1. Our Commitment to Your Privacy
1.3 The European Union’s privacy law, known as “GDPR”, may apply to certain types of information, certain people and certain processes in accordance with that law. However, the GDPR is unlikely to apply in most situations where Personal Information is being processed by Metacoda in respect of individuals who are in Australia. Nevertheless there may be circumstances where GDPR does apply to Your Personal Information, and in this case We will comply with GDPR when We deal with that Personal Information.
1.4 You can be assured that, at a minimum, We will treat Your Personal Information in accordance with Australian privacy law, where Australian privacy law applies, or in accordance with GDPR, where GDPR applies.
1.5 However, where it is lawful and practical to do so, We will also extend to all individuals similar rights as those that are provided to data subjects who are protected under GDPR, in respect of their:
1.5.1 right of access;
1.5.2 right to object;
1.5.3 right of portability;
1.5.4 right of erasure or the right to be forgotten.
1.8.1 Metacoda Pty Ltd (ABN 80 127 389 262); and
1.8.2 Metacoda Group Pty Ltd (ABN 53 127 388 336).
1.9 Our business activities and functions include:
1.9.1 providing software tools and services that assist customers who are using software that is provided by other companies, primarily SAS;
1.9.2 any business activities related or ancillary to any of these activities.
1.11 “GDPR” means the General Data Protection Regulation (EU) 2016/679.
1.12 “Personal Information” means:
1.12.1 information that is defined under Australian privacy laws as Personal Information or other information that is subject to Australian privacy laws, where Australian privacy laws apply; or
1.12.2 “personal data” as defined under GDPR, where the GDPR applies to the information, and/or the individual and/or the processing of that Personal Information.
1.13 “Privacy Collection Notice” means a notice that is used to inform You of the purpose for which We will use Personal Information, the legal basis for processing that Personal Information, the categories of recipients, any overseas transfers of the Personal Information and other details relating to the processing of Personal Information that complies with the requirements of GDPR. A Privacy Collection Notice is most often used at the point where We collect Personal Information from You.
1.14 “Sensitive Information” means:
1.14.1 information that is defined under Australian privacy laws as “sensitive information”, where Australian privacy laws apply; or
1.14.2 “special category data” as defined under GDPR, where the GDPR applies to the information, and/or the individual and/or the processing of that Personal Information.
2. What Personal Information do We Collect and Hold?
2.1 We may collect and hold the following types of Personal Information:
2.1.1 name, honorific or title and gender;
2.1.2 personal and business address, phone number, fax number, email address, Skype address and other business or personal addresses/contact details/identifiers and social media identifiers;
2.1.3 individual’s business or vocation status, including job role, job description, job title and employment status;
2.1.4 images that individuals have made publicly available or provided to Us;
2.1.5 video and sound recordings from Our security systems;
2.1.6 demographic information, such as location at any point in time, preferences or interests;
2.1.7 information about the products or services that You purchase or consider purchasing from Us, Our suppliers or business associates;
2.1.8 information about enquiries made to Us, Our suppliers or business associates;
2.1.9 information You provide when You raise a support enquiry or when We are working with You to resolve a technical or administrative query;
2.1.10 information that You provide in response to market research, surveys or competitions that are conducted by or for Us;
2.1.11 information that You provide in response to marketing events that We attend e.g. information You give Us when We have a stand at a trade show or industry event or at presentations We give;
2.1.12 information that is provided in respect of employment, contract work, work experience or similar, whether solicited or unsolicited;
2.1.13 other Personal Information that is independently provided by You without Us requesting it; and/or
2.1.14 cookies, metadata, pixels and other information set out in section 8 below, which may identify You when used by itself or in conjunction with any of the information set out above.
2.2 Generally, We do not collect or hold Sensitive Information. The only exceptions to this rule are:
2.2.1 where the Sensitive Information is directly linked to the individual’s employment records and Our collection, holding and use is permitted by applicable law for the purpose managing the individual’s employment record;
2.2.2 where Sensitive Information is provided to Us in connection with the individual seeking employment, internship, work experience, contract work or similar, whether solicited or unsolicited;
2.2.3 where You provide this Sensitive Information in connection with Us operating Our business or providing Our services.
3. How do We Collect and Hold Personal Information?
3.1 We collect Personal Information in a number of ways, including:
3.1.1 through Our websites;
3.1.2 through communications with You, including letters, emails, telephone calls, voicemail messages, facsimiles, surveys, competitions, events and via social media applications;
3.1.3 through communications with others;
3.1.4 in the course of providing Our products and services to You, including providing support through Our support service;
3.1.5 when Our suppliers provide Us with that Personal Information;
3.1.6 in the course of Our business functions and activities.
3.2 When We collect Personal Information We will, wherever practical and in compliance with any legal requirements, use a “Privacy Collection Notice” which will provide You with more detailed information as to the exact nature of the Personal Information We collect, the purpose for which We will use the Personal Information, the legal basis for processing that Personal Information, the categories of recipients, any overseas transfers of the Personal Information and various other details that may be necessary for Us to meet Our obligations under Australian privacy laws and GDPR.
3.3 We hold Personal Information:
3.3.1 in Our hard copy files;
3.3.2 in other systems that We use in connection with Our business, some of which may be owned and operated by Our suppliers (please also see section 5); and
3.3.3 in the databases associated with Our websites.
3.4 Providing it is lawful and practical, We will give You the option of not identifying yourself, using a pseudonym or not providing Personal Information when You enter into a transaction or deal with Us.
3.5 If You elect not to provide Us with Personal Information then We may not be able to provide You with the information, products, services or support that You may want.
3.6 Where it is practical, We use encryption or We process Personal Information in a manner that does not attribute the individual directly to that individual’s Personal Information to enhance its security.
3.7 We may receive other unsolicited Personal Information in the course of Our business; for example You send Us an unsolicited job application that includes Your CV and personal details.
3.8 Where the unsolicited Personal Information is subject only to Australian privacy laws, We will deal with that Personal Information in accordance with Australian privacy laws.
3.9 Where We are required to do so by law (e.g. where GDPR applies), We will notify You when We receive any Personal Information about You, confirm to You the purposes for which We intend to use that Personal Information, and deal with this Personal Information in accordance with Our legal obligations.
4. The Purposes for which We use Personal Information
4.1 We collect, hold, use, process and disclose Personal Information for the following purposes:
4.1.1 pursuing Our business activities and functions;
4.1.2 allowing the technical support personnel to provide assistance to You (or Your employer), if needed;
4.1.3 facilitating interactions between You (or other people who You are acting for) and Us or between You (or other people who You are acting for) and other people and organisations who are accessible via Our websites or other electronic means;
4.1.4 performing certain functions via Our websites, e.g. conducting surveys, market research, mail outs, competitions or using social media;
4.1.5 conducting surveys, market research, mail outs and competitions off line;
4.1.6 improving the quality of Our websites and Our products and services;
4.1.7 allowing You to participate in interactive features of Our service, when You choose to do so;
4.1.8 developing or adding additional products and services from Us or existing or new people and organisations that are accessible via Our websites;
4.1.9 Our training and quality assurance purposes;
4.1.10 Our website safety and security purposes;
4.1.11 Our administrative purposes;
4.1.12 allowing technical support personnel to manage Our infrastructure, systems, databases other applications or tools;
4.1.13 statistical analysis of the usage of Our websites or applications or tools that are accessed via the websites; and/or
4.1.14 complying with applicable laws, including relevant privacy legislation.
4.2 Where You are subject only to Australian privacy laws, You consent to Us collecting, holding, using, processing and disclosing Your Personal Information for the purposes set out in section 4.1.
4.3 Where the information, and/or the individual and/or the processing of Your Personal Information is subject to GDPR, We advise You that We have a legitimate interest for collecting, holding, using and disclosing Your Personal Information for the purposes set out in section 4.1 and this is necessary to enable Us to conduct Our business activities and functions efficiently. In this case We will provide more details of the purposes for which We use Your Personal Information on the relevant Privacy Collection Notice provided at the time We collect the Personal Information from You.
5. Direct marketing
5.1 We also collect, hold, use and disclose Personal Information for the purpose of direct marketing of any of Our other services or products which We consider may be of interest to only where You have given Us consent in a form that complies with the relevant law.
5.2 If You have given Us Your consent to provide You with direct marketing communications We may collect, hold, use, process and disclose Personal Information in accordance with that consent to enable Us to provide You (or other people who You are acting for) information about, and offer You (or other people who You are acting for), other products and services that We offer and which We consider may be of interest to You.
5.3 If You give Us consent to provide You with direct marketing communications We will provide a simple means where You can request not to receive direct marketing communications. Where You have consented to Us providing Your Personal Information to any of Our suppliers or business associates identified to You so they can provide You with direct marketing communications, You may request that We stop sharing any such Personal Information with that supplier or business associate.
5.4 We shall only obtain Personal Information about You from a third party source for the purpose of direct marketing where such Personal Information has been processed lawfully by the third party who has provided. You may request that We disclose the source of that Personal Information. We will respond to any request made under this section within a reasonable period in accordance with applicable law and at no cost to You.
5.5 We will seek specific consent by way of opt-in for any direct marketing that We intend to carry out.
6. Storage and Disclosure of Personal Information (including overseas transfers)
6.1 We take appropriate technological and organisational measures to secure Personal Information and protect it from loss or unauthorised disclosure or damage.
6.2 All Personal Information provided to Us will be held for so long as We reasonably require it to deliver services to You or to Your employer, or as otherwise required for regulatory or other legal purposes.
6.4 Transfers of Personal Information to overseas jurisdictions will take place in the following circumstances:
6.4.1 where We have a group company assisting Us with Our business activities and functions;
6.4.2 where We have a supplier assisting Us with providing assistance with Our business activities and functions;
6.4.3 where Our websites, or any hosting services We use to support Our internal software or software as a service, are hosted by Us or a third party, and the hosting facilities and/or the back-up/disaster recovery sites are located overseas;
6.4.4 where a third party application is being used in connection with Our interactions with You, e.g. when We use email or Skype, the third party providers of the relevant application have their applications hosted overseas and/or use the internet through which Personal Information is transported automatically across any country around the world;
6.4.5 where analytics and search engine providers assist Us in the improvement and optimisation of Our websites.
6.5 The countries in which We know that Personal Information may be processed and/or transferred to include Australia, Canada, Chile, China, Hong Kong, countries within the European Union, India, Japan, Malaysia, New Zealand, Philippines, Russia, Singapore, South Africa, South Korea, Sri Lanka, Taiwan, the UAE, the United Kingdom, the United States of America and Vietnam.
6.6 Wherever an overseas transfer of Personal Information occurs, it will be made in accordance with applicable law. More details of overseas transfers will be provided on Our Privacy Collection Notices.
6.7 Where We have given You (or where You have chosen) a password which enables You to access certain parts of Our websites or any part of Our services, You are responsible for keeping this password confidential. You must not to share a password with anyone.
6.8 Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect Your Personal Information, We cannot guarantee the security of Your Personal Information transmitted to Our site; any transmission is at Your own risk. Once We have received Your Personal Information, We will use appropriate procedures and security features to prevent unauthorised access.
7. Use of Social Media
7.3 We accept no responsibility or liability for any Personal Information that You publish on any third party application or social media outlet.
8. Cookies, Metadata and Site Data Activity
8.1 A cookie is a small piece of data which remains on Your computer and contains information which helps Us identify Your browser. A cookie can be used to identify You, either by itself or with other data that is generated by Our website or that We or others may have access to.
8.4 If You do not allow some of the cookies to be used, some or all of the websites or other applications or tools on it might not be accessible to You. Our Cookie Notices will explain which cookies are important to the use of the website.
8.5 Sometimes information that You upload is provided with associated metadata. If You do not want Us to use the metadata You must remove it by erasure from the underlying document/materials properties before uploading it onto the website and other applications and tools.
9. Links to other Websites and Applications
Our websites include links to other websites, applications and tools that are not owned or operated by Us. We are not responsible for the content of those websites, applications or tools, nor for any products, services or information contained in them or offered through them. You should review the privacy policies and terms and conditions of use of those websites, applications and tools when You visit them. We do not endorse, recommend, condone or represent the companies or any content on any third party linked website and may terminate the link or linking program at any time.
10. How to Access and Seek Correction of Your Personal Information or Complain
10.1 Under applicable privacy legislation We must ensure that Your Personal Information is accurate and up to date. Therefore, please advise Us of any changes to Your Personal Information promptly.
10.2 If You want to find out what Personal Information We hold on You, or You believe any of Your Personal Information that is held by Us:
10.2.1 is not being processed lawfully;
10.2.2 is inaccurate, out of date, incomplete, irrelevant or misleading;
10.2.3 is not necessary for Us to continue to hold it;
10.2.4 is not being processed lawfully and You require Us to suspend or stop processing it,
or You wish for Us to delete or port Your Personal Information to a third party provider, You can contact Us, and We will either provide You with access to the Personal Information (in so far as We are legally able and required to do so by applicable law,) or We will delete it, correct it or deal with it as applicable, within a reasonable period in accordance with applicable law.
10.3 Where your Personal Information is subject to GDPR We will provide you the rights set out in section 10.2 in accordance with GDPR. Where your Personal Information is subject to Australian privacy laws, We will provide you these rights at least in accordance with Our obligations under Australian privacy law (if any), and where it is lawful and practical for Us to do so, to the same extent as if GDPR applied.
10.5.1 email at the following email address: email@example.com; or
10.5.2 using the contact Us web form on Our website at https://www.metacoda.com/en/contact-us/.
10.6 We will aim to respond to any complaint within 10 business days of the date of receipt. We will attempt to resolve Your complaint to Your satisfaction. If You are not satisfied with how We deal with Your complaint You may contact the relevant regulatory authority in Your country.
10.7 If you make any such complaint, We may be obliged to report that complaint to the relevant regulator within the time frames set out in the relevant legislation. We may also be obliged to self-report breach of privacy to the relevant regulator within the time frames set out in the relevant legislation.
10.8 The privacy regulator in Australia is the Office of the Australian Information Commissioner, whose contact details are on their website at: www.oaic.gov.au
Last updated: 6th February 2019