Privacy Policy

1. Introduction

   This document sets out the privacy policy of STS Safety Pty Ltd ABN 37 657 640 590 trading as RespectX (referred to in this privacy policy as 'we', 'us', or 'our'). For the purposes of applicable data protection law, (in particular, the Australian Privacy Principles, the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK Data Protection Act 2018), your data will be controlled by us.

   This privacy policy applies whenever we collect your personal information and/or personal data (including sensitive information) (Personal Data). This includes between you, the visitor to this website located at www.respectx.com.au (Website) (whether directly as our user or as personnel of our user), and us, the owner and provider of this Website and also where we are directed by a third party to process your Personal Data. This privacy policy applies to our use of any and all data collected by us or provided by you in relation to your use of the Website and the provision of our services to you.

   By providing Personal Data to us, you consent to our storage, maintenance, use and disclosing of Personal Data in accordance with this privacy policy.

   We take our privacy obligations seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your Personal Data in connection with your use of our Website. It also explains your rights in relation to your Personal Data and how to contact us or a relevant regulator in the event you have a complaint.

   We may change this privacy policy from time to time by posting an updated copy on our Website and we encourage you to check our Website regularly to ensure that you are aware of our most current privacy policy.

2. Application of this privacy policy

   Most of this privacy policy applies to all Personal Data we collect and to our Website.

   However, some of our privacy practices may differ slightly for particular types of information (like sensitive information). Where this is the case, we have outlined that particular practice in its own section within this privacy policy and, to the extent of any inconsistency, that section supersedes the general practices outlined in the rest of this privacy policy.

3. Types of personal data we collect

   The Personal Data we collect may include the following:

   1. name;
   2. mailing or street address;
   3. email address;
   4. social media information;
   5. telephone number and other contact details;
   6. age;
   7. date of birth;
   8. credit card or other payment information;
   9. sensitive information (such as information that reveals racial or ethnic origin, religion or beliefs, sexual orientation or health information) as further set out in section 7 below;
   10. information about your business or personal circumstances;
   11. information about your position in your workplace;
   12. information in connection with client/user surveys, questionnaires or promotions;
   13. your device identity and type, I.P. address, geo-location information, page view statistics, advertising data and standard web log information;
   14. information about third parties; and
   15. any other information provided by you to us via our Website or our online presence, or otherwise required by us or provided by you.

   Personal Data shall not include data where your identity has been removed or de-identified (anonymous data).

4. How we collect personal data

   1. General

      We endeavour to ensure that information we collect is complete, accurate, accessible and not subject to unauthorised access.

      We may collect Personal Data either directly from you, or from third parties, including where you:

      1. contact us through our Website;
      2. receive goods or services from us;
      3. volunteer information or submit a report through our Website or online platforms, whether as a visitor to our Website, our user or as personnel of our user;
      4. submit any of our online sign up forms;
      5. file a workplace misconduct incident report on our Website (Report);
      6. communicate with us via email, telephone, SMS, social applications (such as LinkedIn, Facebook or Twitter) or otherwise;
      7. interact with our Website, online platforms, social applications, services, content and advertising; and
      8. invest in our business or enquire as to a potential purchase in our business.

   2. Collection from cookies

      We may also collect Personal Data from you when you use or access our Website, online platforms or our social media pages. This may be done through use of web analytics tools, 'cookies' or other similar tracking technologies that allow us to track and analyse your website usage. Cookies are small files that store information on your computer, mobile phone or other device and enable and allow the creator of the cookie to identify when you visit different websites. If you do not wish information to be stored as a cookie, you can disable cookies in your web browser.

      Your web browser can choose whether or not to accept cookies. Most web browser software is initially set up to accept them. If you do not want your browser to use cookies, you can manage and control their use through your browser settings. However, please be aware, that blocking, deleting or disabling these technologies may inhibit your ability to access some or all of the features on our Website.

      We may use Google Analytics to collect and process data, including when you use third party websites or apps. To find out more see How Google uses data when you use our partners' sites or apps.

5. Use of your personal data

   We may collect and use Personal Data for the following primary purposes:

   1. to provide goods, services or information to you;
   2. where you are personnel of our user, to provide goods, services or information to our user (the business) that has employed or engaged you for your services;
   3. for record keeping and administrative purposes;
   4. to provide information about you to our contractors, employees, consultants, agents or other third parties, including government agencies and investigators, for the purpose of providing goods or services to you;
   5. to comply with our legal obligations, resolve disputes or enforce our agreements with third parties;
   6. for our legitimate interests including:
      1. to research, analyse and publish data for educational and commercial purposes. Please note any Personal Data use for this purpose will be aggregated and de-identified;
      2. to improve and optimise our goods and service offering and user experience;
      3. to send you administrative messages, reminders, notices, updates, security alerts, and other information requested by you; and
      4. to consider an application of employment from you.

   We may also use your Personal Data for:

   1. any purpose for which we receive consent from you for;
   2. secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use;
   3. such purposes where we reasonably believe that use of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent; or
   4. any other purpose which is permitted or required under applicable privacy laws.

6. Disclosure

   1. General

      We respect the privacy of your Personal Data and we will take reasonable steps to keep it confidential and protected. Where your Personal Data is considered sensitive information (as defined below in section 7), it will be aggregated and de-identified before we share it with any third parties unless you consent to otherwise. We may disclose your Personal Data to:

      1. health care providers (including workplace-related occupational health, care and safety providers);
      2. where you are personnel of our user, to our user (the business) that has employed or engaged you for your services;
      3. our professional advisors such as lawyers, accountants and auditors;
      4. third-party investigators;
      5. government-related entities and regulatory bodies;
      6. our related entities; or
      7. any third parties you have consented Personal Data to be disclosed to.

      We may also disclose Personal Data to third party contractors as required for us to provide our goods and services to you, such as cloud-service providers, IT professionals, marketing agencies and debt collection agencies. We take care to work with such third parties who we believe maintain an acceptable standard of data security and require them not to use your Personal Data for any purpose except for those activities we have asked them to perform on our behalf.

      We will not otherwise disclose your Personal Data unless:

      1. you have consented to us disclosing your Personal Data for particular circumstances;
      2. as needed in an emergency or in investigation of suspected criminal activity;
      3. we are required to disclose under a subpoena, court order or other mandatory reporting requirements;
      4. we reasonably believe that disclosure of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent;
      5. it is reasonably necessary for the establishment, exercise or defence of a legal claim; or
      6. otherwise authorised or required by law

   2. Overseas disclosure

      All Personal Data we collect is stored on servers located in Australia and, for the most part, we do not disclose or transfer Personal Data overseas.

      However, the cloud service provider we engage to provide us Australian-based servers may operate overseas disaster recovery sites or have personnel overseas who may access the Personal Data we hold to assist us in managing our servers.

      We also may use Google Analytics to track web traffic information which is operated by Google which stores information across multiple countries.

      When you communicate with us through a social media service such as Facebook or Twitter, the social media provider and its partners may collect and hold your Personal Data overseas.

7. Sensitive information

   (Collection of sensitive information) We may collect sensitive information about you during the course of providing you with our goods and services. We will only collect this sensitive information where you consent and provide us with this information.

   (Types of sensitive information) The type of sensitive information we may collect includes:

   1. information relating to your racial or ethnic origin;
   2. sexual orientation or practices;
   3. health information, including mental health, medical history and information relating to pre-existing illness, condition or disability;
   4. family medical history;
   5. information relating to personal or factual recounts of the incident on which your report is based; and
   6. any other sensitive information provided by you or a third party to us via our Website or online platforms, or otherwise provided by you or a third party to us.

   (Use of sensitive information) Your sensitive information will only be used for the purpose of:

   1. providing you with our goods and services;
   2. complying with our legal obligations, resolving disputes or enforcing our agreements with you;
   3. sending you messages, reminders, notices, updates, security alerts, and other information requested by you; or
   4. any other purpose which is permitted or required under applicable privacy laws.

   (Disclosure of sensitive information) Your sensitive information will only be disclosed to third parties for the purpose of:

   1. obtaining the assistance of a third-party investigator to facilitate the investigation of the contents of your report; or
   2. any other purpose which is permitted or required under applicable privacy laws.

   (Withdrawing consent) If you wish to withdraw your consent to our collection, use or disclosure of your sensitive information, please contact us using the contact details set out below. We will deal with all such requests within a reasonable timeframe.

8. Security

   We take reasonable steps to ensure your Personal Data is secure and protected from misuse or unauthorised access. Our information technology systems are password protected, and we use a range of administrative and technical measures to protect these systems. However, we cannot guarantee the security of your Personal Data. If you suspect any misuse or loss of, or unauthorised access to your Personal Data, please contact us immediately.

9. Links

   Our Website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.

10. Your rights

    You have various rights with respect to our use of your Personal Data:

    1. Access: You have the right to obtain access to your information (if we're processing it) and certain other information (similar to that provided in this privacy notice). This is so that you're aware and can check that we're using your information in accordance with data protection law.
    2. Be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we're providing you with the information in this privacy policy.
    3. Rectification: We aim to keep your Personal Data accurate, current, and complete. We encourage you to contact us using our contact form to let us know if any of your Personal Data is not accurate or changes, so that we can keep your Personal Data up-to-date.
    4. Objecting: You also have the right to object to processing of your Personal Data in certain circumstances, including processing for direct marketing.
    5. Restricting: You have the right to 'block' or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further.
    6. Erasure: You have the right to ask us to erase your Personal Data when the Personal Data is no longer necessary for the purposes for which it was collected, or when, among other things, your Personal Data have been unlawfully processed.
    7. Portability: You have the right to request that some of your Personal Data is provided to you, or to another data controller, in a commonly used, machine-readable format.
    8. Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority. In Australia, the supervisory authority is the Office of the Australian Information Commissioner. In the UK, the supervisory authority is the Information Commissioner's Office. You may also contact us using the details set out below including your name and contact details. We will investigate your complaint promptly and respond to you within a reasonable timeframe.
    9. Withdraw consent: If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time. This includes your right to withdraw consent to us using your Personal Data for marketing purposes.

    You may, at any time, exercise any of the above rights, by contacting our email address provided below.

11. How long we keep data

    We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will securely destroy your Personal Data in accordance with applicable laws and regulations.

    If we process your Personal Data in accordance with any agreement for services with your workplace, we shall securely destroy your Personal Data in accordance with the terms of that agreement.

    If you would like further information about our specific retention periods for your Personal Data, please contact us using our email address provided below.

12. Transfers outside the European Economic Area (EEA)

    To provide our services, we may transfer the Personal Data we collect to countries outside of the UK or EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection.

    When we do this, we will make sure that it is protected to the same extent as in the EEA and UK as we will put in place appropriate safeguards to protect your Personal Data, which may include standard contractual clauses.

    For more information, please contact us at our email address provided below.

13. Requesting access or correcting your personal data

    If you wish to request access to the Personal Data we hold about you, please contact us using the contact details set out below including your name and contact details. We may need to verify your identity before providing you with your Personal Data. In some cases, we may be unable to provide you with access to all your Personal Data and where this occurs, we will explain why. We will deal with all requests for access to Personal Data within a reasonable timeframe.

    If you think that any Personal Data we hold about you is inaccurate, please contact us using the contact details set out below and we will take reasonable steps to ensure that it is corrected.

14. Profiling and automated decision making

    We may use automated decision-making tools as part of our services. These tools may include automated process steps or filters deemed applicable to the information submitted in your Report.

15. Data controller

    For the purposes of the GDPR (where applicable), RespectX is considered the controller in relation to the processing activities described in this policy. This means we decide why and how your Personal Data is processed in connection with our activities.

16. Contact us

    For further information about our privacy policy or practices, or to access or correct your Personal Data, or make a complaint, please contact us using the details set out below:

    Email: support@respectx.com.au

Our privacy policy was last updated on 5 June 2024.