This Policy applies to the use of the Software As A Service (SAAS) product “Online WHS Systems” (herein referred to as “Product”) and describes GSS’s commitment to Privacy.
The Product is used by our clients (herein referred to as the “Company”) to manage their respective WHS commitments under various legislative requirements (herein referred to as the “Purpose”). The Purpose extends to the Company’s evaluation, training, or trial of the Product where the Company user enters real Personal Identifiable Information (herein referred to as “PII”).
As part of our commitment to continuous improvement this document will be reviewed and updated regularly. As such, this Policy may change from time to time and is available on our website.
If you have concerns about or believe that this Policy has been breached please contact us immediately on 1800 020 389 or firstname.lastname@example.org.
What is Personal Identifiable Information?
Personal Identifiable Information (PII) is any information that can be used to identify an individual, either on its own or in correspondence with other information or other information sources.
How do we collect PII?
We predominantly collect PII both Directly and Indirectly as detailed below.
Directly: PII entered for the Purpose of the Product
A Company may enter your information into the Product:
- If you directly or indirectly work for, volunteer or provide services to the Company;
- If you are applying for or are being considered for work for the Company;
- If you are a client of that Company;
- If you are a carer/emergency contact for a worker or client of that Company;
- If you visit the site/premise and the Company records your attendance or;
- If you are involved in or witness an incident or event.
A person may enter their own information directly into a SAAS Product by:
- Submitting information via API or email;
- Usage/entering information directly into the Product.
A third party may enter your details into a SAAS Product:
- If a third party is provided access by the Company to provide services to achieve the Purpose;
- If you directly or indirectly work for, volunteer or provide services to a third party, who contracts for the Company;
- If you are involved in or witness an incident or event which is reported by a third party.
Indirectly: Behaviour Based Collection of PII:
When you use our Product,
- We track basic information about you automatically when you view our website or use our product (date/time, IP address, device type, browser);
- We track generic behavioural based information to improve our services and offerings;
- We try to identify/verify who you are to provide seamless usage of your products (EG if the system can verify your identity, it will skip the log on page);
- We use session details to report on errors which may occur in the use of our systems (which includes information such as your IP address, browser and addon information as well as the details of error).
Some of this information is collected using cookies and other tracking technologies. If you want to find out more about the types of tracking undertaken please contact us on email@example.com.
How do we use your PII?
We use your PII for the Purpose.
We do this to:
- Provide a service to the Company;
- To verify your information;
- To respond to an enquiry or assist you to learn more about our product;
- To provide training or support;
- To improve our services.
- To communicate to you in the use of the product.
Communication of your PII:
PII entered for a Company remains the property of that Company. It may be shared or communicated by that Company in line with the initial Purpose for which it was provided to them.
Global Safety Systems accepts no responsibility for the use by a Company of PII entered into or collected by the Product.
Examples of how your information may typically be shared via our platform by a Company are:
- To comply with any applicable laws, regulations or legal requirements, including but not limited to audits, court orders or to defend their legal rights;
- If the Company needs to demonstrate safety compliance to an employer or potential employer;
- If the Company needs to provide reports on safety compliance to an employer;
- If the Company needs to report to return to work authorities;
- If the Company needs to report to insurance companies;
- If the Company syncs with a third party via our API service;
- If the Company provides access to its system to third parties (EG WHS Advisor, Auditor or HR Advisor).
Examples of how Global Safety Systems may share or disclose your PII are:
- We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors insofar as reasonably necessary for the Purpose;
- When the Company joins GSS through a group, association or similar offering, we may disclose your personal information to that group or association insofar as reasonably necessary for that collective purpose;
- We may from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request;
- We may also use your personal information to protect the copyright, trademarks, legal rights, property or safety of Global Safety Systems, www.whssystems.com.au, its customers or third parties;
- If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances;
- In other cases where it is required by the Company to achieve the Purpose (including integrations);
- In other cases where we have your consent.
Where is the PII stored
The Product is hosted through our hosting partner “Veeps”. All PII is held and backed up in Sydney Australia.
Veeps is a certified “All of Government” hosting provider with ISO 27001 and Australian Tier III PII centre certification.
Retention of PII
We retain PII while we have a relationship with the Company and for a period of time afterwards as required on a case by case basis. Upon request from the Company we can provide written confirmation of permanent deletion of PII.
We are committed to providing the best possible security and practices surrounding the protection of your PII. We work with industry leading consultants who audit and review our processes, keeping us in line with best industry practices.
This site uses SSL (Secure Socket Layer) encryption to keep your transactions secure and private. SSL is the industry standard for data encryption. It provides a secure link between your browser and our server, and scrambles your personal information to ensure it is kept private during transmission over the Internet.
For PII entered into a GSS System
PII entered by or for a Company is the property of that Company and to adhere to various legislative requirements they may need to keep this information. If you questions or concerns about what information a Company is holding of yours, please contact the Company and if unresolved contact us on firstname.lastname@example.org
For any other information:
For PII not entered into a system (EG indirect information, set up and service history). It’s your personal PII and you have rights in regards to it.
You can request:
- to know and update the personal PII we hold about you.
- To restrict processing this PII or delete it.
You can request any of the above by contacting us on email@example.com.
- Anonymous, non-identifiable information may be used to identify overall trends and provide insights into safety which may be shared publicly.
- Anonymous, non-identifiable information related to technical issues are recorded client and server side via a number of industry best practice tracking tools.
- Anonymous, non-identifiable information related to system usage / process mapping is recorded via a number of third party tracking tools.
- If you use any Global Safety System Product as part of an Association, Group, Shared or Serviced offering, you must check what level of access they have to your PII and what purposes they use this access for.
- If you integrate with third party providers (whether in Australia or internationally), it is up to you to ensure they have the appropriate policies/procedures in place surrounding your PII and security.
If you have any complaints about our privacy practices, please feel free to send in details of your complaints to 3.04/5 Celebration Drive, Bella Vista, New South Wales, 2153. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.