At Kovalent we understand that we have a responsibility to protect your privacy and confidentially process and store your personal data. Please read this privacy policy carefully as it contains information on who Kovalent is and how and why we collect, store, process and use your personal data. Your rights in relation to any of your personal data along with contact details are contained within this privacy policy in the event you need to contact us.
We collect, use and manage certain types of personal data about you. When we store data we comply with the requirements of the jurisdictions where we operate including those of Australia and the General Data Protection Regulation (GDPR) which covers the storage and processing of personal data for subjects of the European Economic Area (EEA) and United Kingdom (UK).
Definitions
We, our, us: Kovalent Pty Ltd trading as Kovalent or Kovalent Systems with registered offices at Suite 4, Level 1, 30 Bayfield Street, Rosny Park, Tasmania, 7018, Australia. Our ABN is 38 636 900 528.
Our data protection officer: Attn DPO Officer, Kovalent Pty Ltd, Suite 4, Level 1, 30 Bayfield Street, Rosny Park, Tasmania, 7018, Australia. You can contact the data protection officer at privacy@kovalent.systems.
Personal data: any information relating to an individual or that can identify you as a specific individual.
Data we may collect about you
The personal data we collect about you varies depending on which product and service we provide to you. When you use our products and services we may collect and use the following personal data about you, including but not limited to:
How we collect your personal data
We collect your personal data from you directly in person, by communication methods such as telephone, post or email or by you using our products and services. We do not collect information on you from third parties unless requested by you during the use of one of our products or services. We may collect identifying personal data during routine accessing of our products and services in access logs.
When and why we use your personal data
We only use your personal data where we have your consent, at your direct request, to comply with a legal or regulatory requirement or where your data is needed for the usage of one of our services or products.
We may use and process your personal data which you have provided to us or which we have collected through your use of our products and services. Uses include but is not limited to:
References and links to third party content
Any links or references to third party content outside of any product or service operating by us is not covered by this privacy policy. Refer to the privacy notices of the third party services for more information.
Marketing
We may use your personal data such as your name, email address and unique customer number to send you marketing emails which include updates and notices about our products and services where you are already an existing customer. This is a legitimate use of your personal data to which you have consented to by using our products or services. You may opt out of marketing communications from us by using the "unsubscribe" link which is included in every digital marketing communication.
Under legal requirements we may ask you to confirm your marketing contact preferences and contact details from time to time.
We will never provide your contact details to a third party to send marketing notices other than in the operation of our direct marketing communications. For example we may store your personal data with a listed data processor for the act of sending our direct marketing communications but we will not sell or otherwise distribute your personal data to any other party.
Who we share your personal data with
When you sign up to our products and services you consent to us storing and processing your personal data with:
In addition to the above, our specified third parties may share personal data with external auditors, accountants and other professional entities such as lawyers during the operation of their businesses as required by legal or regulatory obligations.
Specific third parties your personal data is shared with
During the running and operation of our products and services we routinely use the following third parties to store and process your personal data:
Where your personal data is held
Your personal data may be processed and stored globally either by us directly or with one of the listed companies above. Some third parties may store and process your personal data outside of Australia, the United States, the UK or EEA or other specific region. All third parties used by us to store personal data have compatible upstream privacy policies.
In situations where we are are sub-processor for another company personal data may be kept within specific regions such as Australia, The United States, the UK or EEA or other specific region.
How long your personal data will be stored
Your personal data will only be kept for the usage of our products and services. If you no longer use our products and services we will delete or anonymize your your personal data within 12 months or as required by any legal or obligatory requirements, whichever is sooner.
After the required retention period has elapsed your personal data will be deleted or anonymized.
Personal data transfers out of specific regions
Countries outside of the specific regions where we operate, including Australia, the United States, the UK and EEA have different data protection laws which can provide alternative levels of protection for your personal data. When your personal data is stored within Australia, the United States, the UK or EEA or other specific region it is occasionally required that we transfer personal data to a different region during the operation of our products and services. When this occurs we will comply with applicable laws and regulations designed to ensure the privacy and security of your personal data.
Where we are a sub-processor for a product or service provided to a third party company, usually our client, they may have an additional more comprehensive agreement with us. For example when providing internet services including data storage and processing to our clients they may have agreements with us that their services and products only have data stored and processed within a specific region such as Australia, the UK or EEA.
Where your personal data is stored in the UK or EEA we will only transfer it outside of the UK or EEA in compliance with article 45 of the GDPR covering adequacy regulation. You should refer to the GDPR for the up to date list of countries which have adequately compliant regulations for personal data.
Where our products and services are global in operation your personal data may be processed globally before being stored in a region with adequate protection for your personal data. Where we act as a sub-processor your personal data may be processed globally before being stored in a specific region. For example, a sub-processor agreement may require your personal data to be stored in the EEA however due to how the internet functions at a technical level your personal data may transit through a different region and be processed prior to storage in the EEA.
Your rights
You may, at no cost to you, exercise the following rights to your personal data:
Additional compliance
In some jurisdictions we operate your legal rights may vary. We operate global services and apply a single global privacy policy to govern your personal data when using our products and services. Where appropriate and reasonable we offer expanded rights beyond our legal requirements including but not limited to appointing a data protection officer for all global services and offering the right to be forgotten for all data subjects that use our products and services, including those outside of the UK and EEA.
Data security
We apply appropriate and suitable security measures to prevent personal data from being accidentally lost, used or accessed unlawfully. Access to personal data stored and processed by us is limited to authorized employees and authorized third parties who have a legitimate business need to access it. All personal data stored and processed by us, including personal data collected by third parties and stored and processed by us as a sub-processor, is secured using industry standard methods such as suitable levels of encryption and authentication in both transit and at rest.
We, and third parties approved by us, only process and store your personal data in an authorized way and under the requirements of operating our products and services. We continually test our systems and infrastructure and apply regular updates to our security policies to ensure we follow industry standards and best practices for information and data security.
In the event of any suspected data security breaches we will notify you and any applicable regulatory authority where we are legally required to do so.
Contact and requests
You can contact us or our data protection officer if you have any questions about this privacy policy or about how we store and process your personal data. You can also exercise your rights under the laws of your jurisdiction to make a complaint. You can email us at privacy@kovalent.systems or write to us at Suite 4, Level 1, 30 Bayfield Street, Rosny Park, Tasmania, 7018, Australia.
Updates to this privacy policy
We regularly review our privacy policy and update it from time to time. Any changes to our privacy policy will be reflected on this page. The updated privacy policy will come into effect as and when it has been published.