- what personal data we collect and process from their use of our website and Platform;
- how we intend to use it; and
- what choices and controls users have with respect to their personal data.
“personal data” has the meaning given to it in the GDPR.
“Platform” means the SpaceDraft platform.
“users” means users of our Platform.
“we/us/our” means SpaceDraft Pty Ltd (ACN 610 216 101) of 183 Stirling Hwy, Nedlands, Australia, the company which provides and manages the SpaceDraft website and Platform, and any services or features which are available to users to use from the SpaceDraft website and Platform.
What Personal Data We Collect
We collect the following personal data:
- a user’s email address;
- a user’s first name and surname (if they elect to include these optional details upon registration);
- data about a user’s usage of, and activity on, our website and Platform (including but not limited to browsing history, search history and product interaction);
- data about a user’s take up of our offerings such as app, product or service launches; and
- crash data, performance, other diagnostic and other usage data.
We may also receive personal data:
- about a user if their employer elects to provide us with the user’s first name and surname upon registration;
- about a user or other persons where this is uploaded to our Platform by a user including as part of a user’s content. This may be by way of a text, images, videos, audio recordings or audio files. We do not collect, process or analyse this data, however, it will be stored as part of the user’s content; or
- that a user provides to us, such as the content of their communications with us, including but not limited to interactions with customer support.
If we introduce future products or services for a fee, we may collect data about a user’s billing address and methods of payment such as bank details, credit, debit or other payment card information.
How Do We Collect Personal Data
We collect personal data when the following occurs:
- when a user provides their email address upon registering with our Platform;
- when a user provides their first name and surname, if they elect to include these optional details upon registering with our Platform;
- when personal data is uploaded by a user when they create a project in our Platform. This may include the user’s own personal data, or a third party’s personal data which a user may upload to our Platform; and
- when there is a technical issue with our website or Platform and we collect usage and crash data for analytics and troubleshooting.
What Do We Use Personal Data For?
We use personal data that we collect for the following purposes:
- to provide our services to users;
- to communicate with users:
- about their account and their projects on our Platform;
- about changes to our terms, conditions and policies;
- about our products and services;
- to provide other relevant information; or
- to request information or feedback;
- to review usage and crash data for analytics and troubleshooting;
- to maintain and improve our services, and to develop new products and services;
- to protect us, individuals and employees by undertaking pre-screening or scanning uploaded content for potentially illegal content, including child sexual exploitation material; and
- to comply with applicable laws (e.g. to satisfy tax or reporting obligations, or to comply with a lawful governmental request).
We may also use personal data for other purposes with a user’s prior consent.
How Do We Hold Personal Data
Personal data we collect or receive for specific activities related to the operation of our organisation and the provision of our services is held and stored via cloud storage on Amazon Web Service, which is currently located within Australia. The specific activities within which each of these organisations participate have been recorded within the applicable SpaceDraft Data Protection Impact Assessments and these are available upon request from our Data Protection Manager (see paragraph 14 below).
We will always handle and store users’ personal data in accordance with industry best practice aligned with ISO27001, the international standard for information security. This includes the activities and procedures undertaken by our personnel and authorised third parties, and the technical controls which we have implemented to prevent unauthorised access, compromise or theft of information from our records, applications, supporting computer systems and premises.
The Purpose for Which We May Share or Disclose Personal Data
We may share personal data with service providers who act on our behalf, our partners or others at a user’s direction. We do not share personal data with third parties for our own or third parties’ marketing purposes but may do so in the future with a user’s consent.
Partners. At times, we may partner with third parties to provide services or other offerings. In these circumstances, we will require our partners to protect users’ personal data.
Others. we may share personal data with others at a user’s direction or with their prior consent. We may also disclose information about a user if we determine that for purposes of security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose information about a user where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions or to protect our operations or users, or in the event of a re-organisation, merger, or sale.
Sensitive Personal Data
GDPR specifies a set of personal data categories which are considered to be “sensitive”, and which require special consideration by data controllers.
We do not knowingly collect or process any sensitive personal data on our Platform. Supporting Data Protection Impact Assessments are available upon request from our Data Protection Manager (see paragraph 14 below).
Children’s Personal Data
Our Platform, and any services available from our website and Platform, are not directed to children under the age of 13, except with an Education Account (see paragraph 10 below).
If a user learns that a child under the age of 12 has provided us with their personal data without having parental consent, please contact our Data Protection Manager (see paragraph 14 below) immediately so that we can take appropriate action.
SpaceDraft Education Account
Children under the age of 13 may use “SpaceDraft Education Account” under the supervision of their teacher. We will only collect student data where such collection is authorised by participating educational institutions who have obtained parental consent. We will share student data with our third party service providers solely to the extent necessary for them to perform a business or technology support function for us. This may include data processing, account management or the provision of usage analytics.
Upon termination of an educational institution’s SpaceDraft Education Account, we will delete all student user accounts (including the student’s personal data) associated with that educational institution.
Educational institutions will have direct control of student data at all times. If an educational institution wishes to inspect, review, amend or delete data we have collected from a student, they may submit an authorised request to the contact details provided in paragraph 14 below. Such a request must come from the email address that owns the SpaceDraft Education Account. To protect children’s privacy and security, we will take reasonable steps to help verify the school’s identity before granting access to any personal data.
Our websites, online services, interactive applications and advertisements may use “cookies” and other technologies such as web beacons.
Cookies are small text files sent by us to a user’s computer, or from their computer or mobile device to us each time they visit our website. They are unique to the user or their web browser. Session-based cookies last only whilst a user’s browser is open and are automatically deleted when they close their browser. Persistent cookies last until a user or their browser deletes them, or until they expire.
- both session-based and persistent cookies, dependent upon how a user uses or interacts with our website and Platform; and
- cookies which are not specific to a user’s account but are unique and allow us to undertake website analytics and customisation, among other similar things. We may use third-party cookies, for example Google Analytics, and a user may choose to opt-out of third-party cookies from the providers’ respective websites.
These technologies help us to better understand user behaviour including for security and fraud prevention purposes, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches.
In some email messages we send to users, we provide a “click-through URL” that links a user to content on the SpaceDraft website. When a user clicks one of these URLs, they pass through a separate server before arriving at the destination page on our website. We track this click-through to help us determine interest in particular topics and measure whether we are communicating with a user effectively. If a user prefers not to be tracked in this way, the user should not click graphic or text links in email messages.
Our website may include relevant hyperlinks to external websites not controlled by us. Whilst all reasonable care has been exercised in selecting and providing such links, users are advised to exercise caution before clicking on them.
We cannot guarantee the continued suitability of external links to content that we do not control, nor do we continually verify the safety or security of the destination website. A user’s use of external links is at their own risk and we are not responsible for any damage, loss, cost or expense caused by a user’s use of them.
User Rights and How to Contact SpaceDraft
As prescribed within the EU General Data Protection Regulation, users have several rights connected to the provision of their personal data to us using our website or Platform. These include a user’s right to request that we:
- confirm what personal data we may hold about that user, if any, and for what purposes;
- change or withdraw any consent which a user has provided in relation to their personal data (if that is the legal basis for us holding it);
- correct any inaccurate or incomplete personal data we may be holding about a user;
- provide a user with a complete copy of their personal data for them to move elsewhere, under specific circumstances;
- stop our processing of their personal data, whilst a received data processing objection from them is being resolved; and
- permanently erase all a user’s personal data promptly, and confirm with them once this occurs (unless there is a valid reason why we are unable to do this).
If we do not address a user’s data subject request, or we fail to provide them with a valid reason why we are unable to do so, a user has the right to contact the Office of the Australian Information Commissioner to make a complaint. They can be contacted via https://www.oaic.gov.au/privacy/privacy-complaints/
The Data Protection Manager
SpaceDraft Pty Ltd
183 Stirling Hwy, Nedlands WA 6009 Australia