WEBSITE AND APPLICATION PRIVACY POLICY

This Privacy Policy applies to all Personal Information collected by Equiptek Pty Ltd (Equiptek, we, us or our) via:

• Our Website located at www.equiptek.com.au (Website).
• Our Mobile applications (Application).
• Our Business Partner Administration Interface located at admin.equiptek.com.au (Administration Interface).
• Our Integrations with third-party systems.

Key Definitions

Throughout this Privacy Policy:

• "Business Partners" refers to businesses that have a direct commercial relationship with Equiptek Pty Ltd as customers of our services, typically but not limited to equipment hire companies and fleet owners who use our services to manage their equipment fleet and customers.

• "Integration Partners" refers to third-party service providers that integrate with our platform, including but not limited to:

  • Rental Management Systems (RMS).
  • Enterprise Resource Planning (ERP) Systems.
  • Telematics providers.
  • Original Equipment Manufacturers (OEMs).
  • Payment processors.
  • Authentication providers.

• "Application Users" refers to individuals who access our Application through our Business Partners, typically being the end customers of our Business Partners who use the Application to manage their equipment needs.

• "Business Partner Administration Users" refers to Business Partner staff members or authorised agents who have access to the Administration Interface to manage their customer relationships and service configuration.

The relationship between these parties is:

• Equiptek Pty Ltd provides services to Business Partners.
• Equiptek Pty Ltd integrates with Integration Partners to deliver these services.
• Business Partners provide services to their customers (Application Users).
• Application Users access Equiptek's Application through their relationship with our Business Partners.
• Business Partner Administration Users are designated staff members or authorised agents of Business Partners who manage their organisation's use of Equiptek's services.

1. What Information Do We Collect?

The kind of Personal Information that we collect from you will depend on how you use our services. The Personal Information which we collect and hold may include but is not limited to:

1.1 For all Application Users and Business Partner Administration Users:

• Login credentials.
• Payment details.
• Email address.
• Name.
• Phone number.
• Address.
• Employer information.

1.2 For Application Users:

• Equipment utilisation data.
• Equipment location data.
• Equipment operational metrics.
• Service history and records.
• Safety documentation.
• Compliance certificates.
• User preferences and settings.
• Device information and usage data.
• Hire procurement contracts and records.

1.2.1 Device Location Services

• The Application may request temporary access to your device's location services.
• This access is used solely for navigation purposes to help you locate equipment.
• Your personal location data is:
  • Processed on your device only.
  • Not collected, stored, or transmitted to our servers.
  • Not shared with any third parties.
  • Only accessed when you actively use the equipment location feature.
  • Automatically discontinued when you close the navigation feature.

1.3 For Business Partner Administration Users:

• Integration configuration details.
• API credentials.
• Management records.
• User access controls.
• System configuration settings.

1.4 Through Integrations:

• Rental Management System and/or Enterprise Resource Planning data.
• Telematics provider data.
• Original Equipment Manufacturer (OEM) data.
• Equipment specifications and documentation.
• Historical equipment records.

2. Types of Information

2.1 Personal Information

The Privacy Act 1998 (Cth) (Privacy Act) defines Personal Information as information or an opinion about an identified individual or an individual who is reasonably identifiable: (i) whether the information or opinion is true or not; and (ii) whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as "Personal Information" and will not be subject to this Privacy Policy.

2.2 Sensitive Information

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive Information will be used by us only: (a) for the primary purpose for which it was obtained; (b) for a secondary purpose that is directly related to the primary purpose; and (c) with your consent or where required or authorised by law.

3. How We Collect Your Personal Information

3.1 Direct Collection

We collect Personal Information from you when you:

• Input information into the Website or Administration Interface.
• Use the Application.
• Configure integration settings.
• Provide information directly to us.

3.2 Indirect Collection

We may collect information:

• Through our Integration Partners.
• From equipment telematics systems.
• Through automated data collection from equipment.
• Via our Business Partners when they set up your account.

3.3 Cookies and Analytics

We collect cookies from your devices to enable our services. These cookies help us to:

• Authenticate Application Users and Business Partner Administration Users.
• Maintain session information.
• Improve user experience.
• Analyse service usage.
• Customise service features.

We use different types of cookies, including:

• Essential cookies for functionality.
• Analytical cookies to improve user experience.
• Marketing cookies that may be set by third parties.

Cookies are retained for up to seven days and can be managed through your browser settings. Third-party cookies are subject to their respective privacy policies, which we encourage you to review.

4. Purpose of Collection

4.1 Primary Purposes

We collect Personal Information to:

• Provide our services to you.
• Enable equipment hire and management.
• Facilitate integration with Integration Partner systems.
• Monitor equipment utilisation.
• Maintain safety and compliance records.
• Support procurement processes.
• Generate insights and reports.

4.2 Data Sharing

We share Personal Information:

• Between our Business Partners and their authorised Application Users.
• With integrated third-party systems.
• With service providers who assist in operating our services.
• As required for maintenance and support.

4.3 Marketing

By using our services, you consent to receive direct marketing material. We will only use your Personal Information for this purpose if:

• We collected it directly from you.
• It is material you would reasonably expect to receive.
• We do not use Sensitive Information for marketing.

Our marketing communications include simple opt-out mechanisms.

5. Security, Access and Correction

5.1 Data Security

We implement comprehensive and modern security practices aligned with industry standards to protect your information. Our security approach includes:

5.1.1 System Security

• Industry-standard security practices and protocols.
• Modern infrastructure and application security measures.
• Regular security assessments and updates.
• Continuous security monitoring.
• Automated threat detection and prevention.

5.1.2 Access Security

• Strict access control mechanisms.
• Secure authentication methods.
• Regular access review procedures.
• Role-based permissions management.

5.1.3 Operational Security

• Documented security policies and procedures.
• Regular security training for personnel.
• Incident response planning.
• Business continuity measures.
• Ongoing security program maintenance.

We regularly review and update our security practices to maintain alignment with evolving industry standards and best practices.

5.2 Data Retention

We retain different types of data for the following periods:

5.2.1 Active Data

• Account and profile data: Retained while account is active.
• Equipment data: Retained while equipment relationship is active.
• Operational data: Retained while actively used for service delivery.
• Integration configurations: Retained while integrations are active.
• Business Partner relationship data: Retained while Business Partner relationship is active.

5.2.2 Archived Data

• Inactive account data: 3 years after account closure.
• Historical equipment data: 3 years after equipment relationship ends.
• Discontinued integration data: 3 years after integration termination.
• Transaction records: 7 years (legal requirement).
• Safety and compliance records: 7 years (legal requirement).

5.2.3 Anonymised Data

Following Business Partner closure or termination, Application User deactivation or deletion, Business Partner Administration User deactivation or deletion, or equipment relationship end, we may at our discretion:

• Convert applicable operational data into anonymised format.
• Retain anonymised equipment telematics data indefinitely.
• Retain anonymised usage patterns and metrics indefinitely.
• Use anonymised data for:
  • Industry benchmarking.
  • Performance analytics.
  • Statistical analysis.
  • Product improvement.
  • Market research.
  • Trend analysis.

5.2.4 Data Deletion

• Upon Business Partner closure or termination, active data transitions to archived status.
• Application Users may request deletion of their Personal Information subject to legal retention requirements.
• Business Partners may request deletion of their configuration data subject to customer data dependencies.
• Automated purge protocols apply to archived data after retention period expires.
• Anonymised data is not subject to deletion requests as it cannot be linked to individuals or organisations.

5.3 Access and Correction

Under Australian Privacy Principles:

• You can access your Personal Information.
• You can correct inaccurate information.
• Business Partners can manage Application User and Business Partner Administration User access through the Administration Interface.

Contact us via legal@equiptek.com.au for access requests.

6. Data Use & Analytics

6.1 Aggregated Data Use

We collect and analyse aggregated and anonymised data to:

• Improve our services and features.
• Generate industry insights.
• Enhance equipment utilisation analytics.
• Optimise procurement processes.
• Create benchmarking reports.
• Develop industry performance metrics.
• Analyse equipment usage patterns.
• Generate market intelligence.

This data may come from:

• Active Business Partner, Application User, and Business Partner Administration User relationships.
• Historical operational data.
• Anonymised former customer data.
• Anonymised equipment telematics.
• Anonymised usage patterns.

The anonymisation process ensures that:

• All identifying information is removed.
• Data cannot be re-linked to original sources.
• Individual privacy is maintained.
• Commercial confidentiality is preserved.

6.2 Partner Analytics

We may share anonymised and aggregated statistics with Business Partners, including:

• Equipment utilisation metrics.
• Industry-wide trends.
• Performance benchmarks.
• Safety and compliance statistics.

6.3 Telemetry Data

Equipment telemetry data is:

• Collected through authorised Integration Partner systems.
• Processed to generate operational insights.
• Used for preventive maintenance recommendations.
• Shared with relevant Business Partners for fleet management.
• Retained according to our data retention schedule.

7. Children's Privacy

7.1 Age Restrictions

• Our services are intended for business use by individuals aged 18 or older.
• We do not knowingly collect information from individuals under 18.
• If we discover we have collected information from a minor, we will delete it promptly.
• Business Partners must ensure their Application Users and Business Partner Administration Users meet age requirements.

8. Third-Party Services & Data Ownership

8.1 Integration Partners

We integrate with various third-party services including:

• Rental Management Systems (RMS).
• Telematics providers.
• Original Equipment Manufacturers (OEMs).
• Payment processors.
• Authentication providers.

8.2 Data Handling and Processing

8.2.1 Data Processing

We process data in accordance with:

• Our Terms and Conditions.
• This Privacy Policy.
• Applicable laws and regulations.
• Industry standards.
• Service agreements.

8.2.2 General Data

We handle Business Partner Data, Integration Partner Data, Application User Data, and Business Partner Administration User Data to:

• Deliver platform services.
• Enable authorised access.
• Facilitate data sharing.
• Support platform features.
• Generate service insights.

8.2.3 Business Partner Data

We handle Business Partner Data to:

• Support platform administration.
• Enable Application User and Business Partner Administration User management.
• Facilitate integrations.
• Provide analytics.
• Maintain service delivery.

8.2.4 Platform Operations

As part of our operations, we:

• Process data for service functionality.
• Generate anonymised analytics.
• Create aggregate insights.
• Maintain platform features.
• Enable authorised data sharing.

8.3 Business Partner Data Access and Protection

In managing Business Partner access to our platform:

8.3.1 Access Controls

We implement controls to ensure:

• Business Partners can only access authorised data.
• Access is authenticated and logged.
• User permissions are properly managed.
• Data access follows prescribed protocols.

8.3.2 Data Protection

When sharing Integration Partner Data, Application User Data, and Business Partner Administration User Data with Business Partners, we:

• Apply appropriate security measures.
• Monitor data access patterns.
• Maintain access audit trails.
• Enforce data protection standards.

8.3.3 Business Partner Management

Our Business Partner management processes include but are not limited to:

• Regular access reviews.
• Security compliance monitoring.
• Access termination procedures.
• Incident response coordination.

9. Overseas Transfer

Your Personal Information may be transferred overseas or stored overseas for a variety of reasons. It is not possible to identify each and every country to which your Personal Information may be sent. If your Personal Information is sent to a recipient in a country with data protection laws which are at least substantially similar to the Australian Privacy Principles, and where there are mechanisms available to you to enforce protection of your Personal Information under that overseas law, we will not be liable for a breach of the Australian Privacy Principles if your Personal Information is mishandled in that jurisdiction. If your Personal Information is transferred to a jurisdiction which does not have data protection laws as comprehensive as Australia's, we will take reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the Australian Privacy Principles.

10. Data Breach Procedures

10.1 Breach Response

In the event of a data breach, we will:

1. Activate our incident response processes within one hour of detection.
2. Assess the breach impact within 24 hours.
3. Notify affected individuals within 72 hours if serious harm is likely.
4. Notify the Office of the Australian Information Commissioner if required.
5. Provide detailed incident reports to affected Business Partners.

10.2 Business Partner Notifications

Business Partners will be notified:

• Immediately upon breach confirmation.
• With regular updates during investigation.
• With final report after resolution.
• Of any required actions on their part.

11. Australian Privacy Principles Compliance

We comply with all 13 Australian Privacy Principles (APPs):

11.1 Collection (APPs 1-5)

• Transparent management of Personal Information.
• Anonymity and pseudonymity options where practical.
• Collection of solicited Personal Information only.
• Dealing with unsolicited Personal Information.
• Notification of collection.

11.2 Use and Disclosure (APPs 6-9)

• Use and disclosure for primary purposes.
• Direct marketing restrictions.
• Cross-border disclosure safeguards.
• Government identifier handling.

11.3 Integrity and Security (APPs 10-13)

• Quality of Personal Information.
• Security of Personal Information.
• Access to Personal Information.
• Correction of Personal Information.

12. GDPR

In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. The fact that you may be located in Europe does not, however, on its own entitle you to protection under the GDPR. Our website does not specifically target customers located in the European Union and we do not monitor the behaviour of individuals in the European Union, and accordingly the GDPR does not apply.

13. Complaint Procedure

If you have a complaint concerning the manner in which we maintain the privacy of your Personal Information, please contact us on the contact details set out at the bottom of this Privacy Policy. All complaints will be considered by a member or agent of Equiptek Pty Ltd. We may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

14. Documentation and Response Timeline

We will acknowledge receipt of your complaint within three business days and provide you with a reference number. Our privacy team will investigate your complaint and maintain detailed records of all communications and findings. We aim to resolve all privacy complaints within 30 business days. If additional time is required, we will notify you in writing. All complaint documentation will be retained for six months following resolution. If the matter requires escalation, our Privacy Officer will personally review your case within seven business days of the escalation request.

15. How to Contact Us About Privacy

If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: legal@equiptek.com.au.