1. In this Privacy Policy (Policy):
1.1. a reference to us, our or we is to Spectra QEST Australia Pty Ltd (ACN 120 735 408), Spectra QEST America Corp and any subsidiary or company related to the same;
1.2. Applications means any mobile application we make available to you;
1.3. Personal Information means information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion whether or not the information or opinion is true or not and whether the information or opinion is recorded in a material form or not;
1.4. Services means the Website and the Applications; and
1.5. Website means all of the pages located on our website located via www.spectraqest.com and those pages provided by us via the third party website located at spectraqest.atlassian.net.
2. Privacy Commitment
2.1. Thank you for accessing our Services and for reviewing our Policy. We are subject to and seek to comply with all applicable law including the Australian Privacy Principles contained in the Privacy Act 1988. We have created this Policy in order to demonstrate our firm commitment to your privacy.
2.2. This Policy sets out how we collect, use and disclose information (including Personal Information) that we obtain from you through our Services and/or from your employer or customer (as applicable) which require you to use our Applications.
2.3. Documentation and other information provided by us via the third party website located at spectraqest.atlassian.net is also subject to Atlassian’s relevant Privacy Policy and other terms and conditions. Atlassian’s Privacy Policy can be found here.
3. Collection of Personal Information
3.1. We will only collect Personal Information about you from you (including via online enquiry forms you submit, any emails you send to us or any connected applications or information on your mobile device for which you have given us permission to access) and/or from your employer or customer (as applicable) which require you to use our Applications. For example, (i) we collect Personal Information about you such as your name, address, telephone numbers, email address and company details and your professional qualifications as necessary to perform our functions and to offer the Services including so that you can use our Applications.
3.2. We collect Personal Information as well as non-personally identifiable information that you voluntarily provide including by giving our Applications special permission to access information on your mobile device necessary for the Application to operate. You may not be able to use our Applications unless you grant us certain permission to access information on your mobile device such as data storage and location data.
3.3. Through technology we may automatically record details including your internet address, domain name and the date and time of your visit to our Website (including the web pages viewed), your browser and operating system. Our Applications may also automatically record certain information such as the type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, information about the way you use the Application and your location. Where cookies are used to collect information you can disable cookies on your device by changing the security and privacy settings on your device or in your browser (as applicable). If you linked to our Website from another website then that information will also be recorded.
3.4. With your permission, our Applications may assist third parties such as your employer or customer (as applicable) to collect your Personal Information. In such circumstances, we do not collect or have access to such Personal Information. Accordingly, you should refer to any privacy policy of those third parties prior to authorising such third party to collect and have access to your Personal Information.
4. Use and Disclosure of Personal Information
4.1. Generally, we use information (other than Personal Information) collected when you use our Services to assist us in providing our Services, deciding how to improve our Services (including its utility, content and accessibility) and to monitor the users and usage of our Services. We may use information as to how you and others found our Website in deciding how to promote our Website, products and services (including online advertising).
4.2. We will only use and disclose your Personal Information for:
4.2.1. the primary purposes for which the Personal Information was collected, for example:
4.2.1.1. to provide information to you;
4.2.1.2. to respond to your query and contact you;
4.2.1.3. if you are using our Applications, so that you can use such Applications; and
4.2.1.4. if you are applying for employment with us (if applicable), we will use your Personal Information to assess your application and we may also use this to contact you;
4.2.2. a secondary purpose when:
4.2.2.1. you would reasonably expect us to use or disclose the Personal Information for the secondary purpose; and
4.2.2.2. the secondary purpose is related to the primary purpose of collection; or
4.2.2.3. you have consented to the use or disclosure of the Personal Information for the secondary purpose.
4.3. We may disclose your Personal Information to our related companies, corporate, contractors, agents and service providers but only to provide goods and services to you and/or for the purposes of storage of your Personal Information.
4.4. We may disclose your Personal Information to our professional advisers but only so they can advise us in respect of the same.
5. Requirement to provide Personal Information
5.1. If you do not provide some or all of the Personal Information requested, we may not be able to provide you with goods and/or services.
6. Cross-border disclosure
6.1. It is possible that some of the information we collect may be disclosed to our related bodies corporate, contractors, agents and service providers which may be located outside of Australia. We take such steps as are necessary in the circumstances to ensure that any overseas third party service providers we engage do not breach the Australia Privacy Principles and any other applicable laws.
6.2. You consent to your information being disclosed to an overseas destination for this purpose, including but not limited to Australia and the United States of America (as applicable).
7. Security of your Personal Information
7.1. We may store your Personal Information in hard copy or electronic format, in storage facilities that we own and operate ourselves, or that are owned and operated by our service providers.
7.2. We take reasonable measures to ensure that any Personal Information we hold or disclose about you is complete and correct. We also take reasonable measures to protect your Personal Information from misuse, interference, loss, and unauthorised access, modification and disclosure.
7.3. We will destroy or delete any of your Personal Information which we no longer need to retain. If you email us any information (including Personal Information), it is sent at your own risk as it may not necessarily be secure against interception.
8. Marketing
8.1. If you register your details for the Services, we will automatically add your Personal Information to our mailing list. You can unsubscribe from receiving communications from the mailing list at any time by sending an email to [email protected] with the subject reading “Unsubscribe”.
9. Anonymity and pseudonymity
9.1. When lawful and practical, you have the option of using a pseudonym or not identifying yourself when providing information to us. In doing so you acknowledge that goods and services provided to you may be affected.
10. Complaint
10.1. If you believe that we have breached our privacy obligations you can make a complaint by emailing or writing to us – refer to clause 15 of this Policy for our contact details.
10.2. We will respond to all complaints within 7 days confirming receipt of the complaint and that the relevant investigation procedures have been commenced.
10.3. We will attempt to complete our investigation and resolve your complaint within 28 days from the date you lodge your complaint.
10.4. If we do not resolve your complaint to your satisfaction or you are dissatisfied with the action we have taken, you may apply to the Office of the Australian Information Commissioner or such other applicable entity to have your complaint investigated. Where you are located in Australia, for further information about how to do this, please contact the Office of the Australian Information Commissioner on 1300 363 992 or visit www.oaic.gov.au.
11. Links to other Websites
11.1. When you leave our Website, you will be going to websites that are beyond our control. Such third party websites may collect Personal Information or other information from users. Our Policy does not apply to any third party websites. We encourage you to read the privacy policies of any third party websites. You may not link to our Website without our prior approval.
12. Change to Policy
12.1. We may change this Policy at any time and without prior notice. Where changes are made to this Policy we will take reasonable steps to notify you. The revised Policy will take effect when it is uploaded on our Website.
13. Accessing Personal Information
13.1. On your request, we will provide you with access to your Personal Information that we hold within a reasonable period of time after the request is made, except to the extent that we are lawfully able to refuse such a request. If reasonable and practicable to do so, we will give you access to your Personal Information in the manner that you request. If not so requested, we will provide you with access to your Personal Information via email or in writing.
13.2. All requests about the Personal Information that we hold must be made by email or by writing to us – refer to clause 15 of this Policy for our contact details.
13.3. We rely on the accuracy of the Personal Information you provide us. In the event that Personal Information about you is inaccurate, incomplete or out-of-date, you can request that the Personal Information about you is corrected by emailing or by writing to us – refer to clause 15 of this Policy for our contact details.
13.4. In the event that we deny you access to your Personal Information that we hold, or refuse to correct the Personal Information about you, we will provide you with written reasons and the mechanisms available to complain about such refusal.
13.5. We do not generally charge for providing such access but we may do so in certain circumstances. We will try to respond to your request within 14 days.
14. Additional Information
14.1. For further information about privacy issues and the protection of privacy, visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au or such other entity applicable to the jurisdiction in which we collect your Personal Information.
15. Contact
15.1. If you have any queries in respect of our Policy, please email [email protected] or write to Marketing Manager, Spectra QEST, Suite 7, 132 O’Connell Street, North Adelaide SA 5006, AUSTRALIA.
EU / UK GDPR Addendum
This Addendum applies in addition to our Privacy Policy when we process personal data as a processor on behalf of EU/UK based controller customers that are subject to the EU or UK General Data Protection Regulation (GDPR).
Lawful Basis
We will only process personal data based on lawful instructions from the data controller customer as necessary to provide the services outlined in our contract with that customer.
Data Subject Rights
We will assist our data controller customers in responding to requests from individuals seeking to exercise their GDPR data subject rights of access, rectification, erasure, data portability, restriction of processing, and objection to processing through appropriate technical and organizational measures.
Data Transfers
For any transfer of personal data outside the EU/UK, including to Australia and the USA, we will ensure adequate safeguards are in place as required by GDPR such as EU Standard Contractual Clauses (SCCs), UK International Data Transfer Agreement or Addendum to the EU SCCs or other approved transfer mechanism.
Security and Confidentiality
We maintain appropriate technical and organizational security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. We ensure persons authorized to process the data have committed to confidentiality.
Use of Sub-Processors
Where we engage sub-processors, with the authorization of the data controller customer, such sub-processors will be subject to the same data protection obligations in our contract with the customer.
Assistance and Compliance
We will assist customers with their data protection impact assessments and consultations with supervisory authorities as required. We will also allow for and contribute to audits and inspections conducted by the customer or auditor mandated by the customer.
Data Breach Notification
We will notify affected customers of any personal data breach without undue delay after having become aware of it.
Data Deletion
Upon termination of services, we will either delete or return all personal data to the customer as requested, unless legally required to retain the data.