Last Updated: 25 July 2019
It also explains how to contact us to correct, update or delete any personal information provided to us, or make a complaint if you have concerns. We are compliant with the privacy principles of the country in which you reside. We are also compliant with privacy principles in the country where your personal information is stored. This includes how those countries regulate the way we collect, use, disclose, store and protect your personal information.
We will only collect and process personal information about you where we have a lawful basis to do so. Lawful basis includes consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you) and legitimate interests (including security threats or frauds, compliance with applicable laws, and enabling us to administer our business).
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and Kepler Analytics Product users; in other words, where we determine the purposes and means of the processing of that personal data.
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).
What is personal information?
Personal information is defined as information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
What personal information do we collect?
Demographic and other personally identifiable information (such as your name and email address) that you voluntarily give to us when choosing to use the Kepler Analytics Products.
Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase the Kepler Analytics Products. We store only very limited, if any, financial information that we collect.
We will not disclose information relating to your financial affairs that we hold to a third-party because of your use of the Kepler Analytics Products unless you tell us to do so or we have a legal obligation to do so.
Why do we collect your personal information?
We may collect your personal information when required by law but generally we collect personal information from you (or about you) to allow us to:
supply you with the Kepler Analytics Products;
supply you with tailored service offerings that may benefit you;
communicate more effectively with you about our services and your care;
ensure your experience with us is a positive one; and
notify you about our new service or product offerings, discounts, promotions or upcoming events.
Personal information collected or received by us will only be used for the stated purpose for which it was provided.
When you access the Kepler Analytics Products, we may collect certain information automatically, including, but not limited to, your operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data (Usage Data).
When do we disclose your personal information?
for the purpose it was collected;
if we sell all or part of our business and the purchaser also requires your personal information;
to enforce our legal rights or those of others;
to prevent actual or potential fraud or illegal activity; or
if we are required to do so by law.
If personal information is disclosed to a third party, we are required to take reasonable steps to ensure your personal information is treated in accordance with the laws that apply to personal information in that country.
When and how do we collect your personal information?
We collect most personal information directly from you when you make an enquiry about Kepler Analytics or purchase Kepler Analytics Products from us. Your consent may be express (e.g. you agree to the use of your information by ticking a box) or implied by an action you take or do not take (i.e. because you have agreed to terms and conditions that contain information about the use or disclosure of your information).
You provide us your information when you purchase (or enquire to purchase) the Kepler Analytics Products from us, you set up the Kepler Analytics Products, you ask to find out more about our Products, you make a refund, return or other claim, you use our Kepler Analytics Products generally or you deal with us.
What if you don’t want us to collect your personal information?
You are not obligated to provide us with your personal information. You may choose whether you receive communications from us. Whilst it is your choice not to provide your personal information to us this may impede our ability to provide you with all of the functionality of our Kepler Analytics Products.
What if you don’t want to receive further communications from us?
Should you wish to remove yourself from our contact database you may do so at any time by contacting our Privacy Officer via our website at www.kepleranalytics.com.au.
How can I access, correct and/or update personal information you have collected?
At any time you may contact our Privacy Officer and request your personal information be modified. We will make all efforts to correct data once we have proved your identity.
We will deal with all requests for access to personal information as quickly as possible, but no later than 30 calendar days from the date of your request (unless any complexities arise). Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given.
We will provide you your personal information in a structured, commonly used, machine-readable format.
In some cases, we will refuse to give you access to personal information we hold about you. This includes, but is not limited to, circumstances where giving you access would: be unlawful; have an unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative information generated within Kepler Analytics business in connection with a commercially sensitive decision-making process.
We will also refuse access where the personal information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where we reasonably believe that: giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; unlawful activity, or misconduct of a serious nature, is being or may be engaged in against Kepler Analytics and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.
If we refuse to give you access we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.
How do we store and protect your personal information?
For us to provide excellent service we are required to store some personal information and take the greatest of care to ensure this information is treated as private and confidential. Transmitting personal data via the internet does have inherent risks associated with it. We will however take all reasonable steps to ensure the security of this data. Note that no information transmitted over the Internet can be guaranteed to be completely secure. While we will endeavour to protect your personal information as best as possible we cannot guarantee the security of any information that you transmit to us, or receive from us. The transmission and exchange of information is carried out at your own risk.
We have taken the necessary measures to ensure the personal information (including the financial information about yourself) we hold is not compromised. In accordance with and as permitted by applicable law and regulations we will retain your information as long necessary to serve you, to maintain your Kepler Analytics account or as otherwise need to operate our business.
Our third party secure data centre is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data. Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the country in which your information is stored, including Australian privacy laws and the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.
Your personal information is protected by security certificates and we use or employ through third party modern security stands where possible. We will take reasonable steps to maintain the integrity and security of any personal information we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such personal information.
We have obligations to notify you if you are affected by a data breach. We will take all reasonable precautions to prevent such an event. However, as we cannot guarantee that remedial action will be sufficient to prevent all instances of a breach, we will take steps to notify you of an eligible data breach as soon as practicable, or no later than 72 hours (where feasible) for EU citizens, and provide recommendations as to what steps you should take to mitigate any serious loss or damage.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
Keeping you signed in
Understanding how you use our website
Providing you with a personalised service
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
Functionality – we use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
Advertising – we use these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Sometimes we share some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
How to manage cookies
You can set your browser not to accept cookies. Each browser has their own way to remove cookies from your browser. However, the proper functionality of our services will not work without having cookies enabled.
Third party sites
Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
Our obligations under the GDPR
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used.
Except as otherwise provided in the GDPR, you have the following rights:
to be informed how your personal information is being used;
access your personal information (we will provide you with a free copy of it);
to correct your personal information if it is inaccurate or incomplete;
to delete your personal information (also known as "the right to be forgotten");
to restrict processing of your personal information;
to retain and reuse your personal information for your own purposes;
to object to your personal information being used; and
to object against automated decision making and profiling.
We may ask you to verify your identity before acting on any of your requests.
EU citizens are entitled to the right to erasure of personal information in certain circumstances, including but not limited to where the information is no longer necessary for the purpose for which it was collected, or where the EU citizen withdraws their consent and there is no other legal ground for processing their personal information. Please contact our Privacy Officer to discuss your request to remove your personal information.
EU citizens acknowledge and agree that Kepler Analytics may exercise any of the exceptions to the right of erasure, specifically in cases where data processing is necessary to exercise the right of freedom of expression and information.
We retain information for as long as required, allowed or we believe it useful. You must keep your own, separate back-up records. However, the length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We will retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
We may transfer all personal information to our hosting service providers and data centres located overseas. You hereby expressly and voluntarily grant your informed consent to such transfers.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
California Privacy Rights
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by submitting your request to email@example.com.
If you are under 18 years of age, reside in California, and have a registered account with the Application, you have the right to request removal of unwanted data that you publicly post on the Application. To request removal of such data please contact us via your app under “General Enquiries & Feedback” and confirm the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Application, but please be aware that the data may not be completely or comprehensively removed from our systems.