Privacy Policy

Updated 22 December 2022

1Breadcrumb Pty Ltd (ABN 54 640 134 023) (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us when providing our website and/or mobile application “1Breadcrumb Portal” (Services) or when otherwise interacting with you.

This Privacy Policy applies whether you are a business user of our Services (Business User), or an employee or worker of a Business User working at a site and using our Services (Worker).

This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles. In addition to the Australian laws, individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK.

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

The types of personal information we may collect about you include:

Identity Data including:
- if you are Business User, your first name and last name; and
- if you are Worker, your first name, last name, date of birth, gender (if you choose to provide it), pronouns, job position, photographic identification details and images of you.
Contact Data including:
- if you are Business User, your address, email address and telephone numbers; and
- if you are Worker, your email address, address and telephone numbers.
Financial Data including, if you are Business User, bank account and payment card details (through our third party payment processors, Stripe, PayPal or Airwallex, as applicable).
Transaction Data including, if you are Business User, details about payments from you to us and other details of products and services you have purchased from us, and where you are a supplier of ours, details of payment from us to you and details of products or services we have purchased from you.
Technical and Usage Data including internet protocol (IP) address, your login data, your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
Profile Data including your username and password for the 1Breadcrumb Portal, your profile picture, purchases or orders you have made with us (if you are a Business User), support requests you have made, content you post, send receive and share through the 1Breadcrumb Portal, information you have shared with our social media platforms, your portal preferences and any feedback you provide to us.
Interaction Data including information you provide to us when you participate in any interactive features of our Services, including surveys.
Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience, and where you are a Worker using our Services, details of your job position for the site/s you are using our portal for.
Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. If you are a Worker that has been invited to use our Services by a Business User, the Business User may use our Services to ask you questions that may include sensitive information (for example, when inducting you onto their site). The types of sensitive information we may see include medical information (for example, existing health conditions, allergies and details of your medication and your covid-19 vaccination status).

Unless otherwise permitted by law, we will not collect sensitive information about you without first obtaining your consent.

How we collect personal information

We collect personal information in a variety of ways, including:

Directly: We collect personal information which you directly provide to us, including when you register for an account, through our contact us form or live chat on our website or when you request our assistance via email, or over the telephone.
Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in your online enquiries.
From third parties: We collect personal information from third parties, such as from businesses that invite you to use the 1Breadcrumb Portal, from a Worker who has nominated you as their emergency contact, details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.
From publicly available sources: We collect personal data from publicly available resources such as Companies House and professional networking sites such as LinkedIn.

Why we collect, hold, use and disclose personal information

We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information.

Purpose of use / disclosure	Type of Personal Information
To enable you to access and use our 1Breadcrumb Portal, including to provide you with a login.	Identity DataContact Data
To provide our Services to you, including to onboard you and, if you are a Business User, to onboard your authorised users.	Identity DataContact Data
To contact and communicate with you about our Services including in response to any support requests you lodge with us or other enquiries you make with us.	Identity DataContact DataProfile Data
To contact and communicate with you about any enquiries you make with us via our website.	Identity DataContact Data
For internal record keeping, administrative, invoicing and billing purposes.	Identity DataContact DataFinancial DataTransaction Data
For analytics, market research and business development, including to operate and improve our Services, associated applications and associated social media platforms.	Profile DataTechnical and Usage Data
For advertising and marketing, including to send you promotional information about our events and information that we consider may be of interest to you.	Identity DataContact DataTechnical and Usage DataProfile DataMarketing and Communications Data
If you have applied for employment with us; to consider your employment application.	Identity DataContact DataProfessional Data
To comply with our legal obligations or if otherwise required or authorised by law.	Any relevant personal information
Sensitive information: If you are a Worker, we only collect, hold, use and disclose sensitive information for the following purposes:any purposes you consent to;the primary purpose for which it is collected, being for safety or emergency incidents at a site;secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary to provide our Services to you; to contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent; andif otherwise required or authorised by law.	Sensitive Information

Our disclosures of personal information to third parties

We may disclose personal information to:

our employees, contractors and/or related entities;
other Business Users if you change jobs (with your consent);
IT service providers, data storage, web-hosting and server providers such as Amazon Web Servers, Microsoft Azure, Microsoft 365, G Suite, Apple Developers, App Store Connect, Procore Developers, Press and Whisper;
marketing or advertising providers such as HubSpot, Mailchimp, SendGrid, Lusha and BCI Central;
internal business management software such as GoodCloud, Qwilr, Monday.com, FYI Telco Works, Fullstory, Figma and Cloudflare;
professional advisors, bankers, auditors, our insurers and insurance brokers;
payment systems operators such as Stripe, PayPal and Airwallex and our banking institutions, such as NAB and ANZ and our accounting software provider, Xero;
our existing or potential agents or business partners;
anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), Facebook Pixel or other relevant analytics businesses; and
any other third parties as required or permitted by law, such as where we receive a subpoena.

Google Analytics: We may have enabled Google Analytics Advertising Features including demographics, interests, geographic language and location, behaviour and technology. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

Overseas disclosure

We store personal information in Australia and overseas, including in Great Britain, Ireland and Germany. Where we disclose your personal information to the third parties listed above, these third parties may also store, transfer or access personal information outside of the country where you are based. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles. If you are based in the EU or UK, please see Appendix 1 for more information on data transfers.

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Anonymity: Where you are based in Australia, and where practicable, we will give you the option of not identifying yourself or using a pseudonym in your dealings with us.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you also have the right to contact the Office of the Australian Information Commissioner.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

For more information about the cookies we use, please see: Cookie Policy.

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Use of geo-localisation data

We may collect the precise or approximate location of Workers via our mobile application for the following purposes:

to allow a Business User you work for to verify that you have checked in to their site;
for security and safety purpose; and
as permitted by law.

We collect this information when our mobile application is open (whether on-screen or not). If you do not want us to use your location for the purposes above, you should turn off the location services in your account settings in the mobile application or in your mobile phone settings. If you do not provide location information to us, we may not be able to provide our Services to you.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact our Privacy Officer at:

1Breadcrumb Pty Ltd (ABN 54 640 134 023)

Email: [email protected]

Last update: 22 December 2022

APPENDIX 1: ADDITIONAL RIGHTS AND INFORMATION FOR INDIVIDUALS LOCATED IN THE EU OR UK

Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.

What personal information is relevant?

This Appendix applies to the personal information set out in the Privacy Policy above. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.

Purposes and legal bases for processing

We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.

Purpose of use / disclosure	Type of Data	Legal Basis for processing
To enable you to access and use our 1Breadcrumb Portal, including to provide you with a login.	Identity DataContact Data	Performance of a contract with you
To provide our Services to you, including to onboard you and, if you are a Business User, to onboard your authorised users.	Identity DataContact Data	Performance of a contract with you
To contact and communicate with you about our Services including in response to any support requests you lodge with us or other enquiries you make with us.	Identity DataContact DataProfile Data	Performance of a contract with yo
To contact and communicate with you about any enquiries you make with us via our website.	Identity DataContact Data	Legitimate interests: to ensure we provide the best client experience we can offer by answering all of your questions.
For internal record keeping, administrative, invoicing and billing purposes.	Identity DataContact DataFinancial Data Transaction Data	Performance of a contract with youTo comply with a legal obligationLegitimate interests: to recover debts due to us and ensure we can notify you about changes to our terms and conditions and any other administrative points.
For analytics, market research and business development, including to operate and improve our Services, associated applications and associated social media platforms.	Profile DataTechnical and Usage Data	Legitimate interests: to keep our website updated and relevant, to develop our business, improve our Services and to inform our marketing strategy
For advertising and marketing, including to send you promotional information about our events and information that we consider may be of interest to you.	Identity DataContact DataTechnical and Usage DataProfile DataMarketing and Communications Data	Legitimate interests: to develop our Services and grow our business
If you have applied for employment with us; to consider your employment application.	Identity DataContact DataProfessional Data	Legitimate interests: to consider your employment application
To comply with our legal obligations or if otherwise required or authorised by law.	All personal data	To comply with a legal obligation

If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services. Further information about your rights is available below.

Data Transfers

The countries to which we send data for the purposes listed above may be less comprehensive that is what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy Policy and Appendix 1. This includes:

only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or
including standard contractual clauses in our agreements with third parties that are overseas.

Extra rights for EU and UK individuals

You may request details of the personal information that we hold about you and how we process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation.

If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the details set out below.

For any questions or notices, please contact us at: