PURPOSE OF OUR POLICY
WHO AND WHAT THIS POLICY APPLIES TO
THE INFORMATION WE COLLECT
HOW INFORMATION IS COLLECTED
Most information will be collected in association with an individual’s use of our digital application for “Cappsule” monitoring solution (Cappsule), use of our website, interacting with our social media profiles, an enquiry about Cappsule or generally dealing with us. However, we may also receive Personal Information from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows: Registrations: When an individual registers for a service, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including account setup; Applications: When an individual applies for a particular role with us, including to become a “Cappsule service professional”; Supply: When an individual supplies us with goods or services; Contact: When an individual contacts us in any way such as with support queries; Access: When an individual accesses us physically we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or Pixel Tags: Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client), we will either delete/destroy the information, or inform the individual that we hold such information, in accordance with the Australian Privacy Principles and the GDPR.
WHEN PERSONAL INFORMATION IS USED & DISCLOSED
OPTING “IN” OR “OUT”
An individual may opt to not have us collect and/or process their Personal Information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us (for clarity, consent must involve an unambiguous positive action to opt in); orOpt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us using the details as set out below.
THE SAFETY & SECURITY OF PERSONAL INFORMATION
HOW TO ACCESS, UPDATE AND/OR REMOVE INFORMATION
Subject to the Australian Privacy Principles and the GDPR, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information as soon as practicable, and by no later than 28 days of receiving the written request. The individual is free to retain and reuse their Personal Information for their own purposes. We may be required to transmit the Personal Information directly to another organisation if this is technically feasible.If an individual cannot update their own information themselves, we will correct any errors in the Personal Information we hold about an individual within 28 days of receiving written notice from them about those errors, or two months where the request for rectification is complex.It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.Where a request to access Personal Information is manifestly unfounded, excessive and/or repetitive, we may refuse to respond or charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them. Where we refuse to respond to a request, we will explain why to the individual, informing them of their right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within 28 days.We may be required to delete or remove all Personal Information we have on an individual upon request in the following circumstances:Where the Personal Information is no longer necessary in relation to the purpose for which it was originally collected and/or processed;When the individual withdraws consent;When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing;The processing of the Personal Information was otherwise in breach of the GDPR;The Personal Information has to be erased in order to comply with a legal obligation; and/orThe Personal Information is in relation to a child.We may refuse to delete or remove all Personal Information we have on an individual where the Personal Information was processed for the following reasons:To exercise the right of freedom of expression and information;To comply with a legal obligation for the performance of a public interest task or exercise of official authority.For public health purposes in the public interest;Archiving purposes in the public interest, scientific research historical research or statistical purposes; orThe exercise or defence of legal claims.
COMPLAINTS AND DISPUTES
If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.If we have a dispute regarding an individual’s Personal Information, we both should first attempt to resolve the issue directly between us.An individual shall have the right to seek a judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her Personal Information in non-compliance with the GDPR. Any proceedings should be commenced in New South Wales, Australia, where we are established.If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Where such information is materially important to the individual’s interaction with us, they may not opt out of receiving these communications.
All correspondence with regards to privacy should be addressed to:
Data Protection OfficerCappsule Pty Ltd
You may contact the Data Protection Offer via email in the first instance.
ADDITIONS TO THIS POLICY