Managing use of personal information
We manage the personal information we collect by:
o providing team members with training on privacy issues;
o implementing procedures such as providing privacy statements when dealing with a client’s personal information;
o regularly reviewing our privacy compliance;
o implementing security measures to keep the personal information we collect safe, including using unique usernames and passwords on systems that can access personal information and security cards to access on-site information; and
o appointing a designated privacy officer to monitor privacy compliance and be a contact for any privacy complaints and access or correction requests.
We comply with our confidentiality obligations when dealing with an individual’s personal information.
Personal information we collect and hold
We are a company providing global rental and hire software and inventory management SaaS (SaaS) and other services, and hold different information depending on the SaaS and services provided to clients, or in the case of prospective employees, the information needed to assess future employment with us.
When using our SaaS and services (including our website), we will collect information about you and about your use of our SaaS and services, such as which services you use and how you use them. We will collect information such as:
o user name and password;
o device information, such as the model and ID of the device you use, operating system, telephone number and mobile phone network;
o server log information, such as details of how you used the SaaS or service (including our website), IP address, hardware settings, browser type, browser language, the date and time of your use and referral URL;
o your browser or your account using cookies (see below); and
o real-time location information.
Our SaaS and services (including our website) may also detect and use your IP address or domain name for internal traffic monitoring and capacity management purposes or to otherwise administer the SaaS and services. The patterns of usage of visitors to the online services may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user traffic patterns.
Generally, the types of information that we may collect and hold include:
o contact information (such as name, address and phone number);
o financial information;
o business circumstances;
o family circumstances;
o information about assets and investments;
o employment history;
o date and place of birth;
o insurance information;
o banking information;
o credit information;
o credit card details;
o expertise and interests;
o tax file numbers;
o driver’s licence and other photographic information;
o video or photographic footage given by clients to us for SaaS;
o information otherwise required by law; and
o any other personal information required to perform the SaaS or other service to the individual.
Where possible, we will only collect the personal information required to provide the SaaS or other service to the individual.
Sensitive information we collect and hold
The sensitive information that we collect and hold about an individual will include any information necessary to provide SaaS and other services to the individual. This may include:
o health information;
o racial or ethnic origins;
o political opinions and membership of political associations;
o religious beliefs or affiliations;
o philosophical beliefs;
o membership of professional or trade associations or unions;
o sexual preferences or practices;
o criminal records;
o genetic information;
o any sensitive information required to be disclosed by law; and
o any other sensitive information required to perform the SaaS or other service to the individual.
We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under applicable privacy laws.
Collection of Personal Information
Where reasonable and practicable, we will collect personal information directly from the individual to whom the personal information relates. However, we have a referral network and also collect personal information from numerous other sources. It is not possible to provide an exhaustive list of these sources, but they may include:
o partnering entities, consultants, advisors or agents for individuals we support;
o friends, family members and associates of the individual;
o banks and financial institutions;
o government bodies;
o our affiliates;
o insurance companies;
o businesses about their employees, contractors, customers or suppliers;
o feedback surveys; and
o from paid search providers.
If we provide you with access to an environment as part of our SaaS or related services, where you can store and process personal information, such personal information is not collected, stored, used, processed, modified or disclosed by us (except to the extent required by our permitted employees who may access customer environments for system configuration, maintenance and account administration purposes or as otherwise required by law).
Access to the data or information contained within any of these environments is controlled directly by you. It is your responsibility to obtain consent from individuals before their personal information is collected, stored, used, processed, modified or disclosed by you using any CloudRent environment. Our SaaS Customers benefit from a range of additional information security and compliance controls, including protection of personal information.
How we collect personal information
We may collect personal information about you in the following ways:
o when you order SaaS or services from us;
o when you use our online services (e.g. customer forums or communities), and other products and services (including our website);
o when you visit our sites or offices;
o when we visit your sites or offices;
o when you submit a query or request to us;
o when you respond to a survey that we run or fill in forms on our website;
o by tracking your use of our SaaS and services (including our website);
o from third parties who are entitled to disclose that information to us;
o from publically available sources;
o from online sources (including social media platforms and providers (e.g. LinkedIn);
o suppliers of information products and services (e.g. companies that consolidate data from multiple public sources);
o when you apply for a job with us; or
o other lawful means.
Each cookie expires after a certain period of time depending on its purpose or they can be stored for longer. We use session based or temporary cookies that are stored and used during your browsing session, use of our website and use of our services. These cookies are usually deleted automatically from your device when you log out of your account, the browser is closed or within a reasonable time after your use of our website. Permanent, persistent or stored cookies are stored on your device in between your use of our website which allows your preferences or actions to be remembered. When using our website, we also allow the use of some third party cookies which are set by a domain other than our website (for example, Google may set a cookie on your browser).
Modern internet browsers have a facility that will allow you to disable cookies altogether and you can refer to your browser’s help menu to find out how to do this. While you will still be able to browse our website with cookies disabled on your internet browser, some website functionality may not be available or may not function correctly, and .our ability to deliver our service to you may be limited. It also may degrade the user experience.
Holding Personal Information
We hold personal information physically on our premises and electronically, through internal servers and websites and a private cloud (including Microsoft OneDrive and Google Drive), and on electronic storage devices, including USB, and by Microsoft with our mailboxes stored ‘at rest’ within Australia.
We will take reasonable steps to ensure that all personal information we hold is secure from any unauthorised access, misuse or disclosure. However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a cyber attack) or that unauthorised disclosures will not occur.
Some of the methods we use to store and secure information include:
o strict security access measures preventing unauthorised parties gaining access to areas that contain personal information;
o having designated areas to meet with clients and non-CloudRent employees that do not contain personal information;
o using unique usernames, passwords and other protections on systems that can access personal information; and
o restricting printing and physical storage of more sensitive information.
How do we use personal information?
We use personal information that we collect about you to:
o verify your identity when you are dealing with us;
o determine your eligibility for any of our SaaS or services;
o maintain our relationship with you;
o enable us to provide you or your organisation with our SaaS and services;
o answer your queries and requests;
o comply with our legal and regulatory obligations;
o carry out market analysis and research;
o monitor use of our SaaS and services (including our website);
o assess, operate, maintain, upgrade and improve our SaaS and services (including our website);
o provide better SaaS, services and information to our customers and to the community;
o carry out education and training programs for our employees;
o manage and resolve any legal or commercial complaints or issues (including debt recovery);
o meet our obligations and perform our functions under applicable laws and agreements;
o maintain and update our records;
o use in accordance with any request or instructions from you;
o carry out planning and forecasting activities and other internal business processes;
o keep you informed about our activities and notify you of changes to our SaaS or services;
o make special offers related to our SaaS or services that we think may be of interest to you; and
o use as otherwise required or authorised by law.
We may also use your personal information for any other purpose as authorised by you.
Why do we Collect, Hold, Use or Disclose Personal Information
We take reasonable steps to use and disclose personal information for the primary purpose for which it is collected. The primary purpose for which information is collected varies, depending on the particular service being provided, but is generally to provide SaaS and other services to an individual or their business.
In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for a position with us.
Personal information may also be used or disclosed by us for secondary purposes that are within the individual’s reasonable expectations and related to the primary purpose of collection.
We may disclose personal information:
o to service providers or referral partners, in order to provide our SaaS or other service to the individual or company;
o to government bodies (such as ASIC or the ATO in Australia or equivalent local Government bodies);
o to paid search providers;
o with the consent of the individual to whom the information relates;
o to CloudRent affiliates; or
o to third party contractors where we or our affiliates contract out any financial, administrative, legal, information technology or other services, including independent market research that enables us to improve our SaaS to our clients.
Otherwise, we will only disclose personal information to third parties with the relevant individual’s consent or if the disclosure is permitted by applicable privacy laws.
Disclosing Information Overseas
We may disclose information to recipients that are located outside the country in which you are located (including contractors and external service providers). We may disclose your personal information to our employees or contractors overseas. We have service providers located in Australia, India, Indonesia, United Kingdom, Ireland and United States of America, and may disclose personal information to those entities. We take commercially reasonable steps to ensure that any overseas recipient does not breach the privacy law applicable in your jurisdiction or this
In some cases we may indirectly disclose personal information overseas through our service providers. For example, we disclose personal information with Microsoft, AWS, Google or Hubspot, which have data centres located in the Australia, United States, EU and UK.
By using our SaaS or services (including our website) and providing us with your personal information, you consent to the disclosure by us, and to the storage and use of your personal information in the countries listed above which may be other than the country in which you are located where a different privacy or data protection regime applies.
Direct marketing and research
We may use and disclose your personal information for marketing purposes (but we will not sell your personal information to any third party). We may contact you about our SaaS and services (including our website), the SaaS and services of other people, or related special offers from our business partners, that we think may be of interest to you. This information may be sent to you by email, SMS or by other means.
We may use and disclose your personal information to carry out consumer, market, compile demographics and perform other research and analysis so that we can develop and implement initiatives to improve our services, improve the design, construction and operation of our SaaS and identify people likely to be interested in our SaaS and services.
You can opt-out of receiving marketing communications from us at any time by following the ‘unsubscribe’ link in the communication or contacting us using the contact details below. Unsubscribing from promotional communications will not stop service related communications from us, such as administrative alerts in relation to your account.
We may de-identify information about you so that the information can no longer be used to identify you. We may use and disclose de-identified personal information in the course of our business (including in any promotional or marketing material).
We may aggregate information on the use of our SaaS and services (including our website) in such a way that the information can no longer be related to the identifiable individuals. We may use and disclose aggregated information in the course of our business (including in any promotional or marketing material).
A data breach occurs when personal information is lost or subjected to unauthorised access, use, modification or disclosure or other misuse or interference. We have implemented a data breach response plan to assist us to effectively contain, evaluate and respond to data breaches in order to mitigate potential harm to any persons affected by a data breach.
In summary, our data breach response plan:
o directs our team as to the steps they should take in the event of an actual or suspected data breach;
o appoints a team to handle data breaches;
o specifies a strategy for assessing and responding to data breaches;
o sets out the process for notifying any affected persons, the relevant privacy commissioner and other relevant parties; and
o outlines the review process to help prevent data breaches in the future.
We will generally notify you if we reasonably believe that your personal information has been subjected to a data breach if:
o there is a risk of serious harm to you;
o notification could enable you to avoid or mitigate serious harm;
o the compromised personal information is sensitive or likely to cause humiliation or embarrassment to you; or
o we are required to notify you by law.
We will notify the relevant privacy commissioner if we reasonably believe that your personal information has been subjected to a data breach that is likely to result in serious harm to you, as required by law.
In addition, where relevant and applicable local data privacy laws outside of Australia require that we take further steps than as set out above, we will at all times adhere to those data privacy laws.
Where appropriate, we may also notify other third parties of a data breach.
Your access to and updating your Personal Information
It is important the information we hold about individuals is up to date. Individuals should contact us if their personal information changes.
Access to information and correcting personal information
Individuals may request access to the personal information we hold or ask for their personal information to be corrected. We will grant an individual access to their personal information as soon as possible, subject to the request circumstances.
In keeping with our commitment to protect the privacy of personal information, we will not disclose personal information to an individual without proof of identity.
We may deny access to personal information if:
o the request is impractical or unreasonable;
o providing access would have an unreasonable impact on the privacy of another person;
o providing access would pose a serious and imminent threat to the life or health of any person;
o providing access would compromise our professional obligations; or
o there are other legal grounds to deny the request.
We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied. If the personal information we hold is not accurate, complete and up to date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
If a person wishes to complain about an alleged privacy breach, they must follow the following process:
o The complaint must be firstly made to us in writing, using the contact details in this section. We will have a reasonable time to respond to the complaint.
o In the unlikely event the privacy issue cannot be resolved, they may take their complaint to the office of the Australian information commissioner.
email@example.com / 16 Seventh Ave Palm Beach, Queensland 4220 Australia.
This policy was last updated on 6 July 2023.