Identity and contact details of data controller

This notice applies to the collection and processing of your personal information, if you are in a country that is a member of the European Economic Area (EEA), by or on behalf of us. In this notice “we“, ”our” or “us” means Droppoint Australia Pty Limited ACN 101 688 126.

This notice tells you:

  • how we collect and process your personal information (”personal data” and ”personal information” are used interchangeably);
  • the legal basis for processing it;
  • what we use it for; and
  • who we share it with.

It also explains particular rights you have in relation to the processing of your personal information and reflects some key features of our Privacy Policy available at: https://www.droppoint.com.au/privacy

Contact us

Please contact us if you have any questions or comments about this notice, our Privacy Policy and procedures, or you wish to exercise the rights you have under applicable privacy laws, which are explained further below.

You can contact us by email at: privacy@droppoint.com.au

Categories of people about whom we collect personal information

The categories of people about whom we collect personal information includes:

  • our customers’ staff (e.g. employees of companies to whom we offer services);
  • our service technicians’ customers (e.g. service technicians we offer services too directly);
  • service technicians or other third party contractors who do work for our customers;
  • our contractors’ staff (e.g. staff of the logistic and transport companies we contract); 
  • people making inquiries about our products or services; and
  • any other individual who uses, or is involved in, our automated software programs, or uses our website or Apps.

Categories of personal information collected

In general the personal information we may collect and hold includes:

  • name;
  • date of birth;
  • gender;
  • address;
  • email address;
  • phone number;
  • employment details (e.g. the company your work for, work area);
  • your qualifications or trade profession;
  • credit card (or other billing information); and
  • your location. 

Personal information collected from other sources

Sometimes we collect information about you from sources other than you. We may collect information about you that is publicly available or made available by third parties (for example, we collect your personal information from our customers). We will only do this if we need the information to provide our services to our customers.   

We may use or disclose information about you in order to combine the information that we hold with information collected from or held by external sources. We do this in order to enable us to provide our services.

Purposes of data processing

Under the GDPR, use of person information (‘data processing’) is only allowed where certain legal grounds apply. We are required to set out the specific grounds, that justify all the data processing we make of your personal information and have done so in the following table:

Purpose of the data processing Legal Grounds
To provide and administer our services (automated material/equipment delivery to the field via “droppoints”, supply chain visibility, service technician logistics, inventory management etc.)
Legal contract
Legitimate interests (to allow us to provide services to you or our other customers)
To improve the delivery of our services Legitimate interests (to allow us to improve the delivery of our services to you or our other customers)
To improve our customers’ efficiency and field service profitability Legitimate interest (data processing allows us to improve customers own efficiency in their endeavours and field service profitability)
To respond to complaints, inquiries or requests Legitimate interests (to allow us to respond to any complaints, inquiries or requests you make)
Consent
To comply with our legal obligations Legal obligations


The legal grounds for data processing allowed under GDPR identified in the above table are:

  • Legal Contract: this is where the data processing was necessary for us to perform our obligations under a contract which we had entered into with you (eg. if you are a customer);
  • Legitimate interest: this is where we processed your personal data in pursuit of a legitimate interest and that interest was not overridden by your own interest or fundamental rights and freedoms; and
  • Consent: this is where you have given your consent to data processing of your personal information.

Recipients of the personal information

We may share your information with other organisations consistent with the purposes for which we use and process your information as described above. This includes our contractors, vendors, suppliers, or partners.

Transferring your information overseas

We may also need to share some of the information we collect about you from the EEA with organisations both inside and outside Australia, sometimes we may need to ask you before this happens.

We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be accessed or held.

If we or our service providers transfer any of your personal information we collect from you out of the EEA, it will only be done with relevant protections in place. We will take steps to ensure that your personal information will be afforded the level of protection required of us under and in accordance with our Privacy Policy and applicable data protection laws and in accordance with current legally recognised data transfer mechanisms, such as where the country has been deemed adequate by the European Commission, where a valid Privacy Shield certification exists (in the case of a data transfer to a Privacy Shield certified US recipient – https://www.privacyshield.gov/welcome) or by adopting appropriate EC approved standard contractual clauses (see https://ec.europa.eu/info/law/law-topic/data-protection_en).

If you wish to know whether or not the country to which the overseas disclosure is intended to be made has been deemed adequate by the European Commission, please refer to this link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu

Overseas organisations may be required to disclose information we share with them under an applicable foreign law.

When we no longer need your information

We’ll only keep your information for as long as we require it for our purposes. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.

We may also retain a record of any stated objection by you to receiving marketing for the purpose of ensuring we can continue to respect your wishes and not contact you further.

Your personal information rights

Subject to applicable laws, you have the right to access your personal information and to receive a copy of that information. You may request access to your personal information that we hold about you at any time by contacting us in writing at: privacy@droppoint.com.au. You can also ask what personal information provided by you to us is transmitted to another party.

  • How to access your information

Subject to applicable laws, you have the right to access your personal information and to receive a copy of that information. You may request access to your personal information that we hold about you at any time by contacting us in writing at: privacy@droppoint.com.au. You can also ask what personal information provided by you to us is transmitted to another party.

We will need to verify you. Subject to any applicable exceptions or requirements, we will provide you with access the personal information you request within reasonable time and usually within 28 days. If we decide to refuse your request we will tell you why in writing and if you have any concerns, you can complain to:

Attention: Complaints Officer

Email: complaints@droppoint.com.au

We will give you access to your information in a form which is reasonable and practical. We may charge you a small fee under certain circumstances to cover our costs when giving you access but we’ll always confirm this with you first.

  • Your right to have your personal information corrected

You have the right to correction (rectification) of personal information and can contact us if you think there is something wrong with the information we hold about you.

If you are worried that we have given incorrect information to others, we will tell them about the correction. If we can’t, then we’ll let you know in writing.

  • Your right to erasure of your information

You also have in certain circumstances the right to request that the personal information that we collect from you is erased. If we refuse any request you make in relation to this right, we will tell you why in writing and how you can make a complaint about our decision.

  • Your right to object to or restrict processing of your information

You may also request that further processing of your personal information is restricted in certain circumstances, including while we investigate your concerns with this information.

If we can’t give you access, we will tell you why in writing and how you can make a complaint about our decision. If you have concerns, you can complain to the Australian Information Commissioner or the relevant data protection authority such as the Office of the UK Information Commissioner.

  • Your right to object to data processing and right to data portability

You also have in certain circumstances the right to request that the further processing of your information is restricted or to object to its processing and the right to data portability (to receive and have transferred the information you provided). If we refuse any request you make in relation to this right, we will write to you to explain why and how you can make a complaint about our decision.

  • Your right to withdraw consent

You can let us know at any time if you no longer wish to receive direct marketing offers from us. We will process your request as soon as practicable. Where you have subscribed to something specific (like to hear from one of our sponsored organisations) then these subscriptions will be managed separately.

You may also withdraw your consent where provided or object to the further processing of your personal information under certain circumstances. If we refuse any request you make in relation to this right, we will write to you to explain why and how you can make a complaint about our decision.

The withdrawal of your consent will not affect the processing of your information that you had consented to.

Complaints

If you have a complaint about how we handle your personal information, we want to hear from you. Please email us at:

Attention: Complaints Officer

Email: complaints@droppoint.com.au

You have the right to make a complaint to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights). For more assistance you can also contact the Office of the Australian Information Commissioner (OAIC):

Online: www.oaic.gov.au/privacy
Phone: 1300 363 992
Email: enquiries@oaic.gov.au