Version 2.0 - Effective from September 2021
This
Privacy Policy describes how Social Pinpoint Pty Ltd
(“Social Pinpoint”, “we”, “us” or “our”) (ABN: 79 164 471 425) collects,
protects, discloses, stores and uses your personal information through
its provision of online software applications and other digital products
(the “Software”) and services (together, the “Services”).
Our
Software is operated by an external operator (the “Operator”) who
licences the Software from Social Pinpoint and may, from time to time, collect
information for various reasons outlined in their Privacy Policy,
Privacy Statement, or any other applicable Agreement. You should check
these documents and ensure you are comfortable with how the Operator
will collect and handle your personal information.
This Privacy Policy has been prepared to take into account the following privacy laws:
- Australia
- Privacy Act 1988 (Cth) (“Privacy Act") and the Australian Privacy
Principles (“APPs"). See Appendix 1 for Privacy Act and APP specific
provisions.
- Canada - The Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA).
- European Union - General Data Protection Regulation 2016/679 (“GDPR”). See Appendix 2 for GDPR specific provisions.
- New Zealand - Privacy Act 1993.
If
the Operator is a government entity or located in another jurisdiction,
we may also contractually agree to comply with additional privacy laws.
What information is collected?
Personal Information
Customers:
In
providing its Services, the type of personal information collected by
Social Pinpoint may include (but may not be limited to) the following types of
information, when this information is shared:
- Your name
- Email address
- Phone number
- The organisation you work for
- Your job title
- Your preferences and opinions with respect to the Services
- Details
of the Services requested by you and provided to you and Social Pinpoint’s
response to you, including with respect to any support requests
- Any feedback you provide to Social Pinpoint, including in any feedback surveys
- Your IP address
- Other unique ID numbers
- Any other personal information requested by Social Pinpoint and/or provided to Social Pinpoint by you or by a third party.
Users of our Services:
The
Operator may collect a range of personal information from you when you
use our Services (whether as a staff admin user for the Operator or as a
visitor to the Operator’s website), depending on their specific
requirements and needs. Personal information may be collected in a range
of ways including through a registration process or through various
activities and interactions on the site.
The type of personal
information collected will vary between Operators and may include (but
may not be limited to) the following types of information, when this
information is shared:
- Your name
- Email address
- Username
- Profile picture
- Phone number
- Your IP address
- User-agent string
- Other unique ID numbers
- Social network account IDs
- Physical address, postcode, or other locational attributes
- Demographic information such as age, gender, etc.
- Information about your preferences
- Your
recorded thoughts, ideas, opinions, etc. as expressed by you. This may
include sensitive information if you provide political opinions.
You will need to check the Privacy Policy of the Operator to confirm what personal information is collected.
Where
an Operator collects your personal information, this personal
information may also be collected and accessed by Social Pinpoint in fulfilling
our duties and responsibilities to the Operator and to internally
analyse and improve our Services and Software.
Cookie Policy
Our
websites use cookies to record and log data. We use both session-based
and persistent cookies, dependent upon how you use or interact with our
websites.
Cookies are small data files sent by us to your
computer, or from your computer or mobile device to us each time you
visit our website. They are unique to you or your web browser.
Session-based cookies last only while your browser is open and are
automatically deleted when you close your browser. Persistent cookies
last until you or your browser delete them, or until they expire.
When
you use one of our websites, we may use technologies such as cookies to
store information about your visit. If you have provided us with
personal information, cookies may be associated with this information.
We
use this information to better understand how people use our websites,
to improve our products, to ensure that we give you the best experience
we can, to detect fraud or abuse and to help our customers learn about
which engagements and content most matter to their communities.
If
you do not wish to have cookies enabled, or wish to be notified of
their use, most modern browsers will allow you to adjust this in the
settings. Please note that disabling the use of cookies on our software
may result in restricted/impacted functionality, and you may not be able
to take full advantage of the service.
We use the following categories of cookies on our sites:
Necessary cookies
These
cookies are essential to enable you to browse around our websites and
use its features. Without these cookies, functionality related to
certain tools and accessing secure areas of the site could not be
provided.
Preferences cookies
Also known as
“functionality cookies,” these cookies allow a website to remember the
choices you have made in the past, like what language you prefer or what
your username and password is so that you can automatically log in next
time.
Statistical cookies
Also known as
“performance cookies,” these cookies collect information about how you
use a website, like which pages you visited and which links you clicked
on. The purpose of this information is to help understand how users are
engaging with the website and to improve website functions.
Operators
may also use cookies on our Software. Operators are responsible for
notifying you of the cookies they use and how you can control which
cookies are enabled.
Links
This Privacy Policy does not
apply to third party websites or digital services which may be linked to
content published by either Social Pinpoint or the Operator. We recommend you
read the privacy statement of the relevant service when you access these
third party sites.
How do we use your information?
Customers:
Social Pinpoint may use information it collects (personal or otherwise) in order to:
- provide our Services to you
- allow you to access our Software
- send you updates and information where you have consented or would reasonably expect to receive them
- respond to your enquiries
- to request your feedback
- maintain our licenced Software
- for internal record keeping, administrative, invoicing and billing purposes
- detect and rectify fraud or other behavior that violates any terms of use
- comply with our contractual or legal obligations and resolve any disputes that we may have
- conduct de-identified research, analytics and business development
- improve our Services, Software and our website
- if otherwise required or authorised by law
Users of our Services:
Social Pinpoint may access and use the information collected by the Operator (personal or otherwise) in order to:
- allow you to access our Software
- respond to your enquiries
- maintain our licenced Software
- detect and rectify fraud or other behaviour that violates any terms of use
- respond to service requests from the Operator
- comply with our contractual or legal obligations and resolve any disputes that we may have
- monitor sites to ensure adequate safety and security
- conduct de-identified research, analytics and business development
- improve our Software and services
- if otherwise required or authorised by law
How do we protect your information?
Social Pinpoint
takes the privacy of your information very seriously, and we use
industry standard practices to keep your data safe and secure.
How do we disclose your personal information?
Customers:
In providing the Services, our Software and our website Social Pinpoint may disclose your personal information to:
- our third party helpdesk management provider for customer support tickets
- our third party email management system to send email updates and notifications
- our employees, contractors and/or related entities
- our existing or potential agents or business partners
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred
- credit
reporting agencies, courts, tribunals and regulatory authorities, in
the event you fail to pay for goods or services we have provided to you
- courts,
tribunals, regulatory authorities and law enforcement officers, as
required by law, in connection with any actual or prospective legal
proceedings, or in order to establish, exercise or defend our legal
rights
- any other third parties as required or permitted by law, such as where we receive a subpoena
Users of our Services:
In providing the Services and our website, Social Pinpoint may disclose your personal information to:
- our third party email management system to send email updates and notifications
- our third party authentication and authorisation provider for our Software, if enabled
- other
third party service providers for the management of security, fraud
detection, internal logs, basemaps and geocoding services, content
moderators, graphic providers, web mapping tools and software which
allows for the functionality of a browser
- Social media sites when you choose to share content or authenticate your user account through them
- any other third parties as required or permitted by law, such as where we receive a subpoena
Contact us
To contact us about our Privacy Policy, compliance with any
applicable privacy laws, or to modify or delete your personal data, please email our Privacy Officer at: info@socialpinpoint.com
The Privacy Officer will review all
messages received and respond to each message upon due consideration. We
may require further information to respond to your message, or may
refer you to the Operator when appropriate.
Changes to this Policy
We
reserve the right to modify this policy from time to time, at our sole
discretion. If we make a material change to the Privacy Policy we will
notify you and the modified policy shall be effective once we notify you
of the change. If we do not make any material amendments then we will
post the modified policy on our website and it shall be effective once
posted. We recommend that you regularly check our website to make sure
you are aware of our most up-to-date policy.
Appendix 1 – The Privacy Act and the APPs
The
Privacy Act and the APPs set out the core requirements for the
protection of personal information in Australia. Please read the Privacy
Policy above and this Appendix carefully and contact us at the details
at the end of the Privacy Policy if you have any questions
How do I access, change or delete my personal information?
In
some cases you may be able to access and correct your personal
information by logging into your account (if the Software provides this
functionality), where you can update your personal details.
You
may also request a copy of, changes to, or deletion of, the personal information we
hold, and we will act on this request within a reasonable period of time
unless we are legally permitted to refuse to do so, in which case we
will provide you with details of our refusal in writing.
Before acting on your request we may be contractually required to provide notification to or seek the consent of the Operator.
Social Pinpoint will endeavour to respond to your request or inquiry within 30 days.
How do I make a complaint?
If
you wish to make a complaint, please contact us using the details in
the contact section above and provide us with full details of the
complaint. We will promptly investigate your complaint and respond to
you, in writing, setting out the outcome of our investigation and the
steps we will take in response to your complaint. If you are not
satisfied with our response you also have the right to contact the
Office of the Australian Information Commissioner.
Will my personal information be transferred overseas?
Where
we disclose your personal information to third parties in our Privacy
Policy, these third parties may store, transfer or access personal
information outside of Australia, including but not limited to the
United States of America and the Philippines.
We will only
disclose your personal information to countries with laws which protect
your personal information in a way which is substantially similar to the
Australian Privacy Principles or we will take such steps as are
reasonable in the circumstances to ensure the third party protects your
personal information in accordance with the Australian Privacy
Principles.
Appendix 2 – The GDPR
Under the GDPR
individuals located in the EU have extra rights which apply to their
personal information. Personal information under the GDPR is often
referred to as personal data and is defined as information relating to
an identified or identifiable natural person (individual). This Appendix
sets out the additional rights we give to individuals located in the EU
when we sign a GDPR compliant data processing agreement with an
Operator, including how we process personal information lawfully,
transparently and fairly. Please read the Privacy Policy above and this
Appendix carefully and contact us at the details at the end of the
Privacy Policy if you have any questions.
What personal information is relevant?
This
Appendix applies to the personal information set out in the Privacy
Policy above where we sign a GDPR compliant data processing agreement
with an Operator. This includes any sensitive information also listed in
the Privacy Policy above which is known as ‘special categories of data’
under the GDPR.
Our commitment to you
Your personal information will:
- be processed lawfully, fairly and in a transparent manner by us;
- only
be collected for the specific purposes we have identified in the
‘collection and use of personal information’ clause above and personal
information will not be further processed in a manner that is
incompatible with the purposes we have identified;
- be collected
in a way that is adequate, relevant and limited to what is necessary in
relation to the purpose for which the personal information is processed;
- be kept up to date, where it is possible and within our
control to do so (please let us know if you would like us to rectify any
of your personal information);
- be kept in a form which permits
us to identify you, but only for so long as necessary for the purposes
for which the personal information was collected or required by an
applicable controller; and
- be processed securely and in a way
that protects against unauthorised or unlawful processing and against
accidental loss, destruction or damage.
How do we process personal information?
If
the GDPR applies and we act as a controller, we must have a legal basis
to process your personal information. We will process your personal
information in accordance with the following legal bases:
- Legitimate
interests: We will process your personal information for our legitimate
interests to allow you to access and use our website, to send you
marketing content we think may be of interest to you, to contact you if
you leave your contact details with us or if you otherwise initiate
contact with us, to review and improve our Services and for our internal
business purposes.
- Performing a contract: We will rely on
performing a contract to process your personal information where we are
preparing to enter into a contract with you or we are carrying out our
obligations under a contract with you, including where you have entered
into a contract with us for our Services or the licensing of our
Software.
- Legal obligation: We will rely on a legal obligation
to process your personal information where we are subject to a legal
obligation, including to respond to any illegal activity and for
taxation purposes.
- Consent: If we need to rely on consent, we
will ask for consent to process any of your personal information for
that specific purpose before we process your personal information for
that purpose.
Upon written request, we may provide you with
a list of the third parties we use to process your personal information
and the locations of those third parties.
Data retention
If the GDPR applies or we have signed a GDPR compliant data processing agreement, and we act as a processor:
We
will only retain your personal information in accordance with the
controller’s instructions and we will delete or return your personal
information to the controller in accordance with the terms of the
applicable data processing agreement.
If the GDPR applies and we act as a controller:
We
will only retain your personal information for as long as necessary to
fulfil the purposes we collected it for, including for the purposes of
satisfying any legal, accounting, or reporting requirements.
To
determine the appropriate retention period for personal information, we
consider the amount, nature, and sensitivity of the personal
information, the potential risk of harm from unauthorised use or
disclosure of your personal information, the purposes for which we
process your personal information, whether we can achieve those purposes
through other means and the applicable legal requirements.
In
some circumstances you can ask us to delete your data: see ‘access,
erasure and data portability’ below for further information.
In
some circumstances we may anonymise your personal information (so that
it can no longer be associated with you) for analytics, research or
statistical purposes in which case we may use this anonymised
information indefinitely without further notice to you.
Data transfers
The
countries to which we send data for the purposes listed above may not
have the same data protection laws as the country in which you initially
provided the information. If we transfer your personal information to
third parties in other countries:
- we will perform those
transfers in accordance with the requirements of the GDPR (for example,
by using the Standard Contractual Clauses as a safeguard); and
- we will protect the transferred personal information in accordance with the Privacy Policy, as supplemented by this Appendix.
Countries to which we may transfer personal data include Australia, the Philippines and the United States of America.
Extra rights for EU individuals
Objecting to processing:
You
have the right to object to processing of your personal information
that is based on our legitimate interests or public interest. If this is
done, we must provide compelling legitimate grounds for the processing
which overrides your interests, rights and freedoms, in order to proceed
with the processing of your personal information.
Restricting processing:
You have the right to request that we restrict the processing of your personal information if:
- you are concerned about the accuracy of your personal information
- you believe your personal information has been unlawfully processed
- you need us to maintain the personal information solely for the purpose of a legal claim
- we are in the process of considering your objection in relation to processing on the basis of legitimate interests
Access, erasure and data portability:
You
may have the right to request details of the personal information we
hold about you, or to request that we erase the personal information we
hold about you, or that we transfer this information to a third party.
Rectification:
If
you believe that any information we hold about you is inaccurate, out
of date, incomplete, irrelevant or misleading, please contact us using
the details below. We will take reasonable steps to promptly correct any
information found to be inaccurate, incomplete, misleading or out of
date.
Note that if we are acting as a processor of your personal
information, before acting on a rights request we will need to seek the
instructions of the relevant Operator.
If the GDPR applies and we
act as a controller of your personal information, we will endeavour to
respond to your request or inquiry within 30 days.
How do I make a complaint?
If
you wish to make a complaint, please contact us using the details in
the contact section above and provide us with full details of the
complaint. We will promptly investigate your complaint and respond to
you, in writing, setting out the outcome of our investigation and the
steps we will take in response to your complaint. If you are not
satisfied with our response you also have the right to contact the
relevant EU supervisory authority.