Privacy Policy
What personal data we collect and why we collect it
Effective Date: 14th November 2024
- Comments
When visitors leave comments on our site, we collect the data shown in the comments form, along with the visitor’s IP address and browser user agent string to assist in spam detection.
An anonymized string created from your email address (also known as a hash) may be shared with the Gravatar service to determine if you are using it. The Gravatar service privacy policy can be found here. After your comment is approved, your profile picture will be visible to the public in connection with your comment.
- Media
If you upload images to the website, please avoid including images with embedded location data (EXIF GPS). Visitors can download and extract any location data from images on the website.
- Contact Forms
When you fill out a contact form, we collect the personal information you provide to respond to your inquiry.
- Cookies
If you leave a comment on our site, you may opt to save your name, email address, and website in cookies. These cookies are for your convenience to avoid filling in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, a temporary cookie will be set to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
Upon logging in, several cookies will be set to save your login information and screen display choices. Login cookies last for two days, and screen option cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and indicates the post ID of the article you just edited, expiring after one day.
- Embedded Content from Other Websites
Articles on our site may include embedded content (e.g., videos, images, articles). Embedded content behaves as if you visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, particularly if you have an account and are logged in.
- Analytics
We may use analytics services to help us understand how our website is used. These services may track and collect data about your interactions with our site.
- Data Sharing
We do not sell or rent your personal data. Visitor comments may be checked through an automated spam detection service.
- Data Retention
If you leave a comment, the comment and its metadata are retained indefinitely. This allows us to recognize and approve follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website, we store the personal information they provide in their user profile. Users can see, edit, or delete their personal information at any time (except for their username). Website administrators can also view and edit this information.
- Your Rights Over Your Data
If you have an account on this site or have left comments, you can request an exported file of your personal data held by us. You can also request the erasure of your personal data, excluding data we must keep for administrative, legal, or security purposes.
- Legal Basis for Data retention
The basis for our collection of data is based on consent, or contractual necessity, and or legitimate interests of the Smart Energy Council in operating as a peak industry body. - Data Transfers
Visitor comments may be checked through an automated spam detection service. Your data will be stored on secure servers located within Australia or overseas.
- Contact Information
For any inquiries regarding this Privacy Policy or our privacy practices, please contact us at:
[Your Company Name]
[Your Company Address]
[Your Company Email]
[Your Company Phone Number]
- Additional Information
We implement reasonable security measures to protect your data from unauthorized access or disclosure. In the event of a data breach, we have procedures in place to assess and respond accordingly.
- Third-Party Data Sources
We may receive data from third parties, including analytics providers and advertising networks.
- Automated Decision Making
We do not engage in automated decision-making or profiling with user data.
- Regulatory Disclosure Requirements
We comply with all applicable laws and regulations regarding the collection and handling of personal information.
- Data Breach Notification:
If the breach is likely to result in serious harm to individuals, we will notify affected individuals as soon as practicable. The notification will include:
- A description of the data breach, including the type of personal data involved.
- The steps we have taken, or will take, to mitigate the breach.
- Advice on what individuals can do to protect themselves.
- Our contact details for further information or inquiries.
Appendix 1:
Obligations under GDPR Laws for EU Citizens
Context re Data storage and transfer:
GDPR applies because the regulation extends its reach to any organisation, regardless of location, that processes personal data of individuals in the European Union when monitoring their behaviour.
Data Transfers and Storage;
Simply stating that data is stored on secure servers is not sufficient to meet the GDPR requirements for data transfers, particularly when data is transferred outside the European Economic Area (EEA). GDPR imposes strict rules on international data transfers, requiring organisations to ensure that the data is afforded an equivalent level of protection as it would within the EEA.
To comply with GDPR, a privacy policy must specify the safeguards or mechanisms in place for protecting personal data when it’s transferred to countries outside the EEA. These safeguards typically include:
- Adequacy Decisions: Indicating whether the data is transferred to countries that the European Commission has deemed to provide an adequate level of data protection (e.g., Australia does not have such a decision).
- Standard Contractual Clauses (SCCs): If the data is transferred to a country without an adequacy decision, the policy should mention that Standard Contractual Clauses (approved by the European Commission) are used to ensure appropriate safeguards.
- Binding Corporate Rules (BCRs): If the organisation has adopted Binding Corporate Rules, these should be mentioned as a safeguard for internal transfers of personal data within a corporate group.
- Other Approved Safeguards: Any other GDPR-compliant mechanisms, such as certification mechanisms, codes of conduct, or explicit consent, can also be referenced.
An example compliant clause would be:
“Our organisation may transfer your personal data to third parties located in countries outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, are in place to protect your personal data. You may request further details on these safeguards by contacting us.”
Advice: If you would like to undertake an investigation of this are of privacy laws, it would be best to set up a call to discuss further.