Effective Date: 18 March 2021
Cycling-Inform Pty Ltd ACN 123 381 582 as trustee for the Cycling-Inform Unit Trust and its successors and assigns (we, us or our) is covered by the 13 Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Act) (as amended from time to time). For the purpose of this Policy:
Personal Information means information, including financial information, or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is in a material form or not.
Sensitive Information means information or an opinion (that is also Personal Information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual practices, criminal record or health information.
We recognise the importance of protecting your Personal Information. We will take reasonable steps to ensure all Personal Information held by us is secure and all Personal Information collected, used or disclosed by us is accurate, complete and up to date. Our handling of Personal Information is regulated by the Act.
This Policy is published on our website and may be updated from time to time at our discretion. By continuing to use our website, or otherwise continuing to deal with us, you accept this Policy as it applies from time to time. You may request a hard copy of this Policy.
Types of Personal Information
Depending on the particular circumstances, we may collect and hold a range of different Personal Information about you. This may include, but is not limited to, your name, date of birth, contact details (including address, email address and telephone number), driver’s licence number, photos or videos of you, credit related information, internet protocol address, server address, domain name, payment details, transaction and financial information (such as credit card or bank account numbers).
Sources of Personal Information
Where possible, we will collect Personal Information directly from you. In some instances, we may collect Personal Information from other sources such as third parties, publicly available sources, press reports or other publications, in which case, we will endeavour to verify such details with you.
We acknowledge that there is no obligation for you to provide us with Personal Information except as required by law. However, if you choose not to provide us with certain Personal Information, we may not be able to deal with you or provide you with our full range of services or employment.
We collect Personal Information in a number of ways, including but not limited to, directly from you when you engage us to provide you with services or products, set up an account with us and when you browse or make any purchases from our website. If you apply for employment with us, we may collect Personal Information about you from any third parties that you nominate as your referees and you consent to us obtaining Personal Information about you from third party sources such as social media sites.
Purpose for Use and Disclosure
The purpose for which we use and disclose Personal Information will depend on the circumstances in which it is collected. We will only hold your Personal Information for the particular purpose of for which we collected it (Primary Purpose).
We will not use or disclose your Personal Information (not being Sensitive Information) for another purpose (Secondary Purpose) unless:
- you would reasonably expect us to use or disclose it for a Secondary Purpose that is related to the Primary Purpose or (in the case of Sensitive Information) directly related to the Primary Purpose;
- we are required to by law;
- a permitted general purpose exists;
- a permitted health situation exists;
- we reasonably believe it is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body (for example, to comply with occupational health and safety, industrial relations and taxation laws).
Specific purposes for which we may use or disclose Personal Information include the purposes of providing you with services, dealing with customer care related activities, marketing and developing our services, the operation and administration of accounts, carrying out certain checks, considering an individual for employment, interacting with companies or organisations with whom we have a business relationship, complying with our obligations under agreements with third parties and carrying out any activity in connection with a legal, governmental or regulatory requirement that we have to comply with, or in connection with legal proceedings, crime or fraud prevention, detection or prosecution.
In the event we collect Sensitive Information about you, you consent to us collecting, using and disclosing the Sensitive Information for the purpose for which it was disclosed and as permitted by the Act and other relevant laws.
We may disclose your Personal Information to overseas recipients, in accordance with the requirements in the APPs, for use in overseas countries including without limitation the Philippines, Fiji, United States of America, New Zealand and the United Kingdom.
Pixel tracking and 3rd party cookies are stored by, but not limited to, the following external services providers: Infusionsoft, PlusThis, Wicked Reports, Google, Facebook, Vimeo, and Calendly.
Anonymity and Pseudonymity
You can deal with us anonymously (without identifying yourself) or under a pseudonym (fictitious name) unless you are applying for credit from us, applying for employment with us, dealing with us in relation to the provision of services or in any other situation where it is impractical or unlawful to deal with you anonymously or under a pseudonym.
Storage of Personal Information
All Personal Information collected by us will be retained as part of our business records, which will be securely monitored and maintained. We hold Personal Information in a number of ways, including:
- as part of customer records and other electronic documents on which Personal Information is contained which are stored on our information technology systems and servers operated by third parties who provide services to us in connection with our business; and
- by securely storing hard copy documents on which Personal Information is contained, at our various premises and using third party document management and archiving services.
Retention of Personal Information
If we receive Personal Information where we have not taken any steps to collect such information, then within a reasonable time we will decide whether we could, under the APPs, have solicited that Personal Information ourselves. If we determine that we would not, under the APPs, have been permitted to solicit the Personal Information, we will as soon as practical (where lawful and reasonable to do so) destroy or de-identify that unsolicited Personal Information. If we could, under the APPs, have solicited the Personal Information then we may use and disclose the Personal Information for the purpose for which it was disclosed and as permitted by the Act and other relevant laws.
Where Personal Information held by us is no longer required to be held, and its retention is not required by law, then we will destroy such Personal Information by a secure means.
Access to Personal Information
You can gain access to your Personal Information, subject to certain exceptions contained in the Act. To request access to your Personal Information, or to update or correct that Personal Information, please send a written request using our “Contact-Us” form. We will check the identity of individuals making requests to determine within 14 days whether the request will be met.
We may send you marketing communications in line with your previously expressed marketing preferences or as otherwise permitted under the Act and other relevant laws. If you do not wish to receive such communications, please contact us via the Contact Address or follow the opt-out instructions contained in each marketing communication.
European Economic Area users
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under the European Union General Data Protections Regulation (GDPR). The legal bases depend on the services you use and how you use them. This means that in respect of individuals in the EEA, we collect and use your information only where:
- it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose (for example we might ask for consent in order to provide you with our services, provide customer support and personalised features); or
- we need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services.
Our responsibilities as a “controller” under the GDPR
Controllers are defined by the GDPR as natural or legal persons, a public authority, agency or other body to which personal information or personal data has been disclosed, whether via a third party or not, and who determines the purposes and means of processing personal information. We are a controller under the GDPR as we collect, use and store your personal information (if you are an individual in the EEA) to enable us to provide you with our goods and/or services.
As a controller, we have certain obligations under the GDPR when collecting, storing and using the personal information of individuals based in the EEA. If you are an individual located in the
EEA, your personal data will:
- be processed lawfully, fairly and in a transparent manner by us;
- only be collected for the specific purposes we have identified in the ‘collection and use of personal information’ clause above and personal information will not be further processed in a manner that is incompatible with the purposes we have identified;
- be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed;
- be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information);
- be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal data was collected;
- be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.
We also apply these principles to the way we collect, store and use the personal information of our Australian customers or clients.
Specifically, we have the following measures in place, in accordance with the GDPR:
- Data protection policies: We have internal policies in place which set out where and how we collect personal information, how it is stored and where it goes after we get it, in order to protect your personal information.
- Right to ask us to erase your personal information: You may ask us to erase personal information we hold about you.
- Right to ask us to restrict data processing: You may ask us to limit the processing of your personal information where you believe that the personal information we hold about you is wrong (to give us enough time to verify if the information needs to be changed), or where processing data is unlawful and you request us to restrict the processing of personal information rather than it being erased.
- Notification of data breaches: We will comply with the GDPR in respect of any data breach.
Children’s Online Policy
We are committed to preserving online privacy for all of its website visitors, including children. This site is a general audience site. We will not knowingly collect any information from, or sell to, children under the age of 13. If you are a parent or guardian who has discovered that your child under the age of 13 has submitted his or her personally identifiable information without your permission or consent, we will remove the information from our active list, at your request. To request the removal of your child’s information, please contact us.
If you are concerned that the way in which we collect, hold, use or disclose your Personal Information may be in breach of the APPs, please send written details of your complaint to the Contact Address.
After receiving a complaint, we will conduct internal discussions and evaluate whether we believe that such collection, holding, use or disclosure of your Personal Information was in breach of the APPs. We will endeavour to notify you of the results of our investigation of your complaint within 30 days of receiving your complaint. However, if your complaint involves complex issues or requires extensive investigation, it may not be possible to respond within this timeframe. If the conclusion of our investigation is that our collection, holding, use or disclosure of your Personal Information was in breach of the APPs, we will take steps to remedy the breach as soon as reasonably practicable. If after dealing with us you are still not satisfied, you are entitled to make a complaint to the Office of the Australian Information Commissioner (www.oaic.gov.au) or the Financial Ombudsman Service (www.fos.org.au).