There are many different ways you can use our services – to share information, to communicate with other people, or to create new content.
When you share information with us, for example by creating an account with us, we can make those services even better – to help you connect with people or to make sharing with others quicker and easier. As you use our services, we want you to be clear how we’re using information and the ways in which you can protect your privacy.
Where our processing of your information is covered by the General Data Protection Regulation 2016/679 (“GDPR”), or the California Consumer Privacy Act (“CCPA”) the sections of this Privacy Policy in Appendix 1 – Your Rights – apply to you.
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses and browsers, then read about these key terms first. Your privacy matters to us; whether you are new to SafetyCulture or a long-time customer, please do take the time to get to know our practices – and if you have any questions, contact us.
People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used and control who you share information with. By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of this Site or the products and/or services offered on or through it.
You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of our services may not function properly if your cookies are disabled. For example, you may not be able to login to SafetyCulture or utilise other services.
We collect information to provide better services to all of our users – from figuring out basic stuff like which language you speak, to more complex things like what content of ours matters most to you.
We collect information in the following ways:
We may use the information we collect, including your personal information and transaction information, from all of our services in any one or more of the locations that SafetyCulture has operations or otherwise conducts business (these locations currently being Australia, the United States, the United Kingdom and the Philippines) for the following purposes:
To use the information we collect, we may require our systems to access, screen capture, store, video and/or scan your information. Where appropriate or required by data protection laws, we will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.
We will retain your personal information for the time necessary to provide the services we perform for you, or to achieve other purposes outlined in this Privacy Policy, and you can always request that we stop processing or delete your personal information.
We’re required to keep some of your information for certain periods of time under law. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.
We may need to retain certain personal information after we cease providing you with products or services to enforce our terms, for fraud prevention, to identify, issue or resolve legal claims and/or for proper record keeping.
SafetyCulture processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.
We may disclose personal information outside of Australia to third parties for the purposes outlined in this Privacy Policy.
By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia. Where we disclose your personal information to third parties, we will take reasonable steps to ensure that any overseas recipient will deal with such information in a way that is consistent with the Australian Privacy Principles.
Many of our services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines. Our services provide you with different options on sharing and removing your content.
We do not share personal information with third parties unless one of the following circumstances apply:
Please refer to your account administrator’s and reseller’s privacy policy for more information.
We may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services. This could also include government bodies, industry groups, insurers and educational/training facilities.
We have put in place robust measures regarding the security of the information we collect and store about you (including through the use of network and database security measures) and will use our reasonable endeavours to protect your personal data from unauthorised access to or unauthorised alteration, disclosure or destruction. In particular:
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our servers via third party networks; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our Privacy Policy applies to all of the services offered by SafetyCulture and its affiliates, including services offered on other sites, but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.
Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search results, sites that may include SafetyCulture services, or other sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services.
We regularly review our compliance with our Privacy Policy. We also adhere to several self regulatory frameworks. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
You may request details of the personal information that we hold about you. An administrative fee may be payable for the provision of such information. In certain circumstances, as set out in the Privacy Act 1988 (Cth), we may refuse to provide you with personal information that we hold about you.
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
If you believe that we have breached the Australian Privacy Principles and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint.
Please note that clicking on links and banner advertisements on our websites can result in your browser accessing a third party website, where data privacy practices are different to that of SafetyCulture.
We are not responsible for, and have no control over, information that is submitted to or collected by these third parties and you should consult their privacy policies.
We may revise this Privacy Policy from time to time and will post the most current version on our website. If a revision meaningfully reduces your rights or involves a material change to our processing your personal information, we will notify you.
If you have any enquiries or if you would like to contact us about our processing of your personal information, please contact us by any of the methods below. When you contact us, we will ask you to verify your identity.
Contact name: Privacy Officer
Email: [email protected]
Telephone: +61 1300 984 245
Post:
The Privacy Officer
c/o Boardroom
Level 12, 225 George Street
Sydney NSW 2000
For the purpose of this Privacy Policy the controller of personal data is SafetyCulture and our contact details are set out in the Contact section above.
Under GDPR, the main grounds that we rely upon in order to process personal data collected via our websites and services are the following:
As mentioned above, we will share your personal information with trusted third parties where we have retained them to provide services that you or our clients have requested, and to perform maintenance or respond to technical incidents affecting our services. A list of sub-processors currently engaged by SafetyCulture is published here.
Where we disclose personal information to third parties, we require minimum standards of confidentiality and data protection from such third parties.
To the extent that any personal information is provided to third parties outside the EEA, or who will access the information from outside the EEA, we will ensure that approved safeguards are in place to ensure that we comply with GDPR, such as the standard contractual clauses approved by the European Commission.
SafetyCulture processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live, including outside the EEA. We use datacentres operated by our third-party cloud hosting provider, Amazon Web Services (“AWS”) to store user data and data uploaded to our products.
We will retain your personal information for the time necessary to provide the services we perform for you, or to achieve other purposes outlined in this Privacy Policy, and you can always request that we stop processing or delete your personal information (see the section below regarding your rights).
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
Right of Access
You have the right at any time to ask us for a copy of the personal information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
Right of Correction or Completion
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us at [email protected].
Right of Erasure
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
Right to object to or restrict processing
In certain circumstances, you have the right to object to our processing of your personal information by contacting us at [email protected]. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes.
You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
Right of Data Portability
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that information to you or directly to a third party organisation.
The above right exists only in respect of personal information that:
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of the above rights by contacting us using any of the methods in the Contact section above.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details in the Contact section above.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. It is specifically regulated under GDPR where such decisions are taken which have legal or other significant effects on individuals. It is permitted in the following circumstances:
You will not be subject to decisions that will have a significant impact on you based solely on automated processing, unless we have a lawful basis for doing so, we have notified you and given you a right to challenge the decision or to require that the decision be taken by a person.
If you are unhappy about our use of your personal information, you can contact us using the details in the Contact section below. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 11113
Website: https://ico.org.uk/concerns/
Post: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
If you live or work outside the UK or you have a complaint concerning our activities outside the UK, you may prefer to lodge a complaint with a different supervisory authority. A list of relevant authorities in the EEA and the European Free Trade Area can be accessed here.
The CCPA grants California residents certain additional rights regarding the personal information that SafetyCulture may collect, disclose or sell. For purposes of this section, “Personal Information” means anything that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular California consumer or household. We do not collect, use or sell Personal Information of children age 16 or under.
Individuals with disabilities may access this policy in an alternative format by sending an email to: [email protected].
As provided in this Privacy Policy:
The CCPA also provides California residents with the right to request additional details about the personal information we collect (including how we use and disclose this information and whether it is sold) and, if necessary, the right to delete your personal information.
California residents may make a request pursuant to your rights under the CCPA by contacting us at [email protected]. To ensure that the request is coming from you and to protect the security of your Personal Information, we will verify your request using 2 out of the following 4 data points to verify your identify: (1) email address; (2) telephone number; (3) description of the product or service you purchased or inquired about, and (4) the security code from your credit card. If you are requesting to delete sensitive information, you must provide us with us with 3 out of the following 4 data points described above to verify your identity. Government identification may be required.
We also commit to not discriminate against any California consumers because you exercise any of your rights. To read more about the CCPA please visit California Legislative Information.
You have the right to receive our products and services on equal terms regardless of whether or not you exercise your rights under the CCPA.
To read more about the CCPA please visit California Legislative Information.