Introduction and Scope
simPRO Group Pty Ltd, its subsidiaries and any other entity which may be acquired now or in the future (collectively referred to in this policy as “simPRO”, “we”, “our” or “us”) considers the protection of your Personal Data a paramount corporate responsibility.
This Personal Data Protection Policy (“Policy”) describes the privacy practices of simPRO’s websites, web applications, mobile applications (including our fleet management software) and desktop applications (“Products and/or Services”). This Policy sets out important information to assist you with a transparent understanding of the Personal Data we collect from you, why we collect it, how it is used and shared and your choices regarding the use of Personal Data we collect.
In order to provide our Products and/or Services to you, we need to collect, use and disclose to certain third parties information that may identify you personally. Simply put, all the information we collect is related to providing you with simPRO Product and/or Services.
By utilising simPRO Products and/or Services, you consent to the privacy practices described in this Policy. If you do not agree with any part of this Policy, please do not provide your Personal Data to us.
If you do not provide us with your Personal Data, or if you choose to exercise any of your rights in relation to this Policy including withdrawing consent that you have given under this Policy (in accordance with clause 11) then this may affect our ability to provide our Products and/or Services to you or it may negatively impact the Products and/or Services we can provide to you.
simPRO operates in Australia, New Zealand, United Kingdom and the United States of America and accordingly, we may disclose your Personal Data between our locations which may or may not be located in your country of residence. All simPRO related entities are subject to the privacy practices set out in this Policy and any applicable jurisdictional legislation.
For the purposes of the General Data Protection Regulations 2016/679 (“GDPR”) in the European Union simPRO is both a “data controller” and a “data processor” of Personal Data you provide to us for the primary purposes of providing you with Products and/or Services.
What is Personal Data?
Personal Data is data which contains any information relating to:
- An identified or identifiable living person - an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name; or
- An identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We will only control and/or process Personal Data where the collection of Personal Data is necessary to deliver our Products and/or Services to you. Specifically, we only collect Personal Data under the following circumstances:
- As part of the provision of simPRO Products and/or Services which includes, any Products and/or Services provided to any customer by simPRO under an agreement;
- Any enquiry received by simPRO directly from an individual through our website or as a result of an authorised marketing activity; and
- Any other data collection, processing or usage practice that simPRO considers necessary as part of the ordinary course of providing the Products and/or Services or conducting their business.
Special Categories of Personal Data
Our Products and/or Services do not require us to collect ‘Special Categories’ of Personal Data from you. A Special Category of Personal Data is information which is of ‘sensitive nature’ such as information relating to:
- Race or ethnic origin;
- Health information including biometric or genetic information;
- Information relating to children;
- Philosophical, political or religious beliefs;
- Sexual preferences or practices; or
- Criminal convictions and records.
What type of Personal Data do we Collect?
We may collect the following types of Personal Data from you:
Information required to establish your customer account with us, such as:
- Your name (or title);
- Contact information such as your residential/mailing address, telephone or mobile number and email address;
- Business and industry information such as your business name, the industry your business is in and the size of your business;
Financial billing information that we require to process payment for our Products and/or Services. For example; we may require financial information for the purposes of invoicing you for payment or to provide to third party payment processors if you have provided us with a direct debit authority.
Example: We may collect Personal Data such as your name, address, email or phone number so that we can provide you with a product demonstration through our website or issue you with a product proposal.
- Information collected to monitor how you interact with our Products and/or Services such as; device type, operating system information or network information. It also includes IP (internet protocol) address’s and regional settings.
What Personal Data do we Process?
We will always process Personal Data lawfully, fairly and in a transparent manner. Processing means any operation we perform on Personal Data that is considered collection, storage, transfer, dissemination or erasure of the Personal Data.
We will only process Personal Data, where:
- The action of processing is a result of your direct instruction;
- You have provided us with explicit consent to undertake the processing;
- The processing is necessary to provide our Products and/or Services to you; or
- The processing is necessary for us to comply with any legal obligations.
If you sign up to a simPRO Enterprise and enter a customer’s personal contact details into a job, simPRO will only use the Personal Data (contact details) you enter to store the Personal Data or to enable simPRO Enterprise to carry out the tasks you request it to do such as create an invoice or run a report. simPRO will not control or use that Personal Data.
How do we use your Personal Data?
The primary purpose for which we control and process your Personal Data is to provide you with our Products and/or Services or to assist you with determining whether or not you would like to use our Products and/or Services.
This includes using your Personal Data for the following purposes:
- Preparing a proposal (quote document) for you or sending you a demonstration;
- Determining which or if any of our Products and/or Services are suitable for you;
- Establishing your account, account integration or providing you with the Products and/or Services you have elected to purchase;
- Notifying you of new features to our Products and/or Services or providing you with training;
- Performing internal operations necessary to provide our Products and/or Services to you such as troubleshooting software;
- Processing or facilitating payment for the Products and/or Services, including internal accounting or administration;
- Providing your Personal Data to our related entities for the purposes of administration, storage, advisory or technical services; and
- Any other purposes as authorised or required by law (e.g. to prevent a threat to health or safety, or to enforce our legal rights).
We may also (upon obtaining your express permission) utilise your Personal Data for secondary purposes, such as:
- Evaluating your satisfaction and seeking feedback regarding our Products and/or Services; or
- Sending you targeted marketing activities (including email mail outs or electronic marketing materials) in relation to events, our Products and/or Services.
On occasion we use customer’s names, organisations and testimonials on our websites or on our social media. Your consent will always be obtained prior posting a testimonial.
Purposes Outside of Our Control
Any Personal Data that you choose to submit or post on our social media pages or any other public forum (“Forums”) may be read, collected, or used by others who visit these Forums and may be used to send you unsolicited messages. We are not responsible for the Personal Data you choose to submit in these Forums.
How do we collect your Personal Data?
Information collected from you directly
We will only collect Personal Data directly from you with your consent and through:
- Forms you submit on our website (for example; online enquiry forms and order forms);
- Other communication we have with you, which may include meetings, telephone conversations, paper forms and other documents you give us;
- Your interaction with our Products and/or Services (for example; receiving error notifications or usage data from our software); or
- Your contact with our customer support team; or
Information collected from you indirectly
We may also collect Personal Data from you when you interact with our websites or social media accounts.
We may collect this data by using Cookies (small files that are stored on your computer or mobile device). We utilise Cookies so that we can record how many times you have visited our website and which parts of our website you have visited before. Cookies may be used to provide you with information that you are interested in or to deliver our advertisements on other web sites and services.
Many web browsers allow you to manage your preferences regarding Cookies. You can set your browser to block cookies or delete certain Cookies. You may be able to manage other technologies in the same way that you manage Cookies using your browser’s preferences.
Do we ever disclose your Personal Data to third parties?
We may disclose your Personal Data to third parties in accordance with this clause, however any disclosure must be directly in relation to the primary purpose of providing Products and/or Services to you in accordance with this Policy. Please note that we do not engage in the sale or trade of Personal Data under any circumstance.
For the purposes of this Policy, “Disclose and Disclosure” means to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your personal data to another person or entity. Third Party/Parties mean a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process your Personal Data.
We may Disclose your Personal Data to third parties performing services for us for the purposes described in this Policy. These services include processing and storing information on servers that may be located in jurisdictions outside of your country of residence.
Other instances where we might be required to Disclose your Personal Data to a third party:
- To respond to a legal process such as a court order or subpoena or to comply with the requirements of applicable law;
- To protect the safety of any person; or
- To address fraud, security, or technical issues;
Your Personal Data may therefore be subject to privacy laws that are different from those in your country of residence. Personal Data collected within the European Union (including the United Kingdom and Switzerland) may be transferred to and processed by third parties, located in a country outside of these areas, where your Personal Data may be subject to reduced rights. All third parties engaged by us must deal with the information we Disclose in accordance with our legal obligations (including entering into vendor agreements), privacy, confidentiality and security standards.
Under no circumstances are third parties authorised by us to use or control the Personal Data they receive from us for any other purpose for which we engaged them.
If you have concerns about the transfer of your Personal Data to third parties for the purpose of Processing, please contact us in accordance with clause 13 below.
How do we keep Personal Data safe?
We have an obligation to ensure that your Personal Data is protected from unauthorised processing, accidental disclosure, access, loss, destruction or alteration. Accordingly, we have a range of technical security measures and procedures in place to ensure that your Personal Data is protected appropriately. These measures have been implemented and are reviewed regularly to protect your Personal Data from scenarios which may result in the accidental or unauthorised disclosure of your Personal Data as mentioned above.
Security measures, processes and encryption algorithms (including SSL protocols) are also audited by a third party on a monthly basis to ensure that we are adhering to and applying best practices to our implementation, management and use of security protocols.
In the unlikely event there is a data breach, we will (without delay) notify the relevant data protection authority, unless the breach is not likely to present any risk to your rights.
How long do we keep your Personal Data for?
We will only keep your Personal Data for as long as necessary to fulfil the purposes for which we are processing your Personal Data unless the law requires us to retain it for longer. For example, if required by local legislation or in the event we required it to defend legal proceedings.
What are your rights in relation to the Personal Data we collect?
You have rights in respect of your Personal Data. Specifically, you may exercise your right to:
- Request access to and obtain copies of any Personal Data we have collected from you;
- Request that your Personal Data be provided to you in a format that can be easily read;
- Modify or rectify your Personal Data if it is no longer accurate;
- Request the erasure of your Personal Data (more commonly referred to as the “Right to be Forgotten”) if you believe it is no longer necessary for the purposes of which it was originally collected; and/or
- Restrict or object to the collection or processing of the Personal Data we have collected from you. This includes, your ability to withdraw consent previously given at any time.
If you wish to exercise any of the above rights, please send your request to our Data Protection Officer using the contact details set out below.
If you are in the European Union, you may also have the right to complain to the Information Commissioner or to your local data protection supervisory authority if you are unhappy with our privacy practices.
If you have any questions or complaints in relation to this Policy or our use of your Personal Data, or if wish to inform us of a change or correction to your personal information or would like a copy of the information we collect on you in relation to this Policy or our use of your Personal Data, please contact our Data Protection Officer using the following details:
Name: Data Protection Officer
Email: firstname.lastname@example.org Post: Attention: Data Protection Officer
simPRO Software Ltd
If you are not satisfied with simPRO’s response the regulatory body that governs privacy in your jurisdiction, may be able to help you. Please contact our Data Protection Officer for details of the regulatory body that applies to you.
We will ensure that your question, concern or complaint is dealt with as soon as practicable. We reserve the right to verify your identity before complying with the request.
Changes to this Personal Data Protection Policy
We may amend this Policy from time to time in order to continue ongoing compliance with applicable Privacy regulations. If there are significant changes made to this Policy, we will ensure we notify you.
This policy was last updated on 04 May 2018.