Who we are
Our website address is: https://gopassport.health
goPassport enables and streamlines international travel to Australia. We record essential personal information to identify you to your selected international airline and travel provider, to Australian border management authorities to provide them with your current health status, to your authorised health provider to enable them to record the results of health tests and immunisations (if required by Australian government policy and laws) and to Australian Health agencies to support the management of any required periods of quarantine and/or self-isolation.
Only information required to support the above processes will be collected and stored. All personal and private information is encrypted and stored securely on our Australian computer servers.
We understand that the protection of your personal and private data is of paramount importance to you. To protect travellers and the communities they visit, goPassport collects personal data from you to allow us to alert you to health risks when you travel if you are in high-risk areas or are close to such areas.
Your personal and private information will not be provided to other travellers and you will not see details of other travellers but you will be alerted if you were in contact with other persons who were contagious at the time you were within 5 metres (or closer).
If you become infected while travelling, you will be notified promptly of your changed health status. You will be advised about required and recommended actions to manage the infection.
Your recent location data will be made available to the State/Territory Health Department contact tracing to assist these authorities in their work to contain any potential contagion.
- Your personal information will be encrypted on your device, in transit and in our goPassport databases.
- If you request this, all data that can identify you personally will be automatically deleted from our databases within 28 days of the completion of your trip unless your information is required to trace any infected persons at risk. In this case, data identifying you personally will be deleted within 28 days of the tracing being completed.
- No data, except the following, will be shared with third parties unless you request otherwise:
- Notification to national border agencies of your health clearance status when you apply for a visa and/or cross the national border. Only your health status will be provided.
- The last 28 days of contact tracing data (device identifier, phone number, date and time of contact) will be provided to health authorities should you become infected with a contagious disease.
- Adverse changes to your health status flag will be notified to Border management agencies and the local State/Territory health department.
- goPassport systems and data will be audited independently on an annual basis to ensure our full compliance with the Australian Privacy Principles.
- goPassport will comply with Articles 28 and 29 of the European General Data Protection Regulation 2016/679 except where this is in contravention with Australian laws.
You may choose to use goPassport to provide details of your health status to other organisations for purposes other than travel by international airlines, border clearance or as part of an official quarantine or self-isolation process. If you chose to do this, you will be providing the following details via the goPassport mobile device:
- your full name
- your nationality
- your photo ID details (number and ID type)
- the latest date that your current health status was verified by goPassport
goPassport provides this as a service to you to simplify access to venues, events, local and domestic transport and its use is entirely in your control. The recipient will receive the following message:
Your ID number ID type
The latest health status and its update: date
This information does not guarantee current health status or enable automatic access. See https://gopassport.health for further information.
Updated August 1, 2020
goPassport Pty Ltd is an Australian company and complies with the Privacy Act (1988). The Act provides Consumer Data Rights (see https://www.oaic.gov.au/consumer-data-right/about-the-consumer-data-right/).
This policy applies to the Company’s employees, contractors and officers.
The Company has a contract with all Data Processors that it uses in compliance with Article 28 & Article 29 of the GDPR and ensures that all Data Processors are compliant with Data Protection Legislation.
The policy does not apply to third party services. Where third party services are used, and the third party is not a Data Processor, no Relevant Data (as defined below) is shared with them, or the Relevant Data has been anonymised such that the GDPR does not apply. Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
In addition, a separate agreement governs delivery, access and use of the Products (the “User Agreement”),
This policy applies to Relevant Data received and processed only.
Capitalised terms used in this Policy and not otherwise defined shall have the meanings provided below:
goPassport Family of Companies – the list of the goPassport family of companies is as follows:
goPassport Pty Ltd.
goPassport Labs Pty Ltd.
goPassport, goPassport Health Services Portal, goPassport Corporate
Relevant Data – Personal Data and Special Categories of Data are the Relevant Data covered by this policy and as defined in the Data Protection Legislation.
Personal Data – any information relating to an identified or identifiable natural person.
Special Categories of Data – Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data and data concerning health or a person’s sex life or sexual orientation.
Processing/Processed – any operation on personal data, whether automated or not.
Contagious Disease – any infection subject to a specific health alert including epidemics and pandemics including but not limited to: COVID19, MERS, SARS.
Information We Collect and Receive
When you interact with our Sites and Products, we collect information that, alone or in combination with other data, could be used to identify you (Personal Data). Some of the Information we collect is stored in a manner that cannot be linked back to you (Non-Personal Data).
goPassport collects, generates and/or receives the following Information:
Certain data about the devices you use to connect with goPassport and your use of the Site and/or Product are automatically logged in our systems, including:
- Сontact details, namely, email.
- Location information. This is the geographic area where you use your computer and mobile devices (as indicated by an Internet Protocol [IP] address or similar identifier) when interacting with our Site and/or Product.
- Log data. As with most websites and technology services delivered over the internet, our servers automatically collect data when you access or use our Site and/or Product and record it in log files. This log data may include the IP address, browser type and settings, the date and time of use, information about browser configuration, language preferences, and cookie data.
- Product and Site-Specific Data. This is information about the Site and/or Product you use and how you use them. We may also obtain data from our third-party partners and service providers to analyze how users use our Site and/or Product. For example, we will know how many users access a specific page on the Site and which links they clicked on. We use this aggregated information to better understand and optimize the Site.
- Device information. These are data from your computer or mobile device, such as the type of hardware and software you are using (for example, your operating system and browser type), as well as unique device identifiers for devices that are using goPassport Product.
Third Party Data
goPassport may receive data about Site visitors, marketing campaigns and other matters related to our business from affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
Additional Information Provided to goPassport
We receive Other Information when submitted to our Site or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with goPassport.
Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.
Paddle and goPassport have a legitimate interest to use provided data for product fulfilment, order processing, fraud prevention, and product support.
Collection Information from Children
goPassport does not knowingly collect personal information from children under the age of 15. If we determine we have collected personal information from a child younger than 15 years of age, we will take reasonable measures to remove that information from our systems. If you are under the age of 15, please do not submit any personal information through the Site and/or Products. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Sites and/or Products without their permission.
Use of Your Information by goPassport
We use, process, and store your information as necessary to perform our contract with you and for our legitimate business interests, in operating our Sites, Products, Services, and business including:
- to help us administer our Sites and/or Products, authenticate users for security purposes, provide personalized user features and access, process transactions, conduct research, develop new features, and improve the features, algorithms, and usability of our Sites and/or Products;
- As required by applicable law, legal process or regulation.
- to calculate aggregate statistics on the number of unique devices using our Sites and/or Products;
- to send emails and other communications. We may send you alerts messages, service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Products, our Products offerings, and important Products-related notices, such as security and fraud notices. These communications are considered part of the Products and you may not opt-out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about goPassport. We will only send you marketing information if you consent to us;
- for billing, account management and other administrative matters. goPassport may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
- to investigate and help prevent security issues, fraud and abuse.
- If information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, goPassport may use it for any business purpose.
How We Share and Disclose Information
We only disclose Personal Data to third parties when:
- We use service providers who assist us in meeting business operations needs, including hosting, delivering, and improving our Products. We also use service providers for specific services and functions, including email communication, customer support services, and analytics. These service providers may only access, process, or store Personal Data pursuant to our instructions and to perform their duties to us.
- We have your explicit consent to share your Personal Data (if required).
- We believe it is necessary to investigate potential violations of the Terms of Products, to enforce those Terms of Products, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or potential threats against persons, property, or the systems on which we operate our Site and/or Products.
- We determine that the access, preservation, or disclosure of your Personal Data is required by law to protect the rights, property, or personal safety of goPassport and users of our Site and/or Products, or to respond to lawful requests by public authorities, including national security or law enforcement requests.
- We may disclose Non-Personal Data publicly and to third parties – for example, in public reports about word usage, to partners under agreement with us, or as part of progress reports we may provide to users.
- goPassport does not share your Personal Data with third parties for the purpose of enabling them to deliver their advertisements to you.
- goPassport does not sell or rent your Personal Data.
Third Parties’ Applications and Products
Some third-party applications and services that work with us may ask for permission to access your information. Those applications will provide you with notice and request your consent in order to obtain such access or information. Please consider your selection of such applications and services, and your permissions, carefully.
Some third parties’ embedded content or plugins on our Sites and/or Products, such as Facebook “Like” buttons, may allow their operators to learn that you have visited the Sites, and they may combine this knowledge with other data they have collected about your visits to other websites or online services that can identify you.
Data collected by third parties through these apps and plugins is subject to each parties’ own policies. We encourage you to read those policies and understand how other companies use your data.
E-mailing by goPassport
From time to time, we may want to contact you with information about product announcements, software updates, and special offers. We also may want to contact you with information about products and services from our business partners.
We only send marketing communications to users with your prior consent.
All goPassport account holders will continue to receive transactional messages related to our Products, even if you unsubscribe from promotional emails.
Data storage, transfer, retention, and deletion
Data Storage and Transfers
Information submitted to goPassport will be transferred to, processed, and stored in Australia. When you use the Product on your computing device, user content you save will be stored locally on that device and synced with our servers. Once the data has been stored on our servers, it will no longer be stored on your computing device. To view any of these data on your device, a secure key is used to request upload from our server. Please note that your device will require an internet connection to access the data. If you post or transfer any information to or through our Site and/or Product, you are agreeing to such information, including Personal Data and user content, being hosted and accessed in Australia.
Duration of Information Storage
When you give us personal information, we take steps to make sure that it’s treated securely.
Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology.
Once we receive your data, we protect it on our servers using a combination of technical, physical, and logical security safeguards. The security of the data stored locally in any of our Product installed on your computing device requires that you make use of the security features of your device. We recommend that you take the appropriate steps to secure all computing devices that you use in connection with our Site and Product.
The Company takes the security of your data very seriously and works to protect your data from loss, misuse and unauthorised access or disclosure.
All staff and officers who handle Relevant Data are aware of this policy and have been given training in how to correctly collect, process, store and delete data. The Company holds a log of when staff training was undertaken and updates it on an annual basis.
All access or attempts to access your personal information are automatically monitored by the goPassport security systems and any goPassport officer who breaches our privacy and data protection rules will have their access suspended and may face disciplinary action and/or prosecution.
All breaches will be reported to the relevant supervisory authority within 72 hours, unless the data was anonymised or encrypted or if it has a particularly high risk.
Breaches of this policy by staff, contractors, officers of the Company will be dealt with under the Company’s grievance and disciplinary policy and may lead to a disciplinary sanction.
If goPassport learns of a security system breach, we will attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by posting a notice on the Site. Depending on where you live, you may have a legal right to receive such notices in writing.
Lawful Basis for Personal Data Processing
goPassport uses, processes, and stores Personal Data, as necessary to perform our contract with you, and based on our legitimate interests in order to provide the services in connection with the Product and maintaining Product’s functionality, namely:
- Log data (crash data and other diagnostic reports; cleanup logs: files path and size, system libraries versions, scan/removal duration, device information) – for identifying and fixing defects in Product’s functionality. Logs and entire reports are important to analyse user problems, application misfunctions and crashes. Data is mandatory and is frequently the main source, which helps to understand and resolve application issues.
- Device information: Operating System (OS) running on your device, Internet Protocol (IP) address, access times, browser type, and language, OS localization, CMM bundle IDs, CMM version, screen resolution, cid, battery info, RAM usage info, drive info, processor info, GPU info, disk info (type, total, free, backups), files metadata, applications preferences data, installed applications, network names and preferences,
- computer uptime in hours. – to identify and localise user issues (bugs) and to understand and localise user problems, for the Product correct scanning and cleaning logic, actually, Product functioning.
- We are collecting your data when you are contacting our customer support team via call, email or another communication tool. The purpose of collecting is for helping you to solve any issue you have with our services. The legal basis of collecting is the fulfilment of our contractual or pre-contractual obligations to you. Additionally, we may record the calls. The purpose of call recording is quality control of our customer support services and personnel training. The legal basis of call recording is our legitimate interests in retaining you as a customer and providing you with first-class customer support services.
- We rely on your consent to process Personal Data:
- to send promotional emails,
- to place cookies on your devices and
- for in-app analytics events and actions, used by us to understand user behaviour, analyse and optimise it.
In some cases, GgoPassport may process Personal Data pursuant to legal obligation or to protect your vital interests or those of another person.
goPassport Information Collection Details
What personal information will be collected, and why is it being collected?
When you register:
We will ask you to consent to the collection of your:
- mobile phone number — so that you can be contacted if needed for
- contact tracing
- Emergency contact number, contact name and contact email – so that
- we can contact relatives/friends on your behalf if you are unable to do so
- Email – so that we can contact you if your phone is not working, has been
- lost or become damaged and to assist you with your login should you need
- a new password of login identity
- name — so the relevant health officials can confirm they are speaking to
- the right person when performing contact tracing. This will be easiest if you provide your full name, but you can use a pseudonym or fake name if you prefer
- age range — so health officials can prioritise cases for contact tracing if needed
- postcode — to make sure health officials from the right State or Territory who work in your area can contact you, and to prioritise cases for contact tracing, e.g. hotspot areas
- Passport number, Nationality and Expiry date – so that we can provide your details to Australian border agencies and enable boarding and immigration clearance
- Residential Address – to support the assessment of health risk reported in their region. This will enable goPassport to guide you accurately through mandatory pre-travel preparation (such as testing/immunisation).
- Australian Visa subclass and validity dates – so that we can determine if you are required to adhere to any health-related pre-travel and post-arrival requirements and calculate your goPassport fee.
- Names, gender and ages of any dependent persons under the age of 16 travelling with you – so that we can make arrangements for quarantine or self-isolation.
- Travel agency details – so that we can automatically upload your travel itinerary and alert you if any part of your itinerary is likely to be a threat to your health.
- Photographic Identity Details (eg your identity card or drivers license) – for persons not holding or ttravelling with a national passport to enable confirmation of your identity.
If you are under 15 years of age, your parent or guardian will need to consent to the collection of your registration information and contact data.
When you use goPassport:
You or your travel agent will be asked to upload your current travel itinerary – so that we can automatically upload your travel itinerary and alert you if any part of your itinerary is likely to be a threat to your health.
Your health provider will be able to record details of any health tests or immunisations required. They will not use your app but will have a direct connection to goPassport.
Your app will record the following data:
Your current location — so that we can warn you about any risks to your health near you (this includes the location and date and time). This information will also be used to assist Australian health authorities with any contact tracing should you, a location you visited or another person you come in contact with a source of infection.
How will personal information be stored?
We will store all registration information and other data encrypted in the Australian data store. It is a cloud-based facility, using infrastructure located in Australia, which has been classified as appropriate for storage of data.
We will delete all personal data in the data store if you request this through the goPassport application. If you request this, all personal data will be deleted at the conclusion of your quarantine or self-isolation period or your visit to Australia following a 28-day contact-tracing period. Please note that it will be impossible to restore your account. If your intend to travel to Australia again and your data has been deleted, you will need to open a new account.
How will personal information be used and disclosed?
We will use or disclose your personal information to enable contact tracing by health officials. This includes:
- using your mobile number to send you an SMS to send you alerts and notifications
- using your device identity number to send you messages and alerts
- providing health officials with access to the registration information and
- contact data of contact users to enable contact tracing
Can a user correct or access personal information?
- change your address, itinerary, phone number, emergency contact and
- passport details through goPassport to reflect any changes
- changes to details of any dependents travelling with you
- changes to your itinerary
You cannot change the following information:
- your Health Status Flag – this is automatically updated based on your travel route, results of any testing, immunisation, self-assessment and assessment by health staff
- details of any mandated location for quarantine or self-isolation
Further information about privacy
the Australian Privacy Principles (APP)
- a registered APP code that binds us, and
- how we will deal with such a complaint.
- Will people’s identification, health and work details be on-sold by goPassport?
- Will personal information be used for any form of research (medical, market, etc) other than to support contact tracing?
No. Once all personal information has been deleted, aggregated data, location data, infection data and other non-personal information will be made available to support research.
- Will personal data be made available to police and other law enforcement agencies?
Yes, but only if a warrant is issued for a specific record associated with an offence and only for specified records shown on a warrant. In general, the provisions of section 3E of the Crimes Act 1914 (or State/Territory equivalent) must be met.
If you request, goPassport will delete all of your personal information following the end of your trip and will not be able to support law enforcement requests for personal information.
- Will my information be available to the US authorities under the American Cloud Act?
Yes, while your data is stored in Australia on a Microsoft Azure platform. The Clarifying Lawful Overseas Use of Data (CLOUD) Act enables US authorities to issue a warrant to obtain data.
If you request, goPassport will delete all of your personal information following the end of your trip and will not be able to support law enforcement requests for personal information.
- Is my data safe from hacking?
Yes. All personal information is encrypted on our servers, in our portals, in transit and on your mobile device. Even if data is stolen from any part of our system, it will be encrypted.All goPassport staff require authorisation to access any data (for example our customer service staff) and all of our systems are protected by two-factor authentication (and other security measures).
This does not protect your data if you provide deliberate or accidental access to your data and/or account. The mobile application is password protected and two-factor authentication is required to access critical personal information. You should always lock your mobile device when not in use and protect passwords to prevent unauthorised access to your information.
- If I do not want to use goPassport because of my concerns about my privacy, am I able to travel without it?
A failure to use goPassport as required will prevent travel to Australiaor seriously delay your travel. The information collected by goPassport is required to enable boarding your flight and clearing immigration/entry and to manage you in any mandated quarantine/self-isolation processes. If you chose to not use goPassport, similar information may be required by airlines, border authorities and health departments using lengthy, manual processes and you may incur substantial processing fees if automated processes are not available. Substantial delays should be expected.
- If I believe that information about me in goPassport is incorrect, can that be corrected?
Contact to find out more about privacy within the department, or to make a privacy enquiry or complaint
36 Abbott Street,
Cairns, QLD, 4870,
We may need to update this Policy to keep pace with changes in our Sites, Products, and Services, our business, and laws applicable to us and you. We will, however, always maintain our commitment to respect your privacy. We will notify you of any material changes that impact your rights under this Policy by email (to your most recently provided email address) or post any other revisions to this Policy, along with their effective date, in an easy-to-find area of the Sites, so we recommend that you periodically check back here to stay informed of any changes. Please note that your continued use of goPassport after any change means that you agree with, and consent to be bound by, the new Policy. If you disagree with any changes in this Policy and do not wish your information to be subject to it, you will need to stop using the Sites and/or Products.
Individuals located in the European Economic Area (EEA) have certain rights in respect to their personal information, including the right to access, correct, or delete Personal Data we process through your use of the Site and/or Product. goPassport applies the following to any goPassport user, regardless of their location. You can:
- Have your Personal Data corrected or deleted. You may ask us to correct information you think is inaccurate or completely delete all information that we hold about you by emailing: enquire@goPassport.health.
- Access your Personal Data report by submitting a request at enquire@goPassport.health. This report will include the Personal Data we have about you, provided to you in a structured, commonly used, and portable format.
- Object to us processing your Personal Data. It is your right to lodge an objection to the processing of your personal data by emailing: enquire@goPassport.health if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, including your and our obligations under Australian law, which limit your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
- You can ask us to stop using your Personal Data, including when we use your Personal Data to send you marketing emails. We only send marketing communications to users with your prior consent, and you may withdraw your consent at any time by clicking the “unsubscribe” link found within goPassport emails and changing your contact preferences. Please note you will continue to receive transactional messages related to our Product, even if you unsubscribe from marketing emails.
- Complain to a regulator. If you think that we haven’t complied with data protection laws, you have a right to lodge a complaint with your local supervisory authority.
Data Protection Officer
To communicate with our Data Protection Officer, please email enquire@goPassport.health.
The Company is not established in the EU and therefore VeraSafe has been appointed as goPassport’s representative in the EEA for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union.
To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative. Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o
Prague 1, 11002