Privacy Policy and Privacy Statement​

Privacy Policy and Privacy Statement

Purpose

This policy is designed to support Shebah’s compliance with Australian Privacy Principles (APP) as well as supporting consumer confidence and positive branding within the market.

Influences

· Privacy and Data Protection Act 2014 (Vic)
· Privacy Act 1988 (Cth)
· Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
· Privacy Regulations 2013 (Cth)
· Australian Privacy Principles
· Office of the Australian Information Commissioner (www.oaic.gov.au)
· Australian Psychological Society Code of Ethics Applications

Application

This policy sets out how we, Ladies Let’s Roll Pty Ltd (ABN 35 613 887 237) and all its related entities handle your personal information (i.e. information about you or serves to identify you).

1. Privacy Policy

Definitions:

· “Driver”: a rideshare driver utilising the Shebah platform to access riders seeking transport

· “Rider”: an individual seeking to utilise, or currently utilising, Shebah for rideshare transport

· “Account”: an Account is created when an individual enters required details into the Shebah App, and agrees to the App Terms & Conditions, in order to take or complete trips

Introduction

Your privacy is important to us. We therefore manage personal information in accordance with the Privacy and Data Protection Act 2014 (Vic), Privacy Act 1988 and the Australian Privacy Principles (APP).
This policy applies to information collected by Ladies Let’s Roll Pty Ltd (ABN 35 613 887 237) and all its related entities.
We only collect information that is reasonably necessary for the proper performance of our activities or functions. We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.
We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
This document outlines how we manage your personal information as an “APP entity” under the APP. We will also provide the information flow associated with that information.
If you have any questions please contact us (https://shebah.com.au/contact/).
Please note that this document contains some active hyperlinks to information on other websites. If you click these links you will be taken away from our website. We do not warrant the accuracy of any information on an outside website.
APP Entity
Ladies Let’s Roll Pty Ltd (ABN 35 613 887 237) and all its related entities, hereby referred to as “Shebah”, “we”, “us” or “our” manages personal information, as an Entity, under the APP, an APP entity. Because we may provide services to a range of Commonwealth, State and Territory government agencies, it may sometimes become necessary for us to collect and manage personal information as an Agency under different privacy arrangements.

Information flow
When we collect your personal information:
· On creating an Account through the Shebah Driver or Rider App (the Shebah App)
· On using the Shebah App to take or complete trips
· We check that it is current, complete and accurate. This will sometimes mean that we have to cross-check the information that we collect from you with third parties
· We record and hold this information in our customer database system (CDS)
· Some information may be disclosed to overseas recipients
· We retrieve your information when we need to use or disclose it for our functions or activities. At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross-check the information that we collect from you with third parties once again – especially if some time has passed since we last checked
· Subject to the exceptions set out in APP 12, we permit you to access your personal information in accordance with APP 12
· We correct or attach associated statements to your personal information in accordance with APP 13
· We destroy or de-identify your personal information when it is no longer needed for any purpose for which it may be used or disclosed provided that it is lawful for us to do so. In Australia we do not destroy or de-identify information that is contained in a Commonwealth Record.

Kinds of Information We Collect and Hold

The personal information that we collect and hold is reasonably necessary for the proper performance of our functions or activities as a rideshare operator company, and is likely to differ depending on whether you are a Shebah Driver or Rider.

For Drivers
The type of information that we typically collect and hold includes:
· information that is necessary and reasonable to ensure and validate compliance with state and territory government requirements pertaining to rideshare drivers and operators; or to manage performance on rides obtained through us, including:
o Personnel information such as contact details
o Business information including ABN
o Vehicle and licensing information
o Information about conduct and performance
o Information about your right to work in Australia, and your clearance to work with children
o Information obtained to assist in managing client and business
relationships.

For Riders
The type of information that we typically collect and hold includes:
· information that is necessary and reasonable to ensure Shebah’s functions and activities as a rideshare operator; or to manage the sustained growth of Shebah through consumer analytics, including:
o Personnel information such as contact details, DOB and postcode
o Information about conduct
o Information obtained to assist in managing client and business relationships.

Purposes

The purposes for which we collect, hold, use and disclose your personal information are likely to differ depending on whether you are a Shebah Driver or Rider.

Information that we collect, hold, use and disclose about individuals is typically used for:
· Rideshare operator functions and activities
· Payment purposes
· Statistical purposes
· Statutory compliance requirements
· Insurance purposes
· Legal compliance in relation to some types of information
· Insurance purposes and risk management
 
Direct marketing policy
Your personal information may be used for marketing purposes.
We give provide Riders an option as to whether or not they wish to receive marketing communications or participate in marketing activity directly or via a third party:
· All electronic marketing communications give recipients a clear and accessible option to unsubscribe
· In addition, contact our Privacy Officer to opt out of any marketing communications (https://shebah.com.au/contact/)
· We comply with the requirements of the anti-spam legislation
· Personal information may flow between us and third parties via electronic means.

How We Collect Your Personal Information

The means by which we will generally collect your personal information are likely to differ depending on whether you are a Shebah Driver or Rider.
We sometimes verify or collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to verify or collect your personal information in this way.
Sometimes the technology that is used to support communications between us will provide personal information to us – see the section in this policy on electronic transactions. See also the section on photos and images.
Personal information will be collected from you directly when you create an Account through the Shebah App, and in connection with that Account. Personal information is also collected when:
· We receive the results of any criminal checks or interactions with law or regulation enforcement
· We receive performance or conduct feedback (whether positive or negative)
· We receive any complaint from or about you in your interaction with Shebah.

Personal information is also collected from you directly electronically through our telecommunications and technology systems – see the section in this policy on Electronic Transactions. We may also collect personal information about you from a range of publicly available sources including State and Territory Authorities. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APP and our Privacy Policy.

Photos and images
We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances. At times video surveillance which operates in or near our premises may capture images of you. You should also read the section about Electronic Transactions because sometimes your communications with us may attach profile images of yourself that you have uploaded to the Internet.

Electronic transactions
This section explains how we handle personal information collected from our website https://shebah.com.au/, by the Shebah App, or by other technology in the course of electronic transactions. It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information. It might help you to look at the Office of the Australian Information Commissioner’s resource on internet communications and other technologies. Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:
· create an Account to access the Shebah App
· make a written online enquiry, email us through our website or through our other social media channels
You can contact us by land line telephone or post if you have concerns about making contact via the Internet.

Browsing
When an individual looks at our website, our internet service providers make records of the visit and logs (in server logs) the following information for statistical purposes:
· the individual’s server address
· the individual’s top level domain name (for example .com, .gov, .org, .au, .co, .au)
· the pages the individual accessed and documents downloaded
· the previous site the individual visited
· the type of browser being used and other information as specified in the providers terms and conditions.

Shebah does not identify users or their browsing activities except, in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider’s server logs. We do not accept responsibility for the privacy policy of any other site to which our site has a hyperlink, and it is advisable to look at the privacy policy of other sites before disclosing personal information. Our website also contains links to other websites and if you click these links you will be leaving our website. We do not warrant the accuracy of any information on an outside website.

Cookies
Cookies are uniquely numbered identification numbers like tags which are placed on your browser. By themselves cookies do not identify you personally, but they may link back to a database record about you. If you register on our site we may link your cookie back to your personal information details. Our website uses cookies to monitor usage, to enable user registrations, employment enquiries, and to create a personal record of when you visit our website and what pages you view. You may choose to delete the cookies on your browser and change the settings on your web browser program to disable cookies altogether. Our website also uses session cookies during a job search query on the website and when an individual accesses their profile. Our internet service provider does not employ cookies on our website except in those circumstances. The website statistics for this site are generated from the server logs as outlined above. When an individual closes their browser the session cookie set by our website is destroyed and no personal information is maintained at Shebah which might identify an individual should they visit our website at a later date.

Web bugs
We may from time to time use third party software to monitor our website utilisation and/or the success of an electronic marketing campaign. The data collected is not personally identifiable and only generic browser information may be collected to allow us to improve website compatibility or email communications.

Cloud computing services
In cases where we use cloud computing services we will take reasonable steps to ensure that:
· Disclosure of your personal information to the cloud service provider is consistent with our disclosure obligations under the Australian Privacy Principles. This may include ensuring that we have obtained your consent, or that the disclosure is for purposes within your reasonable expectations.
· Disclosure is consistent with any other legal obligations
· Our cloud computing services provider’s terms of service recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.

Uploading photographs
We do not upload photographs of any individuals who have not given consent to the display of their photograph.

Emails
Our technology systems log emails received and sent. When your email address is received by us because you send us a message, the email address will only be used or disclosed for the purpose for which you have provided it and it will not be added to a mailing list or used or disclosed for any other purpose without your consent other than as may be permitted or required by law.

Call and message logs
When your call number is received by us because you phone us or send us a message, the number will only be used or disclosed for the purpose for which you have provided it and it will not be added to a phone list or used or disclosed for any other purpose without your consent other than as may be permitted or required by law.

Database
We use software and databases to log and record Shebah’s operations.

Paperless office
Recognising the environmental advantages and efficiencies it provides, we operate a partially paperless office as a result of which your paper based communications with us may be digitised and retained in digital format, the paper based communications may be confidentially retained, archived or destroyed as required. It is therefore important that, except where specifically requested, you do not send us originals of any paper based document. We do request original or copies of paper based documents.

How Your Personal Information is Held

Personal information is held in our information record system until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
We take a range of measures to protect your personal information from:
· Misuse, interference and loss; and
· Unauthorised access, modification or disclosure.

Our Information Record System
Information is primarily stored on Shebah servers located across several data centres across Australia and other secure data centres around the world. Any data and communications stored in the cloud are encrypted and secured by 128-bit encryption keys and password protected, and two layer authentication process is utilised where possible.

Information Security
We protect information by taking a number of steps and strategies in the following areas :
· Governance
· ICT security
· Data breach
o OAIC’s Data breach notification guide www.oaic.gov.au will be followed
· Physical security
· Personnel security and training
· Workplace policies
· Risk assessments, policies and procedures in place for the information life cycle
· Australian and industry/sector standards
· Monitoring and review.

Disclosures

We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose. We may disclose your personal information where we are under a legal duty to do so, including circumstances where we are under lawful duty of care to disclose information.

Related purpose disclosures
We outsource a number of services to contracted service suppliers (CSPs) from time to time. Our CSPs may see some of your personal information. Typically our CSPs would include:
· Software solution providers
· I.T. contractors and database designers and internet service suppliers
· Legal and other professional advisors
· Licensing and screening agents
· Marketing agencies.
We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.

Cross-border disclosures
Some of your personal information is likely to be disclosed to our related bodies corporate, clients and third party service providers and suppliers (including technology service providers). These providers may be based overseas or use overseas infrastructure to perform services for us. These entities may be located in countries including Australia, Europe, Hong Kong, India, Japan, New Zealand, Singapore, United States, and the United Kingdom, Whilst every effort has been taken to ensure this list is accurate at the time of publishing, technology changes rapidly and so too does the location of where people store their data. If you have any concerns about where your information is going, please contact us to ascertain if there have been any updates to this list since publication.

Access and Correction

Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold. An important exception includes access that would impact on the privacy rights of other people. We do refuse access if it would breach confidentiality.

Access policy
If you wish to obtain access to your personal information you should contact us. You will need to be in a position to verify your identity. We will generally respond to your request for access within 30 calendar days. We may refuse a request made in accordance to APP 12 if the information requested is not readily retrievable; or the information requested does not exist or cannot be found. If we refuse access we will advise you and you have the right to complain about our handling of your personal information if you believe that we have interfered with your privacy. For more information please see the complaints section below.

Correction policy
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us. We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading. If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so. You should also anticipate that it may take a little time to process your application for correction as there may be a need to contact third parties. We will generally correct your personal information within 30 calendar days. Should we refuse to correct your information you may provide a statement specifying your disagreement with the decision, and we will make notes on the record by attaching that statement. You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy. For more information please see the complaints section below.

Complaints

You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.

If you are making a complaint about our handling of your personal information, it should first be made to us in writing, or by completing the Shebah Resolutions Form.

You can also make complaints to the Office of the Australian Information Commissioner.

When we receive your complaint:
· We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint
· Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.
· We may ask for clarification of certain aspects of the complaint and for further detail
· We will consider the complaint and may make enquiries of people who can assist us to establish what has happened and why
· We will require a reasonable time (usually 30 days) to respond
· If the complaint can be resolved by procedures for access and correction we will suggest these to you as possible solutions
· If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response
· If the complaint cannot be resolved by means that we propose in our response, we will suggest that you take your complaint to any recognised external dispute resolution scheme to which we belong or to the Office of the Australian Information Commissioner.

Contact us

If you wish to contact us about your personal information you should contact our Privacy Officer

· Phone: +61 3 8640 9954, 8:00am to 5:00pm Australian Eastern Standard Time, Monday to Friday

· Email: [email protected], 8:00am to 5:00pm Australian Eastern Standard Time, Monday to Friday

· Post: The Privacy Officer, Shebah, 425 Smith St, Fitzroy VIC, Australia 3065

2. Privacy Statement

Application of this privacy statement

This privacy statement applies only to Shebah’s website, and Driver and Rider Apps. It is consistent with Shebah’s Privacy Policy and applies to all activities of Shebah.
Where the website contains links to other websites they are not a part of Shebah. This Privacy Statement does not apply to those websites.
Shebah’s Privacy Policy is also available from the Privacy Officer.

Privacy and Data Protection Act 2014 (Vic): Personal information

In this privacy statement the term ‘personal information’ has the meaning provided in section 3 of the Privacy and Data Protection Act 2014 (Vic).
Personal information is information or an opinion that is recorded in any form, whether true or not, about an individual whose identity is apparent or can reasonably be ascertained. This Act is the legislation that regulates our collection and handling of personal information.
Detailed information about the Act is available at the Office of the Victorian Information Commissioner.

Collection of personal information

It is intended that the Shebah website can be used anonymously. However, for some functions, the collection of personal information is necessary or unavoidable. You will know if Shebah is collecting personal information from you because you will be requested to provide it.
There are two exceptions to this:
1. When someone else provides Shebah with your personal information. Shebah cannot prevent this. However, you are entitled to access and to correct any personal information about you collected by the Shebah.
2. When Shebah collects website visitation statistics using a web analytics service. The statistics in No. 2 may qualify as personal information under the Privacy and Data Protection Act 2014 (Vic). However, these statistics are not used to identify individual web users.

How we collect information

In accordance with our Privacy Policy, the department undertakes to treat any personal information provided by you as confidential and only for the purposes indicated. They include but are not limited to the following services.

Surveys
Shebah third party suppliers for the collection, aggregation and analysis of some survey data. They include, but may not be limited to:
· SurveyMonkey Privacy Policy
· Typeform Privacy Policy
· Google Suite Privacy Policy

The information you provide is stored in secure data warehouse in either Australia or the United States and is accessed by Shebah in accordance with each Privacy Policy.
If you do not want your personal information being stored offshore, you can decline to provide this information by not responding to these surveys.

Electronic direct mail (EDM) & newsletter subscription
Shebah uses third party suppliers to provide online communication services for some email campaigns and newsletter services.
In subscribing to newsletters, you are providing the department with personal information, which we will not disclose for any other purpose without your consent.
You can unsubscribe at any time and your email address will be moved to an ‘unsubscribed contacts’ email database. To do this, click on the unsubscribe link within each email or newsletter.
Subscriptions supported by third party suppliers only share details to assist with managing delivery, technical issues and the prevention of fraud or security issues. They include but may not be limited to:
· Mailchimp Privacy Policy
· Google Suite Privacy Policy
Your information will be stored on secure databases which reside in Australia, and the USA. If you do not want your personal information being stored offshore, please do not submit personal information to us.

Social media
If you choose to engage with Shebah via social network channels including Linkedin, Twitter, YouTube, Instagram or Facebook you should be aware of the following:
· Shebah only collects information that you voluntarily provide via polls, responses, posts, comments, direct messages and tweets
· Your social media profile contact details may be used to contact you for feedback or to engage you in conversation. All contact will be made via the channels you choose to participate in
· Any information you post on social media sites is potentially accessible to anyone else engaging with the same social media
· Your individual privacy settings for profiles and accounts on social media networks are your responsibility. Shebah has no control or jurisdiction over these settings
· Each social network has inbuilt privacy settings. We strongly recommend that you regularly check and configure the privacy settings for your profiles and accounts to make sure that you know what information you are making available, and to which audience.
· When you choose to join our social networks and/or participate in any way, some of your personal information may be made visible to others. For example, if you choose to: ‘Like’ a Shebah post, tweet, comment or update; share a link; follow on Twitter; tweet a mention or retweet a message; or join a Facebook Group, your activity may be made visible to others within these networks. Social media account managed by the department include but may not be limited to:
· Linked in Privacy Policy
· Twitter Privacy Policy
· YouTube (Google) Privacy Policy
· Facebook Privacy Policy
· Instagram Privacy Policy

Online forms
Shebah may request information through online forms. Shebah’s Privacy policy should be made available on the form prior to completion. If completing a form through a third party provider it’s advised that you examine the Privacy and Security policies. If there is no policy present it is highly recommended you contact Shebah directly. Online form providers used by Shebah include:
· SurveyMonkey Privacy Policy
· Typeform Privacy Policy
· Google Suite Privacy Policy

Use and disclosure of personal information

If you provide personal information, Shebah’s Privacy Policy will regulate its use and disclosure. However, should Shebah’s intended use and disclosure of personal information deviate from the Shebah’s general policy, a privacy statement particular to the circumstances will be made available at the time of collection.
Personal information that is collected by Shebah will be used by, and disclosed to, departmental employees or contractors whose duties require them to use it. Such employees and contractors are required to protect and handle your personal information in accordance with the Privacy and Data Protection Act 2014 (Vic) and any other applicable legislation regulating the collection, use, disclosure, storage and destruction of personal information.

Access to and correction of personal information

You may request access to any personal information that Shebah may have collected about you. Also, you may request correction of your personal information if you can establish that it is not accurate, complete or up-to-date.

Internet user risks

Shebah does not warrant that the functions contained in the site will be uninterrupted or without error. In addition, Shebah will not be responsible for the propagation of computer worms, viruses or other harmful components transmitted from this site and other third party sites. Shebah recommends that you ensure that your browser is equipped with updated virus protection software.

Website usage measurement

The Shebah website uses Google Analytics, a web analytics service provided by Google, Inc. (Google). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For further information, please visit the Google Privacy Centre.

Email addresses

Email addresses will only be used to respond to specific user queries and will not be kept or used for any purpose other than stated. Email addresses will not be added to a mailing list unless consent is given, nor disclosed to any other party without your knowledge or consent.

Cookies

This site uses cookies to make your experience of the site easier and more efficient. A cookie is a small data file placed on your hard drive by the web page server. A cookie cannot retrieve any other data from your hard drive, pass on a computer virus, or capture your email address. Note that the cookie will remain on your computer as a record for future visits to this website. In using cookies the department does not record any personal information or collect names or details of commercial transactions. In addition, the Department does not use cookies as the basis for direct marketing. You can configure your browser to notify you when you receive a cookie, providing you with the opportunity to either accept or reject it. You can also refuse all cookies by turning them off in your browser or deleting all cookies from your computer if required.