DATA PROCESSING ADDENDUM
(GDPR STANDARD CONTRACTUAL CLAUSES
FOR EU/UK MEMBERS ONLY)
About this Policy
At PANALITIX we take privacy seriously and take all reasonable steps to implement processes and procedures for the management of Personal Information. This policy outlines our information collection and handling policy and we encourage you to read it carefully so as to make informed decisions about sharing your personal information with us.
In the context of the Parties business relationship, the PANALITIX Affiliates, Members or Clients must provide Personal Data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or information PANALITIX is legally obliged to collect. Without this data, PANALITIX are, in principle, not in a position to close or execute a Service with the Client.
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
“Customer Data”, “Client Data”, “Personal Data” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations).
“Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of their member states.
“Data Subject” means the individual to whom Personal Data relates. ” means the individual to whom Personal Data relates.
“PANALITIX” means the PANALITIX Global and/or PANALITIX Pty Ltd companies incorporated in Australia; PANALITIX USA Inc., a company incorporated in the United States of America; or PANALITIX UK Limited, a company registered in England and Wales, as applicable. ” means the PANALITIX Global and/or PANALITIX Pty Ltd companies incorporated in Australia; PANALITIX USA Inc., a company incorporated in the United States of America; or PANALITIX UK Limited, a company registered in England and Wales, as applicable.
“PANALITIX Group” means PANALITIX and its Affiliates engaged in the Processing of Personal Data.
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
“Processor” means the entity which Processes Personal Data on behalf of the Controller.
“Sub-processor” means any Processor engaged by PANALITIX, by a member of the PANALITIX Group or by another Sub-processor.
1. Personal Data
1.1 Kinds of Personal Information that we collect and hold
1.2 How PANALITIX collects and holds Personal Information
PANALITIX may collect Personal Information about Members and potential Members via any of our Websites. We endeavour to collect personal information about an individual only from that individual or an authorised representative. Information we obtain from third parties or publically available information is limited to circumstances where the person has consented.
PANALITIX collects a variety of information about Members and potential Members including name, business or company name, position or title, physical and mailing address, email address, website, social media profile handles (including Twitter name and a link to a LinkedIn profile).
Website name URL PANALITIX Website https://panalitix.com PANALITIX Accountants Conference http://atthepac.com PANALITIX Store http://store.panalitix.com PANALITIX Resource Portal http://blog.panalitix.com
(b) Webinars and benchmarking reports
PANALITIX collects Key Performance Indicators (KPIs) from Members or participants in our webinars or benchmarking reports as well as comments that they make. The purpose of this collection is to deliver and improve the services we provide. If Members and potential Members complete a feedback form comments are also collected. These comments will only be used for marketing purposes with consent.
(c) PANALITIX and TRUST
(d) PANALITIX Community
1.3 Purpose of collection and use
PANALITIX collects, holds, uses and discloses Personal Information to deliver and improve the services we provide to our Clients. Generally, Clients are only obliged to provide us with information necessary for us to provide services to them. However, if Clients do not provide us with certain types of Personal Information they may be unable to enjoy the full benefits of the Service or use of some aspects of our Website.
1.4 Collection of information from the Internet
PANALITIX collects information from our Websites and from our interactions dealings with Members and potential Members and from surveys or other tools that are completed or voluntarily provided. This information is all held within our billing and Client Relationship Management (CRM) system in digital format only.
The programs which are used are password protected and encrypted. Reasonable steps are taken to ensure all information provided is secure. We will collect Personal Information by only lawful and fair means. The Law requires us to collect Personal Information about Clients only from them directly, if it is reasonable and practical to do so.
2. Access, correction and complaint procedure
2.1 Accessing Personal Information about you
If you are a Member or potential Member and would like to access or correct Personal Information that PANALITIX hold about you, please contact:
The Privacy Officer
Mr Colin Dunn
PO BOX 1339, Fortitude Valley
Queensland, 4006, Australia
Telephone: +61 7 3607 6600
You will need to identify yourself to our reasonable satisfaction before we will provide you with Personal Information about an individual which we may or may not have in our possession.
Our Privacy Officer will endeavour to:
- Provide an initial response to your query within 10 business days, and
- Investigate and attempt to resolve your query or complaint within 30 business days or such longer period as is necessary and notified to you by the Privacy Officer.
2.2 Complaints procedure
The Australian Information Privacy Commissioner
GPO Box 5218, Sydney
New South Wales, 2001, Australia
Telephone: 1300 363 992
A complaint form can be found at:
2.3 Response to Request or Complaint
On receipt of a request or complaint the Privacy Officer will endeavour to :
(a) Provide and initial response within two business days
(b) Resolve your request or complaint within 10 business days
2.4 Transfer of personal information outside Australia
Personal Information we collect may be accessed by employees and contractors of PANALITIX and service providers who we engaged to provide services to PANALITIX outside of Australia. Personal Information contained in a record may be transferred, held or viewed in countries including, but not limited to: USA, UK, Philippines and Japan.
We take reasonable steps to ensure that parties that provide us with necessary services for website hosting and database administration services act in accordance with the Australian Privacy Principles. We also use only recognised service providers who use enterprise level software with up to date SSL Encryption.
The servers where our data is stored are located in Australia and Japan. Our primary service providers are Amazon Web Services and Salesforce, both highly respected global service providers who maintain secure servers and very high standards of data and physical security. This policy will be updated should the location of data storage change.
By using our services or providing information to us you consent to your personal information being disclosed to and stored by parties outside of Australia as set out in this policy. If you do not want your personal information to be transferred to a server located in Japan or the USA you should not provide us with your personal information or use our services.
2.5 Anonymity and use of pseudonyms
Where practical and reasonable to do so, we provide Members with the opportunity to use pseudonyms in relation to information you provide to us. In many cases it is impractical for PANALITIX to deal with Members anonymously.
2.6 Sensitive information
We do not collect Sensitive Information on Members or potential Members.
2.7 How we deal with unsolicited Personal Information
We do not collect Sensitive Information on Members or potential Members.
2.8 Notice of collection of Personal Information
3. Use of Personal Information in Direct Marketing
- 3.1 Direct marketing
We may use Personal Information for the purposes of promoting our services to Clients and potential clients which we would reasonably expect them to expect from use.
All Commercial Electronic Messages contain a functional unsubscribe facility.
3.2 Direct marketing
If we use a Member’s or potential Member’s personal information to provide them with promotional and marketing information we provide an option to opt out of this service.
If Members or potential Members do not wish to receive marketing information from us simply unsubscribe.
3.3 Opting out
Recipients can unsubscribe from our marketing material by clicking on the functional unsubscribe facility contained in any email or can contact The Privacy Officer on the details set out above.
Likewise, recipients can opt out of receiving targeted advertising from our third party partners.
If Members or potential Members do not wish to receive marketing information from us simply unsubscribe
A cookie is a small text file that is stored on your computer for record keeping purposes. A cookie does not identify you personally or contain any other information about you but it does identify your computer.
We collect Personal Information that reasonably necessary for the performance of our operations and activities including marketing and sales. We automatically receive and record information on our server logs from the user’s browser, including their IP address, operating system, top level domain, date and time, pages accessed, documents downloaded, previous website visited, type of browser used and other cookie information. This enables us to tell when Members or others use our Websites and also to help customise the user’s experience with our Website. No Personal Information about a user is linked to the cookie.
Likewise, by visiting our site, our third party partners may place cookies on Members’ or other users’ browsers for targeted advertising purposes. The same types of data are collected as described above. This data may be used by our third party partners to target advertising on other sites based on the Member’s or user’s online activity.
3.5 Security measures taken for Cross Border disclosure of Personal Information
We take reasonable steps to protect the Personal Information we hold from misuse and loss and from authorised access, modification or disclosure when we send Personal Information offshore. All service providers that are necessary for us to use for PANALITIX to provide service use enterprise level security.
Further, we take reasonable steps to destroy or permanently de-identify Personal Information if it is no longer needed or used by PANALITIX.
- 3.1 Direct marketing
4. Integrity of Personal Information
We take reasonable steps to ensure that the Personal Information we collect, use or disclose is accurate, complete and up-to-date.
PANALITIX takes reasonable steps to safeguard the disclosure of Personal Information from third parties, contractors and staff. We have up to date procedures and policies relating to information technology as it relates to staff and strive for best practice in this area.