FIELD ASSIST DATA ANALYSIS PRIVACY POLICY
OVERVIEW
This Privacy Policy (“Policy”) is required by the Privacy Act 1988 (Cth), since your privacy is
very important to us and we are committed to protecting it.
1
This Policy applies to all
personal information gathered by Habitat Land Management (“we” “us” “our”) from its
users (“you” “your” ) through our Field Assist Data Analysis application (“Service”). This
Policy will explain what kinds of personal information we will collect and store, and how we
will collect and store it. It also outlines our reasons for collection and how we will use and
disclose your personal information. You can access your personal information, or ask for a
correction and lodge a complaint if you think your information has been mishandled. This
Policy will outline how we will handle the complaint process.
PURPOSE AND EFFECT
We must obtain personal information from you to provide you with certain features of the
Service, and assist organisations with collecting field data. While your use of the Service is
voluntary, by using the Service or requesting that we provide the Service to you, you are
agreeing to disclose certain of your personal information to us. You are also authorising us
to use and disclose your personal information pursuant to the provisions of this Policy.
KINDS OF PERSONAL INFORMATION
Prior to your use of the Service, we may request certain personal information about
yourself, which is information or an opinion that can directly or indirectly identify you as a
natural person.
2
This includes, but is not limited to, your:
(a) full name; or
(b) alias or previous name; or
(c) date of birth; or
(d) sex; or
(e) current or last known address, and 2 previous addresses (if any); or
(f) current or last known employer; (g) driver’s licence number
We may from time to time request to collect your sensitive information, which is a
subcategory of personal information. This includes, but is not limited to, information or an
opinion about your:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
1
Privacy Act 1988 (Cth) sch 1 – Australian Privacy Principles.
2
Ibid s 6(1).
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual orientation or practices; or
(ix) criminal record
It can also include, but is not limited to, your:
(a) health information; or
(b) genetic information; or
(c) biometric information
Not all such personal data is collected by us.
Data Breach
While we endeavour to protect your personal information, in the unlikely event of a data
breach, we will notify you as soon as practicable. A data breach occurs when there is
unauthorised access or disclosure or loss of your personal information, which has caused
you serious harm.
3
In the event of a breach, you and/or anyone who is at risk,
4
and the Commissioner
5
will be
notified of:
(a) our identity and contact details of our privacy personnel; and
(b) a description of the data breach; and
(c) the types of information affected; and
(d) the steps that need to be taken in response to the breach.
6
Otherwise the contents of the breach will be published on our website.
7
We are exempt if the data breach does not result in any serious harm to you.
8
This can be
determined by:
(a) the type of information and whether it is sensitive;
(b) whether the information is protected through strong encryption;
(c) who obtained the information and whether they intended to cause harm; and
(d) the nature of the harm.
9
We will keep records of all data breaches, including the facts and effect of the breach and
remedial action taken. Credit card information is used solely for billing purposes, and is
encrypted and transmitted securely via HTTPS to Stripe (our payment processing provider)
3
Ibid s 26WE(2).
4
Ibid s 26WL(2)(a)-(b).
5
Ibid s 26WK(2)(a)(ii).
6
Ibid s 26WK(3).
7
Ibid s 26WL(2)(c).
8
Ibid s 26WF.
9
Ibid s 26WG.
for processing. More information on Stripe security is available here. Your credit card
information is never stored on the Service’s systems anywhere.
We may also record information about your use of the Service, such as your local internet
address.
Your personal information remains your property at all times, subject to the permissive uses
granted hereunder.
HOW WE USE AND DISCLOSE YOUR PERSONAL INFORMATION
Personal information, submitted to us through our Service will be used for the purposes
specified in this policy. We may use your personal information for the following:
(a) administering our website, application and business;
(b) personalizing our website tools and/or databases for you;
(c) enabling your use of the Service;
(d) sending you software or software tools purchased through our app or website;
(e) supplying the Service to you;
(f) sending statements, invoices, and payment reminders to you, and collecting
payments from you;
(g) sending you non-marketing communications;
(h) sending you email notifications that you have specifically requested;
(i) providing third parties with statistical information about our users (but those third
parties will not be able to identify any individual user from that information);
(j) providing information to our Processor;
(k) dealing with inquiries and complaints made by or about you relating to the Service;
(l) keeping our app and website secure and to prevent fraud;
(m) verifying compliance with the terms and conditions governing the use of the Service;
and
(n) other uses, which may be added hereto.
If you submit personal information for publication on our Service, we will publish and
otherwise use that information in accordance with the license you grant to us.
We will not, without your express consent, supply your personal information to any third
party for their or any other third party’s direct marketing.
As part of operating our Service, we disclose personal information to the following agents:
We may disclose your personal information to any of our employees, officers, insurers,
professional advisers, agents, suppliers or subcontractors, subsidiaries or parent companies
as reasonably necessary for the purposes set out in this Policy. We may disclose your
personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any ongoing or prospective legal proceedings;
(c) to establish, exercise, or defend our legal rights (including providing information to
others for the purposes of fraud prevention and reducing credit risk);
(d) to the purchaser (or prospective purchaser) of any business or asset that we are (or
are contemplating) selling; and
(e) to any person who we reasonably believe may apply to a court or other competent
authority for disclosure of that Personal Data where, in our reasonable opinion, such
court or authority would be reasonably likely to order disclosure of that personal
information.
Except as provided in this Policy, we will not provide your personal information to third
parties.
HOW WE COLLECT AND STORE YOUR PERSONAL INFORMATION
ACCESS TO AND CORRECTION OF PERSONAL INFORMATION
Personal Data will be stored in the cloud by our Processor. Personal Data will be stored in a
manner that ensures appropriate security, integrity and confidentiality and secured against
unauthorized processing, accidental loss, destruction or damage. We will take reasonable
technical and organizational precautions to prevent the loss, misuse, or alteration of your
Personal Data. We will store the Personal Data you provide on our secure (password and
firewall-protected) servers. All electronic financial transactions entered into through our
app or website will be protected by encryption technology. You acknowledge that the
transmission of information over the internet is inherently insecure, and we cannot
guarantee the security of data sent over the internet. You are responsible for keeping the
password you use for accessing our app or website confidential; we will not ask you for your
password (except when you log in to our website).
Personal Data will be stored in a format that allows for easy portability. Portability means
the Personal Data will be stored in a manner that allows you to obtain and reuse your
Personal Data for your own purpose by transferring it to a different environment. Upon your
written request, you will be provided with the ability to access your Personal Data to verify
its accuracy, download it in an easily-portable format or request a copy of your Personal
Data being processed.
Personal Data that we process for any purpose or purposes shall not be kept for longer than
is necessary for that purpose or those purposes.
You further have the right to object in writing to the processing of your Personal Data. In
such case, the Personal Data will not be processed, unless we demonstrate compelling and
legitimate grounds for the processing that override your interests, rights and freedoms, or
we require the data to establish, exercise or defend legal rights. You further have the right
to object to the processing of your Personal Data for the purpose of direct marketing,
including profiling. Where Personal Data are processed for scientific and historical research
purposes or statistical purposes, you have the right to object, unless the processing is
necessary for the performance of a task carried out for reasons of public interest. If you
object to the processing of your Personal Data, you agree to the termination of your access
to the Service in the event that we determine, in our sole discretion, that we are unable to
provide the Service due to your objection to the processing of your Personal Data. This
objection right is given free of charge, although we may charge a reasonable fee for
repetitive requests, manifestly unfounded or excessive requests for additional copies of
information you request.
Upon termination of the Service for any reason, and upon your written request, your
Personal Data may be erased. Additionally, you have the right at any time to demand that
inaccurate or incomplete Personal Data are erased or rectified. You have the right of
erasure if:
data are no longer needed for the original purpose and no new purpose exists;
the lawful basis for the processing is your consent, you withdraw that consent, and no other
lawful ground exists;
you exercise your right to object and we have no overriding grounds for continuing the
processing;
the data have been processed unlawfully; or
erasure is necessary for compliance with EU law or the law of a country bound by the terms
of the GDPR.
You have the right to obtain the following information:
confirmation of whether, and where, we are processing your Personal Data;
information about the purposes of the processing;
information about the categories of data being processed;
information about the categories of recipients with whom the data may be shared;
information about the period for which the data will be stored (or the criteria used to
determine that period);
where the data were not collected from you, information as to the source of the data; and
information about the existence of, and an explanation of the logic involved in, any
automated processing that has a significant effect on you.
Upon your request for any of the above-referenced information, we will, within one month
of receiving your written request, provide such requested information. In the event we fail
to meet this deadline, you may complain to the governing Data Protection Authority and
may seek a judicial remedy. In the event we receive a large number of requests, or complex
requests, the time limit may be extended by a maximum of two additional months. You also
have the right to bring a claim directly against the Processor, although the Processor is liable
for the damage caused by its processing activities only where it has: (1) not complied with
obligations under the GDPR that are specifically directed to processors; or (2) acted outside
or contrary to lawful instructions of the Controller.
We will not refuse to give effect to your rights unless we cannot identify you through the
use of reasonable efforts to verify your identity. Where we have reasonable doubts as to
your identity, we may request the provision of additional information to confirm your
identity.
You may restrict processing of your Personal Data, meaning the Data may only be held by
us, and may only be used for limited purposes, if the accuracy of data is contested (and only
for as long as it takes to verify accuracy), the processing is unlawful and you request
restriction (as opposed to exercising the right to erasure), we no longer need the Data for
their original purpose but the Data are still required by us to establish, exercise or defend
legal rights; or verification of overriding grounds is pending in the context of an erasure
request.
COMPLAINTS PROCESS
We comply with the Australian Privacy Principles cornerstone of the privacy protection
framework in the Privacy Act 1988 regarding the collection, use and disclosure of personal
information within Australia. If there is any conflict between the terms in this Policy and the
Australian Privacy Principles, the Australian Privacy Principles shall prevail. To learn more
about the Australian Privacy Principles, please visit
https://www.oaic.gov.au/privacy/australian-privacy-principles/.
In compliance with the Australian Privacy Principles, we commit to resolve complaints about
our collection, use or disclosure of your personal information. If you have any enquiries or
complaints, please contact us first at _____.
CONSENT
By indicating your acceptance of this Policy, you hereby accept the terms contained herein.
Your acceptance indicates that you acknowledge that your consent to use your personal
information for the purposes identified herein is freely given (“Consent”). Should you feel
that this consent is in any way unclear or ambiguous, please contact our privacy personnel
at the following address with any questions prior to your accepting the privacy policy: You
further understand that use of the Service is expressly conditioned on your consent to the
processing activities described herein.
IN ACCORDANCE WITH THE ABOVE STATEMENT, YOU HEREBY ACKNOWLEDGE,
UNDERSTAND AND AGREE THAT, BY REGISTERING AN ACCOUNT WITH THE SERVICE, YOU
EXPRESSLY CONSENT TO THE USE OF YOUR PERSONAL DATA FOR THE PURPOSES
DESCRIBED ABOVE.
Consent may be refused by declining to affirmatively acknowledge this Policy or foregoing
use of the Service.
Consent Withdrawal
Consent to this Policy may be withdrawn at any time by providing written notice to our
privacy personnel at ______
