Site Compass Privacy Policy

Effective Date: 20 December 2024

Site Compass Pty Ltd ABN 82 638 151 792 ("we," "us," or "our") recognises the importance of protecting any information we receive from individuals in relation to their access and/or use of our websites and/or applications, in particular information that can identify an individual.

This Privacy Policy outlines how we may collect, use, and disclose information we receive from individuals who access and/or use our websites and/or applications (“users”).

By accessing our websites or using our applications, you agree to the terms of this Privacy Policy, in addition to any other terms and conditions applicable to the websites or applications.

Types of Information We Collect

The following types of information may be collected by us while you are accessing our websites and/or using our applications:

  • Email addresses: We require your email addresses to set up an account for you and for sharing the survey you created while using our applications.
  • Full name:We require your first name and last name to set up any application account(s) for you.
  • IP Addresses:We gather IP addresses for diagnosis and support purposes. This information is collected in aggregate and can't be traced to an individual user.
  • Device Information:We may collect technical information about your device, such as its operating system and browser type.
  • Cookies:We use cookies and similar technologies for a better experience and session security of our websites.
  • Survey Information:We collect, and store details derived from the site surveys you create while using our applications. Such details are related to the specific sites or properties being surveyed.

Such information, either on its own or when combined with other data, may identify individuals and be considered as personal information under the Privacy Act 1988 (Cth).

Use of Information

We may use the information listed in the above section for the following purposes:

  • Authentication:We may use your email addresses to verify your identity and provide access to our applications;
  • Activation of company-specific features: We may use the information you provide, such as the company you represent or work for, or details derived from the surveys you create while using our applications, to determine whether you are eligible for features specific to certain companies. If you are identified as eligible, these features will be activated for your account;
  • Improvement:We may analyse usage patterns, troubleshoot technical issues, and enhance functionality and performance;
  • Analytics:We may generate aggregated, anonymous analytics to understand how users interact with our applications;
  • Communication:We may use your contact information to respond to inquiries, provide support, and send you updates and marketing communications with your consent; and
  • Compliance: We may use and retain your personal information to satisfy a legal obligation or right. This includes using your personal information for: legal compliance; litigation or pre-litigation; security monitoring and/or investigations; and finance and accounting.

Disclosure

We may disclose your personal information, and you consent to us disclosing your personal information to third parties under the following circumstances:

  • Partners and service providers: We may provide your personal information to our consultants, business partners, marketing partners, and other services providers such as cloud storage providers;
  • Subsidiaries and affiliates: We may share your personal information with our subsidiaries and affiliates to help us provide you with access to our applications; and
  • For Legal Reasons: We may share your personal information with third parties if we believe we are required to do so by applicable laws, regulations, operating agreements, legal processes or governmental requests. This includes sharing your personal information with law enforcement officials, government authorities or other third parties as necessary to enforce our user agreements or other policies to protect our rights or property or the rights or property of others, or in the event of a claim or dispute relating to your use of our applications.

We take reasonable steps to notify third parties of their obligations to comply with standards for privacy and data protection, including applicable legal requirements.

Overseas Disclosure

Data including personal information received from users will be processed and stored in Australia regardless of where the users are based, except crash data which will be stored in the U.S.. Crash data includes details about the error, such as the type of crash, the device and operating system being used, logs of recent activity leading up to the crash, and does not include any personally identifiable information.

We may, in the course of providing our applications, disclose your personal information to third parties located outside of Australia. In such cases, we will ensure that any transfer of personal information is conducted in compliance with applicable legal requirements, and that appropriate safeguards, such as contractual obligations or data protection agreements, are in place to protect your personal information.

If there are changes to how or where your personal information is disclosed overseas, we will update this Privacy Policy and notify users as required by applicable law.

User Consent

By accessing our websites or using our applications, you provide your consent for the collection, use, and processing of your personal information as described in this Privacy Policy.

You have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent prior to its withdrawal. To withdraw your consent, you will need to delete your account.

Data Security

We strive to ensure security, integrity, and privacy of personal information received from our users.  To achieve this, we have implemented a range of security measures, including:

  • Requiring users to authenticate with a unique username and password;
  • Implementing environment separation (Development, Testing, Production) to minimise cross-environment access;
  • Restricting our personnel’s access to personal information on a need-to-know basis;
  • Limiting personnel access strictly to those whose roles require it for day-to-day responsibilities; and
  • Encrypting personal information both at rest in cloud storage and during transmission (in-flight).

We review and update our security measures in line with the latest market standards. While we take reasonable steps to protect your personal information, please note that no internet data transmission can be guaranteed completely secure.  It is also important that you take reasonable steps, such as protecting your login details, to ensure you do not do anything that will compromise the safety and security of your personal information.

Data Breach Response

If we become aware that there is an unauthorised access to, disclosure of or loss of your personal information (“Data Breach”), and the Data Breach is likely to result in serious harm to you, we will comply with our obligations under the  Privacy Act 1988 including  notifying you and the Office of the Australian Information Commissioner (“OAIC”), and taking steps to contain the Data Breach.

Access to and Correct Information

You are responsible for ensuring the personal information provided to us is accurate and up-to-date, and our use of such personal information will not be in breach of any third parties’ rights.

You may contact us for a copy of your personal information, and/or request corrections if you become aware of any incorrect, incomplete or out of date information.

Data Retention and Deletion

We retain users’ personal information for as long as necessary for the purpose of providing the websites and/or applications, or as required by applicable laws and regulations, including for legal, accounting, or reporting obligations. Once personal information is no longer needed for these purposes, we will securely and permanently delete it.

After you delete your account, we may retain your personal information for up to 90 days to resolve any outstanding issues, process any remaining obligations, or ensure compliance with legal requirements. Following this period, your data will be fully deleted from our systems, including backups.

You may request the immediate deletion of your personal information that is within our possession and control after you delete your account. In such cases, we will delete your personal information as soon as possible. However, we may retain the minimal data necessary to comply with legal obligations, such as record-keeping or reporting requirements, for no longer than the retention period outlined above.

Direct Marketing

We may use your personal information to send you direct marketing communications about our products, services, or promotions that may be of interest to you. These communications may be sent via email. You may opt-out of receiving direct marketing communications from us at any time by following the unsubscribe instructions provided in the communication or by contacting us directly using the same contact details set out below. Opting out of marketing communications will not affect your receipt of important service-related communications.

Cookies

What are cookies?

Cookies are small text files that are stored on your computer (or internet-accessible device) when you visit certain websites. Generally, they are used to ensure optimal functionality of the website an provide insights into the website usage to the owner of the website.

What cookies do we use?

Our websites only use strictly necessary cookies. These cookies are essential for basic site functionality, including security-related cookies. Without these cookies, key functions of our websites (such as moving around our websites) will not be available. These cookies do not store any information that directly identifies you and are always enabled.

We use the following types of cookies:

  • _GRECAPTCHA:used by Google ReCAPTCHA to verify users’ identities and provide secure account access. Click here to visit Google’s website for more information on this cookie.
  • NET_SessionId:General purpose platform session cookie, used by sites written with Miscrosoft .NET based technologies. Usually used to maintain an anonymised user session by the server. Click here to visit Microsoft’s website for more information on this cookie.
  • __RequestVerificationToken:This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.
  • player_clearance:This cookie is used by Vimeo for bot prevention. Click here to visit Vimeo’s website for more information on this cookie.
  • cf_clearance:This cookie is a Cloudflare cookie implemented by Vimeo and used for bot prevention. Click here to visit Vimeo’s website for more information on this cookie.
  • _cf_bm:This cookie is a Cloudflare bot manager implemented by Vimeo, and used to manage incoming traffic that matches criteria associated with bots. Click here to visit Vimeo’s website for more information on this cookie.
  • _cfuvid:This cookie is a Cloudflare cookie implemented by Vimeo is used to enforce rate limiting rules. Click here to visit Vimeo’s website for more information on this cookie.

Our applications do not use cookies.

Third Party Services

We also use third-party services such as Atlassian’s Confluence platform. The third-party service providers may set cookies and collect certain data including IP addresses, user behaviour data, device and browser information.  For details, please refer to the privacy policies adopted by the relevant providers. You can control cookie settings through your browser, and you may choose to disable or delete cookies; however, doing so may affect the functionality of our websites and your user experience.

Children's Privacy

Our websites or applications aren't directed at individuals under 13. We don't knowingly collect information from children. Parents or guardians can contact us to delete inadvertently disclosed information.

Links to Other Sites

Our websites and/or applications may contain links to third-party websites that are not operated, controlled, or maintained by us. These links are provided for your convenience only. We make no representations or warranties regarding the accuracy, relevance, or completeness of any information on these third-party websites. Accessing these websites is at your own risk, and we are not responsible for any content, privacy practices, or security measures employed by these third-party websites. We encourage you to review the terms and privacy policies of any third-party websites you visit.

Problems or Questions

You are welcome to ask questions or provide feedback on this Privacy Policy or how your personal information is being handled.

If you have any concerns or believe your personal information has been mishandled by us, please feel free to contact our Data Protection Officer by using the details set out below.

Phone:+61 1300 300 472

Email:privacy@sitecompass.net

We will reply to any requests for access or correction within a reasonable timeframe, but in any event no later than 30 days from the date we receive your request.  To ensure your personal information is revealed solely to you, we may need to authenticate your identity when you seek access to, or correction of, your personal information.

If you are not satisfied with our response to your complaints, you can lodge a complaint with the OAIC.

For more information about privacy issues in Australia and protecting your privacy, visit the Australian Federal Privacy Commissioner's website: www.oaic.gov.au/privacy-law

Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any changes will be effective immediately upon posting the updated Privacy Policy on our website. We encourage you to review this policy periodically to stay informed about how we protect your personal information.

By continuing to access our websites and/or use our applications after any changes to this Privacy Policy, you acknowledge and agree to the updated terms.

EU Users

If you are accessing our websites and/or using our applications from the European Economic Area, the following sections apply to you in addition to the sections set out above.

In the following sections,  terms such as “personal data”, " data controller", and "process" (and its derivatives) have the meanings given to them in the EU General Data Protection Regulation 2016/679 (“GDPR”).

Data Controller

We act as a data controller for the purpose of GDPR and are responsible for processing your personal data under this Privacy Policy.

Legal Bases for Data Processing

The legal bases on which we process your personal data are as follows:

  • Consent: We may process your personal data with your consent, such as when you use our applications or provide your personal data to us. You have the right to withdraw your consent at any time;
  • Contractual Necessity: We process your personal data to fulfill our contractual obligations to you or to take steps prior to entering a contract with you. This includes providing our applications to you and supporting and maintaining the applications;
  • Legal Obligation: In certain circumstances, we are legally required to process your personal data. This may include complying with regulatory requirements, responding to legal requests, or retaining data for tax or accounting purposes;
  • Legitimate Interests: We may process your personal data for our legitimate interests, as long as they don’t override your rights. These interests include improving our applications, preventing fraud, and understanding how users interact with our applications; and
  • Vital Interests: We may process your personal data if it is necessary to protect someone’s vital interests, such as in emergency situations where immediate action is required.

Data Subject Rights

In addition to your rights mentioned in other sections of this Privacy Policy, you can also contact us to exercise the following rights:

  • Right to Data Portability: To request a copy of your personal data in a structured, commonly used, and machine-readable format, or to have it transferred to another service provider where technically feasible;
  • Right to Restrict Processing: To request to restrict the processing of your personal data in certain circumstances;
  • Right to Object: To object to the processing of your personal data when it is based on our legitimate interests or for direct marketing purposes; and
  • Right to Withdraw Consent: To withdraw your consent to process your personal data.

The same contact details and response timeframe set out under “Problems or Questions” above apply.

Complaints

If you believe your rights under the GDPR have been infringed, you can lodge a complaint with a supervisory authority in your country of residence.

Acknowledgement

By accessing our websites and/or using our applications, you acknowledge that you've read and understood this Privacy Policy and consent to the practices described herein.