Draftable Pty Ltd and its related entities (together, “Draftable”, “we”, “our” or “us”) have created this Privacy and Data Protection Policy (the “Policy”) to demonstrate our respect, commitment and vigilance in safeguarding the privacy and data security of the individuals and organizations with whom we deal and to ensure compliance with all applicable privacy and data security laws.
Draftable collects, uses and keeps information in compliance with the Australian Privacy Principles set out in the Australian Privacy Act 1988, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the California Consumer Privacy Act (“CCPA”) and all relevant regulations.
This Policy aims to give you information on how Draftable collects, processes and uses your personal data, including when you contact us, visit our website, apply for a job, or use our products or services.
Please note that:
- you agree to the terms and conditions of this Policy if you choose to use our website, products and/or services; and
Personal data we may collect from you
The nature of our products and services and the fact we operate in a business-to-business (“B2B”) environment means that we retain very little or none of your personal data, and we continue to strive to ensure that we retain as little personal data as possible of our customers.
The personal data we collect, hold, use or process about you depends on the nature of our interactions and the circumstances about its collection. We may collect, hold, use or process the following data about you:
- contact and identity data – such as your name, email, job title, industry, address and telephone number(s)
- technical data – including your Internet Protocol (IP) address, login data, operating system and web browser type, browser plug-in types and version, traffic data, location (and other communication) data and the resources that you access
- profile data – including usernames, passwords, and feedback data
- telemetry/usage data – including how you use our website, products or services
- communications and marketing data – including your communication preferences and communications in receiving marketing from us
We may also collect other data you choose to provide to us and details of the interactions that you have with us.
How we may collect your personal data
Whenever it is reasonable and practicable to do so we will collect data about you directly from you. We do this in various ways including when:
- enter and use our website – as you interact with our website, we will collect technical data (e.g. about your equipment, browsing actions and patterns) either automatically by using cookies and other similar technologies or from other websites that you visit which use our cookies
- purchase our products and services – if you purchase or use our products or services, we may use your personal data for specific purposes, including verifying your credentials, carrying out end user compliance checks for export control purposes, and processing orders and generating billing information
- contact us and/or provide feedback
- request and receive marketing communication
- submit a job application
We may also collect data about you through our business relationships and contacts as well as from third-party sources, including publicly available sources such as Twitter, Facebook pages, LinkedIn profiles, company websites and online directories.
Why we collect, hold, use, disclose and process your personal data
Data about our customers is an important part of our business and we are not in the business of selling our customers' personal data.
We collect, hold, use, disclose and process personal data for a range of purposes, including:
- to verify your identity
- to enable secure access to our website
- to activate and develop our products and services
- to help us operate, protect, improve, develop and research our products and services
- to measure, support and improve the presentation and content of our website
- to provide, recommend and personalize our products and services to you
- to provide technical support and respond to feedback, queries or complaints from you
- to analyse our performance
- to customise and enhance your experience
- to provide you with information that is relevant to your use of our products and services
- to market and promote our products and services
- to notify you about changes to our products and services
- to direct you to content or to provide you with information, products and services which we feel may be of interest to you and your business
- to perform any prorposed or signed contract we have entered into with you, including notification of changes to our products and services
- to participate in any potential corporate activity or transaction that involves us or our assets
- to manage relationships with our clients, suppliers and contractors
- to comply with any legal or regulatory obligations
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
If we are unable to collect your personal data, we may not be able to communicate or respond to you or do business with you or your organisation.
We have set out below, in a table format, a description of the primary ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
|To register you as a customer or account holder||To perform a contract with you|
|To manage our relationship with you||(a) To perform a contract with you
(b) To comply with a legal obligation
(c) For our legitimate interests (to keep our records updated and to analyse how customers use our products or services)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) To comply with a legal obligation
(b) For our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||For our legitimate interests (to analyse how customers use our products or services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||For our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||For our legitimate interests (to develop our products or services and grow our business)|
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates or third parties. The linked sites are not under the control or supervision of Draftable. If you follow a link to any of these websites, please note that these websites have their own privacy policies or notices and that Draftable does not accept any responsibility or liability for these policies or notices. We recommend that you check these policies or notices before you submit any personal data to these websites. These links are provided merely as a convenience, and do not imply any endorsement of the site by Draftable.
Use under the CCPA
Marketing and promotion
You have the right to withdraw consent to marketing at any time by contacting us or by using the opt-out links in our communications. Where you opt out of receiving these marketing or promotional messages, this will not apply to personal data provided to us as a result of a product or service purchase.
If you are an existing customer, we will only contact you by email with information about products and services similar to those that were the subject of a previous sale to you.
We will not sell or rent your personal information to third parties or share your data with third parties for marketing purposes. We may use third party software to send you information for marketing purposes, but such third parties will not have access to or be able to read your personal information.
If you receive an email which claims to come from us but does not use our domain, or if you are suspicious that an email may not be approved by us, then please send a copy of the email to email@example.com so we can investigate.
Personal data transfer, storage, security and processing
The security of your personal data is fundamental to the way that we do business and starts with our core infrastructure.
We securely store your personal data on our servers located in the US.
We endeavour to hold all personal data securely in accordance with our internal security procedures, industry standards and applicable law. We update and test our security on an ongoing basis. While we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website through the internet; any such transmission is at your own risk and we ask that you only do so in a secure environment.
We maintain appropriate administrative, physical, technical and organizational measures to protect your personal data received, accessed or processed by us against unauthorized or unlawful processing or accidental loss, destruction, damage or disclosure.
As a global enterprise, we have international sites and users all over the world. When you give us personal data, that data may be used, processed or stored anywhere in the world, including countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. We will only transfer personal information to a supplier where the supplier has provided assurances that they will provide at least the same level of privacy protection as is required by this Policy. We will take reasonable steps to prevent or stop such processing where we know that a supplier is using or sharing personal information in a way that is contrary to this Policy.
By submitting your personal data, you agree to the transfer, storing or processing of your personal data as described in this Policy.
Personal data use and processing
In addition to those described in the “Why we collect, hold, use, disclose and process your personal data” section above, we may also use and/or process your personal data for one or more of the following purposes:
- Provide our products: we use data to operate our products and services, and to provide you with rich, interactive experiences. For example, if you use Draftable Online, we process the documents you upload to enable you to view, retrieve, edit, forward, or otherwise process it, at your direction as part of the service. Additionally, as communications are a feature of various products and services, we use data to contact you. For example, we may contact you by phone or email or other means to inform you when a subscription is ending or discuss your account. We also communicate with you to secure our products, for example by letting you know when product updates are available.
- Product improvement: we use data to continually improve our products, including adding new features or capabilities. For example, we use error reports to improve security features, search queries to improve the relevancy of the search results, usage data to determine what new features to prioritise, and other data to develop and improve functionality and accuracy.
- Product development: we use data to develop new products. For example, we use data, often de-identified, to better understand our customers’ computing and productivity needs which can shape the development of new products.
- Security, safety and troubleshooting: we use data to help protect the security and safety of our products and customers by detecting malware and malicious activities; troubleshooting performance and compatibility issues to help customers get the most out of their experiences; identifying suspected spam, viruses, abusive actions, or URLs that have been flagged as fraud, phishing, or malware links; and notifying customers of updates to our products. This may include using automated systems to detect security and safety issues.
- Updates: we use data we collect to develop product and security updates. Such updates are intended to maximise your experience with our products and services, help you protect the privacy and security of your data, provide new features and ensure that your device is able to process such updates.
- Reporting and business operations: we use data to analyse our operations and perform business intelligence. This enables us to make informed decisions and report on the performance of our business.
Personal data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Keeping your personal information complete, accurate and accessible
We take all reasonable measures to ensure that all personal data we collect, hold and use is complete, up to date and relevant. You can contact us at any time (using the “Contact Details” below) to request access to or to correct your personal information. Once we have verified your identity, we will generally provide you access to your personal data. However, there may be some instances where we are permitted or required (such as by law or regulation) to deny access or where we may refuse to correct your personal data. In such a situation, we will communicate the reasons for our decision. If we do not allow you to access or correct such data, and you do not agree with our decision, you can make a complaint by following the process below.
Your legal rights under the GDPR
GDPR gives you certain rights with respect to your personal data, including the right to access information held about you.
In accordance with the GDPR, you can exercise your right of access by emailing our Data Protection Officer and make one of the following requests:
- information about how your personal data is processed
- a copy of your personal data
- immediate correction to your personal data
- raise an objection about how your personal data is processed
- erasure of your personal data if there is no longer a justification for it
- restricting the processing of your personal data in certain circumstances
- opt out of the use of your personal data for any purposes or a specific purpose
Our Data Protection Officer is our General Counsel, contactable at firstname.lastname@example.org.
Questions, concerns and complaints
If you have any questions, concerns or complaints about how we have handled your personal information, then you may contact us using our “Contact Details” below. To help us respond to you, please include as much detail as possible about the information that you would like to access or correct and, if applicable, how you'd like to access this information.
Once we have received your message, we will investigate and respond to you as soon as practically possible. We will try to respond to your message or resolve your complaint as quickly as possible and by no later than thirty (30) days after we receive your message. If your complaint takes longer to resolve, we'll keep you informed of our progress with the investigation.
If you are not satisfied with our response, you can contact us to further discuss your concerns or exercise your legal rights in the relevant jurisdiction. For example, in Australia, you may lodge a complaint with the Australian Information Commissioner (for more information here, please visit: www.oaic.gov.au).
Product specific information
Documents you compare are protected by a secret URL. Anyone you share the URL with can view the comparison. Comparisons are deleted after no one has viewed them for a period of time.
Documents you compare are not shared with us. All operations on documents take place locally, so you can safely use Draftable Desktop on confidential documents.
The information that is shared with Draftable includes:
- your name, email address, company, number of potential users, phone number (optional) to start a trial;
- Draftable Desktop communicates with our servers to check for updates and to ensure that your license key is valid;
- Draftable Desktop submits information about errors that occur when running. These error reports may sometimes contain confidential information such as filenames. This can be disabled.
Changes to this Policy
If you would like more information about our approach to privacy and data protection, or if you wish to contact us regarding the terms in this Policy and how it may apply to you, please contact us:
- by email: email@example.com
- by post: GPO Box 265 Melbourne VIC 3001
Last updated: January 2021