Our privacy legal obligations
We are committed to respecting your privacy and complying with our privacy obligations in accordance with all applicable data protection laws in the jurisdiction in which we operate which is Australia.
· The period for which we store personal data;
· Your rights to access and rectify or to request erasure of personal data;
· Your right to withdraw consent;
· The right to lodge a complaint with the Office of the Australian Information Commissioner;
· Why we collect and process personal data, the categories of personal data that we process, and who we disclose it to;
· Details of the security measures that we take to help protect your personal data;
· Other information about how we collect, use, disclose and process personal data.
Where we collect personal data from
We collect personal data that you give us, whether by email, telephone, in person, via application forms or otherwise. We may obtain personal data directly from third parties such as our resellers, related companies, installers, sales agents and any of their representatives. In addition, we may obtain personal data from public sources, where available. However, if it is reasonable and practicable to do so, we will collect personal data about an individual only from that individual. If you provide us with personal data about any person other than you, please notify us so that we can ensure that they are provided with the information required by Australian Privacy Principle 5.
We will not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of our entity's functions or activities and we will not collect sensitive information unless you consent to the collection and the sensitive information is reasonably necessary for one or more of our business functions or activities, or we collect it pursuant to subclause 3.4 of the Australian Privacy Principles. Please notify us if you are not old enough or not otherwise able to provide us with consent, and do not provide us with any consent for the purposes of applicable privacy law. We assume all individuals providing us with their personal data are located within Australia. Clients located outside of Australia must advise Habitat3 that they are not located within Australia and therefore additional privacy legislation may apply to the personal data they provide.
The personal data that we collect and how we use it is as follows:
1. Subscription/registration, payment, transaction and profile data: If you register or subscribe to our VPS, we will collect, hold and otherwise process your personal data including : names, telephone numbers, mobile numbers, email addresses, postal addresses, residential addresses, business addresses, and Australian Business Numbers. We will process this personal data in order to administer our end user subscriptions, registrations and accounts on the VPS, for the purposes of providing our Clients with access to and use of the VPS, to enforce our Clients' obligations to pay the fees and charges to us and to otherwise enforce compliance by our Clients with our Usage Agreement and the contractual obligations that they owe to us. We will also process this personal data in order to provide our end users with information and assistance about the VPS, and to communicate with our end users in connection with any maintenance notices, renewal notices and service status updates for the purposes of keeping our end users informed and up to date about the status of our VPS. Bank Account and Credit Card Details are collected by Integrapay for the purposes of processing Direct Debit services. Integrapay will debit your bank account or credit card and deposit funds into Habitat3's bank account. Habitat3 is able to view your bank account information but not your credit card details via our client access to the Integrapay system.
2. Personal data entered into and/or uploaded into the Habitat3 Virtual Private Servers by the Customer and/or their end users. Any personal data that our clients upload or enter into the Virtual Private Servers either manually or via computer systems, smartphone devices and tablets will be processed by Habitat3 on behalf of our clients in our capacity as a processor in order to provide our clients with the VPS and in accordance with their specific instructions (unless applicable law to which we are subject requires other processing of that personal data by us, in which we will inform you of that legal requirement (unless that law prohibits us from doing so on important grounds of public interest).
3. Personal data relating to communications between us and our end users: When our clients request support, we will process personal data including the name of the end users and any other personal data that our clients provide to us during the communications. We will process this personal data in order to provide our end users with information and assistance about the VPS, and to communicate with our end users in connection with any expiry, termination or suspension of their VPS.
Who we share personal data with and why
We only disclose personal data to third parties who perform services on our behalf to the extent necessary for them to perform those services. We do not sell personal data to third parties for their own marketing purposes. We may disclose personal data that we collect for all or any of the following purposes:
· Support - In order to identify our end users when we are contacted with questions, requests or concerns regarding the products and services we provide (including technical support) – in which case personal information is stored within web-based Support software provided by our service provider – Freshdesk.
· Infrastructure - To provide you with the VPS Services – in which case the information you upload to your Habitat3 Virtual Private Servers in some cases may be accessible by our upstream infrastructure service provider – RackSpace Australia.
· Handling claims and complaints – in which case we may disclose your personal data to our lawyers and insurers;
· Sending out newsletters and information alerts – in which case we may disclose your personal data to our email and service providers - MailChimp;
· In order to record billing details – in which case we store your personal data within our online accounting service provider – Xero.
Xero provides more information about the way they treat/manage the data we store within their system here.
· In order to interface with third party payment platforms – in which case we may disclose your personal information to our direct debits payment gateway provider – Integrapay.
· For professional advice - when providing information to our legal, accounting or financial advisors/representatives or debt collectors for debt collection or other legitimate purposes;
· If we sell the whole or part of our business Habitat3 or merge with another entity – in which case we will provide to the purchaser or other entity the personal data that is the subject of the sale or merger;
· Where required by law.
To enforce our rights and defend any claims, we may also provide your personal data to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:
· For the purposes of obtaining professional advice;
· To obtain or maintain insurance;
· The prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
· To protect or enforce our rights;
· Enforcement of our claims against you or third parties;
· The enforcement of laws relating to the confiscation of the proceeds of crime;
· The protection of the public revenue;
· The prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
· The preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of the court or tribunal.
· Where disclosure is required to protect the safety or vital interests of employees, end users or property
Third party platforms
Habitat3 clients may use Habitat3 Virtual Private Servers to link to or send data to third party websites and platforms. Doing so from the Habitat Virtual Private Server does not mean that we endorse or recommend them. Where a Client uses Habitat3 Virtual Private Servers to provide personal data to a third party website or platform, the end user does so at its own risk. We do not warrant or represent that any third party website or platform operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party websites and platforms prior to sending your personal data to them.
You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be available via a web browser installed on Habitat3 Virtual Private Servers. These widgets and tools may collect your IP address and other personal data. Your interaction with such widgets and tools, and any single sign-on services such as Open ID is governed by the privacy policies of the relevant social media operators and single sign-on service providers.
We only process personal data in a manner that ensures appropriate security of the personal data, including by protecting the personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.
The technical and organisational measures that we have implemented, and will continue to implement while you are a subscriber of Habitat3 Virtual Private Servers are outlined in Section D of our Usage Agreement.
When you subscribe to Habitat3 Virtual Private Servers, we need to collect personal information from you in order to identify you and setup an account for you on Habitat3 Virtual Private Servers. We will also collect personal information from you when you contact us for technical support and assistance with your account and when gathering analytics data about your use of Habitat3 Virtual Private Servers. You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about our VPS Services, but not if you wish to actually access our VPS Services or any of our other services.
We do not send "junk" or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact Clients. In some cases i360 Cloud may send follow up emails to prospective clients that provide their email address to Habitat3. At any time prospective clients can request to be removed from these follow up emails by emailing firstname.lastname@example.org
Anytime a Client receives e-mail that it does not want from us the Client can request that we not send further e-mail by contacting us via email at: email@example.com This refusal to receive email from us may impair our ability to provide important information to Clients.
Contractors and offshore providers
Provided that we comply with the provisions of the Australian Privacy Principle 8 (Cross-border disclosure of personal information), we may transfer your specific personal data (including : names, telephone numbers, mobile numbers, email addresses, postal addresses, residential addresses, business addresses, and Australian Business Numbers) to our contractors and service providers who assist us with providing our products and services to you, where we consider it necessary for them to provide that assistance. This does not include the data you store on the Habitat3 Hosted Virtual Private Servers. We will not send any data contained within your Habitat3 Virtual Private Server outside of Australia.
Retention and de-identification of personal data
We will not keep your personal data in a form which permits identification of any person for longer than is necessary for the purposes for which the personal data is processed. Your personal data will be permanently retained within our 3rd party Accounting system (Xero) as part of our complete financial records. Your personal data will be permanently retained within our 3rd party Support system (Freshdesk) as part of our complete support records. We will delete or de-identify your personal data in any other of our systems within 30 days of you cancelling your service unless applicable law requires us to retain the personal data in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
We will also, following your cessation of use of our service, at your option delete or return to you all of the data uploaded into your VPS by you. Where you require that data to be returned, it will be returned to you on your requested date and we will thereafter delete all the remaining existing copies of that data in our possession or control as soon as reasonably practicable thereafter, but in any event not more than 30 days after the date your service was cancelled, If you do not communicate that you require the data to be returned we will delete it as soon as reasonably practicable thereafter, but in any event not more than 30 days after the service cancellation date.
Your rights under the Privacy Act
Subject to the provisions and exceptions set out in the Privacy Act, you have a number of rights, including:
1. the right to request from us access to and rectification or erasure of your personal data or restriction of processing concerning your personal data;
2. the right to object to the processing of your data;
3. the right to data portability;
4. the right to withdraw consent (where you have consent to the processing of your personal data for one or more specific purposes);
5. the right to lodge a complaint with the Office of the Australian Information Commissioner or any supervisory authority;
Please contact us if you wish to opt out of any communications that we send you. We will handle all such requests in accordance with our statutory obligations. If you withdraw your consent for processing, object to the processing of your personal data or request us to erase your personal data and as a result it is not possible or practical for us to continue providing you with the VPS Services, we may, but we are not obliged to, terminate your subscription and/or access to Habitat3 Virtual Private Servers.
How to access and correct personal data held by us
Notifiable data breaches (NDB)
The NDB scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others. Habitat3 does not fall into any of these categories but has a NDB response plan and will notify our client if a breach occurs in relation to the data they store on their Habitat VPS.
Our contact details
Habitat3 Virtual Private Servers are provided to you by Habitat 3 Pty Ltd ABN 17102628893 of Level 5, 20 Bond Street, Sydney NSW 2000. If you wish to contact us for any reason regarding our privacy practices or the personal data that we hold about you, please contact us at the following email address:
Privacy Contact Details
Please email firstname.lastname@example.org for specific information about Habitat3's Privacy Contact.
We will use our best endeavours to resolve any privacy complaint within 10 business days following receipt of your complaint. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution.
If you are not satisfied with the outcome of a complaint you make refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted using the following details:
Call: 1300 363 992
Address: GPO Box 5218, Sydney NSW 2001