PRIVACY POLICY

PRIVACY NOTICE - DYNAMIQ PTY LTD

Effective 16 October, 2018

Dynamiq Pty Ltd (hereinafter referred to as "DYNAMIQ”, “We”, “Us”, “Our”) has created this Privacy Notice in order to demonstrate our firm commitment to privacy. DYNAMIQ complies with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988(Cth) (Privacy Act) and General Data Protection Regulation (GDPR) in relation to individuals located in the European Economic Area. This Privacy Notice sets out our privacy obligations to you and explains the types of personal information that we may collect, hold, use and with whom the information is shared. It also sets out how you can contact us if you have any queries or concerns about this information.

How and what personal information we collect

We collect personal information about you when you:

- contact us through our website
- visit our website
- complete customer surveys
- send us email enquiries
- verbally (in person, trade shows, exhibitions and telephone)
- apply for a job advertised by us

The types of personal information we may collect may include your name, date of birth, job title, address, email address, telephone number, IP Address (Cookies), location (Cookies), emergency contact information). If you do not provide such information, this may limit our ability to provide our services.

Personal data about other individuals

We receive some personal information under contractual arrangements with our clients who confirmed that they have obtained from the individuals whose data they have collected an unambiguous consent to the processing of his/her personal data and where relevant to the transfer of his/her personal data outside the European Economic Area.

Information we collect about you when you visit one of our websites

Accessing our websites will result in some information being logged including the time of access, IP address and the pages that have been viewed or accessed.

For each visit to our login page we automatically recognize your IP address, domain and Web browser. This information is not used to personally identify you. We use your IP address to help diagnose possible problems with our servers and Internet connection. We do not sell or market this information to any third party. We do however, on occasion, aggregate this information internally and analyse it to help improve the performance of our service.

During the registration/sign-up process, Clients provide us with personally identifiable information such as name, email address, etc. This information is used primarily to identify Users in our service, which is necessary for the login process. The individual user access is based on e-mail addresses.

Once Users are logged in to the service they may enter personal information in their profiles, such as name, title, company or organization, postal address, phone and fax numbers, etc. This information is only shared with others in the particular Client organization and our third party providers with whom we jointly provide services to you.
It is clearly indicated on our web sites if information is optional or mandatory.

Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

Our website does not use these “cookies” explicitly. However, the website may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

The purposes for which we collect, hold, use and disclose personal information

All personal information collected by Us is solely used for our business functions and activities. It may be used for the purposes of:

- responding to your requests, enquires and/or complaints;
- to maintain your account details;
- process any work you have with us;
- maintaining your account and contacting you in the case of any problems occurring in relation to your account;
- billing;
- providing you with our products or services that you have requested;
- providing you with any communications in which we think you might be interested, or which you have requested;
- letting you know about developments in our procedures, products, services, activities and programs that might be useful to you;
- review your job applications with us;
- detect and prevent fraud;
- customise our website and its content and improve our services using Cookies;
- meeting our employer obligations, to contact next of kin in an emergency, and to ensure that our employees and contractors have the skills, experience, qualifications and clearances required to perform services for DYNAMIQ and our customers;
- collecting feedback and information from third parties relating to our employees, contractors and suppliers’ performance of services for or on behalf of DYNAMIQ;
- to consider employment applications;
- to verify your competency for certain tasks/activities;
- for emergencies.

We take reasonable steps to ensure personal information that it keeps is accurate, up-to-date and relevant to the purposes for which it is to be used.

How we hold personal information

We recognize the importance our customers place on security. We take all reasonable steps to protect your personal information from loss, misuse or unauthorised disclosure, modification or destruction.
We exercise great care to see to that any information you enter or upload to your account is handled in a secure manner. DYNAMIQ operates within the requirements of an Information Security Management System (ISMS) which is externally audited and accredited in accordance with ISO:27001 Information Security. Internally, we restrict access to personally identifiable information to employees who need access to the information to do their job. All employees have to execute comprehensive nondisclosure agreements with us. Employees are not allowed to access your project data or uploaded documents. Backups of User and Client data are scheduled on a regular basis and these backups are safely stored and secured. All communication between your computer and our servers is encrypted using SSL encryption technology. Any document you upload to your account is securely transmitted (using SSL) and is then stored in an encrypted format. This service has security measures in place to protect the loss, misuse and alteration of the information under our control.

Further information on the security can be found in our Information Management Security Policy, which is available on request.

DYNAMIQ’s digital information is stored on servers within Australia with third party storage providers. DYNAMIQ takes all reasonable steps to ensure that it deals with reputable entities for the purposes of securely storing personal information.

Retention of personal information

DYNAMIQ retains personal information only for for as long as necessary to fulfil the purposes we collected it for or for other periods required by law or our contractual commitments. Otherwise DYNAMIQ will take reasonable steps to securely destroy or permanently de-identify the personal information.

Sharing your personal data with third parties

We will only use or disclose your personal information to the extent necessary to comply with laws, perform our functions or exercise our rights.

We do not market or sell your personal information to any third party. As an essential part of being able to provide our services to you, we do share your data with the following categories of third parties:

- law enforcement agencies in connection with any investigation to help prevent unlawful activity, threat to life, health or safety, Work, Health and Safety Investigations or where we are otherwise permitted by Privacy Act, other relevant legislation or authorized by you;
- our related bodies corporate;
- professional advisers including lawyers, auditors and other professional advisers on an as-needed basis;
- our external service providers and contractors that provide services to us;
In these cases, DYNAMIQ expects these organisations to protect the privacy of that personal information.

Direct Marketing

DYNAMIQ will only engage in direct marketing practices in accordance with the law. You can opt out at any time by using the unsubscribe function on each of our emails.

We will send marketing messages to individuals located in the European Economic Area (EEA) in two circumstances:

- where you have subscribed to receive direct marketing from us and have therefore provided your consent to us contacting you; or
- where you have previously engaged with us and we have obtained your contact details in the course of the sale or negotiations for our service and we think that you will be interested in receiving further information about other products and services which we think might be relevant to you.
As part of providing our services, we also send “user summaries” and system notices to all our clients.

Links to other websites

When our service contains links to other Web sites, DYNAMIQ is not responsible for the privacy practices or the content of such Web sites.

How you may access and correct your personal information

Changes or modification to any of the information provided in a User profile can be made by logging on to the service using a registered email address and password and clicking on “My Profile” on the home page dashboard.

Under the APPs, you may be able to obtain a copy of the personal information that we hold about you. The APPs provide some exceptions to your rights in this regard. To make a request to access this information, please contact us in writing to one of the contact addresses below. We will require you to verify your identity and specify what information you require. We may charge a fee to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested.

We endeavour to ensure that the personal information we hold about you is accurate, complete and up-to-date. Please contact Us if you believe that the information we hold about you requires correction or is out-of-date.
We will endeavour to respond to written requests within 30 business days after a request is received by us.

Notifiable Data Breaches

We comply with the amendments to the Privacy Act, effective from 22 February 2018, in relation to notifiable data breaches and has an updated plan to ensure compliance with the new requirements, including notification of the Australian Information Commissioner and affected individuals of certain types of data breaches, and is able to promptly respond to any suspected data breaches. A notifiable data breach happens when there is unauthorised access to, unauthorised disclosure of, or loss of, personal information which is likely to result in serious harm to the individual to whom the information relates.

Rights of individuals located in the European Economic Area (EEA)

Your rights

This section applies to personal information of individuals located in the EEA.
In addition to the Privacy Act, individuals located in the EEA may also have rights under EEA based rules known as the General Data Protection Regulation (GDPR). The GDPR is the new EEA data privacy law that greatly strengthens data privacy protections for individuals located in the EEA. The key obligations under the GDPR include Notice, Individual Rights, and Retention. Each user has a right of confirmation (to confirm whether or not Personal Information concerning the user is being processed), access (the right to request what Personal Information is stored about the user and obtain a copy of that said information), erasure (the right to request that any Personal Information concerning the user be erased without delay when no longer required, or when the user withdraws consent), rectification (the right to rectify any inaccurate information concerning the user), portability (the right to receive the Personal Information concerning the user, which was provided to Us, in a readable format), object (the right to object the processing of the Personal Information concerning the user unless we can demonstrate compelling legitimate grounds for the processing which overrides the interests, rights, and freedoms of the user/data subject, or for the establishment, exercise or defence of legal claims), restriction of processing (the right to restrict processing where the accuracy of the Personal Information is contested by the user/data subject for a period enabling the controller to verify the accuracy of the Personal Information; or the processing is unlawful and the user/data subject opposes the erasure of the Personal Information and requests instead the restriction of their use instead; or we, the controller, no longer need the Personal Information for the purposes of the processing, but they are required by the user/data subject for the establishment, exercise or defence of legal claims), as set out in Articles of the General Data Protection Regulations of the EEA.

Our legal basis for processing your personal data

This section applies to personal information of individuals located in the EEA.
Where our customers are individuals, sole traders or partnerships, the legal basis on which we rely for processing your personal data is that it is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.
Where our customers are corporate entities, we process the personal data of our contacts at the company on the basis that we have a legitimate interest for this processing. Our legitimate interest is in ensuring that we maintain an appropriate relationship with our customer and so that we are able to provide the customer with excellent customer services.

How we ask for Consent

This section applies to personal information of individuals located in the EEA.
In those cases where we need your consent to hold and process your personal data, we will ask you to check a box on any form requiring consent. By checking these boxes you are confirming that you have been informed as to why we are collecting the information, how this information will be used, for how long the information will be kept, who else will have access to this information and what your rights are as a data subject (all of which is set out in this Privacy Notice). Where we process your personal data on the basis that you have provided us with your consent, you have the right to withdraw such consent at any time by contacting us using the details set out below. This shall not affect the lawfulness of any processing that was based on your consent before you withdrew it.

Making a complaint

If you believe that We have breached one or more of its privacy obligations, your complaint (including a summary of the privacy concern or alleged breach and copies of any relevant documentation) shall be addressed to one of the contacts provided in the “Contact Details” section below. We will investigate the complaint and will endeavour to respond to you within 30 business days. We will take immediate steps to redress proven privacy concerns or breaches.

If you do not receive a response from us after thirty (30) days or if you are not satisfied with the response, you can then lodge a complaint with the OAIC (telephone: 1300 363 992 | at www.oaic.gov.au).
Individuals located in the EEA have the right to lodge a complaint with a relevant supervisory authority. In the UK, the relevant supervisory authority is the ICO. Further information, including contact details, is available at https://ico.org.uk/for-organisations/report-a-breach/.

Access to this Privacy Notice

This Privacy Notice can be viewed at our website at http://dynamiqglobal.com/privacy-policy

Alternatively, you can request a copy of this notice using our contact details below.

Changes in this Privacy Notice

DYNAMIQ reserves the right to modify or amend this Privacy Notice at any time and for any reason. Any changes we may make to this Privacy Notice in the future will be posted on this page and, where appropriate, may be notified to you via e-mail.

Contact Details

Dynamiq Pty Ltd

Sydney (Head Office)

Level 5, 33 York Street

Sydney, NSW 2000, Australia

+61 2 9154 2600 | E: IS@dynamiq.com.au