1 PURPOSE OF OUR POLICY
(a) Providing the system and services that Donesafe offers; and
(b) The normal day-to-day operations of our business.
2 WHO AND WHAT THIS POLICY APPLIES TO
2.2 We handle Personal Information in our own right and also for and on behalf of our customers and users.
2.5 If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.
2.6 Our website and services are unavailable to children (persons under the age of 18 years).
3 THE INFORMATION WE COLLECT
3.1 In the course of business it is necessary for us to collect Personal Information. This information allows us to identify who an individual is for the purposes of our business, share Personal Information when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
(a) Personal Information. We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other information defined as “Personal Information” in the Privacy Act that allows us to identify who the individual is;
(b) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
(c) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
(d) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and
(e) Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities.
3.3 We may also collect non-Personal Information about an individual such as information regarding their computer, network and browser. This may include their IP address. Where non-Personal Information is
collected the Australian Privacy Principles do not apply.
4 HOW INFORMATION IS COLLECTED
4.1 Most information will be collected in association with an individual’s use of Donesafe, an enquiry about Donesafe or generally dealing with us.
However we may also receive Personal Information from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
(a) Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;
(b) Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
(c) Supply. When an individual supplies us with goods or services;
(d) Contact. When an individual contacts us in any way;
(e) Access. When an individual accesses us physically we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
(f) Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
4.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.
4.3 Information about is collected when you use our services, including browsing our websites and taking certain actions within the Services.
4.4 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information, in accordance with the Australian Privacy Principles.
5 WHEN PERSONAL INFORMATION IS USED & DISCLOSED
5.1 In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected without the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
5.3 If it is necessary for us to disclose an individual’s Personal Information to third parties in a manner compliant with the Australian Privacy Principles in the course of our business, we will inform you that we intend to do so, or have done so, as soon as practical.
5.4 We will not disclose, share or sell an individual’s Personal Information to unrelated third parties without an individual’s consent. For collaboration – the creation of content, which may contain information about you, we do not share information that we collect.
5.5 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
(a) The provision of goods and services between an individual and us;
(b) Verifying an individual’s identity;
(c) Communicating with an individual about:
(i) Their relationship with us;
(ii) Our goods and services;
(iii) Our own marketing and promotions to customers and prospects;
(iv) Competitions, surveys and questionnaires;
(d) Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
(e) As required or permitted by any law (including the Privacy Act).
There are some circumstances in which we must disclose an individual’s information:
(i) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
(ii) As required by any law (including the Privacy Act); and/or
(iii) In order to sell our business (in that we may need to transfer Personal Information to a new owner).
5.7 We make collaboration tools. This means sharing information through the Services and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties.
5.8 We may utilise third party service providers (such as Gmail from Google, Inc., and MailChimp from The Rocket Science Group LLC) to communicate with an individual and to store contact details about an individual. These service providers are located in the United States of America.
6 OPTING “IN” OR “OUT”
6.1 An individual may opt to not have us collect their Personal Information.
This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
(a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
(b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
6.2 If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us on the details below.
7 THE SAFETY & SECURITY OF PERSONAL INFORMATION
7.2 We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access.
This includes appropriately securing our physical facilities and electronic networks.
7.3 Donesafe uses SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept
responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
7.4 We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
7.5 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
7.6 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
8 HOW TO ACCESS AND/OR UPDATE INFORMATION
8.1 Users of Donesafe can update their Personal Information from within their Donesafe account or profile.
8.2 Subject to the Australian Privacy Principles, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information within
28 days of receiving their written request.
8.3 If an individual cannot update its own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.
8.4 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
8.5 We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.
9 HOW DOES DONESAFE STORE AND SEND DATA
9.1 Our goal is to provide our customers with secure, fast, and reliable services. As a provider of global services, we run our services with common operational practices and features across multiple jurisdictions. Website data is stored in Australia only. We store specific application data in data centres located in the US, AU and EU. Data is stored in the data centre closest to the location of the majority of users accessing an instance. We may also allow employees and contractors located around the world to access certain data for product promotion and development, customer and technical support purposes.
9.2 Can you host my data in the EU? Donesafe offers European hosting, we will optimise where to host customer data based on how it is accessed around the world (rather than upon request). We don’t guarantee that your data will be hosted in a specific location. However, data hosting location determinations are always based on reducing latency and achieving optimal performance for you and your users.
10 COMPLAINTS AND DISPUTES
10.1 If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.
10.2 If we have a dispute regarding an individual’s Personal Information, we both must first attempt to resolve the issue directly between us.
10.3 If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
11 CONTACTING INDIVIDUALS
11.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
12 CONTACTING US
12.1 All correspondence with regards to privacy should be addressed to:
The Privacy Officer
HSI APAC PTY LTD
4/37-69 Union Street
You may contact the Privacy Officer by email in the first instance.
13 ADDITIONS TO THIS POLICY
14 COMPLIANCE WITH GDPR
14.1 We acknowledge that the EU General Data Protection Regulation (GDPR) may apply to certain information that we process. This clause applies to the personal data governed by GDPR. “Personal data”, “process”, “controller”, “processor”, “data subject” and “consent” have the meaning as defined in GDPR.
14.4 Every data subject has a right of access (article 15 GDPR), a right to rectification (article 16 GDPR), a right to erasure (article 17 GDPR), a right to restriction of processing (article 18 GDPR), a right to data portability (article 20 GDPR) and a right to object (article 21 GDPR). Data subjects also have a right to lodge a complaint with a supervisory authority (article 77 GDPR).
The privacy of your personal information is important to Health and Safety Institute (HSI), also referred to in this notice as “we,” “us” or “our”), and we are committed to protecting the privacy of such personal information. In order to provide you information about the services we can provide you, however, it is necessary for us to possess certain personal information of yours, the privacy of which may be protected by the laws or regulations of various governments throughout the world.
Without some of this information, we cannot provide you with the services you may request. If you are currently receiving information from us, you may opt-out of receiving further communications at any time.
This privacy statement explains our personal information policies and practices, including, but not limited to, the types of personal information we may collect about you, the purposes for collecting such information, the circumstances under which we may disclose such information to third parties, the measures we take to secure the confidentiality of such information, and the information you will need to contact us or others to address your privacy concerns including the exercise of your rights.
The privacy laws and regulations from various countries throughout the world define this term in different ways and even use different terms in describing personal information which should be protected and kept as private as possible. Some laws and regulations consider only very limited types of information to be protected and private. Others include much broader categories.
We have chosen to adopt the broader approach to what information must be protected and kept as private as possible. In this notice, “Personally Identifiable Information” (PII) refers to data that could be used, alone or in combination with other data, to identify you as an individual. It can include, among others, name, physical address, email address, IP address, date of birth, social security number, passwords, credit card or other financial or payment information.
How we collect, use or process your PII
Collection and uses of personal information: By visiting, contacting, or registering with us we may collect thefollowing personal information:
The purpose of processing your personal information may include: marketing and communications, delivery of service, and/or billing and payment.
Our site is not intended for storing or transmitting ‘special categories’ of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or health information. We do not knowingly collect information relating to actual or alleged criminal offences.
Visiting our website:
You may choose to share your PII with us to obtain information about our products or services. We might also record and maintain certain PII from you by recording network traffic, tracking cookies, or through the completion of online web forms.
From third parties:
From time to time we may receive your business contact information from third parties. This may happen if one of our existing suppliers or customers refers your company to us.
Sharing your PII with third parties:
We do not sell your PII to any third parties.
We may share your PII we possess with our affiliates, business partners and third parties for the purposes of operating our business and delivering and improving the services we provide to you as well as for other legitimate purposes permitted by applicable law including sending marketing and other communications related to our business.
We also share personal information for a variety of purposes including, but not limited to, the following ways:
Collecting personal information from minors: We do not offer services and products to minors and do not intend to collect personal information from children under the age 16. We follow all local legal requirements with respect to the collection and processing of a minor’s personal information without the appropriate authorization from a parent or guardian.
Lawful basis of collection and use of your PII
Our collection and use of your PII is lawful.
We will only use your information where:
Security of PII
We are committed to protecting your PII from unauthorized access and use. We implement and maintain appropriate technical, physical and administrative safeguards to help accomplish this goal. Access to your PII is restricted to only those employees who need to know that information to provide our services to you. Our employees receive training to maintain the confidentiality, privacy and security of your PII.
Data storage and retention
Your PII will be retained only for as long as the information is needed to fulfill the purposes for which it was collected and processed. We reserve the right to retain and use your PII for as long as necessary to comply with our legal obligations and business requirements and/or to resolve ongoing disputes and enforce our agreements.
Data Subject Rights
The General Data Protection Regulations (GDPR) of the European Union (EU), along with other national privacy laws, provide certain rights regarding the PII of an individual (described in GDPR as a “data subject”). This privacy statement is intended to inform you of your rights with respect to your PII under the GDPR (which may also exist with other national privacy laws) and to provide you with the information necessary to exercise those rights.
Individuals who reside in the EU and whose personal data is collected and processed by us have the right to the following:
In addition, you have the right to withdraw consent if consent was provided to collect and process you PII. If you withdraw consent, that will not impact your PII that was processed prior to withdrawal of the consent.
International transfers of PII
We may transfer your PII in our possession to other third parties, such as our third-party service providers, in a country other than the one in which it was originally collected. When transferring your PII from one country to another country, we have implemented procedures to ensure that appropriate safeguards are in place to protect it regardless of where it is being transferred.
Changes to this privacy statement
From time to time we may update this privacy statement. If revisions are made to the privacy statement, we will update the statement with a new revision date.
This privacy statement was revised and posted on 8/21/2019.
Questions, concerns or complaints
If you have any questions, concerns or complaints regarding the information in this privacy statement and/or our privacy practices, please contact