RapidMap Global Pty Ltd and our various divisions of Iconyx, Rapid Map Services, and 4D Global (referred to as “RapidMap,” “we,” “our,” or “us”) are committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your personal information (hereby referred to as “personal data”).
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The National Privacy Principals (NPP) govern the way in which we collect, use, disclose, store, secure and dispose of your personal data.
By continuing to visit and use our website and/or use our products and/or services, you agree to this policy and the way we make use of personal data as set forth herein or amended hereafter.
What is personal data and why do we collect it?
Personal data is information or an opinion that identifies an individual. Examples of personal data we collect include names, addresses, email addresses, phone, and facsimile numbers.
This personal data is obtained in many ways including but not limited to interviews, correspondence, by telephone and facsimile, by email, via our websites including https://rapidmap.global, https://www.iconyx.com/, https://rapidmap.com.au/, https://www.4dglobal.com.au/, from your website, from media and publications, from other publicly available sources, from cookies, and from third parties. We don’t guarantee website links or policy of authorised third parties.
Personal data use
We collect and use your personal data for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your personal data for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing to email@example.com or using the unsubscribe button in mailing/marketing emails.
When we collect personal data, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, or health information.
Sensitive information will be used by us only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or where required or authorised by law.
Where reasonable and practicable to do so, we will collect your personal data only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Disclosure of personal data
Your personal data may be disclosed in a number of circumstances including the following:
- Third parties for the purpose of providing improved services, and/or where you consent to the use or disclosure; and
- Where required or authorised by law.
Security of Personal data
Your Personal data is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification, or disclosure.
When your personal data is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal data. However, most of the personal data is or will be stored in client files which will be kept by us for a minimum of 7 years.
As our clients are mostly Australia-based we generally store client data relating to our service offering within Australia (even in the cloud). In the event that for some reason, client data is transferred to another country, we will take reasonable steps to inform the client prior to, or after the transfer.
Our personal data handling practices align with requirements sets out in the EU General Data Protection Regulation (GDPR) and other relevant data protection laws where we collect and store personal data of people outside of Australia.
Access to your Personal data
You may access the personal data we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal data, please contact us in writing to firstname.lastname@example.org.
We will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal data.
In order to protect your personal data, we may require identification from you before releasing the requested information.
Maintaining the Quality of your personal data
It is important to us that your personal data is up to date. We will take reasonable steps to make sure that your personal data is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Obligations as a SaaS provider
We are ISO 27001 accredited and respect relevant ISO rules and applicable laws. In addition to holding personal data on our account, we also store and process the personal data of our SaaS customers and as such there are several additional obligations that must be fulfilled. The policy in this area is informed by ISO/IEC 27018 – Code of practice for protection of personally identifiable information (PII) acting as PII processors which, as well as recommending specific enhancements to ISO/IEC 27001 controls, also provides the following policy guidance:
- Customers will be provided with facilities to meet their obligations under law in activities such as accessing, amending, and erasing individuals’ PII.
- The customer must be informed, if required by law, to disclose any of their data, unless the Company is prohibited from doing so.
- Details of disclosures must be recorded.
- The Company must tell customers if a sub-contractor is used to process their PII.
- The Company must tell customers if their PII is subject to unauthorised access.
- It must be clear in which country or countries the customer’s PII’s are stored.
This Policy may change from time to time and is available on our website.
Address: RapidMap, Suite 22 / 2 Enterprise Drive, Bundoora, Victoria, 3083, Australia
Phone: +61 3 9466 5200