Privacy Policy
Last updated: 16/04/2024
We at Automated Road Rehabilitation Systems Pty Ltd (doing business as “ARRB Systems”) commit to be responsible and open with how we handle your Personal, Special, and Sensitive Information or data (“Personal Information”). The goal of this Global Privacy Notice (“Notice”) is to meet the standards for openness set by privacy or data protection laws. This privacy notice for ARRB Systems (“we,” “us,” or “our“), describes how and why ARRB Systems, its subsidiaries, and affiliated companies collect, use, share, and process your Personal Information in the course of our company’s relationship with you or when you use our services (“services“).
Our privacy practices are subject to the applicable laws of the countries in which we operate. Where a country in which we operate has regulatory or governance obligations over and above these Global Policy minimums, for that country, these additional requirements are included.
The Notice covers any Personal Information we collect from you through our website, our web-based applications, our social media tools, widgets or plug-ins to connect you to our social media accounts which you can access on your phone, computer, or other device, or through other interactions with us, like when you come to one of our events, or in other related ways – including any sales, marketing, or applying for a job.
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our services. If you wish to get in touch with ARRB Systems, which is data controller for the service relevant to you, please contact us at [email protected].
Summary of key points
This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our services, we may process personal information depending on how you interact with us and the services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we process any sensitive personal information? We may process sensitive personal information, when necessary, with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.
Do we receive any information from third parties? We may receive information from public databases, marketing partners, social media platforms, and other outside sources. Learn more about information collected from other sources.
How do we process your information? We process your information to provide, improve, and administer our services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. Learn more about when and with whom we share your personal information.
How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
How do I exercise my rights? The easiest way to exercise your rights is by filling out our data subject access request form available here: https://arrbsystems.com/privacy-policy/, or by contacting us at [email protected]. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the privacy notice in full.
What information do we collect?
Personal Information Provided by You.
The Personal Information we collect may include names and surnames, identity numbers, contact information (e.g., telephone numbers and email addresses), physical address, company registration number, when necessary, with your consent or as otherwise permitted by applicable law, we process Personal Information such as gender specific information, etc. We may further collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a banking information), and the security code associated with your payment instrument. All payment data is stored by us.
We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the information described in the section called “HOW DO WE HANDLE YOUR SOCIAL LOGINS?” below.
If you use our Hawkeye Insight or Manager, we also may collect Personal Information if you choose to gain access or permission to use the applications. We may also request access or permission to track location-based information from your mobile device, either continuously or while you are using our web-based application(s), to provide certain location-based services.
We may request access or permission to certain features from your mobile device, including your mobile device’s Bluetooth, calendar, camera, own, and other features. If you wish to change our access or permissions, you may do so in your device’s settings. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings. This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information Automatically Collected
Some information is collected automatically when you visit our website. We automatically collect certain information when you visit, use, or navigate the website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Notice. The information we collect includes:
- Log and Usage Data -> Log and usage data is web-related, diagnostic, usage, and performance information our servers automatically collect when you access our website and which we record in log files. Depending on how you interact with us, this log data may include settings and information about your activity.
- Device Data -> We do not collect device data such as information about your computer, phone, tablet, or other device you use to access the Services.
- Location Data -> We collect location data such as information about your device’s location, which can be either precise or imprecise.
Information Collected from Other Sources
We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources. To enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion. If you interact with us on a social media platform using your social media account (e.g., Facebook or Twitter), we receive personal information about you such as your name, email address, and gender. Any personal information that we collect from your social media account depends on your social media account’s privacy settings.
Sensitive or Special Personal Information & Criminal Records
The Personal Information that we collect from you may include Sensitive/Special Personal Information. ARRB Systems recognize that certain jurisdictions have enacted laws that require higher protection of certain Sensitive/Special Personal Information which includes categories of information identified by the applicable privacy laws as requiring special treatment or protection. This information may include, but is not limited to, racial or ethnic origin; political opinions; religious, philosophical, or other similar beliefs; membership of a trade union or profession or trade association; physical or mental health; biometric data; or sexual orientation. We further do not collect, use, share or otherwise process Sensitive or Special Personal Information or criminal records unless permitted to do so by law.
Categories of Personal Information
We collected the following categories of personal information:
Category | Examples | Collected | |
A | Identifiers | Contact details, such as real name, alias, | YES |
B | Personal information categories | Name, contact information, education, | YES |
C | Protected classification characteristics under jurisdiction | Gender and date of birth | YES |
D | Commercial information | Transaction information, purchase history, | YES |
E | Biometric information | Fingerprints and voiceprints | YES |
F | Internet or other similar network activity | Browsing history, search history, online | YES |
G | Geolocation data | Device location | YES |
H | Audio, electronic, visual, thermal, olfactory, | Images and audio, video or call recordings | YES |
I | Professional or employment-related information | Business contact details in | YES |
J | Education information | Training records and information | YES |
K | Sensitive or special personal information | Account login information, drivers� licenses, | YES |
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels.
- Participation in customer surveys or contests, and
- Facilitation in the delivery of our Services and to respond to your inquiries.
Payment Data
We may collect data necessary to process your payments if you make purchases, such as your payment instrument number (such as a banking details), and the security code associated with your payment instrument.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
How do we process your infomation?
We process your personal information for a variety of reasons, depending on how you interact with our services, including:
- To deliver and facilitate delivery of services. We may process your information to provide you with the requested service.
- To respond to inquiries/offer support. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested services or products we offer.
- To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
- To fulfil and manage your orders. We may process your information to fulfil and manage your orders, payments, returns, and exchanges made through the services or products.
- To enable end-to-end communications. We may process your information if you choose to use any of our service or product offerings.
- To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our services or products.
- To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see “WHAT ARE YOUR PRIVACY RIGHTS?” below).
- To deliver targeted advertising to you. We may process your information to develop and display personalized content and advertising tailored to your interests, location, and more. For more information see our Cookie Notice.
- To protect our services. We may process your information as part of our efforts to keep our services safe and secure, including fraud monitoring and prevention.
- To identify usage trends. We may process information about how you use our services or products to better understand how they are being used so we can improve them.
- To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
- To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
What legal bases do we rely on to process your information?
ARRB Systems have adopted the Australian Privacy Principles (APPs) (herein included under Annexure A) included in the Privacy Act 1988 (Cth) (the Privacy Act). The National Privacy Principles (NPP) govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. In addition, the European Union (EU) General Data Protection Regulation (GDPR) was adopted as the universal parameter in applying data protection in the various jurisdictions.
Australia
In Australia, the Privacy Act 1988 (Cth) (the Privacy Act) is being applied as well as the Australian Privacy Principles (APPs) contained within. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/. Furthermore, as of 25 May 2018, the GDPR contains new data protection requirements that may apply to Australian businesses. Australian businesses (regardless of size) may need to comply with the GDPR if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU. This privacy policy does deal with the GDPR. It is designed for compliance under Australian, South African, European Economic Area (EEA) laws, inclusive of a GDPR compliance framework.
Brazil
The Brazilian General Data Protection Law (LGPD), Federal Law no. 13,709/2018, entered into force on September 18, 2020. The LGPD is Brazil’s first comprehensive data protection regulation, and it broadly aligns with the GDPR.
European Economic Area (EEA) or United Kingdom (UK)
As of 1 January 2021, the law relating to data protection in the UK is governed by, the Data Protection Act 2018, the retained EU General Data Protection Regulation 2016/679 (UK GDPR). The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
- Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
- Send information about special offers and discounts on our products and services.
- Develop and display personalized and relevant advertising content.
- Analyse how our services or products are used so we can improve them to engage and retain users
- Support our marketing activities.
- Diagnose problems and/or prevent fraudulent activities.
- Understand how our products and services are used so we can improve customer experience.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
In legal terms, we are generally the “data controller” under European data protection laws of the personal information described in this privacy notice since we determine the means and/or purposes of the data processing we perform. This privacy notice does not apply to the personal information we process as a “data processor” on behalf of our customers. In those situations, the customer that we provide services to and with whom we have entered into a data processing agreement is the “data controller” responsible for your personal information, and we merely process your information on their behalf in accordance with your instructions. If you want to know more about our customers’ privacy practices, you should read their privacy policies and direct any questions you have to them.
India
Key regulations regarding privacy in India involve the Information Technology Act, 2000 (‘the IT Act’) and the Information Technology (Reasonable Security Practises and Procedures and Sensitive Personal Data or Information) Rules, 2011 (‘the SPDI Rules’). The IT Act’s SPDI Rules extend beyond India’s borders to include any offences committed anywhere in the world that affect Indian electronic infrastructure. Sensitive personal data and information includes things like passwords, bank details, medical history, sexual orientation, and biometric data (as defined by the SPDI Rules). The Right to Information Act of 2005 and other similar legislation do not apply to personal information that is already available to the public.
Singapore
In Singapore, personal information is guaranteed at least the minimum level of security by the Personal Data Protection Act 2012 (PDPA). The Banking Act and the Insurance Act are two examples of sector-specific legislation and regulatory systems that this supports. It includes numerous regulations for the handling of private information in Singapore, including how it can be obtained, stored, and disclosed. The PDPA further applies to all organisations which are not a public agency, whether or not they are formed or recognised under the laws of Singapore, or resident or have an office or a place of business in Singapore. It also allows for the creation of a It also provides for the establishment of a national “Do Not Call (DNC)” registry or central database for those who prefer not to be contacted by telephone and stop getting telemarketing calls.
The GDPR applies to companies in Singapore that offer goods and services to, or monitor the behaviour of, individuals in the European Economic Area (EEA) or United Kingdom (UK), even if those companies do not have a presence in the European Economic Area (EEA) or United Kingdom (UK).
South Africa
The Constitution of the Republic of South Africa guarantees individuals the right to privacy in accordance with its provisions and the common law of the country. This right to privacy is not absolute; it can be restricted in appropriate circumstances. Akin to the General Data Protection Regulation (GDPR) in European Economic Area (EEA) is South Africa’s Protection of Personal Information Act 4 of 2013. It provides some requirements for responsible parties (called controllers in other countries) to legitimately treat the personal information of data subjects (both natural and juristic people).
United States of America
The privacy rules and regulations in the United States are a complicated mixture at the federal, state, and municipal levels. In the United States, there is no all-encompassing federal privacy legislation. However, the United States has a variety of federal privacy and data security rules that are generally industry-specific and a plethora of additional privacy legislation at the state (and municipal) level. Recent years have seen the introduction of state-level privacy regulations, spearheaded by California, with other states anticipated to follow suit and implement their own state-level privacy laws. Some state privacy and data security rules are pre-empted in part by federal legislation, while others are not, but they all intersect with federal law. Data security laws, secure destruction, Social Security number privacy, internet privacy, biometric information privacy, and data breach notification laws are only a few examples of the federally mandated privacy and data security laws and regulations. Information regarding citizens of, or actions taken within, a certain state are subject to that state’s laws. As a result, many American firms have to adhere not just to federal law but also to a wide range of state privacy and security standards.
When and with whom do we share your personal information?
Vendors, Consultants, and Other Third-Party Service Providers.
We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organisation apart from us. They also commit to protect the data they hold on to our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:
- Cloud Computing Services
- Communication & Collaboration Tools
- Data Analytics Services
- Data Storage Service Providers
- Finance & Accounting Tools
- Government Entities
- Order Fulfilment Service Providers
- Payment Processors
- Performance Monitoring Tools
- Product Engineering & Design Tools
- Retargeting Platforms
- Sales & Marketing Tools
- Social Networks
- Testing Tools
- User Account Registration & Authentication Services
- Website Hosting Service Providers
Other Situations Where We Share your Personal Information
We also may need to share your personal information in the following situations:
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API). To find out more about Google’s Privacy Policy, please refer to this link. We use certain Google Maps Platform APIs to retrieve certain information when you make location-specific requests. A full list of what we use information for can be found in this section and in the previous section titled “HOW DO WE PROCESS YOUR INFORMATION?” You may revoke your consent anytime by contacting us at the contact details provided at the end of this document. The Google Maps Platform APIs that we use store and access cookies and other information on your devices. If you are a user currently in the European Economic Area (EU countries) or the United Kingdom, please take a look at our Cookie Notice, which can be found at this link .
- We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
- Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.
- Other Users. When you share personal information (for example, by posting comments, contributions, or other content to the Services) or otherwise interact with public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services in perpetuity. If you interact with other users of our services and register for our services through a social network (such as Facebook), your contacts on the social network will see your name, profile photo, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Services, and view your profile.
What is our stance on third-party websites?
Our website may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us, and which may link to other websites, services, or applications. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused using such third-party websites, services, or applications. The inclusion of a link towards a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this privacy notice. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from our services. You should review the policies of such third parties and contact them directly to respond to your questions.
Do we use cookies and other tracking technologies?
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.
How do we handle your social logins?
Our websites offer you the ability to register and log in to our third-party social media account details (like Facebook, LinkedIn, or X “Twitter” logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.
We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and apps.
Is your information transferred internationally?
Our servers are located in Australia, Brazil, India, Singapore, Sweden, South Africa, and United States. If you are accessing our Services from outside these countries, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?” above), in Australia, and other countries as listed above.
If you are a resident in the European Economic Area (EEA) or United Kingdom (UK), then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law. In addition, we have implemented measures to protect your personal information, including by using the European Commission’s Standard Contractual Clauses for transfers of personal information between our Corporate Company, Subsidiaries, Affiliated companies and between ARRB Systems and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.
How long do we keep your information?
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than required or permitted by law.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
How do we keep your information safe?
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
Do we collect information from minors?
Our products and services are not directed to, or intended for, children under the age of 18 thus we do not knowingly solicit data from or market to children under 18 years of age. If you become aware of any Personal Information, we may have collected from children under age 18, please contact us at [email protected]
What are your privacy rights?
Withdrawing your Consent
If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below or updating your preferences.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting out of Marketing & Promotional Communications
You can unsubscribe from our marketing and promotional communications at any time by contacting us using the details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below. You will then be removed from the marketing lists — however, we may still communicate with you, for example to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
Cookies & Similar Technologies
Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. For further information, please see our Cookie Notice. If you have questions or comments about your privacy rights, you may email us at [email protected].
Controls for do-not-track features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
Specific jurisdictional privacy rights
Depending on the country in which you are located, you may have the right to:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized, destroyed, or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company.
- Lodge a complaint with the relevant supervisory authority or regulator, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
Australia
Australia’s individual states and territories each have their own data privacy laws that apply to relevant State or Territory government agencies and private firms that interface with State or Territory government agencies. The Information Privacy Act (Australian Capital Territory) of 2014 is one such law. Other laws include the Northern Territory Freedom of Information Act of 2002, in New South Wales (NSW) the Privacy and Personal Information Protection Act of 1998, in Queensland the Information Privacy Act of 2009; in Tasmania the Personal Information Protection Act of 2004; and in Victoria, the Privacy and Data Protection Act of 2014. Additional data protection laws exist at the federal, state, and territorial levels. The Telecommunications Act 1997 (Cth), the Criminal Code Act 1995 (Cth), the National Health Act 1953 (Cth), the Health Records and Information Privacy Act 2002 (NSW), the Health Records Act 2001 (Victoria), and the NSW Workplace Surveillance Act 2005 all influence privacy and data protection for particular types of data or activities.
The collection and processing of personal information under the obligations and conditions set by Australia’s Privacy Act 1988 (Privacy Act). This privacy notice satisfies the notice requirements defined in what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information. If you do not wish to provide the personal information necessary to fulfill their applicable purpose, it may affect our ability to provide our services, in particular:
- offer you the products or services that you want.
- manage your account with us.
- respond to or help with your requests.
- confirm your identity and protect your account.
If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner.
European Economic Area or United Kingdom
In some regions (like the EEA and UK), you have certain rights under applicable data protection laws. These may include the right:
- to request access and obtain a copy of your personal information,
- to request rectification or erasure.
- to restrict the processing of your personal information.
- if applicable, to data portability; and
- not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”
We will consider and act upon any request in accordance with applicable data protection laws. If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
India
Information Technology Act, 2000 (‘the IT Act’) and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (‘the SPDI Rules’) are the key privacy regulations in India. The SPDI Rules are issued under the IT Act and, in addition to having a territorial application, applies to offences that occur outside India, if the offences involve electronic resources in India.
Singapore
On October 15, 2012, Singapore passed the Personal Data Protection Act (Act No. 26 of 2012), which has since been updated and improved by the Personal Data Protection (Amendment) Act 2020 (collectively, the “Act”). In addition to the Act, the Personal Data Protection Commission (“Commission”) has developed several guidelines for the protection of personal information in Singapore. The Commission’s interpretation of the Act is reflected in these guidelines, which are advisory in nature but not legally obligatory. Therefore, it is recommended that you adhere strictly to these regulations.
Individuals that need to report personal data breaches, can do so by contacting the Personal Data Protection Commission (PDPC) in Singapore within 72 hours of a identified breach using this PDPC Letter.
South Africa
If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of the Information Regulator (South Africa) at Office of the South African Information Regulator. Should your PAIA request be denied or there is no response from ARRB Systems for access to records you may use the [email protected] email address to lodge a complaint directed at the Information Regulator by completing the Complaint Form 05.pdf. If you require clarity on the outcome of your request and of fees payable you can download and complete Outcome of Request and of Fees Payable Form 3. Should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint [email protected].
United States of America
If you reside in the United States (U.S.), you may have additional rights. You may have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you. We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights, except where the different price or level of quality of good or service is reasonably related to the value of the data that we receive from you. In some instances, we may not be able to provide you with the good or service that you request if you choose to exercise certain rights. If you are a resident of California, Colorado, Connecticut, or Virginia, you are granted specific rights regarding access to your personal information.
Do we make updates to this notice?
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
How can you contact us about this notice?
If you have questions or comments about this notice, you may contact our Global Data Protection Officer (GDPO), Alana Sutherland, by email at [email protected], by phone at +61 3 8595 6000, or by post to the following corporate address:
ARRB Systems Pty Ltd
Alana Sutherland
21 Kelletts Road, Rowville 3178
Melbourne, Victoria, Australia
| Brazil | If you are a resident in this jurisdiction ARRB Systems are the “data controller” of your personal information. We have appointed Lais Araujo to be our representative in Brazil. You can contact her directly regarding our processing of your information, by email at [email protected] or by post to Av. Paulista, 2537, Unit 03-107, Bela Vista – São Paulo/SP, 01311-300, Brazil |
| European Economic Area (EEA) or United Kingdom | If you are a resident in this jurisdiction ARRB Systems are the “data controller” of your personal information. We have appointed Charlotte Kvist to be our representative in the EEA and UK. You can contact her directly regarding our processing of your information, by email at [email protected] or by post to Hyllie Boulevard 34, 5 Vån 215 35 Malmö, Sweden |
| India | If you are a resident in this jurisdiction ARRB Systems are the “data controller” of your personal information. We have appointed Vaisakh Nair to be our representative in India. You can contact him directly regarding our processing of your information, by email at [email protected] or by post to Survey No. 24, Ganga Enclave, Medchal Road, Petbasheerabad, Hyderabad, 500055, India |
| Singapore | If you are a resident in this jurisdiction ARRB Systems are the “data controller” of your personal information. We have appointed Collin Wee to be our representative in Singapore. You can contact him directly regarding our processing of your information, by email at [email protected] or by post to 03-01, 23 Genting Road, Chevalier House, 349481, Singapore |
| South Africa | If you are a resident in this jurisdiction ARRB Systems are the “Information Officer” of your personal information. We have appointed Malusi Mkhize to be our representative in South Africa. You can contact him directly by completing Request for Access to Record Form 02.pdf regarding our processing of your information, by email at [email protected], by phone at +27 31 700 2500, or by post to Park2000, Suite 2, 10 Kyalami Road, Westmead, Pinetown, 3610, South Africa |
| United States of America | If you are a resident in this jurisdiction ARRB Systems are the “data controller” of your personal information. We have appointed Simon Tetley to be our representative in the United States of America. You can contact him directly regarding our processing of your information, by email at [email protected] or by post to 770 Pennsylvania Dr, Suite 112, Exton, Philadelphia, Pennsylvania, 19341, United States of America |
How can you review, update, or delete the data we collect from you?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please visit https://arrbsystems.com/privacy-policy/, or contact us at [email protected].
| APP | Titles | Purpose |
|---|---|---|
| 1 | Open and transparent management of personal information | Ensures that ARRB Systems manage personal information in an open and transparent way. This includes having a clearly expressed and up to date privacy policy. |
| 2 | Anonymity and pseudonymity | Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply. |
| 3 | Collection of requested personal information | Outlines when ARRB Systems can collect personal information that is solicited. It applies higher standards to the collection of personal information. |
| 4 | Dealing with unwanted personal information | Outlines how ARRB Systems must deal with unwanted personal information. |
| 5 | Notification of the collection of personal information | Outlines when and in what circumstances ARRB Systems collects personal information must tell an individual about certain matters. |
| 6 | Use or disclosure of personal information | Outlines the circumstances in which ARRB Systems may use or disclose personal information that it holds. |
| 7 | Direct marketing | ARRB Systems may only use or disclose personal information for direct marketing purposes if certain conditions are met. |
| 8 | Cross-border disclosure of personal information | Outlines the steps ARRB Systems must take to protect personal information before it is disclosed overseas. |
| 9 | Adoption, use or disclosure of government related identifiers | Outlines the limited circumstances when ARRB Systems may adopt a government related identifier of an individual as its own identifier or use or disclose a government related identifier of an individual. |
| 10 | Quality of personal information | ARRB Systems must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure. |
| 11 | Security of personal information | ARRB Systems must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. ARRB Systems has obligations to destroy or de-identify personal information in certain circumstances. |
| 12 | Access to personal information | Outlines ARRB System’s obligations when an individual requests to be given access to personal information held about them by ARRB Systems. This includes a requirement to provide access unless a specific exception applies. |
| 13 | Correction of personal information | Outlines ARRB System’s obligations in relation to correcting the personal information it holds about individuals. |