Privacy Policy Statement.
1. INTRODUCTION
1.1. This Privacy Policy outlines how Smart Paddock Pty Ltd (ACN 620 545 811) (Smart Paddock, we, us, our) manage your Personal Information when you access and use our services, including our Hardware and Platform (as those terms are defined in our Terms) (Services).
1.2. We respect the rights and privacy of all individuals and are committed to complying with the Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles, and other relevant privacy legislation.
1.3. This Privacy Policy sets out:
(a) what ‘personal information’ is;
(b) what we collect, hold and use;
(c) what happens if we can’t collect it;
(d) how and why we collect it;
(e) how and why we may disclose it;
(f) how we use third-party providers;
(g) how long we retain what we collect;
(h) how we make sure it is secure;
(i) how you can access or correct what we collect;
(j) how you can complain about privacy breaches; and
(k) how to contact us.
1.4. We may, from time to time, review and update this Privacy Policy. All personal information that we hold will be governed by the most recently updated Privacy Policy. We will give you notice about any revised Privacy Policy by updating it on our website, www.smartpaddock.com/privacy-policy and by providing you notice by email.
2. WHAT IS PERSONAL INFORMATION?
2.1 In this Privacy Policy, ‘personal information’ has the meaning given to it in section 6 of the Act (Personal Information). In general terms, Personal Information is any information or combination of information that can be used to personally identify you.
2.2 Personal Information may include your name, age, location, post code and contact details. It may include location data, and financial information, including your credit card information. If the information we collect personally identifies you, or you are reasonably identifiable from it, then information will be considered Personal Information.
3. WHAT PERSONAL INFORMATION DO WE COLLECT, HOLD AND USE?
3.1 The majority of our Services do not require the collection of Personal Information. Our Services are designed primarily with the tracking and assessing of livestock. Information about livestock is not Personal Information under the Act, in most cases,
3.2 So that we can provide you with our Services, including personalised access, we collect, hold and use Personal Information such as your:
(a) name;
(b) phone number and email address;
(c) farm ID, location, and where necessary, ABN and other information relevant to your business;
(d) limited financial information including your billing address and the last 4 digits of any credit cards used for payment;
(e) username and password (stored on a secure, third party access management system);
(f) IP Address, date and time of access, device type and composition including performance metrics and system memory, browser and operating system used, and history of pages visited.
(g) history of purchases, including subscription information;
(h) any other personally identifiable information that is disclosed to us by you or other users, either directly or indirectly, by using our Services.
3.3 We do not collect Sensitive Information. In the rare event that we do collect Sensitive Information, we will only do so when the Sensitive Information has been provided by you, with your express consent, and only to the minimum extent necessary for us to provide you with our Services. If Sensitive Information is provided to us and is not necessary for us to provide you with our Services, we will immediately take steps to destroy or deidentify the Sensitive Information.
4. WHAT HAPPENS IF WE CAN’T COLLECT YOUR PERSONAL INFORMATION?
4.1 We may not be able to provide or update some or all of our Services to you if you choose not to provide us with Personal Information.
4.2 The minimum Personal Information required for us to provide our Services depends on the type of Service we are providing (Hardware or Platform access), and includes:
Service: All Services
Required information: Name, email address, farm ID, phone number (for MFA)
Optional Information: Phone number (for alerts and marketing purposes)
Service: Hardware
Required information: Delivery address
Optional Information: None
Service: Platform and other online Services
Required information: Device details, including details and data collected from Hardware, usage history and access patterns, username and password
Optional Information: Financial information (for payment purposes only), any other information you provide to us directly
5. HOW AND WHY DO WE COLLECT AND USE PERSONAL INFORMATION?
5.1 The primary purpose for collecting your Personal Information is to enable us to provide you with our Services, as detailed below. We may use Personal information to generate insights for viewing on the Platform, however the insights will be limited to viewing by you only, unless you actively request and consent to the sharing of insights with third parties..
5.2 We may also use your Personal Information for secondary purposes closely related to the primary purpose in circumstances where you would reasonably expect such use or disclosure, or consent to the secondary use or disclosure. This includes, for example, allowing you to directly share Your Information on the Platform to third parties of your choosing. Personal Information will only be shared with third parties with your consent.
5.3 We collect Personal Information so that we can set up your account, provide you with access to the Services, comply with our contractual and other legal obligations, or administer our relationship with you by responding to your enquiries and providing you with information.
5.4 We collect your Personal Information directly unless it is unreasonable or impractical to do so, including when:
(a) you directly enter information into our Website, Platform, or registration forms;
(b) when you otherwise access and use the Services, including tracking Website access and Platform access;
(c) when you communicate with us; and
(d) when a third-party provides it to us with your consent, such as a third-party service provider or authorised users of our Platform.
5.5 We may use your Personal Information for the purposes of developing, maintaining, or updating the Services, so that we can continue to provide you the best version of our Services possible. We will take reasonable precautions to de-identify as much Personal Information as possible when used for such purposes, unless the Personal Information is required to be identifiable. Personal Information will not be shared with third parties without your consent.
5.6 We may use your Personal Information to contact you with news, marketing, or promotional materials about our Services that may be of interest to you, with your consent. You can opt out of receiving news, marketing or promotional materials from us at any time on our website or by clicking the unsubscribe button on the relevant communication.
5.7 These communications may be sent by email in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth).
5.8 In some cases, we may continue to send you relevant communications even when you have opted out of marketing. The communications will be limited to notifying you of essential updates to our Services and legally required notices.
Cookies and website analytics
5.9 We may, from time to time, use cookies and engage third party website analytics providers, to improve your experience of our Services. While a majority of information collected by cookies and by website analytics providers is not Personal Information, we will take reasonable steps to deidentify information that may be considered Personal Information collected or stored as part of these processes.
5.10 We will not associate any data gathered from our Website or Platform with any personally identifying information from any source as part of our use of cookies or website analytics.
6. WHEN DO WE DISCLOSE PERSONAL INFORMATION?
6.1 To enable us to deliver the Services to you, we may disclose your Personal Information:
(a) to our employees, contractors or licensees;
(b) to external or third-party service providers with your consent (see clause 7); or
(c) to comply with a legal obligation, including the resolution of disputes or complaints.
6.2 If we are involved in a merger, acquisition or asset sale, your Personal Information may be transferred to a third party. We will provide you with notice before your Personal Information is transferred and becomes subject to a different privacy policy.
7. HOW WE USE EXTERNAL SERVICE PROVIDERS (INCLUDING OUTSIDE OF AUSTRALIA)
7.1 We may provide your Personal Information to other external third-party service providers that we engage to perform functions on our behalf so that we can provide you with the Services.
7.2 Some of these external service providers are located overseas. If we are required to disclose Personal Information to overseas persons or entities, we will take reasonable steps to ensure that the overseas recipients of your Personal Information do not breach the privacy obligations relating to your Personal Information.
7.3 We will not transfer your Personal Information to an external third-party service provider or a country unless we believe they have reasonable and adequate controls in place, including the security of your Personal Information. If you don’t agree with your Personal Information being transferred to countries outside Australia, you may not be able to use our Services.
7.4 Processors of Personal Information
(a) We use Microsoft Azure to host our Platform, your Personal Information and all data associated with the Platform. Microsoft Azure complies with the highest security certifications available. More information is available here: https://azure.microsoft.com/en-au/explore/trusted-cloud/privacy
(b) We use Xero for payment processing and financial record keeping, and Xero will store a copy of your name, email address, and physical address. You can find their privacy policy here: https://www.xero.com/au/legal/privacy/
(c) We use Auth0 for authentication services. 0Auth will store your username and password, and any other details required for 0Auth to complete authorisation. You can find their privacy policy here: https://www.okta.com/privacy-policy/
(d) We use HubSpot as our CRM. You can find their privacy policy here: https://legal.hubspot.com/privacy-policy
(e) We may, from time to time, engage additional third party processors of your Personal Information, and if so, we will update the list of processors here.
7.5 We make no representations or warranties in relation to the privacy practices of any external third-party service providers.
7.6 Your Personal Information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy, or with your express consent obtained immediately prior to such disclosure.
8. HOW CAN YOU ACCESS OR CORRECT YOUR PERSONAL INFORMATION?
8.1 You may request access to any Personal Information we hold about you at any time by contacting us at support@smartpaddock.com.
8.2 Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We will not charge you for making a request, unless the requests are repeated and excessive, and will not charge you for making any corrections to your Personal Information.
8.3 If you make an access request, we may ask you to verify your identity. There may be instances where we cannot grant you access to the Personal Information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
8.4 If you believe that Personal Information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it.
8.5 We request that you keep your information as current as possible so that we may continue to improve our Services to you.
9. HOW DO WE ENSURE THAT YOUR PERSONAL INFORMATION IS SECURE?
9.1 We will take all reasonable steps to implement security measures to protect the Personal Information that we hold from accidental or unlawful destruction, accidental loss, alternation, unauthorised disclosure or access and misuse.
9.2 If you suspect any misuse or loss of, or unauthorised access to, your Personal Information, please let us know immediately.
9.3 If we suspect any misuse or loss of, or unauthorised access to, your Personal Information we may inform you of that suspicion and take immediate steps to limit any further access to, or distribution of, your Personal Information. If we determine that the breach is likely to result in serious harm to you and we are unable to prevent the likely risk of serious harm with remedial action, we will take action in accordance with the notifiable data breaches scheme as set out in the Act.
9.4 If we receive unsolicited Personal Information that we are not permitted to collect under this Privacy Policy, or within the confines of the law, we will de-identify the unsolicited Personal Information as soon as practicable if it is lawful and reasonable to do so.
9.5 We will de-identify your Personal Information if we no longer require it to deliver our Services as soon as practicable, if it is lawful and reasonable to do so.
10. INFORMATION FOR USERS THAT ARE RESIDENTS IN THE EEA AND THE UK
10.1 In addition to the clauses in this Privacy Policy, if you are a resident of the EEA or the UK, this clause 10 applies.
10.2 In this clause, the Personal Information which we may collect, as outlined in clause 3, is referred to as personal data and takes the meaning of personal data under Article 4 of the GDPR (Personal Data).
10.3 In this clause the terms data subject, processing, controller and processor take the meaning under Article 4 of the GDPR.
10.4 Smart Paddock is the controller of any Personal Data that you directly provide to us. Smart Paddock is the processor of any Personal Data that it receives from a party that is not the data subject, for example an external service provider.
10.5 Smart Paddock will only process your Personal Data in accordance with this Privacy Policy for the following reasons:
(a) where you have consented to our collection and use of your Personal Data (you can withdraw this consent at any time); and/or
(b) where we are required to collect and use your Personal Data to provide you with access to our software, or to provide you with other services that we have contractually agreed to provide you; and/or
(c) where it is necessary for our legitimate interest for the purpose set out in this Privacy Policy; and/ or
(d) to comply with the law.
10.6 In most cases, our basis for processing your Personal is set out in clause 10.5(b).
10.7 Your Personal Data will be transferred outside of the EEA and UK when using our Services, to us (in Australia) and to the sub processors listed 7.4. If you do not consent to your Personal Data being transferred outside of the EEA or UK, you are unable to use our Services.
10.8 You have additional rights about your Personal Data including:
(a) the right to be informed – you have the right to be clear about what Personal Data is processed, who processes it and why.
(b) the right to access – you have the right to request copies of any of your Personal Data that we have collected. You can request this using the privacy tools provided in your profile.
(c) the right to rectification – you have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information that you believe is incomplete.
(d) the right to erasure – you have the right to request that we erase your Personal Data. You can request deletion of your Personal Data, although sometimes this may not be possible. We will take reasonable steps to erase your Personal Data.
(e) the right to restrict processing – you have the right to object to us processing your Personal Data.
(f) the right to data portability – you have the right to request that we transfer the Personal Data we have collected to another organisation or directly to you.
11. HOW CAN YOU COMPLAIN ABOUT PRIVACY BREACHES?
11.1 If you believe we have breached your privacy rights, or if you have any questions or concerns about our Privacy Policy, please contact us by email at support@smartpaddock.com.
11.2 Your requests and complaints will be treated confidentially. We will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
11.3 If you are not satisfied with the outcome of our investigation, then you may request that the Office of the Australian Information Commission investigate your complaint at their website, https://www.oaic.gov.au/. If you are located in the EEA and UK, you may lodge a complaint with the data protection authority of your home jurisdiction.
12. HOW TO CONTACT US
12.1 To contact us about your Personal Information, this Privacy Policy or concerns or complaints, please contact us by email at Support@smartpaddock.com.