new purposes, significant changes to your rights):

• We will notify you via email at your registered email address
• We will provide a prominent notice on our website
• For changes to optional features requiring new consent, we will seek your explicit consent before implementing the changes
• You will have the opportunity to review changes before they take effect
• Changes to mandatory data collection will be effective upon notice, and continued use of the service constitutes acceptance

We will maintain an archive of previous versions of this Privacy Policy. You can request previous versions by emailing Privacy@ScanMy.Band.

14. Contact Us and Complaints

14.1 Privacy Questions

For any questions about this Privacy Policy or our privacy practices:

• Email: Privacy@ScanMy.Band
• Subject Line: "Privacy Inquiry"

14.2 Exercising Your Rights

To access, correct, delete, or download your personal information:

• Email: Privacy@ScanMy.Band
• Subject Line: "Privacy Rights Request"

14.3 Data Breach Notifications

If you believe there has been unauthorized access to your account:

• Email: Privacy@ScanMy.Band immediately
• Subject Line: "Security Incident"

14.4 Making a Complaint

Step 1: Contact Us First

If you have a complaint about how we handle your personal information, please contact us first:

• Email: Privacy@ScanMy.Band
• Subject Line: "Privacy Complaint"
• We will investigate and respond within 30 days

Step 2: External Complaint Bodies

If you are not satisfied with our response, you can lodge a complaint with:

For Australian users:

• Office of the Australian Information Commissioner (OAIC)
• Website: oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

For EU/UK users:

• Your local Data Protection Authority
• Find your authority at: List of Personal Data Protection Competent Authorities

15. Your Acknowledgment

By creating an account with ScanMy.Band and using our service, you acknowledge and agree that:

• You have read and understood this Privacy Policy in its entirety.
• You understand that anyone with an NFC or QR code capable device can scan your band and view the medical information you have chosen to display.
• You acknowledge that GPS location data is automatically collected and stored for 5 years every time your band is scanned, for the purposes described in this policy, including emergency response, law enforcement cooperation, security, fraud prevention, legal protection, and service improvement.
• You understand that scan location data may be shared with law enforcement in response to valid legal requests or investigations involving missing persons, criminal activity, or threats to public safety.
• You consent to the collection, use, storage, and disclosure of your personal information as described in this Privacy Policy.
• You understand that optional features (emergency contact notifications and navigation) are disabled by default and can be enabled or disabled at any time in your account settings.
• You are responsible for ensuring the accuracy of the medical information you choose to display on your band.
• You understand the security limitations inherent in a system designed for emergency access, where anyone can scan your band.
• You acknowledge that scan records are retained for 5 years and may be retained longer if involved in active legal proceedings or investigations.
• You understand that deleting your account will cause your band to cease functioning.
• Your formal acceptance of this Privacy Policy and our Terms of Service occurs when you agree to them during account registration. If you do not agree to this Privacy Policy, you cannot create an account or use our service.

16. Definitions

For clarity, the following terms have these meanings in this Privacy Policy:

• Personal Information: Information about an identified individual or an individual who is reasonably identifiable
• Medical Information: Health information you choose to display on your band, including conditions, allergies, medications, and emergency contacts
• Scan: The act of reading your medical ID band using an NFC or QR code capable device
• Scan Data: GPS location coordinates, timestamp, and device information collected automatically when your band is scanned
• Emergency Contacts: Individuals you designate to receive notifications when your band is scanned (optional feature)
• NFC: Near Field Communication technology that allows devices to communicate when brought close together
• Optional Features: Emergency contact notifications and "Show Me The Way Home" navigation service, which are disabled by default and require your explicit activation
• Mandatory Data Collection: Scan location data, which is automatically collected for all scans regardless of optional feature settings

This Privacy Policy is effective as of the "Last Updated" date shown at the top of this document.

ScanMy.Band reserves the right to update this policy in accordance with Section 13 above.