Mitilabs Privacy Policy

Version: January 2025

At Mitilabs Pty Ltd (“Mitilabs”, “we”, “us”), protecting your privacy is a core priority. We provide workplace safety technologies that help organisations reduce the risks of heat stress, vibration injuries, and other environmental hazards. This Privacy Policy explains how we collect, use, store, and protect information when you or your organisation use our products and services.

By using our website, devices, or services, you consent to the practices described in this policy.

1. Our Commitment to Privacy

Mitilabs adheres to the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).
We also support the principles of transparency, worker safety, and minimal data collection.

Mitilabs does not directly identify workers using our devices and does not collect names, staff IDs, GPS location, or other direct identifiers.

2. What Information We Collect

Mitilabs products collect two types of information:

A. Personal Information (when you interact with us directly)

We may collect limited personal information when you contact us, submit enquiries, purchase devices, or register for updates. This may include:

  • Name

  • Email address

  • Phone number

  • Organisation name

  • Billing information

  • Communication history

This information is used to provide services, support, billing, product updates, and customer communication.

B. Operational Device Data (from HEATrack, HAVTrack and other devices)

Our devices collect physiological and environmental data to assess worker safety and deliver alerts.
This may include:

  • Core body temperature readings

  • Heart rate

  • MET/workload estimations

  • WBGT, UV, humidity and air temperature readings (via base stations)

  • Vibration exposure metrics

  • Tool-usage detection (accelerometer/gyroscope patterns)

  • Device battery status

  • Timestamps

  • System alerts and notifications

Important:

Mitilabs does not know the identity of the person wearing the device.
Any connection between a device and a specific worker is managed entirely by the employer.

3. Anonymous and De-Identified Data

Mitilabs primarily receives operational safety data without personal identifiers.
Where possible, we de-identify or aggregate the data to:

  • Improve machine-learning models

  • Enhance device performance

  • Analyse environmental or operational trends

  • Support research and safety innovation

Mitilabs does not attempt to re-identify individuals.

4. How We Use the Data

We use the information we collect to:

  • Deliver heat-stress, vibration, and tool-usage alerts

  • Provide environmental data to workers or supervisors

  • Improve the accuracy and reliability of our systems

  • Support client safety programs

  • Maintain and improve our software and hardware

  • Comply with legal and regulatory obligations

We do not sell personal or operational data to third parties.

5. Responsibility of Employers Using Our Devices

When organisations deploy Mitilabs devices in the workplace, they may be able to identify which worker is wearing a device.

Therefore: The employer—not Mitilabs—is responsible for notifying workers and obtaining any required consent under privacy, workplace surveillance, or employment laws.

Mitilabs does not assign devices to workers and does not identify individuals in the data we receive.

6. How We Store and Protect Information

We take all reasonable steps to protect data from misuse, loss, unauthorised access or disclosure.
Measures include:

  • Encrypted transmission of device data

  • Secure cloud storage and access controls

  • Strict internal access limitation

  • Regular security reviews and best-practice development standards

Some data may be stored on secure third-party cloud services which may be located in Australia or overseas. These providers must comply with privacy and security standards.

7. Data Retention

We retain information only for as long as necessary to:

  • Provide the service

  • Support safety reporting

  • Improve device performance

  • Meet legal or operational requirements

De-identified aggregated data may be retained for model training and system improvement.

8. Notifiable Data Breaches

If personal information we control is involved in a breach likely to cause serious harm, Mitilabs will comply with the Notifiable Data Breaches Scheme, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC).

9. Your Rights

You may request to:

  • Access your personal information

  • Correct or update your information

  • Withdraw consent for direct communications

  • Ask how your information is stored or used

Requests can be directed to: hello@mitilabs.com.au

For operational data collected by your employer, please contact your employer directly.

10. Updates to This Policy

We may update this Privacy Policy from time to time.
The latest version will always be available at:
https://mitilabs.com.au/privacy-policy/

Changes will take effect once posted on our website.

11. Contact Us

If you have questions about privacy, data handling, or this policy, please contact:
Mitilabs Pty Ltd
Email: hello@mitilabs.com.au
Website: https://mitilabs.com.au