- Your rights to access and rectify or to request erasure of personal data;
- Your right to withdraw consent;
- The right to lodge a complaint with the Office of the Australian Information Commissioner;
- Why we collect and process personal data, the categories of personal data that we process, and who we disclose it to;
- Details of the security measures that we take to help protect your personal data;
- Other information about how we collect, use, disclose and process personal data.
Personal Data We Collect and How We Use It
We collect personal data that you give us, whether by email, telephone, in person, via application forms or otherwise. We may obtain personal data directly from third parties such as our resellers, related companies, installers, sales agents and any of their representatives. In addition, we may obtain personal data from public sources, where available. However, if it is reasonable and practicable to do so, we will collect personal data about an individual only from that individual.
If you enter and/or upload into the Cloud Services and/or otherwise provide us with personal data about any person other than you (including the personal data of any of your End Users), you must provide the information required by Australian Privacy Principle 5 to the relevant persons to whom the personal data relates.
We will not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of our entity’s functions or activities and we will not collect sensitive information unless you consent to the collection and the sensitive information is reasonably necessary for one or more of our functions or activities, or we collect it pursuant to subclause 3.4 of the Australian Privacy Principles. Please notify us if you are not of old enough or not otherwise able to provide us with consent, and do not provide us with any consent for the purposes of applicable privacy law.
The personal data that we collect and how we use it is as follows:
- Data entered into and/or uploaded into the Cloud Services by the Customer and/or end users when accessing the Cloud Services: Any personal data that our end users upload or enter into the Cloud Services either manually or via computer systems, smartphone devices and tablets, namely: names, telephone numbers, mobile numbers, email addresses, postal addresses, residential addresses, business addresses. The Cloud Services will also process any other personal information that our end users voluntarily enter or upload to Cerely. We will process this personal data on behalf of our end users in our capacity as a processor in order to provide our end users with the Cloud Services in accordance with their specific instructions (unless applicable law to which we are subject requires other processing of that personal data by us, in which we will inform you of that legal requirement (unless that law prohibits us from doing so on important grounds of public interest). We will also process this personal data as a controller to monitor compliance with the terms and conditions of our end users agreements, to maintain backups of our databases and to detect unauthorised use and faults with the Cloud Services (such as, by examining log files and error messages). The personal data will also be used to provide our end users with professional services (including technical support and training services) if and where required pursuant to our end users agreements.
- Data relating to communications between us and our end users: When our end users contact us, we will process personal data including the name of the end users, the IP address of the end users and any other personal data that the end users provide to us during the communications. For example, our end users and/or end users may contact us to ask questions about tour Cloud Services, seek technical support or advice and to express their interest in subscribing to the Cloud Services or for the purposes of upgrading or modifying their accounts on our platform. We will process this personal data in order to provide our end users with information and assistance about the Cloud Services, and to communicate with our end users in connection with any breach, expiry, termination or suspension of the Cloud Services.
- Analytics data: We will process personal data known as analytics data for statistical and analytical purposes, designed to measure and monitor how the Cloud Services are being used and to highlight any areas for improvement, optimisation and enhancement of the Cloud Services, including IP addresses, cookie data, the amount of time a user spent on our cloud platform and in which parts of the platform, and the path they navigated through the platform. We will process this personal data in order to monitor and detect unauthorised use of the Cloud Services and to establish how the Cloud Services are used and to highlight areas for potential improvement of the Cloud Services.
- Cerely’s use and transfer to any other app of information received from Google APIs will adhere
to the Google API Services User Data Policy, including the Limited Use requirements. Information
from Google APIs includes information from any Gmail account or G-Suite account that a User
connects to the application. Cerely will not use information from a User’s Gmail or G-Suite account
for any other purpose than providing the Cerely SaaS.
Who We Share Personal Data With
- So that we can obtain assistance with the provision of the Cloud Services – in which case we may disclose your personal data to members of our corporate group who we may subcontract the provision of all or part of the Cloud Services to;
- Handling claims and complaints – in which case we may disclose your personal data to our lawyers and insurers;
- In order to identify our end users when we are contacted with questions or concerns regarding the products and services we provide;
- In order to configure a new service for our end users;
- To service providers to assist us to monitor, assess and/or improve the service we provide to our end users
- In order to interface with third party platforms – where you configure your account on Cerely or use the Cloud Services to do so;
- For professional advice – when providing information to our legal, accounting or financial advisors/representatives or debt collectors for debt collection or other legitimate purposes;
- If we sell the whole or part of our business of Cerely or merge with another entity – in which case, we will provide to the purchaser or other entity the personal data that is the subject of the sale or merger;
- Where required by law.
- For the purposes of obtaining professional advice;
- To obtain or maintain insurance;
- The prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
- To protect or enforce our rights;
- Enforcement of our claims against you or third parties;
- The enforcement of laws relating to the confiscation of the proceeds of crime;
- The protection of the public revenue;
- The prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
- The preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of the court or tribunal.
- Where disclosure is required to protect the safety or vital interests of employees, end users or property
Third Party Platforms (Links and Single Sign On Providers)
Cerely may include links to third party websites and platforms. Our linking to those websites and platforms does not mean that we endorse or recommend them. Where an end user uses Cerely or the Cloud Services to provide personal data to a third-party website or platform, the end user does so at its own risk. We do not warrant or represent that any third-party website or platform operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third-party websites and platforms prior to sending your personal data to them. You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on Cerely. These widgets and tools may collect your IP address and other personal data. Your interaction with such widgets and tools, and any single sign-on services such as Open ID is governed by the privacy policies of the relevant social media operators and single sign-on service providers.
If You Refuse to Provide Us With Personal Data
You can only browse limited pages of Cerely without registering as a subscriber of Cerely, such as the pages that generally describe the services that we make available through Cerely, and our About Us and Contact Us pages. However, when you subscribe to Cerely, we need to collect personal data from you in order to identify you and setup an account for you on Cerely. We will also collect personal data from you when you use the Cloud Services when you enter the personal data into Cerely, when you contact us for technical support and assistance with your account and when gathering analytics data about your use of Cerely. You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about our Cloud Services, but not if you wish to actually access our Cloud Services or any of our other services.
We do not send “junk” or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact end users. These transaction-based e-mails are automatically generated. Anytime an end users or visitor receives e-mail it does not want from us the end users can request that we not send further e-mail by contacting us via email at: service@Cerely.com
Retention and De-Identification Of Personal Data
We will not keep personal data in a form which permits identification of any person for longer than is necessary for the purposes for which the personal data is processed. We will only process personal data that you enter into Cerely , and only thereafter for the purposes of deleting or returning that personal data to you (except where we also need to retain the data in order to comply with our legal obligations. We will, following your cessation of use of the Cloud Services, at your option delete or return to you all of the personal data uploaded and/or entered into the Cloud Services by you. Where you requires that personal data to be returned, it will be returned to you after the end of the provision of services relating to the processing (“Processing Conclusion Date”), and we will thereafter delete all then remaining existing copies of that personal data in our possession or control as soon as reasonably practicable thereafter, but in any event not more than 30 days after the Processing Conclusion Date, unless applicable law requires us to retain the personal data in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws. Where required under the Privacy Act, we will destroy and/or de-identify personal data that we collect about you in accordance with our legal obligations
Your Rights Under the Privacy Act
- the right to request from us access to and rectification or erasure of your personal data or restriction of processing concerning your personal data;
- the right to object to the processing of your data;
- the right to data portability;
- the right to withdraw consent (where you have consent to the processing of your personal data for one or more specific purposes);
- the right to lodge a complaint with the Office of the Australian Information Commissioner or any supervisory authority;
- the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or it similarly significantly affects you.
Notifiable Data Breaches
Since 22 February 2018, data breaches that are likely to result in serious harm must be reported to affected individuals and the Office of the Australian Information Commissioner, except where limited exceptions apply. We will notify you of any data breach that may affect you where we are required to do so in accordance with our legal obligations.
We will use our best endeavours to resolve any privacy complaint within 10 business days following receipt of your complaint. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution. If you are not satisfied with the outcome of a complaint you make refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted using the following details:
Call: 1300 363 992
Address: GPO Box 5218, Sydney NSW 2001