Localz believe that transparency is the key to any relationship. We appreciate that you are trusting us with information that is important to you and we want to be transparent about how we use it.
Here we describe the general privacy practices for our devices, applications, software, websites, APIs, products, and services (the “Services”). You will learn about the data we collect, how we use it, the controls we give you over your information and the measures we take to keep it safe.
For privacy notice that is specifically related to Localz field service and in-store collection apps and Localz platform, please review our Platform Privacy Notice.
1. Information we collect
The information we collect falls into 2 categories: “Customer Product Data” and “Marketing Data”.
Customer Product Data means all information, data, content or other materials inputted into or processed using the Localz SaaS platform (Product), allowing Localz customers to access and use its Product. This data will always be governed and controlled by a Master Service Agreement (Agreement), signed by the parties for an agreed term. Under such Agreements, the parties acknowledge and agree that Localz may access, receive, generate, store and/or otherwise process personal data relating to its Product to provide the services to its customer, and/or otherwise fulfil its obligations in accordance with the Agreement.
Where, under such Agreements, Localz is required to process personal data including names, addresses, other contact information, it will do so as the “data processor” with the customer as the “data controller”, in full compliance with the applicable Data Protection Legislation.
Marketing Data is primarily data needed for outbound category communication. The personal information we collect about you comes from GDPR compliant sources or information that is available publicly online. This may include your name, telephone number and email address.
2. How information is used and shared
Localz does not sell or rent personal data to marketing organisations or third parties with which we have no affiliation. We only share your information with the following trusted entities:
- Our companies: Access to personal information within Localz and our group of companies is restricted to those individuals who have a need to access the information for our business purposes.
- Our service providers: This includes external third-party service providers, such as accountants, auditors, lawyers and other outside professional advisors. However, this is only on the basis that they have agreed to safeguard this information and only to the extent it is essentially required to fulfil their service provision.
- Government authorities: we may disclose your information to the extent that we are required to do so by law, which may include government bodies and law enforcement agencies.
Customer Product Data Localz acknowledges and agrees that it has rights and obligations under applicable Data Protection Legislation. In processing any personal data with its customers for the provision of its SaaS Product, Localz will process the data only to the extent, and in such a manner, as is necessary for the purposes of the customer Agreement and in accordance with customer’s lawful written instructions. Localz shall not process, nor permit the processing, of the data for any other purpose. If Localz is unsure as to the parameters of the instructions issued by customer and/or believes that customer’s instructions may conflict with the requirements of Data Protection Legislation, Localz may notify customer for clarification.
Marketing Data: We will process your personal information when it is in our legitimate interest to do so and when these interests are not overridden by your data protection rights. As applicable, we will use information about you for keeping you informed on developments in Iconomy fulfilment; how this may relate to you and your organisation and how Localz is evolving to match these developments. This may involve explaining how we are delivering our current solution to our customers, how we are improving existing products and developing new ones. We may use third parties to assist us with this.
3. Your rights to access and control your data
Customer Product Data: Your rights to access and control your data will be defined and agreed within the relevant Agreement. Localz will implement the appropriate processes and systems to ensure compliance with these rights. Furthermore, we will provide our customers with reasonable co-operation and assistance in carrying out privacy impact assessments or otherwise to demonstrate compliance with Data Protection Legislation. On notification of a potential or actual data security breach, Localz would provide the reasonable and appropriate co-operation and assistance necessary to fully investigate such a breach. If you have a question regarding how your personal data is managed or used, you should direct your enquiry to the Localz customer who is using our Product.
Marketing Data: You have the following rights over the way we process personal data relating to you. We aim to comply without undue delay:
Request a copy of data we are processing about you and have any inaccuracies corrected. We will use reasonable efforts to the extent required by law to supply, correct or delete personal information held about you on our files.
You can ask us to restrict, stop processing, or to delete your personal data. There may be several reasons for this including but not limited to i) you consented to Localz processing the personal data and have since withdrawn that consent; ii) Localz no longer needs to process that personal data for the reason it was collected; iii) you need the personal data to be deleted in order to comply with a legal obligation.
Make a complaint to a Supervisory Authority. If you are unhappy with the way we are processing your personal data, please let us know. If you do not agree with the way we have processed your data or responded to your concerns, or handling your personal information, you have the right to lodge a complaint with the relevant local government regulatory authority.
4. Data retention
Customer Product Data: Localz will only hold personal data to the extent needed to deliver its Product under the customer Agreement. On the customer's request, Localz will return or destroy all personal data it has in its possession and delete existing copies unless applicable law required on-going storage of the personal data.
Marketing Data: We will cease use of your data for marketing purposes where we have not communicated with you for more than 2 years.
5. Information security
Customer Product Data: Information security is of the utmost importance and at the heart of the Localz values. At Localz, we take all reasonable and appropriate technical and organisational measures to prevent unauthorised or unlawful processing of data, and accidental loss or destruction of data, taking accounting of the harm that might result from such unauthorised or unlawful processing or accidental loss, or destruction of the data, and the nature of the data to be protected.
We take all reasonable steps to ensure the reliability of all our personnel who have access to the data. We ensure that any person authorised to process data in connection with the customer Agreement is subject to our duty of confidentiality.
Marketing Data: We will apply the same principles to Marketing Data as we do for Customer Product Data, to ensure we keep your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction.
6. International data transfers
Customer Product Data: Localz supports regional data hosting with data centres located in Australia, the United States or in the EU. Localz does not transfer personal data pursuant to any customer Agreement to a territory outside of the customer’s selected region without customer’s consent or instruction.
To the extent that Localz is required to transfer personal data pursuant to any customer Agreement to a territory outside of the customer’s selected region, Localz takes measures to comply with the applicable data protection laws related to such transfer (e.g. the Australian Privacy Act).
If the customer is operating in the European Economic Area (EEA), to the extent that Localz is required to transfer personal data pursuant to any customer Agreement to a territory outside of the EEA that does not have a finding of adequacy by the European Commission, the parties to the Agreement shall execute the standard contractual clauses set out in Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC (“Model Clauses”) unless the parties agree another more appropriate lawful data transfer mechanism exists.
Marketing Data: Localz uses Hubspot as the CRM and marketing platform which hosts their data in the AWS US data centres. HubSpot has a robust privacy program that is designed to align with many regions’ data hosting needs. HubSpot's Data Processing Agreement includes the European Commission’s Standard Contractual Clauses (SCCs) as the mechanism to transfer data from the EU to the US. Additionally, HubSpot follows the Privacy Shield Principles. These guarantees are structured to assure the appropriate groups that HubSpot’s data-handling processes meet rigorous policy requirements.
7. Who we are and how to contact us
If you have questions, suggestions, or concerns about this policy, or about our use of your information, please contact us at firstname.lastname@example.org
If you are seeking to exercise any of your statutory rights, please contact us at email@example.com – which goes directly to our CTO and COO.