(a) Data Protection Laws means the laws that are designed to protect your Personal Information and privacy in the place where you live. These include:
(i) the Australian Privacy Act 1988 (as amended, the AU Privacy Act);
(ii) the General Data Protection Regulation (GDPR), the European Data Protection law, with the official names Regulation (EU) 2016/679 of the European Parliament and of the Council;
(iv) the New Zealand Privacy Act 2020 (as amended, the NZ Privacy Act).
(b) OAIC means the Office of the Australian Information Commissioner;
(d) Sensitive Information has the meaning given to that term in the Act;
(e) Services means the provision of Kallipr products and solutions including without limitation hardware, connectivity services and software.;
(f) we, us or our means Kallipr Pty Ltd ACN 619 635 942, a proprietary limited company trading under the name Kallipr Pty Ltd and its associated entities as appropriate;
(g) Website means https://www.Kallipr.com/ or any other website from time to time from which the Services are promoted and/or delivered; and
(h) you means you and anyone acting on your behalf or with your implied authority.
Under the GDPR, Kallipr is a “data controller.” This means we collect personal data directly from you and determine the purpose and means of processing that data. Processing is a broad term that means collection, use, storage, transfer or any other action related to your personal data.
2. What Personal Information do we collect?
We may collect, use, store and transfer various types of Personal Information, including:
(a) personal details, including name and date of birth;
(b) contact details, including your email address, mailing address and telephone number;
(c) financial information, including banking details, billing and payment details;
(d) identity data including your name, date of birth, company name and username or similar identifier;
(e) contact data including your contact details such as your billing and delivery address, email address and telephone number;
(f) financial data including banking, credit card, billing or other payment information;
(g) transaction data including details about payments to and from you and other details of services you have purchased from us;
(h) technical data including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website;
(i) profile data including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
(j) usage data including information about how you use our website, products and services;
(k) marketing and communications data including your preferences in receiving marketing from us and our third parties and your communication preferences;
(l) information necessary for or incidental to the provision of the Services;
(m) any other Personal Information that may be required in order to facilitate your dealings with us.
3. How do we collect Personal Information?
We may collect Personal Information from you when:
(a) you access or use our Website;
(b) you communicate with our employees or clients;
(c) you deal with us in the course of business;
(d) we solicit it from third parties in the course of our business;
(e) we solicit it from third parties, for example, from your employment referees or interviews where you are applying to work for us;
(f) it is provided by or on behalf of our clients in the course of us providing services to them;
(g) it is provided from publicly available records or public registries that we accessed in the course of providing services to our clients;
(h) you communicate with us through via email, telephone, SMS, our Website or social media; and
(i) you otherwise deal with us in the course of our business.
We may also collect Personal Information from third parties (including public sources) worldwide, including:
(a) credit reporting agencies; and
(b) law enforcement agencies.
Where we solicit Personal Information, we only collect:
(a) non-Sensitive Information, if it is reasonably necessary for the services we provide; and
(b) Sensitive Information, if it is reasonably necessary for, or directly related to, services we provide and you have consented to its collection, or its collection is permitted or authorised by law.
If we solicit Personal Information, we will generally solicit it directly from you, unless it is unreasonable or impracticable for us to do so. Where we collect Personal Information about you from a third party without your prior consent, we will take reasonable steps to inform you that we have collected Personal Information.
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
Where we need to collect Personal Information by law, or under the terms of a contract we have with you, and you fail to provide that information when requested or withdraw your consent to us processing your Personal Information (where applicable) we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
4. How we store and protect Personal Information
We prioritise the security of your Personal Information whilst it is in our possession. We may hold Personal Information in various forms, including but not limited to physical documents, electronic records, visual records and audio recordings. Physical files are kept securely inside our access-controlled premises. Electronic files are stored securely on protected information systems and are only accessible through our secure network. We maintain physical security over our paper and electronic data stores, and confidentiality agreements form part of the employment contracts for all of our staff members and contractors.
We take reasonable steps to:
(a) ensure that Personal Information we collect is accurate, up-to-date, complete and relevant, other than where it is only collected to provide advice in respect of a particular point in time, in which case we will seek to ensure it is accurate, complete and relevant as at that particular point in time;
(b) ensure that Personal Information we use or disclose is accurate, up-to-date, complete and relevant, having regard to the purposes for which Personal Information is used or disclosed;
(c) protect Personal Information from misuse, interference and loss, and from unauthorised access, modification or disclosure; and
(d) destroy or de-identify Personal Information which we no longer need for the purposes for which it was collected, except where it is necessary to retain it in order to maintain ongoing records for our clients.
We cannot guarantee the security of information transmitted via the internet. As such, transmission of Personal Information via the internet is at your own risk and we cannot be held responsible for the security of such information.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory authority of a suspected data security breach where the Data Protection Laws in that jurisdiction require us to do so, and within the timeframe required by the relevant Data Protection Law.
5. Why do we collect, hold, use and disclose Personal Information?
We may collect, hold, use and disclose your Personal Information for the following purposes:
(a) for the purpose(s) for which it was disclosed to or collected by us;
(b) facilitating interactions with you in the course of operating our business;
(c) responding to your enquiries and information requests;
(d) providing services (including the Services) to our clients if it was validly collected for that purpose;
(e) storing information at third-party data centres;
(f) updating your Personal Information;
(g) complying with our legal obligations;
(h) employing staff, including conducting criminal reference checks and other background checks permitted by law;
(i) for secondary purposes where it would be reasonable to expect us to do so, and that secondary purpose is related (or directly related in the case of Sensitive Information) to the primary purpose for which it was collected;
(j) for any other purposes for which you have consented from time to time.
We may hire third parties to provide limited services on our behalf, such as processing payment transactions, or performing statistical analysis of our Services. We will only provide those third parties with the Personal Information they need to deliver the specific services and take reasonable steps to ensure that these third parties maintain the confidentiality of your information and are prohibited from using that information except for the purposes for which it was supplied.
We may also disclose your Personal Information to authorised regulatory bodies or otherwise if required to do so by law.
5.2 Australia and New Zealand
Under the GDPR, we generally do not rely on consent as a legal basis for processing your Personal Information, although we will get your consent before sending third party direct marketing communication to you. You have the right to withdraw consent to marketing at any time by contacting us.
In the table below, we have set out a description of the ways we plan to use your Personal Information, and which of the legal bases we rely on to do so under the GDPR. We have also identified what our legitimate interests are where appropriate.
We may process your Personal Information for more than one lawful ground, depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Information where more than one ground has been set out below.
|Personal Data Category||What we use it for (the “purpose” of processing)||Legal basis for processing under the GDPR|
To register you as a new customer, communicate with you when you book a demonstration of any Services through the Website, and customize your demonstration
To be responsive as possible to you, for example, when providing support for the Services or answering your customer queries
To manage your account, enable logging in to any part of Services, and customise your use of the Services
To process and deliver your order including:
To collect and recover money owed to us.
To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, validating against fraudulent transactions, support, reporting and hosting of data)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
Necessary for our legitimate interests (for example, to study how customers use our products or services, to develop them, grow our business, and inform our marketing strategy)
To use data analytics to improve our Website, products and services (including the Services), marketing, customer relationships and experiences
Necessary for our legitimate interests (for example, to define types of customers for our products/services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about products or services (including the Services) that may be of interest to you, based on products or services purchased on our Website
Necessary for our legitimate interests (for example, to develop our products/services and grow our business)
6. Direct marketing
We will only send you direct marketing communications and information via mail, email and social media platforms about our Services with your consent. If you do not provide your consent to receive direct marketing communications, you may opt-out of receiving marketing communications from us by contacting us at the details below or by using opt-out facilities provided in our communications. We do not provide your Personal Information to other organisations for the purposes of their direct marketing. Kallipr’s practices in regard to its email are designed to be compliant with anti-spam laws, including Australia’s Spam Act 2003 and New Zealand’s Unsolicited Electronic Messages Act 2007.
7. Overseas disclosure
We share your Personal Information within Kallipr. This may involve transferring your data outside the European Economic Area (EEA), the UK, Australia or New Zealand.
Whenever we transfer your Personal Information out of the UK and/or EEA (as applicable), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
(a) We will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for personal information.
(b) If we transfer your Personal Information to any other country which is not subject to an adequacy decision of the UK or the European Commission (as applicable) regarding an adequate level of protection of personal data, we will ensure that there is a legal basis and, if required, a relevant safeguard method for such data transfer so that your personal data are treated in a manner that is consistent with, and respects the applicable Data Protection Laws in the UK or the EEA (as applicable).
(c) Where we use certain service providers outside of the UK and/or the EEA (as applicable), we may use specific contracts approved for use in the UK and/or the EEA (as applicable) which give personal information the same protection it has in the UK and/or the EEA (as applicable).
We may transfer your Personal Information to our operations in Australia and New Zealand, but when we do so, we rely on binding corporate rules to protect your Personal Information.
Beyond this, it is unlikely that we will need to disclose your Personal Information to an overseas recipient or otherwise store your Personal Information overseas.
If we are ever required to do so, we will obtain your informed consent or ensure that the overseas recipients comply with the APPs.
8. GDPR compliance
If your Personal Information is governed by the GDPR, you may have additional rights as set out below:
(a) Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(b) Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
(c) Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
(i) if you want us to establish the information’s accuracy;
(ii) where our use of the information is unlawful but you do not want us to erase it;
(iii) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; and
(iv) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
(d) Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
(e) Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
We do not collect any of what the GDPR considers Special Categories of Personal Data, which includes details about your:
(a) race or ethnicity;
(b) religious or philosophical beliefs;
(c) sex life;
(d) sexual orientation;
(e) political opinions;
(f) trade union membership;
(g) health and genetic and biometric data.
You may choose to voluntarily provide us with Special Categories of Personal Data through your interactions with us, but we strongly encourage you not to do so. If you provide us with such
Special Categories of Personal Data, you are giving us your explicit consent to process such data about you to the extent permitted by the UK and/or EU data protection regime (as applicable).
9. Using our website and cookies
To improve your experience on our website, we may use ‘cookies’: small data files that are served by our platform and stored on your device. These are used by us or third parties for a variety of purposes including to operate and personalise the website. Cookies may be used for recording preferences, conducting internal analytics, conducting research to improve our offering, assisting with marketing and delivering certain website functionality.
You may refuse to accept cookies by selecting the appropriate setting on your internet browser. However, please note that if you do this, you may not be able to use the full functionality of our Website.
10. Third party sites
Kallipr is not responsible for those third party websites, applications or resources. If you access such websites, applications or resources, you do so at your own risk and we make no representations or warranties regarding third parties’ privacy practices. We encourage you to read the privacy statements/policies of every website, application or resource you use.
11. Data Retention
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Where we anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, we may use this information indefinitely without further notice to you.
12. Accessing or correcting your Personal Information
We are committed to maintaining accurate, timely, relevant and appropriate information.
Where requested, we will provide you with a copy of the Personal Information that we hold which relates to you, provided that the request is made in accordance with the APPs (contained in the Act). We will also update any inaccurate information about you if you inform us that the information is inaccurate, out of date, incomplete, irrelevant or misleading.
There are no charges for requesting access to or the correction of your Personal Information, however if the volume of information we hold is excessively large, we reserve our rights to charge you any reasonable administration fees (including fees for photocopying) associated with your request.
You can contact our privacy officer regarding access to or correction of your information by any of the following methods:
Post: Privacy Officer, PO Box 3387, Tingalpa DC QLD 4173
Phone: 1800 646 828
We will respond to those requests within 30 days in accordance with our obligations under the Act. If we refuse a request to access or correct Personal Information, where reasonable, we will provide you our reasons for doing so and information about your ability to complain about such refusal.
In order to protect the confidentiality of your Personal Information, details of your information will only ever be passed on to you where we are satisfied that the information relates to you. Accordingly, we may request documentation from you which confirms your identity before passing on any Personal Information which relates to you.
13. Making a complaint
We will investigate your complaint and attempt to resolve any breach that might have occurred in relation to the collection, use or destruction of Personal Information held by us about you in accordance with the Act. If you are not satisfied with the outcome of this process, then:
(a) if you are in Australia, you can make a complaint to the OAIC.
(b) if you are in New Zealand, you can make a complaint to the Office of the New Zealand Privacy Commissioner.
(c) if you are in the EEA or the U.K. under the GDPR or UK GDPR, we invite you to contact the supervisory authority in your country.
For example, if you are in the UK, you should contact the ICO. You can reach them in a variety of ways, including by phone (0303 123 1113 in the UK) and mail (Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF).
The full listing of all Data Protection Authorities (the supervisory authorities) across the EEA can be found here.
15. Further information
Should you wish to read more information on the AU Privacy Act, we recommend that you visit the website of the OAIC at www.oaic.gov.au.