Personal Data Protection Notice
simPRO legal information
In order to conduct our business, The simPRO Group Pty Ltd, a company established in Australia with company number 131 893 573 and its related bodies corporate which includes its offices in Australia, New Zealand, United Kingdom, Republic of Ireland, the United States of America, Canada, Singapore and The Netherlands (collectively referred to in this Notice as “simPRO”, “we”, “our” or “us”) need to process Personal Data of individuals that interact with us.
We process Personal Data when we perform (whether or not by automated means) any operation or set of operations on it. For example, we process Personal Data when we collect, record, organise, structure, store, alter, retrieve, consult, use, disclose, disseminate, restrict, erase or destruct such Personal data.
We consider the protection of your Personal Data a paramount corporate responsibility and we will always process Personal Data lawfully, fairly and in a transparent manner. This Personal Data Protection Notice (“Notice”) sets out the Personal Data we collect from you, why we collect it, how it is used and shared and your choices and rights regarding the use of Personal Data we collect.
By This Notice describes how we process Personal Data of:
- our suppliers, customers, business partners and their representatives;
- users of simPRO’s websites, web applications, mobile applications and desktop applications (“Products and/or Services”); and
- simPRO’s shareholders and their representatives;
This Notice does not cover the processing of Personal Data belonging to simPRO’s employees, contractors and job applicants. If you are one of these individuals, please see our separate Privacy Notice here.
What is Personal Data?
Personal Data is any information relating to relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
How do we collect your Personal Data?
We will primarily collect Personal Data from you either directly or indirectly from your interactions with us and our Products and/or Services. In some cases, we may also to collect Personal Data about you from third parties who provide services to us (for example, credit information agencies)
What type of Personal Data do we Collect?
We collect and process different types of Personal Data depending on who you are and why you interact with us.
We may process the following types of your Personal Data:
- Identification data – such as your name, gender, job title, photograph and date of birth
- Contact details – such as your home and business address, email address and telephone number.
- Sales-related information – which may include identification data and contact details along with business and industry information such as your business name, the industry your business is in and the size of your business and financial billing information that we require to process payment for our Products and/or Services.
- Usage information – this includes server log information (such as login information, IP addresses, device type, browser type, operating system, browser language, time zone, access times, network/connection type, location) and records of your use of our Products and/or Services.
- Other information – this includes information about access and attendance to our premises and physical assets, details about your use of our assets, communications with you (including complaints or concerns raised by you or any feedback or survey responses that you provide to us) and other information you voluntarily provide us.
- In respect of Shareholders, shareholder information – this includes contact details, number/quantify of shares and share numbers and details (including Identity and Contact details of any proxy who you may nominate to attend a Shareholders’ Meeting.
Sensitive Personal Data
Our policy (which is reflected in our terms and conditions applicable to our Products and/or Services is not to collect or otherwise process your ‘Special Category Data’ and/or ‘Criminal Offence Data’ (both as defined in The General Data Protection Regulation 2016/679 (“EU GDPR”) or EU GDPR as retained in the Data Protection Act 2018 or other applicable national legislation of the United Kingdom (“UK GDPR”) and/or other data which is treated differently by law due to its sensitive nature. If we do need to collect or otherwise process this category of your Personal Data, we will only do so on the basis of your consent to such processing and we will provide you with more details of our processing (including the measures we take to keep such data secure) at the point of collection.
How we Process your Personal Data – Lawful basis and purpose
We will only process your personal information when the law allows us to. Unless otherwise stated in this Notice, we process Personal Data for our Legitimate Interests. In particular, we process Personal Data in order that we may conduct our business operations and transactions smoothly and efficiently and continue to provide and develop our Products and/or Services. More specific examples of how our Legitimate Interests operate as the basis for our processing are listed below. In some cases, we also process your Personal Data in order to perform a contract we have entered into with you or because you have asked us to take specific steps before entering into a contract. We may process your Personal Data for any other purposes for which you have provided your consent or if there is another lawful basis for doing so and the new purpose is compatible with the original purpose. We may also process Personal Data where we are required to by law.
We process your Personal Data for the following specific purposes:
- managing our relationship with you – this includes providing you with information or our Products and/or Services, improving our Products and/or Services and communicating with you;
- business-related purposes – this includes negotiating, managing, and fulfilling our contracts with customers, suppliers and third parties, managing business relationships, managing accounts and records, supporting corporate social responsibility activities, resource planning and workforce management, activities and operations, internal investigations and debt administration;
- Products and/or Services-related purposes – this includes preparing a proposal (quote document) for you or sending you a demonstration, determining which or if any of our Products and/or Services are suitable for you, establishing your account, account integration or providing you with the Products and/or Services you have elected to purchase, notifying you of new features to our Products and/or Services or providing you with training, performing internal operations necessary to provide our Products and/or Services to you such as troubleshooting software, processing or facilitating payment for the Products and/or Services, including internal accounting or administration, providing your Personal Data to our related bodies corporate for the purposes of administration, storage, advisory or technical services;
- marketing and public relation purposes – this includes analysing the characteristics of visitors to our website, to prepare analytics and profiling for business intelligence purposes, to personalise your experience on our website and managing our newsletters and communications.
- managing safety and security risks – this includes managing and monitoring access and use of our premises and sites, safety and security at our sites and our IT environment (including monitoring electronic communications);
- internal operations – this includes troubleshooting, data analysis, testing, research, statistical and survey purposes; and
- managing shareholder relationships and complying with any legal requirements in relation maintaining the shareholder register.
We may also (upon obtaining your express permission) collect and otherwise process your Personal Data for secondary purposes, such as:
- evaluating your satisfaction and seeking feedback regarding our Products and/or Services; or
- sending you targeted marketing activities (including email mail outs or electronic marketing materials) in relation to events and/or our Products and/or Services.
Why our processing of your personal data is necessary
We only process Personal data when this is necessary, including where this is for our Legitimate Interests as detailed above. Our ability to perform the functions listed above (for example, our ability to perform any contract entered into with you) may be adversely affected if we do not process your Personal Data. It may also prevent us from complying with our legal obligations.
Except to the extent set out in this Notice or unless you are advised to the contrary, we do not use Consent as the lawful basis upon which we process your Personal Data.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We will only subject your Personal data to automated decision making where:
- we have notified you of the decision and given you 21 days to request a reconsideration.
- it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
- you give your explicit written consent to such automated decision making and where appropriate measures are in place to safeguard your rights.
With whom do we share your Personal Data?
We may disclose your Personal Data (which may sometimes include Special Category, Criminal Offence, or other sensitive Personal Data but only where you have consented to the processing of such Personal Data) to related bodies corporate as well as with third parties involved in the running of our business where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing. We might also be required to disclose your Personal Data to a third party:
- to respond to a legal process such as a court order or subpoena or to comply with the requirements of applicable law
- to protect the safety of any person; or
- to address fraud, security or technical issues.
In particular, we may disclose your Personal Data to the following parties:
Related Bodies Corporate
Where necessary, for the internal and/or external operations of the simPRO group of companies, including in order to provide you with our Products and/or Services, to perform a contract we may have entered into with you and/or so that we can best fulfil any of the purposes set out in clause 6, we may disclose your Personal Data between our related bodies corporate, meaning our offices across the world. See a list of our current locations here. This may result in your Personal Data being transferred to countries other than your country of residence, including countries which may be subject to reduced privacy laws. We can confirm that simPRO entities are subject to the same corporate policies and procedures (including this Notice) and we will only transfer data in accordance with the provisions of section 11 of this Notice.
We may also need to disclose your Personal Data to:
- third parties who provide services we use to run our business (such as external service providers that assist simPRO to perform information technology and security services functions);
- prospective purchasers of all or part of our business or of any shares in simPRO;
- our professional advisors (such as our lawyers and accountants); and
- government authorities or other persons where obliged to do so by an applicable law.
We do not allow our third-parties service providers to use your Personal Data for their own purposes unless this was specifically notified to you. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Transfer of Personal Data
Where disclosure to one of the parties mentioned above results in data being transferred to another country, we will only make such disclosure where we have a lawful basis for doing so and we shall ensure that the disclosure complies with all applicable laws. This may include entering into a legally binding contract with the recipient under which they are obliged to handle your information in accordance with applicable laws of that jurisdiction or a higher standard if required (for example to meet compliance with the requirements relating to international data transfer under EU GDPR and UK GDPR).
You can request a copy of the safeguards that we have put in place relating to the international transfer of Personal Data under this section by using the contact details at section 17.
For the purposes of this Notice, “disclose and disclosure” means to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your Personal data to another person or entity.
How do we keep Personal Data safe?
We have an obligation to ensure that your Personal Data is protected from unauthorised processing, accidental disclosure, access, loss, destruction or alteration. Accordingly, we have a range of technical security measures and procedures in place to ensure that your Personal Data is protected appropriately. These measures have been implemented and are reviewed regularly to protect your Personal Data from scenarios which may result in the accidental or unauthorised disclosure of your Personal Data as mentioned above.
In the unlikely event there is a data breach, we will notify the relevant data protection authority as required by applicable law.
For further information on the security measures in place you can contact us by using the contact details at section 17.
For how long do we keep your Personal Data?
We will only keep your Personal Data for as long as necessary to fulfil the purposes for which we are processing your Personal Data unless the law requires us to retain it for longer. For example, if required by local legislation or in the event we required it to defend legal proceedings.
In accordance with our retention policy, we will ensure Personal Data is destroyed securely.
Third Party Links and Forums
Our Products and/or Services may contain links to other websites. We are not responsible for the privacy practices or the content of other websites. The privacy practices applicable to other websites may differ substantially from ours. Please read the privacy Notice of any other websites you visit before using such websites.
Any Personal Data that you choose to submit or post on our social media pages or any other public forum (“Forums”) may be read, collected, or used by others who visit these Forums and may be used to send you unsolicited messages. We are not responsible for the Personal Data you choose to submit in these Forums.
What are your rights in relation to the Personal Data we collect?
You have certain rights in relation to your Personal Data that we hold about you, though the details of these may vary depending on the country where you are based.
In general, it is within your rights to:
- request access to and obtain copies of any Personal Data we have collected from you;
- request that your Personal Data be provided to you in a format that can be easily read; and
- modify or rectify your Personal Data if it is no longer accurate.
If you wish to exercise any of the above rights, please send your request to our Data Protection Officer using the contact details set out below.
- request the erasure of your Personal Data (more commonly referred to as the “Right to be Forgotten”) if you believe it is no longer necessary for the purposes of which it was originally collected;
- request the restriction of processing;
- withdraw consent (where processing is being undertaken on the basis of consent) previously given at any time;
- object to the processing of the Personal Data where processing is being undertaken on the basis of our (or a third party’s) Legitimate Interests; and
- request the transfer of your Personal Data from simPRO to a third party.
- have any questions or complaints in relation to this Notice or our use of your Personal Data
- wish to inform us of a change or correction to your Personal Data or exercise any of the other rights available to you as a data subject; or
- would like a copy of the information we collect on you in relation to this Notice or our use of your Personal Data,
please contact our Data Protection Officer using the following details:
Name: Data Protection Officer Email: firstname.lastname@example.org Post: Attention: Data Protection Officer
simPRO Software Limited
Building 17, Garden City Office Park
2404 Logan Road
Eight Mile Plains QLD 4113
If you are not satisfied with simPRO’s response the regulatory body that governs privacy in your jurisdiction may be able to help you. Please contact our Data Protection Officer for details of the regulatory body that applies to you.
We will ensure that your question, concern or complaint is dealt with as soon as practicable. We reserve the right to verify your identity before complying with the request.
Changes to this Personal Data Protection Policy
We may amend this Policy from time to time in order to continue ongoing compliance with applicable Privacy regulations. If there are significant changes made to this Policy, we will ensure we notify you.
Changes to this Personal Data Protection Notice
We will update this Notice from time to time where necessary to reflect changes in applicable laws or in our privacy compliance practices. The latest version of this Notice will always be available online through the simPRO website.
This Notice was last updated on 12 May 2022