Privacy Policy

‘Personal Information’ is any information or an opinion about you or an individual that identifies you or that could reasonably identify you. This could include information such as your name, contact details, date of birth or employment details.  

‘Sensitive Information’ is any information or opinion about you or an individual which is health information or which relates to your racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record. The APPs place more stringent obligations on us when we handle your sensitive information.

We collect, hold, use and disclose your Personal Information and Sensitive Information that you disclose to us or which we obtain from third parties to enable us to provide and facilitate products and services to you. We will only collect and retain information that is reasonably necessary for the performance of our activities and functions so that we are able to provide you with the products and services you require or which we recommend to you. This includes, but is not limited to:

1. managing your requests for products and products and services;
2. responding to feedback or concerns you have regarding our products and products and services;
3. registering and servicing your account, including keeping your information up-to-date, and verifying your identity;
4. communicating with you about our products, products and services, promotion (including direct marketing);
5. requesting feedback through surveys and research so that we can improve our products and products and services;
6. improving our operational processes to enhance your customer experience;
7. working with our service providers;
8. safety, security, investigative, fraud, and loss prevention activities;
9. facilitating corporate transactions like merger and acquisitions, e.g. to assess those transactions and manage the transition of the business;
10. complying with your legal obligations and protecting and defending our legal rights and interests; 
11. interacting with Regulators and relevant government entities; and
12. as otherwise required or permitted by law. 

Where you provide us with personal information as about someone else, you must have their consent to provide their personal information to us based on this Privacy Policy. 

The kinds of Personal Information and Sensitive Information we collect and hold depends on the specific products and services provided to you. This will usually include but is not limited to the following:

1. your identity and contact details (name, postal and/or residential address, email address, telephone number(s), age and gender;
2. non-personally identifiable information (browser type, version and language, operating system, page access times etc);
3. financial and transaction information;
4. user data;
5. contact history with us; and 
6. marketing and communications data.

If you do not provide us with the required information, we may not be able to perform the products and services which you require us to provide.

During the course of providing our products and services to you, we will collect personal information from you by asking you verbally for that information, or requiring you to complete forms or documents necessary to enable us to provide you with our products and services.

We may also generate new personal information from time to time – e.g. reports or analysis based on other information we hold about you.

We will take reasonable steps to store information in a secure manner to protect the security of your personal information. We implement a range of measures, including people, process and technology controls to protect the security of your personal information. Examples of these measures include:

1. a combination of physical and technical measures. Information that we store electronically, is stored in secure cloud-based facilities based in Australia and North America. This information is secured, and access is limited to necessary employees and subcontractors of Red Planet Software;
2. appropriate technology to protect your personal information stored electronically, such as passwords, as well as limiting the number of personnel who have access to your personal information, whether stored electronically or in hard copy;
3. staff are bound by internal confidentiality and information security policies that require them to keep personal information secure at all times;
4. protecting personal information in accordance with the Office of the Information Commissioner’s Guide to Securing personal information; 
5. maintaining an ongoing security program where we invest continually in cyber security;  and
6. regular training to our staff regarding the collection, storage and handling of your personal information. 

Our security controls are continually reviewed to protect your personal information appropriately. 

When we no longer require your Personal Information and Sensitive Information, it will be destroyed or permanently de-identified. However, we will retain information for as long as the law requires.

A data breach is when Personal Information and/or Sensitive Information held by us is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Examples of a data breach are when a device containing personal information of clients is lost or stolen, an entity’s database containing personal information is hacked or an entity mistakenly provides personal information to the wrong person. A ‘data breach’ may also constitute a breach of the Regulations, however this will depend on whether the circumstances giving rise to the data breach also constitute a breach of one or more of the Regulations.

We have a data breach response plan. Our actions in the first 24 hours after discovering a data breach are crucial to the success of our response. A quick response can substantially decrease the impact on the affected individuals.

However, despite our reasonable efforts, we cannot guarantee that the security of your Personal Information and Sensitive Information will not be breached. Therefore, to the fullest extent permitted by law, we disclaim all liability and responsibility for any damage you may suffer due to a data breach, except to the extent that our liability cannot be excluded by applicable laws and regulations which we are subject to.

Data Breaches may be reported to the Office of the Australian Information Commissioner or the relevant international authority. As part of our Data Breach response plan we will determine if a report is required and if so will make that report. Individuals are entitled to make reports whether or not we do so. To submit reports or make enquiries please visit the OAIC’s website – https://www.oaic.gov.au/privacy/notifiable-data-breaches/report-a-data-breach

We may use your Personal Information and Sensitive Information for the following purposes:

• to confirm your identity;
• to contact you directly about our products and services;
• to share it with our related entities, subsidiaries or other specialist providers as required to perform functions on our behalf;
• to share with suppliers and third parties that carry out specific functions on our behalf, so that we can provide you with the products and services; 
• for other purposes communicated to you when your information is collected;
• for disclosures required by law, regulation or court order; 
• to provide data to Government departments and agencies as required when providing you with the products and services;
• to share with parties involved in business transfer transactions (and prospective transactions); and
• to conduct internal client research and assessment.

This includes us using this information to communicate with you about our products and services, for internal administration, direct marketing and planning purposes. We will also use your Personal Information for purposes related to those described above which would be reasonably expected by you. You may request not to receive direct marketing communication from us by contacting the Privacy Officer (details below).

We will not use your Personal Information and Sensitive Information for purposes other than those described above, unless we have your consent, or there are specified law enforcement or public health and safety reasons (as permitted under the Regulations).

We may outsource business functions to other organisations and as such, it is possible that your Personal Information and Sensitive Information will, as required from time to time, be disclosed or transferred to other organisations to allow them to assist us to provide you with products and services. In doing so, we will take reasonable steps to ensure that any outside organisations are bound by privacy obligations protecting your personal information, and that they will only be provided with the personal information required to deliver their products and services.

We will disclose your Personal Information and Sensitive Information to overseas recipients located in New Zealand, Canada, United States of America, United Kingdom, Indonesia, Philippines and Mongolia as and when required in order to provide you with the products and services. If we transfer your Personal Information outside Australia, we will endeavour to comply with the requirements of the Regulations that relate to transborder data flows, but we cannot guarantee compliance and you specifically agree that you understand this. Therefore, to the fullest extent permitted by law, we disclaim all liability and responsibility for any damage you may suffer due to our non-compliance with APP 8.1, except to the extent that our liability cannot be excluded by applicable laws and regulations which we are subject to.

You should also be aware that:

• any overseas recipient may not be subject to any privacy obligations or to any principles similar to the APPs;
• you may not be able to seek redress in the overseas jurisdiction; and
• any overseas recipient may be subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.

While we will not directly disclose your Personal Information and Sensitive Information to overseas recipients without your consent, the entities to which we may disclose your Personal Information and Sensitive Information may do so. We are unable to say what countries, if any, those recipients are likely to be located in as the locations will differ from time to time.

When we receive Personal Information or Sensitive Information from individuals in the European Union (the EU), we will be required to comply with the European General Data Protection Regulation (GDPR). 

The GDPR applies to data processing activities of processors and data controllers outside of the EU, regardless of size, where the processing activities are related to:

• offering goods or products and services to individuals in the EU (irrespective of whether payment is required); and/or
• monitoring the behaviour of individuals in the EU, where that behaviour takes place in the EU.

The GDPR requires us to comply with seven principles with regards to processing Personal Information and Sensitive Information. To that end, we can confirm that we:

• process your Personal Data lawfully, fairly and in a transparent manner as outlined in this Privacy Policy;
• only collect Personal Information for specified, explicit and legitimate purposes and not further process in a manner that is incompatible with the purposes as disclosed by us in this Privacy Policy;
• only collect Personal Data that is adequate, relevant and limited to what is necessary in relation to the purposes outlined by us in this Privacy Policy;
• will take every reasonable step to ensure that Personal Information is accurate and up to date and any inaccurate data is erased or rectified without delay;
• will not store Personal Information for longer than is necessary for the purposes as outlined in this Privacy Policy;
• will process your Personal Information in a manner that ensures appropriate security of the information, as outlined in this Privacy Policy, as such processing methods are sufficient in protecting the information against accidental loss and destruction or damage; and
• take full accountability for compliance with all of the above. 

We are required, under the GDPR, to obtain your express consent to the processing of your Personal information in the form of a signed document. We confirm that we will require you to physically sign and return any document that we require in this regard. If you do not sign and return such document, we will not be able to collect your Personal Information which may mean we cannot provide you with certain goods or products and services. 

If you are accessing this Privacy Policy via our website, we may use cookies on our website from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our website with personal information, this information may be linked to the data stored in the cookie.

If you are accessing this Privacy Policy via our website, we may use web beacons on our website from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

If you are accessing this Privacy Policy via our website, our website may contain links to other websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

This Privacy Policy discloses our current privacy practices. From time to time and in line with client expectations and legislative changes, this Privacy Policy will be reviewed, and, if appropriate, updated at any time without notice. We will endeavour to provide you with notice of the changes as soon as reasonably practicable to do so.

You can access the Personal Information and Sensitive Information we hold about you. You may also make requests to correct inaccuracies, access information or seek data deletion or erasure. 

We will take reasonable steps to ensure that any Personal Information or Sensitive Information that we collect, use, store or disclose, is relevant, accurate, complete and up-to-date. If you believe the information we hold is inaccurate, incorrect, or incomplete, you may request that your information be corrected and we can then take reasonable steps to correct this information. 

Please contact our Privacy Officer (details below) to access or request updates to any Personal Information and/or Sensitive Information which we hold or to request erasure of the information we hold.

From time-to-time, Red Planet utilises artificial intelligence (AI) to assist with the provision of products and services. AI is currently used only as an assistive tool and does not replace the function of any employees, subcontractors or the like.

Red Planet acknowledges and agrees that it will not provide any Personal Information or Sensitive Information to any public AI resource or tool.

If you have a complaint about the way we have dealt with your Personal Information or Sensitive Information, or about this Policy itself, we invite you to provide written details of your complaint to our Privacy Officer (contact details below).

Our Privacy Officer will contact you within 14 days of the date we receive the written details of your complaint to acknowledge that we have received it. Our Privacy Officer will then:

1. review the way we dealt with your Personal Information and/or Sensitive Information;
2. conduct an internal investigation (if necessary) into how your Personal Information and/or Sensitive Information came to be handled in the way that it was; and
3. provide a report to you within one month of the date we acknowledged receipt of your complaint. 

If you believe we have breached the APPs, you may also lodge a complaint with the Office of the Australian Information Commissioner.

Should you have any queries, complaints or comments about this Privacy Policy, please contact our Privacy Officer in writing by post or email at:

POST:
Attention: The Privacy Officer
Red Planet Global Pty Ltd (ABN: 43 633 968 868)
Level 26, 44 Market Street
Sydney NSW 2000
AUSTRALIA

EMAIL:  info@redplanetsoftware.com

TELEPHONE: +61 2 9091 8095