Velpic collects your personal information
The Velpic Services involve the storage of data about a company or individual. That data can include personal information. In this Policy, “personal information” has the meaning set out in the Australian Privacy Act 1988 (Cth). Essentially, personal information is any information or opinion that we know (or are reasonably able to determine) is about an identifiable individual and may include information such as the individual’s name, email address and telephone number. We will only collect and store personal information about you when it is reasonably necessary for our business activities.
Velpic may collect personal information directly from you when you:
- register to use the Velpic Services;
- use the Velpic Services;
- contact the Velpic support team; and
- visit our Sites.
You can always choose not to provide your personal information to Velpic or to limit the personal information you provide to us, but it may mean that we are unable to process your application, fulfil your request, or provide you with the Velpic Services.
Velpic may receive personal information from you about others
If you are an End User of the Velpic Services, please note that your provider may provide your personal information to us relating to your use of the Velpic Services. If you are a customer of ours, you may have to provide us with personal information about your End Users in order for you and/or your End Users to use the Velpic Services. If you provide Velpic with personal information about someone else, you must ensure that you are authorised to disclose that information to Velpic and that, without Velpic taking any further steps required by applicable data protection or privacy laws, Velpic may collect, use and disclose such information for the purposes described in this Policy.
This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information (including Velpic), the individual's right to obtain access to and, if necessary, correct that information, Velpic’s identity, and how to contact Velpic.
Where requested to do so by Velpic, you must also assist Velpic with any requests by the individual to access or update the personal information you have collected from them and entered into the Velpic Services.
Velpic collects, holds, and uses your personal information for limited purposes
Velpic collects your personal information so that we can provide you with the Velpic Services and any related services you may request. In doing so, Velpic may use the personal information we have collected from you for purposes related to the Velpic Services including to:
- verify your identity;
- administer the Velpic Services;
- notify you of new or changed services offered in relation to the Velpic Services;
- carry out marketing or training relating to the Velpic Services
- assist with the resolution of technical support issues or other issues relating to the Velpic Services;
- comply with laws and regulations in applicable jurisdictions; and
- communicate with you.
By using the Velpic Services, you consent to your personal information being collected, held and used in this way and for any other use you authorise. Velpic will only use your personal information for the purposes described in this Policy or with your express permission.
It is your responsibility to keep your user name and password to the Velpic Services safe. You should notify us as soon as possible if you become aware of any misuse of your user name and/or password, and immediately change your password within the Velpic Services.
Velpic can aggregate your non-personally identifiable data
By using the Velpic Services, you agree that Velpic can access, aggregate and use non-personally identifiable data Velpic has collected from you. This data will in no way identify you or any other individual.
Velpic may use this aggregated non-personally identifiable data to:
- assist us to better understand how our customers are using the Velpic Services;
- provide our customers with further information regarding the uses and benefits of the Velpic Services; and
- otherwise to improve the Velpic Services.
Velpic holds your personal information on servers located in the U.S and Australia.
Velpic stores personal information on computer databases and/or in hard copy, and we engage third party service providers to assist in storing and processing data for us. All data, including personal and non-personal information, that is entered into the Velpic Services by you, or automatically imported on your instruction, is transferred to Velpic’s servers hosted by third-party service providers who may be located overseas, or use facilities located overseas to provide us with services (“our servers”) as a function of transmission across the Internet. By using the Velpic Services, you consent to your personal information being transferred to our servers as set out in this Policy.
Currently our servers are located in the United States of America (“U.S.”) and Australia, and are primarily hosted by Amazon Web Services, Inc. (“AWS”), and your personal information will be routed through, and stored on, those servers as part of the Velpic Services. AWS has obtained approval from EU data protection authorities of the AWS data processing agreement and model clauses so that all AWS customers can use AWS in full compliance with the EU Data Protection Directive (Directive 95/45/EC). For more information, see http://aws.amazon.com/compliance/eu-data-protection/. If the location of our servers change in the future, we will update this Policy. You should review our Policy regularly to keep informed of any updates.
By providing your personal information to Velpic, you consent to Velpic storing your personal information on servers hosted in the U.S. or Australia. While your personal information will be stored on servers located in the U.S. and Australia, it will remain within Velpic’s effective control at all times. The server host’s role is limited to providing a hosting and storage service to Velpic, and we’ve taken steps to ensure that our server hosts do not have access to, and use the necessary level of protection for, your personal information.
If you do not want your personal information to be transferred to a server located in the U.S. or Australia, you should not provide Velpic with your personal information or use the Velpic Services.
Velpic takes steps to protect your personal information
Velpic is committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your personal information is stored on secure servers that have SSL certificates, and all data transferred between you and the Velpic Services is encrypted.
However, the internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times. Transmission of personal information over the internet is at your own risk and you should only enter, or instruct the entering of, personal information to the Service within a secure environment. Except to the extent that liability cannot be excluded by law, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, or use of, your personal information. Please notify us immediately if you become aware of any breach of security.
We will advise you at the first reasonable opportunity upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.
Velpic only discloses your Personal Information in limited circumstances
Velpic will only disclose the personal information you have provided to us to entities outside the Velpic group of companies if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of the Velpic Services. In the course of our ordinary business operations we disclose personal information to:
- external service providers (such as third-party hosts of our servers);
- commercial partners; and
- our advisors and consultants.
Some of the third parties to whom we disclose your personal information may be located outside Australia. The countries in which these third parties are located will depend on the circumstances.
However, in the course of Velpic’s ordinary business operations, we commonly disclose personal information to third parties located in the U.S.. Velpic will not otherwise disclose your personal information to a third party unless you have provided your express consent. However, you should be aware that Velpic may be required to disclose your personal information without your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information.
The third parties who host our servers do not control, and are not permitted to access or use your personal information except for the limited purpose of storing the information. This means that, for the purposes of Australian privacy legislation and Australian users of the Service, Velpic does not currently “disclose” personal information to third parties located overseas.
Velpic does not store your credit card details
Your credit card details are not stored by the Velpic Services and cannot be accessed by Velpic staff. Your credit card details are encrypted and securely stored by Braintree (a division of PayPal Inc.) to enable Velpic to automatically bill your credit card on a recurring basis. You should review Braintree’s Security Policy to ensure you are happy with it.
You may request access to or correction of your personal information
You have a right to request access to or correction of any personal information we hold about you, by setting out your request in writing and sending it to us at firstname.lastname@example.org.
Velpic will process your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why. For example, it may be necessary for us to deny your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process your request in the manner you have requested. In some circumstances, it may be necessary for us to seek to arrange access to your personal information through a mutually agreed intermediary (for example, the account owner). If we refuse to correct the personal information as requested by you, you may request that we associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will make reasonable steps to associate the statement in such a way that will make the statement apparent to users of the information.
We’ll only keep your personal information for as long as we require it for the purposes of providing you with the Velpic Services. However, we may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.
Our website places a cookie on the hard drive of your computer. A "cookie" is a file which allows us to track and target the interests of users. In addition, our website uses third party cookies from Google Analytics for Display Advertisers, including the following features:
- Google Display Network Impression Reporting - which gives us additional insight into who has viewed our paid digital advertising on other websites. This will help us optimise and tailor our advertising.
- DoubleClick Platform integrations & Remarketing with Google Analytics – the integrations between both our web analytics and paid advertising platforms together to give us additional insight. This allows us to tailor our advertising to ensure the right types and offers are shown to you while you are using the internet outside our website.
- Google Analytics Demographics and Interest Reporting - which gives us insight into behaviour information relating to visitor age, gender and interests on an anonymous and aggregate level. This will help us to understand browsing behaviour to give you a better experience whilst visiting our sites.
While we recommend that users enable cookies on their browsers in order to enjoy all the features of our website, the decision remains in the hands of the individual. Most browsers allow you to control management of cookies, this will be different depending on each user's PC - refer to your browser help menu for further information.
You can opt-out of any email communications
Velpic sends billing information, Velpic Services updates, Velpic Services notifications and other information in relation to your use of the Velpic Services to you via email. Our emails will contain clear and obvious instructions describing how you can choose to be removed from any mailing list not essential to the Velpic Services. Velpic will remove you at your request.
You are responsible for transfer of your data to third-party applications
If you are our customer, you undertake not to use the Velpic Service to transfer personal information of your End Users to third parties unless permitted by law or where you have the consent of your End Users to do so.
Velpic has a privacy complaints process
If you wish to complain about how we have handled your personal information, please provide our Privacy Officer with full details of your complaint and any supporting documentation:
- by email at email@example.com; or
- by letter to The Privacy Officer, Velpic, 243 Hay Street, Subiaco WA 6008, Australia.
Our Privacy Officer will endeavour to:
- provide an initial response to your query or complaint within 10 business days; and
- investigate and attempt to resolve your query or complaint within 30 business days or such longer period as is necessary and notified to you by our Privacy Officer.
This policy may be updated from time to time
Velpic reserves the right to change this Policy at any time, and any amended Policy is effective upon posting to the Sites. You should check this Policy regularly for changes. Velpic will make every effort to communicate any significant changes to you via email or notification via the Velpic Services. Your continued use of the Velpic Services will be deemed acceptance of any amended Policy.
Personal Information we collect and hold
At times we may ask you to provide us with personal information, such as your name, email address and preferred means of communication.
If you are a worker at a site or client which uses any of Damstra’s, or its subsidiaries’, Workforce Management Systems (WMS), we may collect information about you in relation to your engagement at that client, including your name, email address, telephone number, date of birth, next of kin, skills or competency information, right to seek employment, electronic finger scan, facial biometric information, photograph, location, breath analysis and driver licence and other occupational licence information details. This information will be collected electronically. We will obtain and use this information for the purpose of reporting it to our client, who is the site owner or operator, or for any purpose reasonably related to this.
We may also collect sensitive information, such as information about your health and medical history. We will only ask you to provide this information where our client, who is the site owner or operator, has directed us to collect and provide it to them or if it is reasonably necessary for one or more of our functions or activities.
If you are a client or potential client, we may collect and hold financial information about your organisation and your credit history, and banking information. We may, with your consent, seek trade references and undertake credit checks with external parties. We will use this information to help us determine payment terms and appropriate commercial arrangements with you or any matter related to this.
How we collect and hold personal information
We usually collect personal information directly from the individual when that individual registers or updates information on our WMS. We may collect personal information from the individual’s employer or a sub- or head contractor for whom the individual works or the manager or owner of a site or business at which the individual performs tasks or otherwise has access. We may collect personal information about the individual from these other sources in circumstances such as where we are setting up a WMS for a client or where these other sources provide us with information to help register or update the individual’s details in a WMS. Collection of information may also include collecting personal information via scanners, card readers, terminals, turnstiles and access control devices.
Once processed, personal information is held in the relevant WMS. Prior to processing, the personal information is held in our general business management and record keeping systems (including email accounts and servers).
Purposes of collection
We collect personal information for a range of purposes. These primarily include registering and updating the individual’s details in the WMS for the relevant client. Once entered into the WMS, the information can be used by the client for their workforce management purposes and to assist them in meeting their workplace health and safety obligations. We may potentially use or disclose your personal information for the purpose of directly contacting you to serve you with information and/or to seek your assistance in feedback and surveys.
Consequences if you withhold information
If you do not provide all of the information we require, we may not be able to register you in the relevant WMS or update your details. This may mean that you are not permitted to access sites or undertake certain tasks. You should confer with your client to understand the specific consequences that may apply in your particular circumstances.
Erasure of information and consequences
You may request for your data to be deleted. We will maintain certain basic biographical details which includes, amongst others, your name, address, employer and date of birth and any other information that we will reasonably need to identify you in the future. In addition, we will maintain a record of our dealings with you, including the request to delete your data. After personal data is deleted from our production servers, it may still reside in our offline backups for at least 36 months or such longer period as our clients may require. However, if a backup is restored all efforts will be made to ensure the data is deleted again.
If you do erase some or all of the information we require, we may not be able to register you in the relevant WMS or update your details. This may mean that you are not permitted to access sites or undertake certain tasks. You should confer with your client to understand the specific consequences that may apply in your particular circumstances.
Disclosure of Information
We will disclose information that we hold on workers at sites which use the WMS to our client who is the site owner or operator.
We may also disclose personal information to contractors and service providers who we engage to help us provide the WMS to our clients. We may potentially also disclose personal information to our related bodies corporate.
We will not use or disclose personal information other than for the purpose for which it was collected or for a purpose reasonably related to it, except when required by law to do so unless we have your consent to do so.
Security of Information
We take our obligation to protect information that we hold about you seriously. We will take reasonable security measures to keep information secure from misuse or inappropriate disclosure or inappropriate modification.
Access to Personal Information and Updating Information
It is important that the personal information we hold about you is correct and up to date. We encourage you to contact us at any time to update or correct information we hold about you.
You can request access to your personal information by sending a request to Damstra's Privacy Officer in writing or by email. The contact details for the Privacy Officer appear further below. We will normally provide you with access to this information, provided that the request falls within the requirements of the Privacy Act, your request is reasonable and appropriate notice has been provided to us. We may require you to pay any archiving or retrieval costs associated with this prior to providing that information to you.
We will not disclose commercially sensitive information to you.
We will respond by email or letter to you in relation to your request for information within a reasonable period (usually within 30 days) and if reasonable, will provide access in the manner you have requested, or in an alternative manner, provided it is practicable for us to do so. If it is not reasonable or practicable to do so, we will let you know.
If we refuse to provide access to information or to update information, we will provide you with the reasons.
Disclosure of your Information to recipients in other countries
We may disclose information about you to a recipient in another country where it relates to the purpose for which the information was collected or the maintenance of our records (including our IT systems) or the administration of any processes undertaken by us or where such disclosure is required by our clients. We hold those countries to the same standards of privacy and information security as the country in which the work is performed.
What is a cookie?
Cookies are text files which contain information about your internet usage that is held in your browser or on your computer’s hard drive. There are different types of cookie: some are essential for the site to operate properly, whereas others are aimed at enhancing and personalising your user experience. Cookies can help us to understand how consumers are interacting with our website, which helps us to improve our site and to deliver a better service to you.
What types of cookies do we use?
- Strictly Necessary Cookies
- Performance Cookies
- Functionality Cookies
These cookies are essential to enable you to move around the website and use its features. Without these cookies, we cannot provide some of the basic functionalities of our website.
These cookies collect information about how visitors use our website, for instance which pages visitors go to most often, and the pages that they don’t. This helps us to understand and improve the site, so it is easy to use and includes helpful content. They also allow us to fix bugs or glitches on the website. These cookies don’t collect information that identifies visitors, so we can’t identify you individually. We use Google Analytics to track usage of our websites and interaction with our newsletters. For example, to see what content you click on, so we can analyse what content is of most interest to our audience.
These cookies allow our website to remember the choices you make as you browse the site. They provide more enhanced and personal features. The information collected is anonymised and they cannot track your browsing activity on other sites once you leave our site.
How to turn off cookies
Information Security and Technical and Organisational Measures
Damstra takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction.
GDPR Roles and Employees
Damstra has appointed a Data Protection Officer (DPO) and have appointed a data privacy team to develop and implement our roadmap for complying with appropriate regulations. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR compliance, identifying any gap areas and implementing the new policies, procedures and measures.
Damstra understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans.
If you have any questions about our GDPR compliance policies, please contact the Data Protection Officer.
Your rights regarding your personal data
You have several rights under data protection law, which have been strengthened under the General Data Protection Regulation (GDPR):
Access: You have the right to access the personal data we may hold about you and the purposes for which we are using it. We may ask for proof of your identity. On receipt of such a request we will endeavour to respond to you as soon as possible, at most within one calendar month.
Rectification: You have the right to request that we amend any personal data which is incorrect or requires updating.
Erasure: You have the right to request that we delete any personal information pertaining to you. See above for detail.
See above for detail.
If you would like to exercise any of these rights, please contact the Data Protection Officer at firstname.lastname@example.org
If you are concerned about the manner in which we have collected and used your personal data, please contact us - we will do our best to help. If you are unhappy with the way in which we have handled your personal data, you have the right to contact the Information Commissioner’s Office.