Version 2.1 - Effective from July 2022
This Privacy Policy describes how Social Pinpoint Pty Ltd (ACN 164 471 425) (“we”, “us” or “our”) collects, protects, discloses, stores and uses your personal information through its provision of online software applications and other digital products (the “Software”) and services (together, the “Services”).
Our Software is operated by an external operator (the “Operator”) who licences the Software from us and may, from time to time, collect information for various reasons outlined in their Privacy Policy, Privacy Statement, or any other applicable Agreement. You should check these documents and ensure you are comfortable with how the Operator will collect and handle your personal information.
This Privacy Policy has been prepared to take into account the following privacy laws:
- Australia - Privacy Act 1988 (Cth) (“Privacy Act") and the Australian Privacy Principles (“APPs"). See Appendix 1 for Privacy Act and APP specific provisions.
- Canada - The Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA).
- European Union - General Data Protection Regulation 2016/679 (“GDPR”). See Appendix 2 for GDPR specific provisions.
- New Zealand - Privacy Act 2020.
If the Operator is a government entity or located in another jurisdiction, we may also contractually agree to comply with additional privacy laws.
What information is collected?
Personal Information
Customers:
In providing its Services, the type of personal information collected by us may include (but may not be limited to) the following types of information, when this information is shared:
- Your name
- Email address
- Phone number
- The organisation you work for
- Your job title
- Your preferences and opinions with respect to the Services
- Details of the Services requested by you and provided to you and Social Pinpoint's (SPP) response to you, including with respect to any support requests
- Any feedback you provide to SPP, including in any feedback surveys
- Your IP address
- Other unique ID numbers
- Any other personal information requested by Social Pinpoint and/or provided to Social Pinpoint by you or by a third party.
Users of our Services:
The Operator may collect a range of personal information from you when you use our Services (whether as a staff admin user for the Operator or as a visitor to the Operator’s website), depending on their specific requirements and needs. Personal information may be collected in a range of ways including through a registration process or through various activities and interactions on the site.
The type of personal information collected will vary between Operators and may include (but may not be limited to) the following types of information, when this information is shared:
- Your name
- Email address
- Username
- Profile picture
- Phone number
- Your IP address
- User-agent string
- Other unique ID numbers
- Social network account IDs
- Physical address, postcode, or other locational attributes
- Demographic information such as age, gender, etc.
- Information about your preferences
- Your recorded thoughts, ideas, opinions, etc. as expressed by you. This may include sensitive information if you provide political opinions.
You will need to check the Privacy Policy of the Operator to confirm what personal information is collected.
Where an Operator collects your personal information, this personal information may also be collected and accessed by us in fulfilling our duties and responsibilities to the Operator and to internally analyse and improve our Services and Software.
Cookie Policy
Our websites use cookies to record and log data. We use both session-based and persistent cookies, dependent upon how you use or interact with our websites.
Cookies are small data files sent by us to your computer, or from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them, or until they expire.
When you use one of our websites, we may use technologies such as cookies to store information about your visit. If you have provided us with personal information, cookies may be associated with this information.
We use this information to better understand how people use our websites, to improve our products, to ensure that we give you the best experience we can, to detect fraud or abuse and to help our customers learn about which engagements and content most matter to their communities.
If you do not wish to have cookies enabled, or wish to be notified of their use, most modern browsers will allow you to adjust this in the settings. Please note that disabling the use of cookies on our software may result in restricted/impacted functionality, and you may not be able to take full advantage of the service.
We use the following categories of cookies on our sites:
Necessary cookies
These cookies are essential to enable you to browse around our websites and use its features. Without these cookies, functionality related to certain tools and accessing secure areas of the site could not be provided.
Preferences cookies
Also known as “functionality cookies,” these cookies allow a website to remember the choices you have made in the past, like what language you prefer or what your username and password is so that you can automatically log in next time.
Statistical cookies
Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. The purpose of this information is to help understand how users are engaging with the website and to improve website functions.
Operators may also use cookies on our Software. Operators are responsible for notifying you of the cookies they use and how you can control which cookies are enabled.
Links
This Privacy Policy does not apply to third party websites or digital services which may be linked to content published by either us or the Operator. We recommend you read the privacy statement of the relevant service when you access these third party sites.
How do we use your information?
Customers:
SPP may use information it collects (personal or otherwise) in order to:
- provide our Services to you
- allow you to access our Software
- send you updates and information where you have consented or would reasonably expect to receive them
- respond to your enquiries
- to request your feedback
- maintain our licensed Software
- for internal record keeping, administrative, invoicing and billing purposes
- detect and rectify fraud or other behaviour that violates any terms of use
- comply with our contractual or legal obligations and resolve any disputes that we may have
- conduct de-identified research, analytics and business development
- improve our Services, Software and our website
- if otherwise required or authorised by law
Users of our Services:
Social Pinpoint may access and use the information collected by the Operator (personal or otherwise) in order to:
- allow you to access our Software
- respond to your enquiries
- maintain our licensed Software
- detect and rectify fraud or other behaviour that violates any terms of use
- respond to service requests from the Operator
- comply with our contractual or legal obligations and resolve any disputes that we may have
- monitor sites to ensure adequate safety and security
- conduct de-identified research, analytics and business development
- improve our Software and services
- if otherwise required or authorised by law
How do we protect your information?
Social Pinpoint takes the privacy of your information very seriously, and we use industry standard practices to keep your data safe and secure.
How do we disclose your personal information?
Customers:
In providing the Services, our Software and our website SPP may disclose your personal information to:
- our third party helpdesk management provider for customer support tickets
- our third party email management system to send email updates and notifications
- our employees, contractors and/or related entities
- our existing or potential agents or business partners
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred
- credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights
- any other third parties as required or permitted by law, such as where we receive a subpoena
Users of our Services:
In providing the Services and our website, SPP may disclose your personal information to:
- our third party email management system to send email updates and notifications
- our third party authentication and authorisation provider for our Software, if enabled
- other third party service providers for the management of security, fraud detection, internal logs, basemaps and geocoding services, content moderators, graphic providers, web mapping tools and software which allows for the functionality of a browser
- Social media sites when you choose to share content or authenticate your user account through them
- any other third parties as required or permitted by law, such as where we receive a subpoena
Contact us
To contact us about our Privacy Policy, compliance with any applicable privacy laws, or to modify or delete your personal data, please email our Privacy Officer at: info@socialpinpoint.com
The Privacy Officer will review all messages received and respond to each message upon due consideration. We may require further information to respond to your message, or may refer you to the Operator when appropriate.
Changes to this Policy
We reserve the right to modify this policy from time to time, at our sole discretion. If we make a material change to the Privacy Policy we will notify you and the modified policy shall be effective once we notify you of the change. If we do not make any material amendments then we will post the modified policy on our website and it shall be effective once posted. We recommend that you regularly check our website to make sure you are aware of our most up-to-date policy.
Appendix 1 – The Privacy Act and the APPs
The Privacy Act and the APPs set out the core requirements for the protection of personal information in Australia. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions
How do I access, change or delete my personal information?
In some cases you may be able to access and correct your personal information by logging into your account (if the Software provides this functionality), where you can update your personal details.
You may also request a copy of, changes to, or deletion of, the personal information we hold, and we will act on this request within a reasonable period of time unless we are legally permitted to refuse to do so, in which case we will provide you with details of our refusal in writing.
Before acting on your request we may be contractually required to provide notification to or seek the consent of the Operator.
Social Pinpoint will endeavour to respond to your request or inquiry within 30 days.
How do I make a complaint?
If you wish to make a complaint, please contact us using the details in the contact section above and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response you also have the right to contact the Office of the Australian Information Commissioner.
Will my personal information be transferred overseas?
Where we disclose your personal information to third parties in our Privacy Policy, these third parties may store, transfer or access personal information outside of Australia, including but not limited to the United States of America and the Philippines.
We will only disclose your personal information to countries with laws which protect your personal information in a way which is substantially similar to the Australian Privacy Principles or we will take such steps as are reasonable in the circumstances to ensure the third party protects your personal information in accordance with the Australian Privacy Principles.
Appendix 2 – The GDPR
Under the GDPR individuals located in the EU have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix sets out the additional rights we give to individuals located in the EU when we sign a GDPR compliant data processing agreement with an Operator, including how we process personal information lawfully, transparently and fairly. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.
What personal information is relevant?
This Appendix applies to the personal information set out in the Privacy Policy above where we sign a GDPR compliant data processing agreement with an Operator. This includes any sensitive information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.
Our commitment to you
Your personal information will:
- be processed lawfully, fairly and in a transparent manner by us;
- only be collected for the specific purposes we have identified in the ‘collection and use of personal information’ clause above and personal information will not be further processed in a manner that is incompatible with the purposes we have identified;
- be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed;
- be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to rectify any of your personal information);
- be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal information was collected or required by an applicable controller; and
- be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.
How do we process personal information?
If the GDPR applies and we act as a controller, we must have a legal basis to process your personal information. We will process your personal information in accordance with the following legal bases:
- Legitimate interests: We will process your personal information for our legitimate interests to allow you to access and use our website, to send you marketing content we think may be of interest to you, to contact you if you leave your contact details with us or if you otherwise initiate contact with us, to review and improve our Services and for our internal business purposes.
- Performing a contract: We will rely on performing a contract to process your personal information where we are preparing to enter into a contract with you or we are carrying out our obligations under a contract with you, including where you have entered into a contract with us for our Services or the licensing of our Software.
- Legal obligation: We will rely on a legal obligation to process your personal information where we are subject to a legal obligation, including to respond to any illegal activity and for taxation purposes.
- Consent: If we need to rely on consent, we will ask for consent to process any of your personal information for that specific purpose before we process your personal information for that purpose.
Upon written request, we may provide you with a list of the third parties we use to process your personal information and the locations of those third parties.
Data retention
If the GDPR applies or we have signed a GDPR compliant data processing agreement, and we act as a processor:
We will only retain your personal information in accordance with the controller’s instructions and we will delete or return your personal information to the controller in accordance with the terms of the applicable data processing agreement.
If the GDPR applies and we act as a controller:
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see ‘access, erasure and data portability’ below for further information.
In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for analytics, research or statistical purposes in which case we may use this anonymised information indefinitely without further notice to you.
Data transfers
The countries to which we send data for the purposes listed above may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries:
- we will perform those transfers in accordance with the requirements of the GDPR (for example, by using the Standard Contractual Clauses as a safeguard); and
- we will protect the transferred personal information in accordance with the Privacy Policy, as supplemented by this Appendix.
Countries to which we may transfer personal data include Australia, the Philippines and the United States of America.
Extra rights for EU individuals
Objecting to processing:
You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, in order to proceed with the processing of your personal information.
Restricting processing:
You have the right to request that we restrict the processing of your personal information if:
- you are concerned about the accuracy of your personal information
- you believe your personal information has been unlawfully processed
- you need us to maintain the personal information solely for the purpose of a legal claim
- we are in the process of considering your objection in relation to processing on the basis of legitimate interests
Access, erasure and data portability:
You may have the right to request details of the personal information we hold about you, or to request that we erase the personal information we hold about you, or that we transfer this information to a third party.
Rectification:
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, incomplete, misleading or out of date.
Note that if we are acting as a processor of your personal information, before acting on a rights request we will need to seek the instructions of the relevant Operator.
If the GDPR applies and we act as a controller of your personal information, we will endeavour to respond to your request or inquiry within 30 days.
How do I make a complaint?
If you wish to make a complaint, please contact us using the details in the contact section above and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response you also have the right to contact the relevant EU supervisory authority.