IMPORTANT: SPG SECURE DOES NOT COME WITH PERSONAL SECURITY SERVICES OF ANY KIND OR ANY GUARANTEED RESPONSE TIME FOR RESPONDING TO SECURITY INCIDENT NOTIFICATIONS OR DISTRESS CALLS. OUR OBLIGATIONS TO PROVIDE PERSONAL SECURITY SERVICES, INCLUDING ANY OBLIGATIONS TO RESPOND TO SECURITY NOTIFICATIONS AND DISTRESS CALLS ARE SET OUT IN OUR SECURITY SERVICES CONTRACTS WITH OUR CLIENTS. WE DO NOT REPRESENT THAT SPG SECURE WILL OPERATE UNINTERRUPTED OR ERROR-FREE. IF YOU ARE A LICENSED LICENSED USER, WE AGREE TO USE OUR BEST ENDEAVOURS TO ENSURE THAT THE FUNCTIONALITY OF SPG SECURE REMAINS AVAILABLE FOR YOU TO USE AT ALL APPLICABLE TIMES. HOWEVER, DISTRESS CALLS AND NOTIFICATIONS MAY NOT ALWAYS REACH US OR OTHER PERSONS THAT ARE ATTEMPTED TO BE SENT VIA SPG SECURE AS A RESULT OF SYSTEM, SOFTWARE OR COMMUNICATIONS ERRORS, DEVICE MISCONFIGURATION AND/OR FORCE MAJEURE EVENTS. SPG SECURE WILL NOT BE ABLE TO TRANSMIT AUDIO, VIDEO OR LOCATION INFORMATION OR DISTRESS CALLS OR NOTIFICATIONS TO US IN THE EVENT THAT PERMISSION FOR SUCH TRANSMISSIONS, CALLS AND NOTIFICATIONS HAVE NOT BEEN GRANTED TO SPG SECURE VIA YOUR IOS OR ANDROID DEVICE. YOU WILL ALSO NOT BE ABLE TO RECEIVE SPG SECURE NOTIFICATIONS FROM US WHERE PERMISSION FOR SUCH NOTIFICATIONS HAS NOT BEEN GRANTED TO SPG SECURE. WE ARE NOT RESPONSIBLE FOR ANY NON-PERFORMANCE OF SPG SECURE OR OUR OBLIGATIONS UNDER THIS AGREEMENT OR ANY SECURITY SERVICES CONTRACT AS A RESULT OF ANY SUCH MATTERS.
Background
This Privacy Policy describes how Protac Solutions Pty Ltd ABN 98 604 258 639 (we, our, us) manages personal information about individuals whose data is collected and processed by the SPG Secure app (SPG Secure), whether or not such individuals are licensed users of SPG Secure (Licensed Users). SPG Secure includes functionality that, among other things, provides the ability for Licensed Users to make distress calls, the details of which may be sent to us. SPG Secure is downloadable from the Apple App Store and Google Play and is accessible via a smartphone or tablet.
Secure is only available to be downloaded and installed by our clients who:
we expressly agree in writing: (i) that we will provide personal security services to under a separate current written contract between us and them (Security Services Contract); and (ii) may use SPG Secure in connection with their receipt of those personal security services;
are at least 18 years of age or are a person under the age of 18 whose parent or legal guardian has entered into this End User Licence Agreement in their own personal capacity and on your behalf;
have the capacity to enter into legally binding contracts under applicable law;
irrevocably and unconditionally accept the terms and conditions of, and agree to be legally bound by, our End User Licence Agreement; and
consent to our collection, use and disclosure of their personal information in accordance with our Collection Notice and this Privacy Policy.
We are committed to complying with our privacy obligations in accordance with the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (each, an APP). If we decide to change this Privacy Policy, we will post the updated version on this webpage. Our policy is to be open and transparent about our privacy practices.
INFORMATION FOR ALL USERS OF SPG SECURE
Consents
When a person first opens SPG Secure on their compatible device they are provided with our Collection Notice. The Collection Notice is made in accordance with APP 5, which notifies the person (among other things) of the circumstances under which we collect their personal information, the purpose for the collection and the likelihood that their personal information will be disclosed to overseas recipients.
Licensed Users must obtain all relevant privacy consents and authorisations required by law in order for the personal information that is entered into or captured by SPG Secure to be accessed, used, hosted, transmitted, stored, disclosed and otherwise processed by us for the purposes set out in this Privacy Policy.
We rely on Licensed Users to ensure that all personal information collected from them and held by us is accurate, up to date, complete, relevant and not misleading. SPG Secure has functionality to enable Licensed Users to update, modify and correct certain personal information collected about them.
We encourage you to ensure that you are familiar with this Privacy Policy to understand how we may collect, use, host, transmit, store, disclose and otherwise process personal information about you via SPG Secure or otherwise.
The Types of Personal Information We Collect and Hold
We collect and hold the following types of personal information:
Licensed Users
We collect the following types of personal information about Licensed Users:
the Licensed Users’ device and network usage details (IP addresses) collected via the Licensed Users’ smartphone, tablet or other compatible mobile device;
personal information, including health information, entered by the Licensed User into SPG Secure;
personal information, including health information, entered by or on behalf of a Licensed User into the SPG Secure;
a Licensed User’s general location (suburb or city location);
a Licensed User’s precise location determined using the functionality of the device upon which they install SPG Secure or via “What Three Words”, a third party service provider integrated into SPG Secure (Specific Location). Specific Location information is only sent to us if a Licensed User sends a distress call to us using SPG Secure or fails to respond to a notification from us within a reasonable period of time determined by us;
information in notifications sent to a Licensed User via SPG Secure and any responses sent by the Licensed User to such notifications;
information in notifications sent from a Licensed User via SPG Secure and any responses sent to them.
Non-Licensed Users
All information, including personal information, about non-Licensed Users (such as those persons identified by a Licensed User as close contacts of a Licensed User) that is entered into or collected by SPG Secure by or on behalf of Licensed Users (or otherwise disclosed to us under a Security Services Contract), is held in, and processed by, systems managed by us.
Information required for the support, maintenance and security of SPG Secure
In order to support and maintain SPG Secure, we collect and process Licensed User information in the form of IP addresses, email addresses, Licensed User access logs, Licensed User usernames, passwords, statistical data and information included by Licensed Users in error messages, technical support tickets and telephone calls to our support or security teams.
How we collect personal information
Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. We only collect personal information that is necessary to provide the functionality of SPG Secure, the Services and to otherwise operate our business.
We collect personal information, including health information, about Licensed Users when personal information is entered by or on behalf of the Licensed User into SPG Secure, and when a Licensed User voluntarily discloses personal information to us (via SPG Secure, telephone, e-mail, in person or otherwise).
How we use personal information
How we use personal information about Licensed Users and non-Licensed Users is set out in the following table:
Category
How We Use and Process Personal Information that We Collect
Why We Collect Personal Information
Personal information about Licensed Users
To manage, provide and support a Licensed User’s use of SPG Secure;
To provide services under a Security Services Contract;
In order to store personal information in databases and systems in our or our hosting providers’ hosting environments at third party data centres about Licensed Users as required to provide the functionality of SPG Secure or services under a Security Services Contract;
To provide or procure technical support services about SPG Secure to Licensed Users that require us and our service providers to view and update personal information held in SPG Secure;
When conducting research and development of SPG Secure;
To carry out security audits, investigate security incidents and implement security processes and procedures that require access to personal information;
Backing up and restoring data that includes Licensed User’s personal information;
To handle complaints.
Required to identify persons who use SPG Secure and to identify persons who request technical support or wish to exercise their rights under privacy law to access and correct their personal information or otherwise to exercise their other rights with respect to their personal information;
Necessary for our legitimate interests, including in order to operate and grow our business and in order to administer and allow Licensed Users to operate SPG Secure and for us to deliver personal security services;
For our accounting, billing and other internal administrative purposes;
To comply with our legal and statutory obligations;
Required in order to determine which privacy law applies to an individual.
Personal information about non-Licensed Users
As required to offer a potential Licensed User access to SPG Secure or personal security services;
To provide services under a Security Services Contract;
As required to manage, provide and support a Licensed User’s use of SPG Secure and personal security services.
Necessary for our legitimate interest (in order to promote our business);
Necessary for our legitimate interests, including in order to administer and allow Licensed Users to operate SPG Secure and for us to deliver personal security services.
Analytics data
We collect statistical information about Licensed Users through their use of SPG Secure, known as analytics data, in de-identified form that is not collected or held in a form that could reasonably be expected to identify an individual.
Such analytics data is limited to information about devices accessing SPG Secure, the amount of time a Licensed User spends on SPG Secure and in which parts of it and the path navigated through it.
In any event, we only use analytics data to help us review, enhance and improve SPG Secure (for statistical or research purposes) and to develop case studies and marketing material without identifying any individual.
We may also collect statistical information that is not de-identified, in order to provide personal security services or investigate security incidents.
How we hold and secure personal information
We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities.
We take reasonable steps to protect personal information that we hold using such security safeguards as are reasonable in the circumstances to protect against loss, unauthorised access, modification and disclosure and other misuse, and we implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
Among other things, we:
only use or ensure that our service providers use, reputable cloud hosting providers to host personal information;
implement passwords and access control procedures, anti-virus, firewall and security controls for email and other applicable computer software and systems to secure the personal information that we hold;
regularly carry out or ensure that our service providers carry out security audits of our systems which seek to find and eliminate any potential security risks in our electronic and physical infrastructure as soon as possible;
maintain physical security measures in our buildings and offices;
require our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment and subcontractor agreements that we enter into with them;
have data backup archiving and disaster recovery processes in place or ensure that our service providers have such processes in place; and
with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed.
Disclosure of personal information
We will disclose personal information to our employees, officers, advisors, suppliers, agents, service providers and related entities who assist us with the delivery of our security services. We take reasonable steps to ensure that they are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations which apply to personal information that we provide to them.
We only disclose personal information that we collect to third parties as follows:
where authorised by Licensed Users;
data storage and software providers who host SPG Secure databases and information;
when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
where required to enable the functionality of any third party service provider integrated into SPG Secure (including “What Three Words”) or in connection with the provision of services provided by third parties that our customers request (such as security response services) that we procure;
to our related entities (including Protac Technologies Pty Ltd) who provide or procure services that we rely on to support the hosting, operation and maintenance of SPG Secure;
where a person provides written consent to the disclosure of their personal information;
where we become aware that specific personal information needs to be disclosed to protect the safety or vital interests of any person we may disclose it;
if we are contacted by any person who represents to us that they are a Licensed User, for security purposes, we will only discuss the personal information that we hold about them with them if they correctly identify themselves as such according to our security measures;
if we sell all or part of our business, we will provide our databases to the purchaser;
to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;
for the enforcement of a law imposing a pecuniary penalty;
for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); and
to police and other governmental bodies or regulatory authorities where required by law or under a Security Services Contract.
Interacting with us without disclosing personal information
If you do not provide us with your personal information, you cannot use SPG Secure or Services but you can browse our website without providing us with personal information, such as the pages that generally describe SPG Secure that we make available and our Contact Us page. However, when you submit a form on our website or become a Licensed User of SPG Secure we need to collect personal information from you in order to identify who you are, so that we can provide you with personal security services in conjunction with SPG Secure, and for the other purposes described in this Privacy Policy.
You do not have the option of not identifying yourself or using a pseudonym when using SPG Secure or contacting us to enquire about your Licensed User account as it is not practical for us to provide you with access to SPG Secure or to discuss your Licensed User account if you refuse to provide us with your personal information.
Offshore Disclosure
We may transfer your personal information to our contractors and service providers who assist us with the supply and provision of SPG Secure to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will take reasonable steps to ensure that such recipients do not breach the APPs in relation to personal information or other relevant State and Territory laws (as applicable). At present we do not currently use offshore contractors and service providers.
How to Access and Correct Personal Information Held by Us
Persons who wish to access and correct the personal information held by us about them should contact us. Prior to contacting us or submitting a request for access to correct any personal information held about them, Licensed Users can update certain personal information by logging into their account on SPG Secure.
Once a Licensed User account is deleted, we may still be required to retain the data in accordance with our data retention obligations. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person’s vital interests).
Unless we are required to retain personal information for a longer period in the circumstances described in clause 10.2: (a) personal information will be stored for 7 years and any data that is no longer required for the maintenance of active Licensed Users will be deleted after this period; and we will only keep personal information for longer periods than specified above, where required under applicable law.
As an alternative to deleting personal information, we may elect to de-identify it where permissible by law. We may use personal information that we de-identify for the purpose of improving SPG Secure.
Where you require your personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter unless applicable law requires us to retain the personal information, in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
We will handle all requests for access to personal information in accordance with our statutory obligations. You can request to receive a copy of your personal information by emailing [insert email address]. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request. We will endeavour to provide a response to any request for access to personal information within 72 hours from the time a request is made.
Our contact details
Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:
Contact: Privacy Representative
Email: [insert email address]
We will endeavour to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.
If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details: