Security in Depth is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting either securityindepth.com.au or securityindepth.com or securityindepth.co.uk (“Website”), you accept and consent to the practices described in this policy. If you don’t accept the terms of this policy, please refrain from using the Website.
Your personal data is controlled ultimately by Security in Depth, a business registered in Australia.
Our Group Data Privacy Officer can be contacted using the following email address: firstname.lastname@example.org, or alternatively by writing to PO Box 4303 East Burwood, Melbourne, Victoria Australia 3151 and marking it for the attention of the Group Data Privacy Officer.
Information we may collect and hold about you
We may collect and process the following personal data about you:
We may also collect information when you visit the Website, including but not limited to your IP address, location, time of access, the browser you use, your operating system and the pages you visit.
We capture CCTV images of visitors to our offices for the purposes of security, including crime prevention and detection, and the apprehension and prosecution of offenders.
Please note that we may monitor or record phone calls for training and quality purposes.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you.
How long do we retain your information
If we are providing services to you, we will retain your personal information for the duration of the services and for six years thereafter, unless otherwise agreed.
Phone calls which are recorded are retained for 12 months.
CCTV records are kept for a period of up to 90 days.
If you make a complaint to us or provide feedback in any other format other than those specified below (including via telephone, email, web forms or any other form of direct contact) and have a live agreement with us, we will retain a record of your complaint or feedback for the life of the agreement and for 25 months after agreement termination, or if longer than 25 months, until such time as the complaint has been satisfactorily resolved. After 25 months, if you are in reciprocal contact with us during the course of a sale or as part of negotiations for a sale, we will keep a record of previous complaints or feedback until such point as a purchase is made, or if no purchase is made, for a further 6 months thereafter.
If you choose to provide us with feedback:
We will review and delete or destroy personal data on a regular basis. If we are unable, using reasonable endeavours, to delete or destroy personal data we will ensure that the personal data is encrypted or protected by security measures so that it is not readily available or accessible by us.
How we may use your information
In addition to using your information to fulfill our contract to provide you with requested products or services, we may also use your information in the following ways (provided that, where we are required to obtain your consent to use your information, you have provided such consent):
The basis on which we collect your information
We collect much of your information on the grounds of: (i) legitimate interests (for example, to send you direct marketing about products and services similar to those you have purchased from us or negotiated or enquired about, or to help us administer the Website); and (ii) fulfillment of a contract with you (for example, to provide you with products or services you have purchased from us).
If we require your personal data for fulfillment of a contract with you (for example, to provide services or products to you or to receive payment from you), we may be unable to fulfill the contract without your personal data.
Where we rely on legitimate interests, our legitimate interests are the promotion of the products and services offered by Security in Depth and the provision of information in respect of products and services you have already purchased from us or in which you have expressed an interest in purchasing.
If we are unable to rely on legitimate interests, fulfillment of a contract or any other ground set out in the General Data Protection Regulation 2016/679 (“GDPR”) to process your personal data, we will obtain consent from you to the processing. This will be the case if, for example, you download documentation from us and we would like to send you marketing communications about our products and services. If you give us your consent, you can withdraw it at any time by clicking on the link in the email we send to you, or by emailing email@example.com. Withdrawal of your consent won’t affect any processing we have carried out in respect of your personal data prior to you withdrawing consent.
Sharing your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
We may disclose your personal information to third parties:
Where we store your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
There are a number of rights available to you under GDPR and Australian law:
1. Access to your data
You have the right to ask us to confirm that we process your personal data, as well as to have access to and receive copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this fair processing notice.
We will provide the information free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge you if you request more than one copy of the same information.
We will provide the information you request as soon as possible and in any event within one month of receiving your request. If we need more information to comply with your request, we’ll let you know.
2. Rectification of your data
If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it, unless we don’t feel it’s appropriate for us to do so in which case we’ll let you know why. We’ll also let you know if we need more time to comply with your request.
3. Right to be forgotten
In some circumstances, you have the right to ask us to delete personal data we hold about you.
This right is available to you:
There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.
4. Right to restrict processing
In some circumstances, you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:
5. Data portability
Where Security in Depth acts as a Data Controller, you have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller.
This right only applies:
We’ll respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we’ll let you know.
6. Right to object
You are entitled to object to us processing your personal data:
In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
If you would like to exercise any of your rights in respect of your personal data, please contact us at firstname.lastname@example.org or write to us at PO Box 4303 East Burwood, Melbourne Vic Australia 3151.
The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you have any concerns about the ways in which we process your personal data, you are entitled to report those concerns to the relevant supervisory authority in your jurisdiction. If you are based in the UK, you can contact the Information Commissioner’s Office. The ICO can be contacted on 0303 123 1113 or you can get in touch via other means, as set out on the ICO website - https://ico.org.uk/concerns/.