BridgeClimb Privacy Policy
Purpose
Feliz Puente Pty Ltd (ACN 625 999 877) trading as “BridgeClimb” is committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and in accordance with other applicable privacy laws. Feliz Puente Pty Ltd is a subsidiary of Hammons Holdings Pty Ltd.
In this Privacy Policy, “we” and “us” refers to BridgeClimb and “you” refers to any individual about whom we collect personal information.
This Privacy Policy sets out how BridgeClimb collects, stores, uses and discloses personal information. This Privacy Policy may be updated from time-to-time. We recommend that you visit our website www.bridgeclimb.com to regularly to keep up to date with any changes.
If you are located in the European Union (“EU”), you have additional rights under the General Data Protection Regulation (“GDPR”). Details of those additional rights and how you may exercise them are set out at the end of our Privacy Policy.
Collection of Personal Data
The personal information collected and maintained by us will depend on our interaction with you and generally, if you are a climber, includes your name, contact details, health and safety information, age, emergency contact details and, where you book an experience directly from us, credit card or debit card information. We may also collect details of your experience or events which you have attended, and details of your preferences or interests where you have provided such information to us. We may also collect and maintain your sensitive information, which could include information about your health and any medical conditions.
Your personal information may be collected when you, for example, subscribe to our newsletter via our website or complete a “Climber Declaration and Disclaimer Form” and/or “Certificate of Fitness”.
For employment applications, we may collect your name, address, contact details, current and past employment information, educational qualifications and details of referees. For contractors, we may collect your name, contact details, ABN, and bank account details for payment purposes.
BridgeClimb also holds private information regarding BridgeClimb employees in a personnel record. The information contained in this record relates to such things as personal details, recruitment, performance record and training. These personnel records are kept secure and managed by the People and Culture team.
BridgeClimb uses biometric data to register the time worked by team members, through finger vein scanning. Biometric data uses technology to scan an electronic copy of an individual’s biometric information, such as an individual’s face, fingervein, voice or signature.
Humanforce is BridgeClimb’s third party supplier that collects and stores biometric data. Humanforce will only use and disclose biometric data for the primary purpose of registering time worked, unless authorised by the individual. Humanforce operates in accordance with the Privacy Act 1988 (amended 2014).
Where it is possible, we collect your personal information directly from you in person, in writing, over the telephone, by facsimile, by email or through social media, such as our official pages on Facebook, Twitter and Instagram or from our LinkedIn page. In some circumstances, we may also collect your personal information from third parties such as through referees listed on your CV, your next of kin (for example if a parent or guardian is completing a form on behalf of a minor) and marketing organisations, including using purchased lists.
Please note that the photo services provided by BridgeClimb are subject to a separate Privacy Policy, which is available on BridgeClimb’s photo site at www.bridgeclimbphotos.com
You can always decline to give BridgeClimb any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.
Use of Personal Data and Legal Basis for Processing
The main purpose for collecting your personal information is to enable us to provide our services, which includes the delivery of outstanding, lifelong experiences. We may use and disclose your personal information for this and other purposes, including conducting our business; communicating with you; informing you about products or services which we think may be of interest to you; marketing, improving, supporting and enhancing our services; and meeting our legal obligations.
The legal basis for processing your personal information depends on your relationship with us. Personal information that we collect and use is processed either with your consent or on the basis that it is necessary to fulfil any contractual obligations we may have when you, for example, purchase a BridgeClimb experience from us or it is necessary for the purpose of the legitimate interest of providing our products and services and direct marketing.
Disclosing & Sharing of Data
We may disclose your personal information to others for the purposes specified in the section above. This may include disclosure to Hammons Holdings Pty Ltd and other members of the Hammons Holdings Pty Ltd group of companies; other companies or individuals who assist us in supplying our services or who perform functions on our behalf, such as support services, technology hosting and cloud service providers; where required or authorised by law to do so; and to anyone else to whom you authorise us to disclose it. Your personal information may also be disclosed to our professional service providers (such as our lawyers or auditors) and to regulatory authorities and law enforcement agencies so that we may, for example, comply with our legal obligations.
We may also disclose your personal information (but not sensitive information) to others we have business arrangements with, to enable them to offer their products and services to you. We will not use or disclose your sensitive information for any purpose, other than the purpose for which it was collected or a directly related secondary purpose, unless you otherwise consent.
The recipients of this information will be contracted to work with BridgeClimb and be subject to providing sufficient evidence of their information security protocols.
Disclosure of Personal Information Outside of Australia
From time to time, BridgeClimb may disclose your personal information to third parties which are based overseas and assist us with the operation of our business. Currently these third parties (which are located in the USA) provide BridgeClimb with marketing and work management platforms. Before disclosing personal information to overseas recipients, BridgeClimb takes reasonable steps, in the circumstances, to ensure that the overseas recipients handle the personal information in accordance with the Australian Privacy Principles.
Access and Correction of Personal Data
If you would like to request access to, or correction of, the personal information we hold about you, please contact us using the contact details below. We will provide you with access to the information we hold about you, including for the purpose of correcting or updating that information, unless there is an exception which applies under the Australian Privacy Principles. We may recover from you our reasonable costs of supplying you with access to this information. However, we will not charge you for making the access request.
Your request to access or correct this information will be dealt with as soon as reasonably practicable. If we refuse to provide you with access to, or correct the information, we will generally provide you with written reasons for our refusal and how you may complain about the refusal. If we refuse your correction request, we will include a statement with your personal information about the requested correction.
Quality of Personal Information
We take reasonable steps to ensure that your personal information is accurate, complete, relevant, up-to-date and is not misleading.
Direct Marketing
Our direct marketing is conducted via a range of communication channels. We communicate using postal mail, telephone, email and SMS and will only send you any advertisement, marketing or promotional material or product information, if you have elected to receive such information. You can change your mind about your preferences in respect of direct marketing at any time by using the unsubscribe information on every such contact, by updating your user profile or account data or by contacting us directly. Our contact details are below.
Storage and Security of Information
We will take such steps as are reasonable, in the circumstances, to protect your information from risks such as misuse, interference and loss, and from unauthorised access, modification or disclosure. We hold your personal information in a combination of hard copy and electronic files. We have systems and procedures in place to safeguard information, including the use of technical measures such as encrypted servers and maintaining physical security in order to prevent unauthorised access to records, documents and materials.
We determine how long to retain different types of personal information depending on what is necessary for our business operations, taking into account our legal obligations and statutory retention periods. We may need to retain personal information, such as records of financial transactions, for as long as required to comply with our legal and financial compliance obligations as well as our contractual obligations with our service providers.
We will take steps to destroy or de-identify your personal information where we no longer require it for any purpose for which it may be used or disclosed under the Australian Privacy Principles
In the event you suspect that, or become aware of a data breach, you must report this by emailing [email protected].
How to make a Privacy Complaint
You may contact us at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.
You may make a complaint about privacy using the contact details set out below.
We will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and provide a written response to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, a complaint may be made to the Office of the Australian Information Commissioner (“OAIC”). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.
Website Tracking & Cookies
Our site uses cookies. A “cookie” is a small file stored on your computer’s browser, which assists in managing customised settings on the site and delivering content. We may collect information about your visit to our site through cookies, which assist us to measure and improve our website. Examples of information that we collect include: day and time of your visit, whether you have visited our website previously, whether you used a search engine to find us and some geographical information about what country and state you are in. We may also collect your IP address. You can set your browser to reject cookies, or to notify you when you receive one in order to accept or reject such receipt in each instance. However, if you change your settings, you may be unable access certain pages or content on our site.
Individual Rights Under the EU GDPR
If you are located in the EU, you have the following additional rights:
- The right to information – you can request confirmation about the following: whether your personal information is being processed by us; the purpose of processing; the categories of personal information which are processed; the recipients (or types of recipients) who may receive the personal information; the anticipated retention period of the personal information; and your rights to rectification, erasure, to restrict (or object) to processing and to lodge a complaint with a data protection supervisory authority in the EU.
- The right to object to our processing of your personal information for (i) direct marketing purposes; (ii) for scientific, historical research or statistical purposes; or (iii) where our processing is based on legitimate interest grounds or because it is in the public’s interest. We will respond to your objection request within a month. However, there may be some circumstances where we are not required to stop processing your personal information. If this is the case, we will provide you with a written explanation.
- The right to restrict processing – in some circumstances, you can request us to restrict our use of your personal information in which case we will not use or disclose your personal information while it is restricted. We will respond to your restriction request within a month.
- The right to erasure – you can request us to erase your personal information where it is no longer required for a purpose for which it was collected or where, for example, you have exercised successfully your right to object to processing. We will respond to your erasure request within a month. However, where there are legal or other reasons for us to retain your personal information, we will provide you with a written explanation.
- The right to data portability – you can request us to provide you with a copy of the personal information you have provided to us. We are required to provide it to you in an electronic format that can be reused easily. You can also request us to transfer your personal information in an electronic format to another entity.
You can exercise any of these rights by contacting us using the contact details below.
You also have the right to:
- access your personal information and request the correction of your personal information (see “Access and Correction of Personal Data” above); and
- lodge a complaint with a data protection authority if you are unhappy with the outcome of a privacy complaint. The “How to Make a Privacy Complaint” section above explains our complaints handling process. A list of EU data protection authorities is available at https://ec.europa.eu/
Contact Details
You can contact us by:
- Phone: 1300 908 057
- Email: [email protected]
Last Updated: November 2020