Virtual Souls is committed to managing the personal information it collects from you, in compliance with the Australian Privacy Principles of the Privacy Act 1988 (Cth) (Privacy Act) and any other applicable law. This document describes Virtual Souls policy for the collection and management of personal information. Personal information is information which identifies an individual or information from which a person’s identity can reasonably be ascertained.
Virtual Souls may modify this Privacy Policy from time to time to reflect our current privacy practices. This Privacy Policy is effective on and from May 2018 and replaces any previous Virtual Souls Privacy Policy. This Privacy Policy applies to all personal information which we receive, hold or process.
For the purposes of the General Data Protection Regulation (GDPR) ‘personal information’ in this Privacy Policy means ‘personal data’ in the GDPR and the data controller may be any of the Virtual Souls entities, each having its registered address given at its website Please refer to the section “How to Contact Us” below for our contact details.
COLLECTION OF PERSONAL INFORMATION
Virtual Souls collects personal information so we can inform our customers and prospective customers about our products and services and provide those products and services.
Directly from you:
Virtual Souls collects personal information directly from you when we deal with you in person, when you send us correspondence, when you register to attend one of our conferences or events, and via our websites. Generally, the personal information we collect includes your name, contact details, customer details, job title, records of any communications and interaction with us, and the products or services you’re enquiring about. You can choose not to provide us with some or all of this information, but doing so may affect your ability to use our websites and our ability to provide you with the products and services you have requested.
Where you apply for a job with Virtual Souls, in addition to your name, contact details, employment history and qualifications, we may also collect sensitive information about you, such as your criminal record. Virtual Souls will only collect sensitive information with your consent and in compliance with the Privacy Act or any other applicable law.
From a third party:
Virtual Souls may also collect your personal information from a third party who is an Virtual Souls customer, such as your employer, so we can provide information, services or products to that Virtual Souls customer, or from companies contracted by us to provide products and services to you. We may also collect your personal information for our direct marketing activities from publicly available records or from an entity to whom you’ve provided the information for direct marketing purposes.
USE OF PERSONAL INFORMATION
Virtual Souls will only use your personal information:
For the purposes of our or a third party’s legitimate commercial interest. Examples of legitimate commercial interests include:
Making improvements to our products and services;
Providing you with the information you request;
providing a product or service to a third party with whom you are associated or who is permitted to share your personal information with us;
performing our obligations under a contract with you or a third party with whom you are associated, or to take steps to enter into a contract with you (for example, we will need to use your name and contact details in order to provide to you the products and/or services you have ordered);
Where you have consented to our use of your information for a particular purpose and in accordance with this Privacy Policy; or
where the use of your personal information is necessary to enable us to comply with a legal or regulatory obligation (for example, where we are required to undertake vetting to comply with safety and security regulations, or where we are required to disclose personal information to a court or tax authority).
Virtual Souls may use your personal information:
To provide professional and information technology services and software to you or the businesses with whom you are associated;
To maintain contact with customers, prospective customers and others;
To inform you of our products, services and seminars and other events;
For business activities including marketing, product and service development and recruitment;
For business operations and administration; or
For business to business direct marketing.
Where we are permitted to do so by law, we may process your personal information for a purpose other than the purpose for which we collected it. In this case we will provide you with information on that other purpose and with any other information regarding that further processing.
Where Virtual Souls uses personal information for business to business direct marketing, it does so in accordance with the Privacy Act. You may notify us if you do not wish for us to use your personal information in our direct marketing. In each written communication, we will set out our business address and telephone number and electronic contact details for you to contact us.
DISCLOSURE OF PERSONAL INFORMATION
Virtual Souls may disclose your personal information to third parties:
As described in this Privacy Policy;
As permitted by law;
To our related bodies corporate or associated entities; or
For any other purpose to which you consent.
We will not disclose or sell your personal information to third parties for the purpose of their direct marketing. Disclosure to third parties will be as reasonably necessary for the purpose for which the personal information was originally collected, or a related or ancillary purpose. We may also disclose personal information where we believe it is necessary to investigate, prevent or take action regarding actual or suspected illegal activities or fraud, situations involving potential threats to the safety of any person, violations of our Website Terms of Use or this Privacy Policy or as evidence in litigation in which Virtual Souls is involved.
Third parties who may receive your personal information from us include but are not limited to:
Other Virtual Souls entities, in order to offer you a more consistent and personalised experience in your interactions;
Third parties who are contracted to Virtual Souls, in order to provide part of the products and services we are contracted to provide to you or to a business with which you are associated;
our service providers and other third parties who provide business, marketing and other services to us (for example, marketing organisations which carry out marketing initiatives or run customer surveys on our behalf);
Our professional advisers such as accountants, lawyers, insurance brokers and bankers;
a third party appointed by or to us in relation to a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets or stock;
Regulators, courts/tribunals, law enforcement agencies and other governmental authorities of any country or any other recipients as required or permitted by any law; and
Other visitors of our website when you post comments or questions on our public forums which do not have restricted access. We urge you to exercise caution when deciding to post any personal information on our public forums.
DISCLOSURE OF PERSONAL INFORMATION OVERSEAS
Virtual Souls maintains servers and systems in Pakistan & overseas. The nature of our business means that it is sometimes necessary for us to send your personal information overseas.
We may subcontract the processing of your data to, or otherwise share your data with, third parties (such as related bodies corporate and associated entities and service providers) in Pakistan or countries other than Pakistan, including but not limited to Japan, Singapore, France, Spain, United Kingdom, Germany, China, United Arab Emirates or the United States. Virtual Souls takes reasonable steps to ensure that those overseas recipients protect your privacy and the security of your personal information and use it only for the purpose for which it is disclosed to them.
NOTIFIABLE DATA BREACH
A data breach is an occurrence where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals, or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure (for example, leaving the information on the bus).
In the case of any data breach or suspected data breach, Virtual Souls will undertake an assessment to determine if an eligible data breach has occurred in accordance with the Privacy Amendment. In doing so, Virtual Souls will consider if the incident is likely to result in serious harm to any individuals.
Reasonable steps will also be taken to ensure that the assessment is completed within 30 days from when it was first suspected that an eligible data breach may have occurred.
If an eligible data breach has occurred, a notification statement will be provided to the Office of the Pakistan Government for the said breach, and the affected individuals. Notification statement will contain the following:
Organisation and contact details:
A description of the eligible data breach that Virtual Souls has reasonable grounds to believe has occurred;
The kind of information concerned:
Recommendations concerning the steps that individuals can take in response to the eligible data breach; and
if Virtual Souls believes that the eligible breach also affects other organisations, it will provide the identity and contact details of those organisations.
SECURITY AND RETENTION OF PERSONAL INFORMATION
Virtual Souls places a high degree of importance on digital security. We take reasonable steps to protect any personal information that we hold from misuse and loss. We also take reasonable steps to protect it from unauthorised access, modification and disclosure. Any information or data provided to Virtual Souls is stored in a secure environment, with access restricted to authorised Virtual Souls employees. Virtual Souls systems have up to date hardware and software security measures.
The personal information you provide to us will be retained only for as long as reasonably necessary for the purposes described in this Privacy Policy, as required by law or in compliance with our document retention policies.
We may keep an anonymised form of your personal information, which will no longer refer to you, for statistical purposes and without time limits, to the extent that we have a legitimate and lawful interest in doing so.
ANONYMITY AND PSEUDONYMITY
You have the option of not identifying yourself or of using a pseudonym when dealing with Virtual Souls, however if you do so it will be impracticable for Virtual Souls to provide you with information or business to business services, including those which require us to enter into a contract with you.
COOKIES
Virtual Souls may use cookies and other technology to track your access to and use of our website. A cookie is a piece of information that allows the Virtual Souls server to identify and interact more effectively with your device. The information gathered is not personally identifiable, but it assists Virtual Souls in knowing the number of visitors to the website and the pages visited.
We use Google Analytics remarketing codes to log when users view specific pages or take specific actions on a website. This allows us to provide targeted advertising in the future.
YOUR RIGHTS
We will handle all of your requests regarding your personal information in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. Further explanation of those rights and some of the exceptions to them are set out below.
You may request access to your personal information held by Virtual Souls. If you notify Virtual Souls that your personal information is not accurate, we will take reasonable steps to correct that information if we agree it is inaccurate. Under the Privacy Act, Virtual Souls must provide our written reasons if we refuse your request for access to, or correction of, the personal information held by us.
Please contact us to exercise these rights. We will consider your request and respond to you within 30 days. Regardless of whether you are a resident of the EU or another country, we may charge you a small fee and will require verification of your identity before providing a copy of your personal information. We will only grant your request where we are permitted by law to do so and where we do not have a lawful and legitimate reason to refuse.
EEA RESIDENTS
If we hold or receive your personal information within the European Economic Area (EEA), we may transfer your personal information outside the EEA for the purposes described above. We may transfer your personal information to countries where under their local laws you may have fewer legal rights than within the EEA. We will take reasonable steps to ensure that the recipients protect your privacy and the security of your personal information and use it for the purpose for which it is disclosed to them. For example, our third party providers are bound by data transfer agreements which provide for security standards at least as strict as those set out in the EU Commission approved Standard Contractual Clauses. When we transfer your data outside of the EU we comply with our standard security protocols which include ISO 27001 certification and adherence to any additional standards which our customers may require. Please contact us for more information on these standards.
If we hold or receive your personal information within the European Economic Area (EEA), you have the right to:
Request information on and access to all the personal information we hold about you. We may not always be able to grant your request, for example, we will not provide you with access to your personal information if it contains personal information relating to others who have not consented to that disclosure or if you’re personal information is legally privileged;
Request that your personal information is corrected if it is inaccurate;
Object to, request restriction of or withdraw consent at any time in relation to, certain types of processing of your personal information which we carry out, including the right to opt-out of any direct marketing. Please note that your right to withdraw consent does not affect our lawful right to have processed the personal information based on your consent before you withdrew it. If you withdraw your full consent for us to use your personal information we may not be able to provide all or parts of the products and services you have requested from us. We may continue to use your personal information without your consent where required or permitted by any law;
Request that we delete your personal information. To do this we will remove the information that identifies you from the data we hold in our active systems (“anonymise”). However, a separate and restricted access copy of the identifying information will be kept for 7 years to meet the obligations we have under certain laws; and
Receive a copy of your personal information in a machine readable, commonly used format or to request we transfer your personal information in such a format to a third party service provider.
HOW TO CONTACT US
If you would like to access your personal information, have a query in relation to this privacy policy or would like to complain about Virtual Souls handling of your personal information, please contact our Privacy and Data Protection Officer by email at info@virtualsouls.com.