Last updated February 5, 2018.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for EU citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU.
As an Australian business, we are already covered by the Privacy Act 1988 (Cth) (Privacy Act). The GDPR and the Privacy Act include some similar requirements. Both laws foster transparent information handling practices and business accountability, to give individuals confidence that their privacy is being protected. Both laws require businesses to implement measures that ensure compliance with a set of privacy principles, and both take a privacy by design approach to compliance.
Dovetail has made information security and data privacy foundational principles of everything we do, and we recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU. We are firmly committed to GDPR readiness.
User: means any persons who is registered on our Services, either by creating a new team themselves or being invited to an existing team by a Customer.
Personal Information is as defined in the Privacy Act 1988 (Cth) (Privacy Act). The Privacy Act defines ‘personal information’ as:
“Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.”
Project/Projects: means any research project created by a User on the Services.
Customer Data: means any content added by a User to the Services.
General personal information: The type of general information we collect from all visitors to our website may include:
User personal information: The type of personal information we collect from Users of the Services may include:
Your use of our Services: As with most online businesses, we may log information about your access and use of our Services, including through the use of Internet cookies, your communications with our Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
Your opinion and feedback: We may contact you to voluntarily respond to questionnaires, surveys or market research to seek your opinion and feedback. Providing this information is optional to you.
We collect and use General Personal Information:
You may opt-out of receiving marketing materials from us by contacting us using the details set out below, or by using the opt-out facilities provided in the marketing materials.
We collect and use User Personal Information:
We may disclose General Personal Information to:
We may disclose User Personal Information to:
Where we disclose your personal information to third parties for these purposes, we will confirm that the third party’s privacy policies and procedures are in accordance with the Privacy Act.
For more information see List of Data Subprocessors.
If there is a change of control of our business or a sale or transfer of business assets, we reserve the right to transfer our user databases, together with any personal information and non-personal information contained in those databases, to the extent permissible by law. This information may be disclosed to a potential purchaser. We would seek to only disclose information in good faith.
Your provision of third party information: If you provide us with third party personal information then you warrant to us that you have the third party’s consent to provide this.
Access: You may request details of personal information that we hold about you, in certain circumstances set out in the Privacy Act 1988 (Cth) (Privacy Act). We may refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us by email or edit your personal information. We rely in part upon customers advising us when their personal information changes. We will respond to any request within a reasonable time. We will endeavour to promptly correct any information found to be inaccurate, incomplete or out of date.
Deletion: You may request to have your account deleted along with any personal information you have added to the Services. It may take up to 14 days for your personal information to be completely removed from our system and backups.
Complaints: If you believe that we have breached the Australian Privacy Principles and wish to make a complaint about that breach, please contact us by email setting out details of the breach. We will promptly investigate your complaint and respond to you in writing setting out the outcome of our investigation, what steps we propose to take to remedy the breach and any other action we will take to deal with your complaint.
Unsubscribe: To opt out of non-trasactional or account-related communications, please use the “unsubscribe” link located at the bottom of our communications.
Dovetail hosts data with hosting service providers in numerous countries including the United States and Australia. We are committed to ensuring that the information you provide is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Where data is transferred over the Internet, the data is encrypted using industry standard SSL (HTTPS).
A notifiable data breaches scheme commences in Australia on 22 February 2018. The scheme applies to ‘eligible data breaches’—where the breach is likely to result in serious harm to any of the individuals to whom the information relates.
It requires us to provide a statement to the Commissioner notifying of an eligible data breach as soon as practicable after we become aware of the breach. It also requires us to notify affected individuals as soon as practicable after preparing the statement for the Commissioner.
We may use web beacons on this Services from time to time. Web beacons or clear.gifs are small pieces of code placed on a web page to monitor the visitors’ behaviour and collect data about the visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.
We may use Google Analytics to collect and process data. To find out how Google uses data when you use third party websites or applications, please see google.com/policies/privacy/partners or any other URL Google may use.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your Personal Information to Australia and the United States to us.
By providing your Personal Information, you consent to any transfer and processing in accordance with this Policy.
For questions and notices, please contact us at Dovetail Research Pty Ltd. ABN: 84 615 270 025, Email: [email protected].