A. About this policy
We are committed to providing you with professional and valuable Services whilst safeguarding your privacy.
Cytrack provides business to business Services by contracting with Clients (e.g purchaser of licences over Cytrack’s Services herein after "Clients") who may themselves either use the Services or sell it to their own customers ("End Users").
This Policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of your Personal Data and how you can access and update said information.
If you do not agree with this Policy, or the latest changes Cytrack may have brought to this Policy do not access our Website or use our Services or interact with any other aspect of our business.
B. Who is accountable for your data?
We – Cytrack, with its head office at: 155 Varsity Parade, Varsity Lakes QLD 4227, Australia, registered in the companies register maintained by The Australian Securities and Investments Commission, under company number ABN 95159509949 " Cytrack" – will process your Personal Data, either as data controller or as data processor, depending on the processing activities as detailed in section C. Please click here for our contact details or email: firstname.lastname@example.org or by post as indicated.
C. What data do we process and why?
As mentioned above, we may process Personal Data either (i) for the purpose of providing efficient Services to End Users and therefore acting upon our End Users’ instructions as data processor; (ii) or for our own purposes, where we act as data controller, such as technical assistance of End Users, direct marketing, sales of Services to our Clients or Website functioning.
i. Where Cytrack acts as data processor of its End Users
The types of information that we may collect from you, depending on how you interact with our End Users (e.g. how you use our Services and the purposes of processing, include:
|Data Subject category||Type of information||Purposes of processing||Legal basis of processing|
|End Users’ employees||
We refer to all the above mentioned information as "Account information".
|End Users’ customers||
Cytrack has no control over the above-mentioned data and only processes it to the extent required by its End Users. Please contact directly the End User (e.g your employer and/or provider) in order to exercise your rights over these data.
ii. Where Cytrack acts as data controller
Clients’ employees (including participants in Cytrack’s events)
Users of our Website
Our business purposes – we may also use your Personal Data for our internal business purposes (our legitimate interests) such as:
- record keeping, statistical analysis, internal reporting and research purposes;
- to investigate any complaints you make;
- to provide evidence in any disputes or anticipated disputes between you and us;
- for the detection and prevention of fraud, other criminal offences and for risk management purposes;
- for business and disaster recovery (e.g. to create back-ups);
- to ensure network and information security;
- to host, maintain and otherwise support the operation of our Website, including to customise various aspects of our Website to improve your experience;
- for document and data retention/storage;
- to protect the rights, property, and/or safety of Cytrack and its personnel;
- to ensure the quality of the Services we provide to our clients and other Data Subjects.
We believe the risk to your data protection rights in connection with Personal Data that we process on the basis of our legitimate interests is not excessive or overly intrusive. We have also put in place protections for your rights by ensuring proper retention periods and security controls.
The Services are not directed to individuals under 16. We do not knowingly collect Personal Data from children under 16. If we become aware that a child under 16 has provided us with Personal Data, we will take steps to delete such information. If you become aware that a child has provided us with Personal Data, please contact us at email@example.com.
In addition, we may use your Personal Data for additional specific purposes made clear at the point of collection of your Personal Data.
If you choose not to provide the Personal Data requested by us, we may not be able to provide you with the Services you have requested or otherwise fulfil the purpose(s) for which we have asked for the Personal Data.
D. How and when do we share data with third parties?
a) Data sharing with Cytrack’s Partners
We may share Personal Data with these third parties in connection with their services, such as to assist with localized support, to offer Cytrack’s Services to their clients, to integrate Cytrack’s Services within their own products and/or services and to provide customizations of our Services and/ or Website.
b) Data sharing with service providers
- We also share your Personal Data with our third party service providers, whom we engage to provide various services, in relation to:
- deliveries of our Services (e.g., couriers);
- marketing and advertising Services (e.g. marketing agencies, interactive agencies, e-mailing solution providers);
- our Website (e.g., hosting and maintaining our Website); and
- IT services and solutions (e.g., providing data storage, assisting us with database management, providing our End Users with assistance with regards to their use of Cytrack’s Services).
We have carefully selected these service providers and taken steps to ensure that your Personal Data is adequately protected. All of our service providers are required to be bound by written contract to process Personal Data provided to them only for the purposes of providing the specific service to us and to maintain appropriate security measures to protect your Personal Data.
c) Data sharing with other recipients
We may also share your Personal Data with:
- our accountants, auditors, lawyers or similar advisers when we ask them to provide us with professional advice;
- any other third party if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property and/or safety of Cytrack , its personnel and others;
- users of our Website’s Interactive Area: the Website may offer publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features ("Interactive Areas"). You should be aware that any information that you post in an Interactive Area might be read, collected, and used by others who access it. To request removal of your Personal Data from an Interactive Area, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why;
- any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a court order or acting in accordance with an applicable law or regulation; or
- investors and other relevant third parties in the event of a potential sale or other corporate transaction related to Cytrack.
You or your administrator may choose to enhance our Services by using third parties’ applications or widgets in relation with our Services. We do not control such use of your Personal Data and we encourage you to contact directly said third parties in order to learn more about their own processing activities of your Personal Data.
E. International transfers of personal data
Cytrack is located in Australia, a country which does not offer an adequate level of protection to Personal Data according to the European Commission. Cytrack needs to process Personal Data from EU data subjects outside of the EEA in order to provide its Services.
Please note that all Personal Data you provide to Cytrack are directly processed in Australia. This direct data collection by Cytrack upon your initiative shall not be considered as an international transfer.
Yet, Cytrack may also receive your Personal Data from third parties, such as some IT assistance local provider located in the UK or Europe as appropriate. When such transfers are involved, Cytrack has signed Standard Contractual Clauses with said providers to ensure your Personal Data are securely transferred.
Moreover, in order to facilitate our global operations, we may transfer our End Users’ and/ or Clients information, including Personal Data, from Australia to other countries outside the EEA in which Cytrack has operations for the purposes described in this policy. When doing so, Cytrack makes sure that adequate safeguards are implemented in order to secure these international transfers of your Personal Data, such as standard contractual clauses, Privacy Shield if recipient is located in the US, or EU Commission adequacy decision etc..
You can request further details about the safeguards that we have in place in respect of transfers of Personal Data outside of the EEA and where applicable a copy of the standard data protection clauses that we have in place by contacting us at: email@example.com
F. How long do we store personal data?
It is our policy to retain your Personal Data for the length of time required for the specific purpose or purposes for which it was collected (e.g., for the fulfilment of an agreement with you). However, we may be obliged to store some Personal Data for a longer time, taking into account factors including:
- legal obligation(s) under applicable law to retain data for a certain period of time (e.g. compliance with tax and accountancy requirements);
- the establishment, exercise or defence of legal claims (e.g., for the purposes of a potential dispute).
G. How do we protect your data?
We have implemented technological and operational security measures in order to protect your Personal Data from loss, misuse, or unauthorised alteration or destruction. Such measures include the use of firewalls, encryption, proper access rights management processes, careful selection of processors and other technically and commercially reasonable measures to provide appropriate protection for your Personal Data. Where appropriate, we may also make backup copies and use other such means to prevent accidental damage to or destruction of your Personal Data. These measures ensure an appropriate level of security in relation to the risks inherent in the processing and the nature of the Personal Data to be protected.
Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. For any payments which we take from you online we will use a recognised online secure payment system.
We will notify you promptly in the event of any breach of your Personal Data that might expose you to serious risk.
H. Your rights
The following section explains your rights that you may exercise. The various rights are not absolute and each is subject to certain exceptions or qualifications in accordance with the GDPR and other generally applicable provisions of data privacy law.
- The right of access – you have the right to obtain from us confirmation as to whether or not your Personal Data is being processed by us, and about certain other information (similar to that provided in this Policy) about how it is used. You also have the right to access your Personal Data, by requesting a copy of the Personal Data concerning you. This is so you are aware and can check that we are using your information in accordance with data protection law. We can refuse to provide information where to do so may reveal Personal Data about another person or would otherwise negatively impact another person’s rights.
- The right to rectification – you can ask us to take measures to correct your Personal Data if it is inaccurate or incomplete (e.g., if we have the wrong name or address for you).
- The right to erasure – this is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to keep using it or its use is unlawful. This is however not a general right to erasure and there are some exceptions, e.g. where we need to use the information in defence of a legal claim or to be able to comply with a legal obligation.
- The right to restrict processing – you have the right to ‘block’ or suppress the further use of your Personal Data when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your Personal Data, but may not use it further.
- The right to data portability – you have the right to obtain and reuse certain Personal Data for your own purposes across different organisations (being separate data controllers). This only applies to your Personal Data that you have provided to us that we are processing with your consent and for the purposes of contract fulfilment, which is being processed by automated means. In such a case we will provide you with a copy of your data in a structured, commonly used and machine-readable format or (where technically feasible) we may transmit your data directly to a separate data controller.
- The right to object – you have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by Cytrack, or by a data recipient. We will be allowed to continue to process the Personal Data if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or we need this for the establishment, exercise or defence of legal claims. If you object to the processing of your Personal Data for direct marketing purposes, we will no longer process your Personal Data for such purposes.
- The right to withdraw consent – where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that occurred prior to such withdrawal. This right to withdraw consent includes your right to opt-out of Cytrack’s marketing communications.
I. How to contact us
If you wish to request further information or exercise any of the above rights, or if you are unhappy with how we have handled your Personal Data, please contact us at: firstname.lastname@example.org.
Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result, we are not in a position to identify you, we may refuse to action your request.
We will generally respond to your request within one month of receiving your request. We can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted.
We will not charge you for such communications or actions we take, unless:
- you request additional copies of your Personal Data undergoing processing, in which case we may charge for our reasonable administrative costs, or
- you submit manifestly unfounded or excessive requests, in particular because of their repetitive character, in which case we may either charge for our reasonable administrative costs or refuse to act on the request.
If you are not satisfied with our response to your complaint or believe our processing of your Personal Data does not comply with data protection law, you can file a complaint to the relevant data protection authority.
Last updated 26 June 2018
Version CQT 390 -1 – 050621