GDPR Addendum
GDPR ADDENDUM
If you are based in the European Union (EU) and we access or process your Personal Information, these additional terms (GDPR Addendum) form part of our Privacy Policy. These terms supplement, and do not replace, our Privacy Policy.
This GDPR Addendum uses the same definitions as those used in the TracPlus terms and conditions, available at https://www.tracplus.com/termsandconditions/
We may change this GDPR Addendum by uploading a revised addendum onto the Website. The change will apply from the date that we upload the revised addendum. This GDPR Addendum was last updated on 8 September 2021.
GDPR COMPLIANCE
The General Data Protection Regulation (GDPR) regulates the collection, processing and transfer of EU individuals’ personal data (as defined in the GDPR). References to Personal Information in our Privacy Policy (including this GDPR Addendum) shall be deemed references to “personal data” for the purposes of the GDPR.
We are committed to complying with the GDPR when dealing with Personal Information of our Website visitors and service users based in the EU.
This GDPR Addendum was drafted with brevity and clarity in mind. It should be read in conjunction with our Privacy Policy and does not provide exhaustive detail of all aspects of our collection and use of Personal Information. However, we are happy to provide any additional information or explanation needed. Any requests for further information should be sent to support@tracplus.com
For the purposes of the GDPR:
- we are the data controller (as defined in the GDPR) when processing Account and Marketing Data; and
- our clients are the data controller when processing Operational PI.
PROCESSING PERSONAL DATA
We will not process Operational PI except as provided in our Terms and Conditions and/or other agreements with our customers that govern the processing of Operational PI (as applicable). We require our customers to comply with applicable Data Privacy Laws in connection with their access to and use of the TracPlus Service and Website. If we receive any data subject requests relating to Operational PI, such as requests to access Personal Information, we will forward this request to the relevant customer.
The legal basis for our processing of Account and Marketing Data is your consent and, for certain Account and Marketing Data, processing is necessary for the performance of a contract to which you are a party.
Despite the above, we may process any of your Personal Information where such processing is necessary for compliance with applicable laws.
YOUR RIGHTS
In addition to your rights included in our Privacy Policy, your rights in relation to your Personal Information under the GDPR include:
- right to erasure - you may request that we delete your Personal Information and we will do so if deletion does not contravene any applicable laws. If we have shared your Personal Information with any third parties, we will take reasonable steps to inform those third parties to delete such Personal Information.
- right to withdraw consent - if the basis of our processing of your Personal Information is consent, you can withdraw that consent at any time.
- right to restrict processing - you may request that we restrict or block the processing of your Personal Information in certain circumstances. If we have shared your Personal Information with third parties, we will tell them about this request where possible.
- right to object to processing - you may request that we stop processing your Personal Information at any time and we will do so to the extent required by the GDPR.
- rights related to autonomous decision-making, including profiling – you have a right to not be subject to a decision based solely on automated processing, including processing, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision making is necessary for entering into, or the performance of, a contract with you, is authorised by applicable laws or is based on your explicit consent.
- right to data portability - you may obtain your Personal Information from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this Personal Information in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your Personal Information directly to another data controller.
- the right to complain to a supervisory authority - you can report any concerns you have about our privacy practices to the relevant data protection supervisory authority.
Where Personal Information is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at support@tracplus.com. If you are not satisfied by the way your query is dealt with by our data protection officer, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
INTERNATIONAL TRANSFER OF DATA
The Personal Information we collect may be transferred to, and stored in, a country operating outside the European Economic Area (EEA). Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the
country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer Personal Information provided appropriate safeguards are in place.
Some of the Personal Information we collect is processed in New Zealand (where our operations are located). New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection and we rely on this decision in transferring personal data to New Zealand.
Some of the Personal Information we collect is processed by third party data processors in other countries, including United States and Australia. Where Personal Information is transferred outside the EEA, it will only be transferred where the transfer complies with the GDPR (e.g. to organisations in the United States under the EU-U.S. Privacy Shield framework or by entering into the European Commission’s Standard Contractual Clauses). For further information, please contact us using the details set out below.
CHILDREN
We do not intend to collect Personal Information from children aged under 16. If you have reason to believe that a child under the age of 16 has provided Personal Information to us through our Website and/or by using the TracPlus Service, please contact us at support@tracplus.com.
Please note that the above statement relates only to Personal Information where we are the data controller (i.e. for Account and Marketing Data). Our customer is the data controller when processing Operational PI about you (or a child under your care). Please contact the relevant customer if you have any concerns about its processing of Operational PI relating to Children.
CONTACTING US
You can contact us as set out in our Privacy Policy.
The name and contact details of our European GDPR representative are:
Damien Tucker
privacy.officer@tracplus.com