Privacy Policy

This is the privacy policy of Damstra Technology Pty Ltd ACN 086 218 742 (Damstra). Protecting your privacy is important to Damstra. We are committed to maintaining the security of personal information you provide to us. This Privacy Policy details how we collect, use and manage your personal information and outlines our complaints handling process.

Personal Information we collect and hold

At times we may ask you to provide us with personal information, such as your name, email address and preferred means of communication.

If you are a worker at a site which uses Damstra's Total Workforce Management System (TWMS), we may collect information about you in relation to your engagement at that site, including your name, email address, telephone number, date of birth, next of kin, skills or competency information, right to seek employment, electronic finger scan, photograph, location, breath analysis and driver licence and other occupational licence information details. This information will be collected electronically. We will obtain and use this information for the purpose of reporting it to our client, who is the site owner or operator, or for any purpose reasonably related to this.

We may also collect sensitive information, such as information about your health and medical history. We will only ask you to provide this information where our client, who is the site owner or operator, has directed us to collect and provide it to them or if it is reasonably necessary for one or more of our functions or activities.

If you are a client or potential client, we may collect and hold financial information about your organisation and your credit history, and banking information. We may, with your consent, seek trade references and undertake credit checks with external parties. We will use this information to help us determine payment terms and appropriate commercial arrangements with you or any matter related to this.

How we collect and hold personal information

We usually collect personal information directly from the individual when that individual registers or updates information on the relevant TWMS. We may also collect personal information from the individual and in turn enter or update that information in the relevant TWMS. Sometimes we may also collect personal information from our clients as well as their head and sub-contractors.

Once processed, personal information is held in the relevant TWMS. Prior to processing, the personal information is held in our general business management and record keeping systems (including email accounts and servers).

Purposes of collection

We collect personal information for a range of purposes. These primarily include registering and updating the individual’s details in the TWMS for the relevant client. Once entered into the TWMS, the information can be used by the client for total workforce management purposes. We may potentially use or disclose your personal information for the purpose of direct marketing our products and services to you or our clients.

Disclosure of Information

We may disclose personal information to our external advisors, to suppliers of IT services, to third parties engaged by us to provide services to us and to our clients .

We will not use or disclose personal information other than for the purpose for which it was collected or for a purpose reasonably related to it, except when required by law to do so unless we have your consent to do so.

Security of Information

We take our obligation to protect information that we hold about you seriously. We will take reasonable security measures to keep information secure from misuse or inappropriate disclosure or inappropriate modification.

Access to Personal Information and Updating Information

It is important that the personal information we hold about you is correct and up to date. We encourage you to contact us at any time to update or correct information we hold about you.

You can request access to your personal information by sending a request to Damstra's Privacy Officer in writing or by email. The contact details for the Privacy Officer appear later in this Policy. We will normally provide you with access to this information, provided that the request falls within the requirements of the Privacy Act, your request is reasonable and appropriate notice has been provided to us. We may require you to pay any archiving or retrieval costs associated with this prior to providing that information to you.

We will not disclose commercially sensitive information to you.

We will respond by email or letter to you in relation to your request for information within a reasonable period (usually within 30 days) and if reasonable, will provide access in the manner you have requested, or in an alternative manner, provided it is practicable for us to do so. If it is not reasonable or practicable to do so, we will let you know.

If we refuse to provide access to information or to update information, we will provide you with the reasons.

Disclosure of your Information to recipients in other countries

We may disclose information about you to a recipient in another country where it relates to the purpose for which the information was collected or the maintenance of our records (including our IT systems) or the administration of any processes undertaken by us or where such disclosure is required by our clients. We will take reasonable steps to ensure that any overseas recipients do not breach the Australian Privacy Principles.

We currently have operations in New Zealand, but the countries in which we operate may change from time to time and we may have clients seeking to engage our services in other countries.

Call Recording

You authorise Damstra to record your telephone calls for Quality, Training and Audit purposes. If you do not wish to have your call recorded please let the Damstra representative know at the beginning of your call. All call data is managed in accordance with this policy.

Complaints

Any queries or complaints in relation to this Policy or any alleged breach by Damstra of the Australian Privacy Policies should be directed to:

The Privacy Officer
Damstra Technology Pty Ltd
50 George Street
Singleton NSW 2330
Email: enquiries@damstratechnology.com

We will respond to your query or complaint within a reasonable period (usually within 30 days). If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner at www.oaic.gov.au. Further information in relation to the Privacy Act, 1988 can also be obtained at this website.

 

Last updated: 12 April 2017

Personal Information we collect and hold

At times we may ask you to provide us with personal information, such as your name, email address and preferred means of communication.

If you are a worker at a site or client which uses any of Damstra’s, or its subsidiaries’, Workforce Management Systems (WMS), we may collect information about you in relation to your engagement at that client, including your name, email address, telephone number, date of birth, next of kin, skills or competency information, right to seek employment, electronic finger scan, facial biometric information, photograph, location, breath analysis and driver licence and other occupational licence information details. This information will be collected electronically. We will obtain and use this information for the purpose of reporting it to our client, who is the site owner or operator, or for any purpose reasonably related to this.

We may also collect sensitive information, such as information about your health and medical history. We will only ask you to provide this information where our client, who is the site owner or operator, has directed us to collect and provide it to them or if it is reasonably necessary for one or more of our functions or activities.

If you are a client or potential client, we may collect and hold financial information about your organisation and your credit history, and banking information. We may, with your consent, seek trade references and undertake credit checks with external parties. We will use this information to help us determine payment terms and appropriate commercial arrangements with you or any matter related to this.

How we collect and hold personal information

We usually collect personal information directly from the individual when that individual registers or updates information on our WMS. We may collect personal information from the individual’s employer or a sub- or head contractor for whom the individual works or the manager or owner of a site or business at which the individual performs tasks or otherwise has access. We may collect personal information about the individual from these other sources in circumstances such as where we are setting up a WMS for a client or where these other sources provide us with information to help register or update the individual’s details in a WMS. Collection of information may also include collecting personal information via scanners, card readers, terminals, turnstiles and access control devices.

Once processed, personal information is held in the relevant WMS. Prior to processing, the personal information is held in our general business management and record keeping systems (including email accounts and servers).

Purposes of collection

We collect personal information for a range of purposes. These primarily include registering and updating the individual’s details in the WMS for the relevant client. Once entered into the WMS, the information can be used by the client for their workforce management purposes and to assist them in meeting their workplace health and safety obligations. We may potentially use or disclose your personal information for the purpose of directly contacting you to serve you with information and/or to seek your assistance in feedback and surveys.

Consequences if you withhold information

If you do not provide all of the information we require, we may not be able to register you in the relevant WMS or update your details. This may mean that you are not permitted to access sites or undertake certain tasks. You should confer with your client to understand the specific consequences that may apply in your particular circumstances.

Erasure of information and consequences

You may request for your data to be deleted. We will maintain certain basic biographical details which includes, amongst others, your name, address, employer and date of birth and any other information that we will reasonably need to identify you in the future. In addition, we will maintain a record of our dealings with you, including the request to delete your data. After personal data is deleted from our production servers, it may still reside in our offline backups for at least 36 months or such longer period as our clients may require. However, if a backup is restored all efforts will be made to ensure the data is deleted again.

If you do erase some or all of the information we require, we may not be able to register you in the relevant WMS or update your details. This may mean that you are not permitted to access sites or undertake certain tasks. You should confer with your client to understand the specific consequences that may apply in your particular circumstances.

Disclosure of Information

We will disclose information that we hold on workers at sites which use the WMS to our client who is the site owner or operator.

We may also disclose personal information to contractors and service providers who we engage to help us provide the WMS to our clients. We may potentially also disclose personal information to our related bodies corporate.

We will not use or disclose personal information other than for the purpose for which it was collected or for a purpose reasonably related to it, except when required by law to do so unless we have your consent to do so.

Security of Information

We take our obligation to protect information that we hold about you seriously. We will take reasonable security measures to keep information secure from misuse or inappropriate disclosure or inappropriate modification.

Access to Personal Information and Updating Information

It is important that the personal information we hold about you is correct and up to date. We encourage you to contact us at any time to update or correct information we hold about you.

You can request access to your personal information by sending a request to Damstra's Privacy Officer in writing or by email. The contact details for the Privacy Officer appear further below. We will normally provide you with access to this information, provided that the request falls within the requirements of the Privacy Act, your request is reasonable and appropriate notice has been provided to us. We may require you to pay any archiving or retrieval costs associated with this prior to providing that information to you.

We will not disclose commercially sensitive information to you.

We will respond by email or letter to you in relation to your request for information within a reasonable period (usually within 30 days) and if reasonable, will provide access in the manner you have requested, or in an alternative manner, provided it is practicable for us to do so. If it is not reasonable or practicable to do so, we will let you know.

If we refuse to provide access to information or to update information, we will provide you with the reasons.

Disclosure of your Information to recipients in other countries


We may disclose information about you to a recipient in another country where it relates to the purpose for which the information was collected or the maintenance of our records (including our IT systems) or the administration of any processes undertaken by us or where such disclosure is required by our clients. We hold those countries to the same standards of privacy and information security as the country in which the work is performed.

Cookie Notice

We use cookies to operate our websites, to understand how visitors use our websites and to track your interaction with our newsletters. We will update this Notice if we change the cookies we use. What is a cookie?

Cookies are text files which contain information about your internet usage that is held in your browser or on your computer’s hard drive. There are different types of cookie: some are essential for the site to operate properly, whereas others are aimed at enhancing and personalising your user experience. Cookies can help us to understand how consumers are interacting with our website, which helps us to improve our site and to deliver a better service to you.

What types of cookies do we use?

- Strictly Necessary Cookies

These cookies are essential to enable you to move around the website and use its features. Without these cookies, we cannot provide some of the basic functionalities of our website.

- Performance Cookies

These cookies collect information about how visitors use our website, for instance which pages visitors go to most often, and the pages that they don’t. This helps us to understand and improve the site, so it is easy to use and includes helpful content. They also allow us to fix bugs or glitches on the website. These cookies don’t collect information that identifies visitors, so we can’t identify you individually. We use Google Analytics to track usage of our websites and interaction with our newsletters. For example, to see what content you click on, so we can analyse what content is of most interest to our audience.

- Functionality Cookies

These cookies allow our website to remember the choices you make as you browse the site. They provide more enhanced and personal features. The information collected is anonymised and they cannot track your browsing activity on other sites once you leave our site.

How to turn off cookies

You can turn cookies off at any time, by going into your browser settings, however this may have a detrimental effect on your user experience. If you are happy to continue letting us use cookies in the ways set out in this Notice, to help us guide our work, then you need not do anything. If you have any concerns about the cookies we use, please contact the Data Protection Officer.

Information Security and Technical and Organisational Measures

Damstra takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction.

GDPR Roles and Employees

Damstra has appointed a Data Protection Officer (DPO) and have appointed a data privacy team to develop and implement our roadmap for complying with appropriate regulations. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR compliance, identifying any gap areas and implementing the new policies, procedures and measures.

Damstra understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans.

If you have any questions about our GDPR compliance policies, please contact the Data Protection Officer.

Your rights regarding your personal data

You have several rights under data protection law, which have been strengthened under the General Data Protection Regulation (GDPR):

Access: You have the right to access the personal data we may hold about you and the purposes for which we are using it. We may ask for proof of your identity. On receipt of such a request we will endeavour to respond to you as soon as possible, at most within one calendar month.

Rectification: You have the right to request that we amend any personal data which is incorrect or requires updating.

Erasure: You have the right to request that we delete any personal information pertaining to you. See above for detail.

If you would like to exercise any of these rights, please contact the Data Protection Officer at privacy@damstratechnology.com

If you are concerned about the manner in which we have collected and used your personal data, please contact us - we will do our best to help. If you are unhappy with the way in which we have handled your personal data, you have the right to contact the Information Commissioner’s Office.