Your rights in relation to privacy
EMS Bruel & Kjaer (EMS) understands the importance of protecting the privacy of an individual’s personal information. This policy sets out how EMS aims to protect the privacy of your personal information, your rights in relation to your personal information managed by EMS and the way EMS collects, holds, uses and discloses your personal information.
In handling your personal information, EMS will comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the 13 Australian Privacy Principles in the Privacy Act. Where applicable as a matter of local law, EMS may be bound by the General Data Protection Regulation (EU) 2016/679 (GDPR) and the California Consumer Privacy Act of 2018 (CCPA).
This policy may be updated from time to time.
Where EMS is bound under the GDPR, EMS typically collects and processes your personal information as a consumer (as opposed to employees of EMS), in our capacity as a ‘Data Processor’ for our Customers, who are the ‘Data Controller’. Our Customers, as Data Controller are responsible for deciding how and why your personal information is processed.
What kinds of information does EMS collect?
Personal information is information or an opinion about an identified, or reasonably identifiable, individual. As part of conducting business and in the provision of its goods and/or services, EMS may collect your personal information.
Generally, the kinds of personal information EMS collects is contact and identification information such as your name, address, telephone number and email address. In some circumstances, EMS may also hold other personal information provided by you.
If you are under the age of sixteen we are unable to process your information through our products; please ask an adult to use the feedback service on your behalf and ask them to enter their contact details instead.
How does EMS collect personal information
Generally, EMS collects your personal information directly from you, through completion of an online form or entry of your information into one of our consumer feedback apps, an interaction or exchange in person or by way of telephone, email or post, or through the EMS website. There may be other occasions when EMS collects your personal information from other sources such as from one of our customers or a government body. Generally, EMS will only collect your personal information from sources other than you if it is unreasonable or impracticable to collect your personal information from you. We process your personal information in accordance with our written contract with our Customer and any other instructions or direction they provide.
The types of personal information EMS processes
EMS collects, holds, uses and discloses your personal information where it is reasonably necessary for the purposes of:
- the provision of our products and services to our Customers in connection with our environmental monitoring operations and related services;
- internal administrative purposes;
- business management purposes, including the provision of professional services; and
- any legal requirements.
Certain information is also automatically collected when you use our systems, this includes:
- mobile phone number (in order for our Customers to contact you regarding your feedback);
- geolocation, if enabled on the you device (used if the “locate me” functionality of the EMS Viewpoint App has been enabled and to confirm accuracy of flight data);
- App has been enabled and to confirm accuracy of flight data);
- the make and model of the device (to ensure the App functionality is compatible with a user’s device); and
- device operating system (for statistic and development purposes).
Where personal information is used or disclosed, EMS takes steps reasonable in the circumstances to ensure it is relevant to the purpose for which it is to be used or disclosed. You are under no obligation to provide your personal information to EMS. However, without certain information from you, EMS may not be able to provide its products and services.
Processing your personal information
Our Customer, as Data Controller, determines the purposes and means through which your personal information will be processed. Our Customer relies on the pursuit of its legitimate interests as its legal basis for the processing of your personal information. These legitimate interests involve giving you the opportunity to provide feedback on the noise levels near your home or workplace. Our Customer has determined that the pursuit of these legitimate interests by them will not outweigh your rights and freedoms.
Whom does EMS disclose your personal information to
EMS discloses your personal information for the purpose for which EMS collects it. That is, EMS will only disclose your personal information for a purpose set out at paragraph 4. EMS may also disclose your personal information with your consent or if disclosure is required or authorised by law. This may include disclosing your personal information where reasonably necessary for law enforcement or as directed by a Court or Regulator.
For consumers located outside the European Economic Area, EMS may disclose personal information to overseas recipients in order to provide its services and/or products and for administrative or other business management purposes. It is impracticable to list the countries in which recipients of personal information may be located, however, before disclosing any personal information to an overseas recipient, EMS takes steps reasonable in the circumstances to ensure the overseas recipient complies with the Australian Privacy Principles, the CCPA or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure or it is otherwise required or permitted by law.
For the purposes of GDPR compliance, any data required to be held within the European Economic Area will be stored there and will only be transferred if in accordance with the principles outlined in GDPR, Chapter 5: Transfer of personal data to third countries or international organisations. EMS maintains separate offsite data processing and backup arrangements in each jurisdiction in which we operate. We backup data periodically to secure backup systems and daily to offsite secure backup systems. The offsite processing and backup systems are located in secure facilities with restricted access. With the exception of the information used to provide our technical support, our operating databases, servers and backups are held within the relevant regions:
a) Australia and Asia: personal information held in Australia
b) United States: personal information held in United States
c) EMEA and Canada: personal information held within the European Economic Area.
Security of your personal information
EMS processes personal information in a manner that ensures it is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. In particular, only those employees with a lawful and legitimate business reason for accessing personal information held by EMS will be granted access. EMS has controls and procedures in place to ensure that personal information is kept confidentially. EMS also has procedures to deal with any suspected data security breach and will notify you of a suspected breach where we are legally required to do so.
EMS will destroy or de-identify personal information in circumstances where it is no longer required, unless EMS is otherwise required or authorised by law to retain the information.
Accessing and correcting the personal information that EMS holds about you
By law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information that is being held about you and to check that it is being lawfully processed.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Object to processing of your personal information if there is something about your particular situation which makes you want to object to EMS processing your personal information on the grounds of legitimate interests.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Lodge a complaint with a supervisory authority.
EMS will respond to your request to access or correct your personal information within 30 days from your request.
Please direct all privacy complaints to EMS’s Privacy Officer. At all times, privacy complaints:
- will be treated seriously;
- will be dealt with promptly;
- will be dealt with in a confidential manner; and
- will not affect your existing obligations or affect the commercial arrangements between you and EMS.
EMS’s Privacy Officer will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner or to your local supervisory authority for those consumers located in Europe. For consumers based in California, you may lodge a complaint with the Californian office of the Attorney General.