Privacy Policy

Trobexis Ltd ACN 606 279 841 (we, our, us) is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy (Policy) sets out how we collect, use, hold and share your personal information and how to contact us about this Policy.
‍
In this Policy you refers to customers, employees, (including potential employees), suppliers, contractors, affiliates and any other individuals with whom we interact on a more informal or ad hoc basis.
‍
By voluntarily supplying us with your personal information, you are agreeing to be bound by this Policy. We may update our Policy from time to time. The most recent version of this Policy will always be available on our website at Privacy Policy. If we change the Policy in any material way we will post a notice on our website along with the updated Policy. We may also contact you via your contact information on file, for example by email.
‍
If you reside in the European Union, we also handle your data in accordance with the General Data Protection Regulations (EU Regulation 2016/679) (GDPR). Residents of the United Kingdom are also protected by the UK GDPR contained within the Data Protection Act 2018 (UK). For the purposes of the GDPR and UK GDPR, Trobexis may either be a Data Controller or a Data Processor (depending on the circumstances). A reference to ‘personal information’ in this Policy is to be read as a reference to ‘personal data’ as defined by the GDPR and UK GDPR.
‍
If you have any queries, concerns or complaints about how we handle your personal information, please contact our Privacy Officer in the first instance:

By Email:
‍
‍Privacy Officer Contact: Oliver Tilsley
Email: TrobexisGlobalSupport@trobexis.com
‍
By Mail:
‍
‍Attention: Privacy Officer
Trobexis Ltd
PO Box 8251
Armadale VIC 3143
Australia
‍
Our website contains links to other websites. When a user clicks on a link to another site, they are no longer subject to this Policy. We have no responsibility for linked websites and provide them solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or warranties about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.
‍
What types of information do we collect and why?

‍We collect personal and other information about our customers, employees (including potential employees), suppliers, contractors and affiliates. We may also collect personal and other information from people who engage with us on a more casual basis who may not be our customers. We may collect personal information through a number of mechanisms, including:

‍Collection from you: we collect and store information you provide directly to us (via the TrobexisOne platform (enterprise solution), the TrobexisOne Mobile App, in person, by email, by phone, via our website (www.gettrobexis.com) or by any other direct means). This may include:

Contact information: such as your name, address, email address, telephone number.
Personal information: such as date of birth, driver’s licence details and passport details.
Financial and credit information: such as your payment information (credit card, bank account).
Business details: Australian Business Number, Director Identification Number and other information about your business including information about other directors and responsible persons.
Credit information: such as consumer credit liability information, type and amount of credit sought, default information, repayment history information, payment information relating to overdue payments.
We may also collect personal information or instructions from agents or those authorised to act on your behalf including, but not limited to, accountants, business advisers and lawyers.

Digital communications: when you communicate with us, we collect information such as your contact details (e.g. email address or phone number). We also engage third party services that provide us with information about how you interact with the communications we distribute. You can elect to not receive communications from us by contacting our Privacy Officer or selecting the ‘opt out’ function to future communications in the relevant communication.

Digital platforms: if you engage with us through our social media channels (such as LinkedIn) we collect information about you from those platforms including your name and contact details. Any information we collect from digital platforms is collected in accordance with that platform’s terms.

Through other sources: where necessary, we may also collect personal information from publicly available records. This can include information relating to an individual’s credit worthiness (subject to any relevant legal restrictions). Where appropriate and necessary to do so, we may collect information from public records. We may do this if authorised by you or where it is unreasonable or impractical to collect this information directly from you.

Information you provide about someone else: if you provide us with personal information about someone else, you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps required by applicable privacy laws, we may collect, store, use and disclose such information for the purposes described in this policy. Where we request you to do so, you must assist us with any requests by the individual to access or update the personal information you have collected from them and provided to us. If you are someone who does not have a relationship with us but believe that one of our customers has entered your personal information into our servers, you will need to contact that customer for any questions you have about your personal information (including where you want to access, correct, amend, or request that we delete, your personal information).

Sensitive Information: we may also collect information classified as sensitive information under the Privacy Act if required in order to perform our services and carry out our business, such as:

racial or ethnic origin;
political opinions;
membership of a political association;
religious beliefs or affiliations;
philosophical beliefs;
membership of a professional or trade association;
membership of a trade union;
sexual orientation or practices;
criminal record; or
health information

You have the option of not identifying yourself or interacting with us using a pseudonym. However, this option may not be available when you are using the TrobexisOne Platform (enterprise solution) and/or the TrobexisOne Mobile App as individuals will need to be identifiable for us to perform our services. You can choose not to provide your personal information, but it may mean that we are unable to provide you with our services.

We will only collect information directly from you, from those authorised by law to disclose this information or where we have consent to collect the information from a third party.

Automatic collection of information

We use cookies (small text files stored on your devices that provide us with information such as your internet protocol (IP) address, server information, internet service provider and information on how you interact with our website) and other services that allow us to understand how you use our online media. This information is not linked to you personally.

We use third party analytics services such as Google Analytics to understand how you interact with our website. These services do not provide us with personal information. If you opt-out of third party tracking technologies or elect to prevent the use of cookies, this may limit, restrict, delay or otherwise affect the way in which our website or digital services operates.

How do we use your information?

We will only use your information for the purposes for which it was collected (primary purpose) or a purpose related to that primary purpose if it would be reasonably expected by you or where we have separately obtained your consent.

We may use personal information for the following primary purpose:

to provide, operate, maintain and improve our services including the TrobexisOne Platform and TrobexisOne Mobile App
to enable you to access and use our services including the TrobexisOne Platform and TrobexisOne Mobile App
to process and complete transactions and send you related information via our services including travel itineraries and travel related information
to send transactional messages including responses to your comments, questions and requests
to provide you with customer service and support including responding to enquiries and complaints relating to our services including relating to the TrobexisOne Platform and TrobexisOne Mobile App
insurance-related purposes including managing or supporting our insurance needs
managing relationships with employees, contractors, service providers and suppliers including performance under contracts and outsourcing/support functions
administering and managing business relationships including billing, payments, accounting, auditing, collections and support services
complying with laws and regulatory requirements including record keeping, privacy and security obligations and responding to regulators
ensuring security and risk management including protecting the premises and IT systems, access management, preventing/detecting security threats, fraud and other malicious or criminal activity
marketing and communications including sending updates, newsletters and alerts, administering mailing lists, inviting to events and personalising communications
recruitment and talent processes including assessing job applications and suitability for roles and related checks
any purposes related or ancillary to the above or necessary to carry out our services and functions as a SaaS provider

How we use the information we collect depends, in part, on which services you use, how you use them, how you engage with us and any preferences you have communicated to us. If you would like to restrict how your personal information is handled beyond what is outlined in this Policy, please contact our Privacy Officer.

Disclosure of your personal information

Disclosure of personal information to third parties

We may disclose your information to third parties who assist us in providing, managing and administering our services. We will also disclose your personal information where such disclosure is required by law.

This may include disclosure to:

travel management companies, commercial airlines (charter fixed wing and helicopter), commercial marine transport companies, ground transport services, various online booking tools, camp and accommodation service providers, security and real-time location tracking, as required to perform our services
third party suppliers, contractors and service providers who assist us in operating our business and delivering services including information technology services, expense management, data management, storage and retention, communications, services for management and enhancement of our customer database, marketing, research, compliance, recruitment, accounting, insurance and administrative services
courts, tribunals regulators, government agencies or law enforcement bodies where disclosure is required or authorised by law, court order or to establish, exercise or defend legal rights
other third parties where we have obtained consent or been instructed to disclose personal information by you

Where we disclose personal information to third party service providers, we take reasonable steps to ensure that those parties are authorised to use the personal information only for the purpose for which it was disclosed and handle the personal information in accordance with applicable privacy and confidentiality obligations.

We do not sell or license your information to third parties. We do not disclose your credit information to any credit reporting bodies.

Overseas disclosures

We may disclose personal information to recipients located outside Australia where this is necessary for the performance of our services, the operation of our business or for administrative and support functions. We will also disclose information overseas if you instruct us to do so. The countries in which overseas recipients are located may vary depending on the services provided.

When we disclose personal information to overseas recipients, we take all steps reasonable in the circumstances to ensure that the overseas recipient handles the personal information in a manner consistent with the applicable privacy laws, including implementing appropriate contractual, technical or organisational safeguards, unless an exception under applicable law applies. If required by law, we implement appropriate safeguards through contractual arrangements that control how overseas recipients can use and handle personal information.

Processing your personal information

How will we process your personal information?

We collect, store and process personal data where we have a lawful basis to do so. The lawful basis for which we collect your personal data depends on the data we collect and how we use it. The lawful bases that may apply to our processing activities are:

Consent – you have given clear consent for us to process your personal data for a specific purpose.
Contract – the processing of your personal data is necessary for the performance of an agreement to provide our services.
Legal obligation – the processing of your personal data is necessary for us to comply with the law (not including contractual obligations).
Legitimate interests – the processing of your personal data is necessary for our legitimate interests or the legitimate interests of a third party except where such interests are overridden by your prevailing legitimate interests and rights.

In the absence of one of the above bases for processing, we will not process your personal information.

Importing of personal information to Australia

We process all personal information in Australia. If you are based in a jurisdiction outside of Australia, we are required to import your personal information into Australia. To provide you with our services, we may also be required to export personal information from Australia into other countries.

When importing and exporting personal information, we take steps as are reasonable in the circumstances to ensure that the transfer of personal information is undertaken in a secure manner. As part of this process, we may enter into binding contractual arrangements with third parties to ensure the protection of personal information.

Security of your personal information

How do we store and secure the information we collect?

We store your personal and credit information in both physical files and on electronic databases.

Security and management of personal information

We will take reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure. We do this by:

putting in place physical, electronic and procedural safeguards in line with industry standards
requiring any third party providers to have acceptable security measures to keep personal information secure in line with industry standards
limiting access to the information we collect about you to those employees who require access to that information
imposing confidentiality requirements on our employees
only providing access to personal information once proper identification has been given

In the unlikely event a notifiable data breach occurs, we will notify you in accordance with our obligations under the Privacy Act and applicable overseas privacy laws.

If we no longer require your personal information, and are not legally required to retain it, we will take reasonable steps to destroy or de-identify the personal information.

How to access and control your information

Accessing the information we hold about you

Under the APPs and applicable overseas privacy laws, you may have a right to obtain a copy of the personal information that we hold about you. To make a request to access this information please contact our Privacy Officer in writing. We will require you to verify your identity and specify what information you wish to access. If eligible, we will grant you access to the information within 30 days.

Insofar as permitted by law, we may charge a fee to cover the costs of verifying your application, and retrieving, reviewing and copying any material requested.

Updating your personal information

We endeavour to ensure that the personal information we hold about you is accurate, complete and up-to-date. Please contact us at the details above if you believe that the personal information we hold about you requires correction or is out of date. We endeavour to process any request within 30 days and will provide written reasons if your request is rejected, as well as providing details for making a complaint about the refusal if necessary.

Complaints

If you are concerned that we have not complied with the applicable privacy laws, please contact our Privacy Officer in the first instance with a description of your concerns. A response will be provided within a reasonable period. All complaints must be in writing.

When processing a complaint, we will require you to provide us with information to confirm your identity before processing a request related to information we may hold about you. We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the Office of the Australian Information Commissioner as follows:

Director of Compliance Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001
Australia

For more information on privacy see the Australian Information Commissioner’s website.

You may also have a right to contact the relevant supervisory authority in your jurisdiction. If you are unsure about who the relevant supervisory authority may be, please contact our Privacy Officer.

‍