Digistorm Group - Version 3.1 – May 2024
Introduction
Welcome to Digistorm’s privacy policy. Protecting Your Personal Information is our Priority.
We are committed to protecting individuals’ personal information. This Privacy Policy sets out how we, the Digistorm Group (“Digistorm,” “we,” “us,” or “our”) collect, handle, use, and share information about you.
This Privacy Policy is provided in a layered format so you can click through to the specific areas set out below. Alternatively, you can download a pdf version of the policy here.
As a global organisation we are subject to the privacy laws of every jurisdiction in which we operate, including, as an Australia-based group, the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
In certain circumstances we may also be subject to European data protection law, including the EU General Data Protection Regulation (Regulation 2016/679) (GDPR) and the UK GDPR and Data Protection Act 2018, as it applies to residents in the European Union and the UK, respectively, to the New Zealand Privacy Act 2020 and its Information Privacy Principles (IPPs), as they apply to the collection and processing of the personal information of New Zealand residents. as well as to Canadian data protection law, in particular the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, as it applies to the collection and processing of the personal information of Canadian residents.
Because we also operate in the United States, through our U.S. subsidiary and our parent company, Veracross LLC, a U.S.-based company, we are also subject to U.S. federal and state privacy and data security laws and regulations in our processing of the personal information of U.S. residents.
Because our website users are located across the globe, we have chosen to use the European Union (GDPR) model, often considered as the strictest model for user transparency, as the format for this policy. Consequently, based on the privacy and data protection laws that apply to you based on the location from which you access our website, you may not necessarily understand the meaning of some of the terms used in this Privacy Policy, we refer you to our Glossary of terms at the end of this policy to help you make better sense of this document.
1. General Information And Who We Are
Purpose
The purpose of this Privacy Policy is to:
- Set out the types of information that we may collect;
- Explain how that information will be used, handled, stored, and disclosed.
Application
This Privacy Policy applies to Personal Information that we may collect about you in the manner outlined in this policy, including from all legal entities owned or controlled by us (across any jurisdiction). It applies to any processing of Personal Information we collect through our public website www.digistorm.com and its subdomains (the “Website”). It also applies to your use of any of the Digistorm mobile applications (collectively, the “App”) once you have downloaded or streamed a copy of the App, onto your mobile telephone or handheld device.
It does not, however, apply to any Personal Information we process in connection with the Suite of Products that we provide through our platforms and related websites and apps to our Institution customers and their end users.
In our processing of Personal Information in connection with the provision of our Suite of Products to Institutions, we act as a data processor under applicable data privacy laws, and in that context our client Institutions act as data controllers on behalf of which we process the Personal Information for purposes of the provision of our Suite of Products. When we act as a data processor our processing of Personal Information isn’t governed by this Privacy Policy but by our Data Processor Addendum or other data processing terms in place between Digistorm and each Institution. For more information on our processing as a data processor, please contact the Institution that collected your Personal Information in connection with the use of our Suite of Products.
This policy also does not apply to Personal Information that may be collected by a third party or how that third party may use, handle, store or disclose your Personal Information.
By accessing and using our Website and App, you agree that you have read and understand this policy and consent to the privacy practices (and any uses and disclosures of information about you) described in it. Please carefully read this policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Information about you so that you understand how we collect, share, and protect your information. This policy supplements other notices and privacy policies and is not intended to override them.
Controller
The Digistorm Group is made up of different legal entities, as follows:
- Digistorm Pty Ltd ACN 153 005 264;
- Digistorm, LLC (USA);
- Digistorm Operations Pty Ltd ACN 153 005 317;
- Digistorm Group Pty Ltd ACN 140 122 649; and
- Affiliates to the above noted entities.
This Privacy Policy is issued on behalf of the Digistorm Group so when we mention “Digistorm”, “we”, “us” or “our” in this Privacy Policy, we are referring to the relevant company in the Digistorm Group responsible for processing your data. Digistorm Pty Ltd is the controller and responsible for our Website and App.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the data privacy manager using the contact information set out at the end of this policy.
Changes to the Privacy Policy and Your Duty to Inform Us of Changes
We may change our Policy on how we handle personal information or the types of personal information which we hold. Any changes to our Policy will be published on our website. Historic versions can be obtained here.
It is important that the Personal Information we hold about you is accurate and current. Please update it or keep us informed if your Personal Information changes during your relationship with us.
2. The Information We Collect About You, How We Collect It, and How We Use It.
This Privacy Policy uses the term “Personal Information” to refer to any information about a person or a household (as applicable based on the privacy laws that apply to your Personal Information) that can be used to identify them or to distinguish them from other people. It does not include information where the identity has been removed (anonymous data).
We may collect, use, store and transfer the following Personal Information from our Website and App users through different means, as follows.
Personal Details
We collect the following types of information about you:
- Identity Data: full name, date of birth and gender.
- Contact Data: residential address, postal address, email address, phone number, facsimile number, and proof of identity information.
Why we collect this information for the following purposes:
- To send you relevant news, promotion, and marketing materials.
- To respond to your requests, questions, comments, and complaints.
- To register for conferences and special events; or
- For any other reason allowed at law.
Products and Services
We collect information, communications, or opinions about any of our products, services, and business activities.
Technical Data
Why we collect this information:
- To improve the products, services, and business activities that we undertake; or
- Any other reason allowed at law.
Digital Media
We collect digital media and content such as video footage and audio (“Digital Data”).
Why we collect this information:
- For sales & marketing purposes;
- Internal training and quality purposes; or
- Any other reason allowed at law.
Technical and Device Data Collection
Information that may be collected by us or on our behalf via third parties includes Device Data and other technical data such as the date and time of your visit to our website, your equipment’s IP address, documents and pages you access, your type of browser and setting, your operating system, the address of a recurring site you are about to visit; the information you submit regarding payment particulars, your device identifier, including UDID, device details, pages visited, language selections, cookies, tracking pixels, geographic area and location.
Why we collect this information:
- To provide you with local information and alerts about our products and services, for internal sales & marketing purposes.
- To improve our Website, App, and our services.
- To comply with local legal restrictions.
- To gather anonymous statistics.
- For analytical purposes.
- To ensure proper functioning of the Website and App; or
- For any other reason allowed at law.
Employment Data
We collect your first name, last name, email address, address, your resume and, optionally, your phone number, education, experience (although this information is generally collected as part of your resume information), and any other Personal Information included in your cover letter when you apply to one of our available positions via our Careers page on our Website.
We collect this information to review and process your application against the requirements of a specific position. We have grouped any Personal Information collected as part of this process as “Employment and Education Data”.
Marketing
We strive to provide you with choices regarding certain Personal Information uses, particularly around marketing. We have grouped the Personal Information we use for marketing purposes under the category “Marketing and Communications Data”.
Promotional Offers from Us
We may use your Identity, Contact, and Technical/Device Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you.
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
Third-party Marketing
We will get your express opt-in consent before we share your Personal Information with any company outside our company for their own marketing purposes.
Opting Out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
Where you opt out of receiving these marketing messages, this will not apply to Personal Information provided to us as a result of a Service purchase, support experience or other transactions.
Change of Purpose
We will only use your Personal Information for the purposes for which we collected it. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Information for an unrelated purpose, we will notify you and, if you are based in the EU or the UK, we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, or where this is required or permitted by law.
How We Collect Your Personal Information
We collect the above Personal Information about you:
- From you directly (for example when you subscribe to our marketing communications by filling out one of our forms on our Website, e.g., to receive our newsletter or by completing a “book a demo” form, when you communicate with us by email or through social media, or when you participate in a webinar or video/audio call with us);
- From other sources (for example from business partners, sub-contractors in technical and delivery services, advertising networks, analytics providers, search information providers); and
- Indirectly (for example technical information, including the IP address used to connect your computer or mobile device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, cookies, operating system and platform, type of device. Additionally, as you browse our platforms and websites, we collect information about the individual web pages or products that you view, what websites or search terms referred you to across those platforms, and information about how you interact with our Website and App) (“Device Information”).
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit www.allaboutcookies.org. For a list of our cookies please see our Cookies notice accessible on our Website.
- "Log files” track actions occurring on our Website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps;
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse our Website.
In the event we receive identifiable information from a third party, such as a tradeshow organizer, we will take reasonable steps to ensure that you have given express or implied consent to the collection of that information. If it is determined that we are unable to have possession of the information under a relevant law, we will destroy the information or ensure that the information is de-identified.
Do Not Track Settings
For some (but not all) services operated by us, the Do Not Track browser setting is accepted (which can be adjusted in your browser). Because a uniform technological standard has not yet been developed for Do Not Track, we do not currently respond to all Do Not Track signals. We continue to review new technologies and may adopt a standard once one is created.
Storing Your Information
We are a growing online business. To offer a consistent service to you we may store and manage data electronically or in paper form. Where data is stored electronically, it is done so by a third-party cloud service provider that may store your Personal Information or a backup of your Personal Information in Australia, the United States of America or such other locations that the third-party cloud service provider determines from time to time (see our list of third parties here for jurisdictions where your information may be stored). The data that we collect from you may be transferred to and stored on these servers or processed by staff operating in other countries, who work for us.
We will take all steps reasonably necessary to ensure that your information is secured from misuse, interference, loss, unauthorized access, unauthorized modification, or unauthorized disclosure. Any Personal Information will be handled in accordance with this Policy and applicable privacy laws. Despite using all steps reasonably necessary, the transmission of information through the internet is not completely secure.
Submission of any information to us is an acknowledgment that you agree to such use, storage, and disclosure.
3. How We Share Your Personal Information
We may share your information with:
- Our affiliates;
- Third parties including business partners, suppliers, and subcontractors;
- Any prospective buyer of any part of our business or assets; or
- Where we are required to disclose your information to comply with any legal obligation, or to enforce any agreements; or to protect the rights, property, or safety of us and our customers, or others. This includes, where relevant, exchanging information with third-party organisation for the purposes of fraud protection and credit risk reduction.
4. International Transfers
We collect and store Personal Information globally from each jurisdiction we operate in and from each legal entity that is owned or operated by us in different international jurisdictions and may transfer, process, and store your Personal Information outside of your country of residence, to wherever we or our third-party service providers operate.
If you are a resident of Canada, please note that we may process, store, and transfer your personal information in and to a foreign country, with different privacy laws that may or may not be as comprehensive as Canadian law. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country. Whenever we engage a service provider, we require that its privacy and security standards adhere to this policy and applicable Canadian privacy legislation.
Please note that because Digistorm’s and its service providers are located in the United States and other countries outside Canada, we may transfer personal information that we collect or that you provide as described in this policy to contractors, service providers, and other third parties we use to support our business and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy.
If you are in the EEA, Switzerland, or the UK, please be aware that we are an Australian company with operations in both Australia and the U.S., and, therefore, that any Personal Information that we collect from or about you will be processed by us in Australia and the United States. When you submit data, including Personal Information, via our Website or App, excluding in connection with the delivering of our products and services (for which we act as a processor, not a controller), that data is being submitted directly into Australia and/or the United States (as applicable) and at no time is it held in the EEA, Switzerland, or the UK. In such circumstances, we will be considered the controller of such data submitted.
We rely on the following provisions of the EU and UK Data Protection Legislation when transferring your data to our servers in Australia:
- Article 49(1)(a): at the time of submitting the data, you explicitly consented to the transfer of your data outside of the UK, Switzerland, or EEA and into Australia and/or the United States;
- Article 49(1)(b): the transfer of your data into Australia and/or the United States is necessary in order to perform the contract you are entering into with us when you submit your data;
- Article 49(1)(c): the transfer of your data into Australia and/or the United States is necessary to conclude or perform a contract concluded between you and us, created when you submitted the data; and
- Article 1: to otherwise pursue our legitimate business interests outlined in this policy.
Processors
We note that we use third parties as processors to process your information where we are the Controller. The processing undertaken by the third-party processor will depend on the nature of the services provided by such processor to you on our behalf. Please click here to view the list of third-party processors.
Where you submit any data to or otherwise access and use our Website and App:
- You expressly consent to us transferring the submitted data outside of the UK, Switzerland, and the EEA; and
- Consent to your use of the processors as disclosed and as added to or replaced from time to time.
Whenever we transfer your Personal Information to a processor based outside of the European Economic Area (“EEA”), Switzerland or the UK, we ensure a similar degree of protection is afforded to it by using specific contracts approved by the European Commission or the UK Government (as applicable) which give Personal Information the same protection it has in Europe or the UK (as applicable). For further details, see European Commission: Model contracts for the transfer of personal data to third countries and UK International data transfer agreement and guidance.
Please also note that through our parent company, Veracross LLC, Digistorm, LLC, our U.S. subsidiary participates in and has certified its compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as administered by the U.S. Department of Commerce. Through its parent, Veracross LLC, Digistorm, LLC has also certified its compliance with the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as also administered by the U.S. Department of Commerce.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Digistorm, LLC is responsible for the processing of personal data it receives, under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, and subsequently transfers such personal data to a third party acting as an agent on its behalf. Digistorm, LLC complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU, the UK, and Switzerland, respectively, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over Digistorm, LLC’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Digistorm, LLC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Digistorm, LLC commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Digistorm, LLC at privacy@digistorm.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Digistorm, LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
5. Data Subject Rights
You may request access to Personal Information that we hold about you at any time by contacting our Data Protection Officer at privacy@digistorm.com. We will respond to any such request for access to Personal Information within a reasonable time frame and will provide you with access to the Personal Information that we hold pertaining to you unless we are authorized not to do so by law.
Where permitted by law, we may charge you a reasonable fee for processing your request to access your Personal Information and should we decline you access to your Personal Information, a written explanation will be provided setting out the legal reasoning for doing so.
If upon receiving your Personal Information, or at any other time, you believe the Personal Information that we hold about you is incorrect, out of date, incomplete, irrelevant, or misleading, please notify our Data Protection Officer by email to privacy@digistorm.com.
If we decline to correct your Personal Information as requested by you, a reason for refusal will be provided except to the extent that it is unreasonable to do so. If we decline the request to correct Personal Information, you may request to associate a statement with the information.
Complaints
Should you believe that we have not fulfilled our obligations under any relevant law or have not complied with the terms of this Policy or would like to appeal a decision made by us in relation to your Personal Information, you can make a complaint in writing to our Data Protection Officer by email to privacy@digistorm.com.
We will respond to you within a reasonable period (or where a period is specified by any law, that period) to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.
For U.S.-based users
Application
This section applies to residents of the United States.
California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Correct inaccuracies in their personal information, considering the information's nature and processing purpose (excluding Iowa and Utah).
- Data portability.
- Opt-out of personal data processing for:
- Targeted advertising (excluding Iowa);
- Sales; or
- Profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
- Either limit (opt-out of) or require consent to process sensitive personal data.
The exact scope of these rights may vary by state. To exercise any of these rights please contact our Data Protection Officer at privacy@digistorm.com.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents of that state who wish to exercise this sale opt-out right may submit a request to this designated address: privacy@digistorm.com. However, please know we do not currently sell data triggering that statute's opt-out requirements.
To learn more about California residents' privacy rights, visit California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General.
For Canadian users
Rights of users located in Canada are governed by the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, the Personal Information Protection Act, R.S.A. 2003, c. P-6.5, the Personal Information Protection Act, R.S.B.C. 2003, c. 63 and an Act respecting the protection of personal information in the private sector, CQLR, c. P-39.1, as amended by Law 25, An Act to modernize legislative provisions as regards the protection of personal information (as applicable based on the location of the user in Canada).
Since the adoption of Law 25, if you are a Quebec resident you also have the following rights with respect to your personal information:
- Access Rights: the right to receive confirmation of the processing of your personal information, of the nature of the information being processed, and to receive a copy of it.
- Data Portability Right: the right, subject to certain exceptions, to ask that we communicate to you computerized personal information in a written, intelligible transcript, and any collected personal information in a structured, commonly used, technological format.
- Rectification Right: subject to certain requirements and exceptions, the right to ask to correct the information in our possession if it is inaccurate, incomplete, or ambiguous, or if collecting, communicating, or keeping it is not authorized by law.
- De-indexation Right or "Right to be Forgotten": the right to ask us to stop disseminating your personal information or to de-index any hyperlink attached to your name giving access to information if this dissemination causes you harm or contravenes the law or a court order.
- Automated Decision Making: the right to be informed when you are the subject of a decision based exclusively on automated processing of your personal information.
As a Quebec resident, you may also, on request, be informed about the personal information used to make the decision, the reasons and main factors leading to the decision, and the right to request correction of the personal information used to make the decision. You may also present your observations to a member of our staff for review of this decision.
Canadian users can access and modify their personal information in Digistorm’s possession by following the instructions in the section of this document titled “Changes to and Access to Personal Information.”
To exercise their other access rights under Canadian law, residents of Canada shall contact the Institution on whose behalf Digistorm processes their personal information.
For EU, Swiss, and UK users
Application
This section applies to residents of the European Economic Area (EEA), Switzerland, and the United Kingdom.
Definitions
Controller, Data Processor, Data Subject, Processor, Processing, Sub-processor, and Supervisory Authority shall be interpreted in accordance with applicable EU, Swiss or UK (as applicable) Data Protection Legislation.
EU Data Protection Legislation means all applicable privacy and data protection laws in the EU, including, without limitation, (i) the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR) and any legislation and/or regulation implementing or made pursuant to it or which amends or replaces any of them, as it applies to the EU and any EU member state; and (ii) the Privacy and Electronic Communications Directive (2002/58/EC) and any replacement law or regulation in the EU, and any applicable national implementing laws, regulations, and secondary legislation in any EU member state, in relation thereto; in each of (i) and (ii), as may be amended, superseded, or replaced.
UK Data Protection Legislation means all applicable data protection and privacy legislation in force from time to time in the UK including without limitation the UK GDPR; the Data Protection Act 2018 (and regulations made thereunder); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; and all other legislation and regulatory requirements in force from time to time in the UK which apply to Digistorm relating to the use of personal data (including, without limitation, the privacy of electronic communications).
Swiss Data Protection Legislation means all applicable data protection and privacy legislation in force from time to time in Switzerland, including without limitation the Swiss Federal Data Protection Act of 19 June 1992, as amended by the new Swiss Data Protection Act (the “revFADP”), as of September 1st, 2023.
If you are in the EEA, Switzerland, or the UK, you have certain rights under European law with respect to your Personal Information, including:
- The right to request access to your Personal Information
- The right to correct any Personal Information we hold about you
- Subject to certain exceptions, the right to ask that we erase the Personal Information we hold about you, a/k/a the “right to be forgotten”
- The right to ask that we communicate your Personal Information to you in a format that can be used to port your data to another service provider
- The right to ask that we do not subject your Personal Information to automated processing
- The right to restrict our processing of your Personal Information
- The right to object to our processing of your Personal Information
- The right to withdraw your consent to our processing of your Personal Information, if we process your data based on your consent.
If you wish to exercise the above rights in accordance with the EU, Swiss, and/or UK Data Protection Legislation, please contact us using the contact information below.
For more information about your legal rights with respect to your Personal Information please see our detailed description of those rights here.
For more information about the legal grounds under which we process your Personal Information as a controller under the EU, Swiss, and UK Data Protection Legislation please view our Glossary of terms here.
Please note that you also have the right to make a complaint at any time to your national regulator for data protection matters. We would, however, appreciate the chance to deal with your concerns before you approach the regulator, so please contact us in the first instance.
Purposes for Which We Will Use Your Personal Information
We have set out below, in a table format, a description of all the ways in which we plan to use your Personal Information collected from our Website and App and which of the GDPR legal basis we rely on to do so. Where we rely on our legitimate interests as the legal basis for processing the data we have also identified which legitimate interests we pursue.
Please note that you also have the right to make a complaint at any time to your national regulator for data protection matters. We would, however, appreciate the chance to deal with your concerns before you approach the regulator, so please contact us in the first instance.
| Purpose/Use | Type of Data | Legal Basis |
|---|---|---|
| To register you for conferences and special events |
Identity Contact |
Performance of a contract |
| To manage our relationship with you which will include notifying you about changes to our terms or privacy policy. Dealing with your requests, complaints, and queries |
Identity Contact |
Performance of a contract with you (to notify you about changes to our terms) Necessary to comply with a legal obligation (to notify you about changes to our privacy policy) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you) |
| To administer and protect our business and our Website and App (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data) |
Identity Contact Technical |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) |
| To deliver relevant Website or App content |
Identity Contact Device Technical |
Necessary for our legitimate interests (to study how customers use our Website, to develop them, to grow our business and to inform our marketing strategy) |
| To use data analytics to improve our Website and App |
Device Technical |
Necessary for our legitimate interests (to keep our Website and App updated and relevant, to develop our business and to inform our marketing strategy) |
| To make suggestions and recommendations to you about products that may be of interest to you |
Identity Contact Device Marketing and Communications Technical |
Necessary for our legitimate interests (to develop our products and grow our business) |
| To respond to your enquiries related to employment opportunities |
Identity Contact Employment and Education |
Performance of a contract with you or to take steps at your request prior to entering a contract with you |
6. Data Retention
We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see Data Subject Rights above for further information.
In some circumstances we will anonymise your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
7. Data Security
We have put in place appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Glossary
Legal Bases
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering such a contract.
Comply with a legal obligation means processing your Personal Information where it is necessary for compliance with a legal obligation that we are subject to.
Consent means any freely given, specific, informed, and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Information relating to you.
Legal Rights
You have the right to:
Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it.
You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
When your Personal Information was collected by your Institution under contract with us and processed by us on behalf of your Institution, please contact your Institution to exercise any of the above rights.
Contact
Your information, irrespective of which entity you submitted data to or contracted with, is controlled by Digistorm Pty Ltd and this entity has been appointed to deal with all privacy inquiries on behalf of the Digistorm Group. We have also appointed a data protection officer who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our Data Protection Officer by email to privacy@digistorm.com or by post at:
Data Protection Officer Digistorm Pty Ltd ACN 153 005 264 Suite G2, 2019 Gold Coast Highway MIAMI, QUEENSLAND 4220 AUSTRALIA
