WIKICAMPS GLOBAL PRIVACY NOTICE
Last updated: September 2023
We at WikiCamps take the protection of your personal data seriously. This Privacy Notice tells you more about what data we collect from you, how and why we collect it, who we share it with, and what rights you may have over the data. Give it a read and if you have any questions, you can always reach us at support@wikicamps.co
What Is and Is Not Covered by this Privacy Notice?
This Notice addresses “you” (the data subject) and applies to:
- Customers’ Personal Data: This Notice applies to the Personal Data we collect directly from you as a customer (“Customer”) of the WikiCamps app (“App”) as well as when we provide Customer support services to you (collectively, the “Services”)
- Website Users’ Personal Data: This Notice applies to the Personal Data we collect directly from you through your use of our website, www.wikicamps.com.au, or any other website which links to this Notice (“Website”).
This Notice does not apply to:
- Human Resources Personal Data: This Notice does not apply when we collect the Personal Data of WikiCamps’ employees, job applicants, contractors, business owners, directors, officers, and other staff.
- Information Which Does Not Constitute Personal Data: If we combine your data with that of a lot of other Wikicamps users in a way that could identify, relate to, describe, or in any way be reasonably be capable of identifying you (or anyone else) then it’s no longer Personal Data, and this Notice will not apply to our processing of that information.
- External websites or services: Our electronic messages or online services, including our Website or the App, may contain links to other websites. We are not responsible for the handling of your Personal Data by those websites and recommend you review the privacy policy of those websites.
What Is WikiCamps’ Role With Respect to Your Personal Data?
Within the scope of this Notice, WikiCamps acts as a “data controller” or “business” for the Personal Data we process. This means that we decide how and why Personal Data is collected and processed.
What Personal Data Do We Collect About You and How Do We Obtain It?
The table below describes the categories of Personal Data we have collected about you in the last twelve months and how we obtained it.
We will not collect additional categories of Personal Data without informing you.
Sharing on social media
If you interact with us using your social media account, or post in our social media forums or on our social media pages, your Personal Data will be subject to the privacy policy of the social media site (e.g., Facebook and Instagram).
We recommend that you do not post sensitive information (such as health information, or financial information) to the App.
Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. If this position changes, or there is a need and lawful basis to do so, we will inform you.
For What Purposes Do We Use Your Personal Data?
We process your Personal Data for the following purposes:
- To provide you with the Services you request in terms of the contract we have with you. We use your email address to register your account for use within the App and as a ‘username’ to enable access to your account. We may also use it to check whether you have previously created an account. We use data about the location of your device, with your permission, to provide you with a map of points of interest or other Services.
- For marketing. We may also use de-identified data, by combining it with other sources, including publicly available information or data that is held by other companies within our related group of companies, to better understand your preferences. The reviews that you choose to post via the App may be displayed within the App, on our Websites, or on third party websites and/or Apps, including those of our business partners.
- To meet our legal obligations. We may also collect and use your Personal Data to comply with any of our obligations under applicable laws including the Australian Consumer Law and the Corporations Act 2001 (Cth).
- To protect our rights or the rights of others. We may collect and process some of your Personal Data for fraud or risk management purposes, to institute or defend legal claims.
- To comply with requests from government authorities and/or enforcement bodies.
We may use your Personal Data for other reasons which we will explain when we collect it, or for reasons that you have consented to us using it. We will only use your Personal Data in accordance with applicable privacy and data protection laws.
What Are Our Lawful Bases for Processing Your Personal Data?
Under certain data protection and privacy laws, we must have a valid reason to use your Personal Data. This is called the "lawful basis for processing".
We may process your Personal Data on the basis of:
- your consent;
- the need to perform a contract with you;
- our legitimate interests or those of a third party, such as our interest risk management;
- the need to comply with the law; or
- any other ground, as required or permitted by law.
Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdraw your consent. It will also not affect the validity of our processing of Personal Data performed on other lawful grounds.
Where we receive your Personal Data as part of providing our Services to you to fulfill a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.
How Long Do We Keep Your Personal Data?
We will retain your Personal Data for as long as is necessary to fulfil the purpose for which we collected your Personal Data and any other permitted linked purpose and in compliance with our data retention policies. For example, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations including under the Australian Consumer Law and/or the Corporations Act 2001 (Cth), resolve disputes, and enforce our legal agreements and policies.
Generally, we retain usage data for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our services, or we are legally obligated to retain this data for longer time periods.
If your Personal Data is used for more than one purpose, we will retain it until the purpose with the longest retention period expires; but we will stop using it for the purpose with a shorter retention period once that period expires. Our retention periods are also based on our business needs and good practice.
Your Personal Data may need to be retained in our backup systems and will only be deleted or overwritten later according to our retention periods. This may be the case even when you or an authority has validly asked us to delete your Personal Data or when we do not no longer have a legal basis for processing such Personal Data. Please note that our backups are protected, and we have implemented a system to remind us to delete the data again when we restore a backup to production systems.
Who Do We Share Your Personal Data With?
We use third party suppliers (“Service Providers”) to provide us with services to support our business. These Service Providers may perform services on our behalf or assist us to provide Services to you. Our Service Providers may need to access your Personal Data in connection with providing us with these services. We do not authorize their use or disclosure of your Personal Data for any other purposes other than in connection to the provision of their services to us.
In the last twelve months, we have disclosed the following categories of information to third parties for business purposes:
- Infrastructure services providers
- Customer service providers
- Internet service providers
- Cloud service providers
- Office tools providers
- Payment processing providers
- Customer survey providers
- Email service providers
- Web analytics providers
- Project management tool providers
- Our affiliates and companies within our related group of companies
Our Service Providers are located worldwide. Some of these third parties may be located outside of the European Union or the European Economic Area (“EEA”). In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission as recognized as providing an adequate level of protection to personal data. We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These safeguards may include the Standard Contractual Clauses as approved by the European Commission under Article 46.2 of the GDPR.
Other Disclosures of Your Personal Data
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring.
Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.
What Privacy Rights Do You Have?
You have specific rights regarding your Personal Data that we collect and process. In this section, we first describe those rights and then we explain how you can exercise those rights.
You have the right to delete your data. Depending on where you live, this may be called the right to erasure, right to deletion, or the right to be forgotten.
To delete your Wikicamps account, you must submit a request for deletion as follows:
For unregistered App users: Submit a request to delete your account via the App. Select the ‘Permanently Delete Account’ button within the main home menu of the ‘Community Guidelines’ section of the App.
For registered App users: Submit a request to delete your Account via the App. Select the ‘Permanently Delete Account’ toggle via the ‘My Account’ screen of the App. We will automatically confirm your request via the App before actioning it, to assist you to avoid unintentional deletion of your important account data (e.g. trip plans, checklists and photos). We aim to action account deletion immediately upon request by the account user, but it may take up to 30 days. Where an Account deletion is not completed within 24 hours, we will notify you on completion. Once deleted, you will be able to create a new account, but please be aware that a previous account deletion is permanent and cannot be reversed.
Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.
You also may have a Right to Rectification which allows you to ask us to correct any information you think is incorrect. If your account settings do not allow you change the information yourself, please contact us and we will do our best to change the Personal Data for you.
Depending on where you are, you may have additional Privacy Rights like: the right to restrict processing, that is, to limit how we process your data; the right to move your data (“data portability”); the right to be informed about how we’re using your data and who we share it with; the right of access to ask for full details of all the Personal Data we hold about you.
If we asked for your permission (“consent”) before processing a particular kind of data (like your geolocation), you may withdraw that consent at any time. Please note that our use of your Personal Data before you withdraw is still lawful. If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.
You may unsubscribe or opt-out of receiving communications from us by clicking on the 'unsubscribe' link in any electronic messages you receive from us; and/or contacting us using the details in the 'Contact Details' section of this Notice.
We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not: deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties; provide you a different level or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
If you live in America, you may have the right to ask us to not share your Personal Data with certain third parties for marketing purpose or to not “sell” your data to any third parties. This is the right to opt out. To exercise the right to opt-out, you may submit a request to us. Once you make an opt-out request, we will not ask you to reauthorize sale of your Personal Data for at least twelve months. However, if you change your mind, you may opt back into Personal Data sales at any time by using the contact details below. We will only use Personal Data you provide us in an opt-out request to review and comply with the request.
How Can You Exercise Your Privacy Rights?
To exercise any of the rights described above, please submit a request by either:
- 1. Contacting us by email at support@wikicamps.co
- 2. Filling out this online form
- 3. Writing to us at our address: Ground Floor, 60 Light Square, Adelaide, South Australia, Australia 5000
Verification of Your Identity
In order to correctly respond to your privacy rights requests (except requests to stop the sale of your Personal Data), we need to confirm that you made the request. We may require additional information to confirm that you are who you say you are.
For requests submitted via password-protected accounts, your identity is already verified. For requests sent by other means, we will verify your identity by requesting you confirm certain information we hold about you first. We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.
Verification of Authority
If you submit a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with us and confirm with us that they gave you permission to submit this request.
Response Timing and Format of Our Responses
We will confirm the receipt of your request within ten (10) business days, and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.
Please allow us up to a month to reply to your requests (except requests to stop selling your Personal Data) from the day we receive your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.
Specifically for requests to opt-out (in the U.S.): we will act upon your request to opt-out from selling your Personal Data within fifteen (15) business days. We will also notify the third parties to whom we sold your Personal Data of your request and instruct them not to further sell your Personal Data. We will inform you about this in ninety (90) days from receipt of your request.
If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.
We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
Right to Lodge a Complaint
If you have any concerns about how we have handled your Personal Data and wish to make a privacy complaint, please contact us. If we are unable to resolve your privacy complaint, you may contact an applicable authority to lodge a complaint.
If the Australian Privacy Act applies to our processing of your Personal Data, you may contact the Office of the Australian Information Commissioner at: GPO Box 5218, Sydney NSW, 2001, telephone 1300 363 992), www.oaic.gov.au.
If the New Zealand Privacy Act applies to our processing of your Personal Data, you have the right to lodge a complaint with the Office of the New Zealand Privacy Commissioner, at: telephone: 0800 803 909, Email: enquiries@privacy.org.nz, online: privacy.org.nz.
If the Canadian Personal Information Protection and Electronic Documents Act applies to our processing of your Personal Data, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada at: telephone: 1-800-282-1376, online: www.priv.gc.ca/en,
If the UK GDPR and Data Protection Act applies to our processing of your Personal Data, you have the right to lodge a complaint with the UK Information Commissioner’s Office at: www.ico.org.uk/make-a-complaint/, telephone: 0303 123 1113; or via live chat.
If the EU GDPR applies to our processing of your Personal Data, you have the right to lodge a complaint with a supervisory authority in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the EU GDPR.
Do We Process the Personal Data of Children?
Our Services are not directed at, or intended for use by, children under the age of 16. We do not knowingly process the Personal Data of children and we would ask that you please not upload photos of your children to our App or share any personal information about them in your reviews.
How Do We Protect Your Personal Data?
We are strongly committed to keeping your Personal Data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Data from unauthorized processing. These measures include:
- storing your Personal Data on secure networks consistent with industry standards;
- using encryption when transferring Personal Data to other servers;
- restricting our employees, contractors, and agents access to your Personal Data to those who need to know the information to process it for us; and
- authenticating App users before providing access to their accounts.
What Cookies and Other Tracking Technologies Do We Use?
We may collect information relating to your web activity when you access and browse our Website or use the App. Specifically, we may collect your Personal Data using cookies, and similar technologies, designed to provide information to help us improve the use of our Website and the App and to customize the content we provide.
A “cookie” is a small text file containing small amounts of information which is stored on your device when you access a Website. This information may include your IP address, information and actions taken on the Website including details about when you accessed the Website. The text file is then sent back to our server each time your browser requests a page from the server. Information generated by the cookie about your use of our Website and may be transferred to, and stored by, a web analytics service, which may be based overseas, that we use to help use improve our online services. This enables us to provide a better Website visitor experience by loading the Website so that it reflects your personal preferences as previously indicated last time you browsed. Some cookies also help with ensuring the functionality of the Website.
Additionally, emails we send to you use technology that allows us to understand the time and date that an email was opened and whether any links within the email were clicked. You can disable some of this technology by changing the settings in your email client.
We use web tracking/analytic tools, that may be provided by our service providers, that generate detailed statistics about traffic to our Website, traffic sources and how you interact with advertisements on our Website and in our App and also on third party Websites. These tools can also measure and record conversions and sales.
The cookies and web-tracking tools we use allow our Website and App to operate more efficiently via the device you are using, customize our advertising and help us improve the content and functioning of our Website and App.
We also use cookies to help us and our Service Providers to present targeted and customized advertising to you on our Website and on third party websites.
The types of cookies we use are set out below. You can configure your web browser to reject and delete cookies, but this may limit the functionality of our Website or App so that so that they do not operate properly.
If you would prefer not to accept cookies, you can change the setup of your browser to reject all or some cookies. Note, if you reject certain cookies, you may not be able to use all features of our Services. For more information, please visit https://www.aboutcookies.org/.
You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our Services do not have the capability to respond to “Do Not Track” signals received from web browsers.
Analytical and Performance Cookies
We use website analytics service providers, such as Google Analytics, that use cookies to analyze our Website traffic. These analytics Service Providers collect information and statistics about our Website, including by counting the number of visitors and tracking how visitors use the site. This type of analysis helps us make our Website more effective to use. Information supplied by analysis cookies helps us to understand how our visitors use our Website to improve the user experience.
Functionality Cookies
We may use functional cookies that record the choices you have made on our Website so that we can continue to provide you with information you are interested in during that visit and any subsequent visits. This allows us to provide content that is tailored and relevant, and to improve the Website experience for our Website users.
Strictly Necessary Cookies
We collect cookies that are necessary for our Website to operate and load properly. You can set your web browser to block these cookies but without these cookies you may not be able to move around the Website and use its features.
Resettable device identifiers
If you use our App on a mobile device or tablet, we may collect a ‘resettable device identifier' (Device Identifier) from that device. Device Identifiers are similar to cookies, and we may use them to help us make our advertising more relevant and/or for analytics and optimization purposes; and for delivering ‘push notifications’ (messages that pop up to prompt action and/or notify you of important information) to your device. You can configure your mobile device or tablet to opt-out of interest-based ads from us in connection with a Device Identifier (usually by selecting the appropriate setting under ‘privacy' or ‘ads' in the device settings).
We may use the Device Identifier to notify you of important information, using ‘push notifications’. You can opt out of receiving some types of Push Notification messages from within our App.
When you use the App or our Services, certain third parties may collect Personal Data about your online activities over time and across different websites or online services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.
How Can You Contact Us?
If you have any questions about this Notice or our processing of your Personal Data, or want to submit a verifiable consumer request, please write to us by email at support@wikicamps.co or by postal mail at:
C/- Wikicamps Ground Floor, 60 Light Square Adelaide South Australia Australia 5000
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Notice.
Home