Cytrack Logo

Cytrack Data Privacy Policy

A. About this policy

We are committed to providing you with professional and valuable Services whilst safeguarding your privacy.

This Data Privacy Policy (also “Policy“) outlines when, why and how we collect, use and otherwise handle (collectively “process“) personal information about our customers, potential Clients, Clients and End Users of our Website and Services (“Data Subjects“). “Personal Data” is any information relating to you, which can be used to personally identify you, either directly or indirectly.

This Privacy Policy covers the information we collect about you through (i) your use of our Services (herein after "Services") and (ii) your use of our website accessible at: *.cytrack.io (herein after "Website"), or otherwise when you interact with Cytrack (for example, attending Cytrack events), unless a different privacy policy is displayed.

Cytrack provides business to business Services by contracting with Clients (e.g purchaser of licences over Cytrack’s Services herein after "Clients") who may themselves either use the Services or sell it to their own customers ("End Users").

We may collect your Personal Data through different channels: either through (i) your use of our Services as you connect to your account (herein after "Services") and (ii) your use of our website accessible at: *.cytrack.io (herein after "Website"), or otherwise interact with Cytrack (for example, attending Cytrack events), unless a different privacy policy is displayed.

This Policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of your Personal Data and how you can access and update said information.

We may process your Personal Data, as described in this Data Privacy Policy and as described when we collect data from you. Our Privacy Policy must be read together with any other legal notices or terms and conditions provided to you when we collect data from you (or at a later stage) or that are available on other pages of our Website. We may change this Policy from time to time. We will post any Policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Services and/or Website homepages, login screens, or by sending you an email notification.

We will also keep prior versions of this Policy in an archive for your review. We encourage you to review our Privacy Policy whenever you use the Services and/or Website to stay informed about our information practices and the ways you can help protect your privacy.

Where you use our Website, we will process your Personal Data collected by using cookies in accordance with our Cookie Policy. Please click here to view our Cookie Policy.

If you do not agree with this Policy, or the latest changes Cytrack may have brought to this Policy do not access our Website or use our Services or interact with any other aspect of our business.


B. Who is accountable for your data?

We – Cytrack, with its head office at: 155 Varsity Parade, Varsity Lakes QLD 4227, Australia, registered in the companies register maintained by The Australian Securities and Investments Commission, under company number ABN 95159509949 " Cytrack" – will process your Personal Data, either as data controller or as data processor, depending on the processing activities as detailed in section C. Please click here for our contact details or email: support@cytrack.io or by post as indicated.

In this Data Privacy Policy, references to "we", "us" or "our" means Cytrack and references to "you" and "your" are to the Data Subjects.


C. What data do we process and why?

As mentioned above, we may process Personal Data either (i) for the purpose of providing efficient Services to End Users and therefore acting upon our End Users’ instructions as data processor; (ii) or for our own purposes, where we act as data controller, such as technical assistance of End Users, direct marketing, sales of Services to our Clients or Website functioning.

i. Where Cytrack acts as data processor of its End Users

The types of information that we may collect from you, depending on how you interact with our End Users (e.g. how you use our Services and the purposes of processing, include:

Data Subject category Type of information Purposes of processing Legal basis of processing
End Users’ employees
  • your name or alias
  • your address (business)
  • your e-mail address
  • your telephone numbers (business)
  • your job title, role
  • your messaging ID
  • your profile photo
  • your biography
  • your job title, role and company name
  • your professional credit card information
  • your billing information

We refer to all the above mentioned information as "Account information".

  • providing you access (authentication) to Services purchased from us
  • supplying Services purchased from us
  • personalise our Services by adding tailored features
  • verifying accounts and activities, monitoring suspicious or fraudulent activities and identifying violations of Services policies
  • providing efficient assistance to End-user;
  • sending you non-marketing commercial communications
  • sending you marketing communications (including our email newsletter) relating to our Services, if you have requested them
  • performance of a contract
  • your consent (if requested and provided)
End Users’ customers
  • your identification data of clients’ customers (Caller ID)
  • your telephone number
  • your email address
  • your name
  • your voice
  • your screen displays
  • your twitter profile information (screen name, full name, tweet id, content of tweet)
  • your feedback
  • providing efficient assistance to End-user;
  • providing Web Chat services
  • ensuring quality management of customer services
  • contacting you through SMS communication
  • providing telephone callbacks including Twitter integration services
  • reporting of the call centre performance (real time and historic)
  • conducting customer satisfaction surveys
  • creating outbound telemarketing campaigns on behalf of our End Users;
  • Performance of a contract
  • Your consent (if requested and provided)

Cytrack has no control over the above-mentioned data and only processes it to the extent required by its End Users. Please contact directly the End User (e.g your employer and/or provider) in order to exercise your rights over these data.

ii. Where Cytrack acts as data controller

Potential Clients
  • your name
  • your address (business)
  • your e-mail address
  • your telephone numbers (business)
  • sending you marketing communications (including our email newsletter) relating to our Services,
  • your consent (if requested and provided)

Clients’ employees (including participants in Cytrack’s events)

  • your name
  • your address (business)
  • your e-mail address
  • your telephone number
  • bank account
  • billing representative’s contact information
  • payment card details
  • your IP address
  • your feedback
  • summary of technical problem experienced
  • type of device (mobile) and operating system version
  • screenshots
  • organization of promotional events, including giving you a discount
  • sending you marketing communications (including our email newsletter) relating to our Services, if you have requested them
  • providing satisfactory support to assist Clients with potential dysfunctions of Cytrack’s Services
  • ensuring the proper functioning of our Services and mobile applications
  • performance of an agreement with you we have in place, including collecting payments from you, sending invoices, statements and payment reminders and confirmation
  • reminding you of subscription expiration
  • responding to your comments, questions and requests
  • sending you technical notices, updates, security alerts and administrative messages
  • sending you non-marketing commercial communications
  • for research and development purposes/ Services improvement/ new features testing
  • performance of a contract
  • your consent (if requested and provided)

Users of our Website

  • cookies
  • IP address
  • geographical location
  • browser type and version
  • operating system
  • information about your visits to and use of our Website
  • feedback
  • contribution to any interactive feature, survey, contest, promotion activity or event registered through our Website
  • administering our Website
  • personalizing our Website
  • enabling your use of the services available on our Website
  • Cytrack’s legitimate interests
  • your consent (if requested and provided)

Our business purposes – we may also use your Personal Data for our internal business purposes (our legitimate interests) such as:

  • record keeping, statistical analysis, internal reporting and research purposes;
  • to investigate any complaints you make;
  • to provide evidence in any disputes or anticipated disputes between you and us;
  • for the detection and prevention of fraud, other criminal offences and for risk management purposes;
  • for business and disaster recovery (e.g. to create back-ups);
  • to ensure network and information security;
  • to host, maintain and otherwise support the operation of our Website, including to customise various aspects of our Website to improve your experience;
  • for document and data retention/storage;
  • to protect the rights, property, and/or safety of Cytrack and its personnel;
  • to ensure the quality of the Services we provide to our clients and other Data Subjects.

We believe the risk to your data protection rights in connection with Personal Data that we process on the basis of our legitimate interests is not excessive or overly intrusive. We have also put in place protections for your rights by ensuring proper retention periods and security controls.

The Services are not directed to individuals under 16. We do not knowingly collect Personal Data from children under 16. If we become aware that a child under 16 has provided us with Personal Data, we will take steps to delete such information. If you become aware that a child has provided us with Personal Data, please contact us at privacy@cytrack.io.

In addition, we may use your Personal Data for additional specific purposes made clear at the point of collection of your Personal Data.

If you choose not to provide the Personal Data requested by us, we may not be able to provide you with the Services you have requested or otherwise fulfil the purpose(s) for which we have asked for the Personal Data.


D. How and when do we share data with third parties?

Some Services that we provide require the involvement of third parties. We do not sell, rent, distribute or otherwise make Personal Data commercially available to any third party, except that we may share information with Cytrack’s Partners, our service providers and other third parties for the purposes set out in this Policy. For the purposes of this Privacy Policy, Cytrack’s Partners shall be understood as the global network of partners who provide sales, consulting, implementation, training and other services around our Services

a) Data sharing with Cytrack’s Partners

We may share Personal Data with these third parties in connection with their services, such as to assist with localized support, to offer Cytrack’s Services to their clients, to integrate Cytrack’s Services within their own products and/or services and to provide customizations of our Services and/ or Website.

b) Data sharing with service providers

  • We also share your Personal Data with our third party service providers, whom we engage to provide various services, in relation to:
  • deliveries of our Services (e.g., couriers);
  • marketing and advertising Services (e.g. marketing agencies, interactive agencies, e-mailing solution providers);
  • our Website (e.g., hosting and maintaining our Website); and
  • IT services and solutions (e.g., providing data storage, assisting us with database management, providing our End Users with assistance with regards to their use of Cytrack’s Services).

We have carefully selected these service providers and taken steps to ensure that your Personal Data is adequately protected. All of our service providers are required to be bound by written contract to process Personal Data provided to them only for the purposes of providing the specific service to us and to maintain appropriate security measures to protect your Personal Data.

c) Data sharing with other recipients

We may also share your Personal Data with:

  • our accountants, auditors, lawyers or similar advisers when we ask them to provide us with professional advice;
  • any other third party if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property and/or safety of Cytrack , its personnel and others;
  • users of our Website’s Interactive Area: the Website may offer publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features ("Interactive Areas"). You should be aware that any information that you post in an Interactive Area might be read, collected, and used by others who access it. To request removal of your Personal Data from an Interactive Area, contact us at privacy@cytrack.io. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why;
  • any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a court order or acting in accordance with an applicable law or regulation; or
  • investors and other relevant third parties in the event of a potential sale or other corporate transaction related to Cytrack.

You or your administrator may choose to enhance our Services by using third parties’ applications or widgets in relation with our Services. We do not control such use of your Personal Data and we encourage you to contact directly said third parties in order to learn more about their own processing activities of your Personal Data.


E. International transfers of personal data

Cytrack is located in Australia, a country which does not offer an adequate level of protection to Personal Data according to the European Commission. Cytrack needs to process Personal Data from EU data subjects outside of the EEA in order to provide its Services.

Please note that all Personal Data you provide to Cytrack are directly processed in Australia. This direct data collection by Cytrack upon your initiative shall not be considered as an international transfer.

Yet, Cytrack may also receive your Personal Data from third parties, such as some IT assistance local provider located in the UK or Europe as appropriate. When such transfers are involved, Cytrack has signed Standard Contractual Clauses with said providers to ensure your Personal Data are securely transferred.

Moreover, in order to facilitate our global operations, we may transfer our End Users’ and/ or Clients information, including Personal Data, from Australia to other countries outside the EEA in which Cytrack has operations for the purposes described in this policy. When doing so, Cytrack makes sure that adequate safeguards are implemented in order to secure these international transfers of your Personal Data, such as standard contractual clauses, Privacy Shield if recipient is located in the US, or EU Commission adequacy decision etc..

You can request further details about the safeguards that we have in place in respect of transfers of Personal Data outside of the EEA and where applicable a copy of the standard data protection clauses that we have in place by contacting us at: support@cytrack.io


F. How long do we store personal data?

It is our policy to retain your Personal Data for the length of time required for the specific purpose or purposes for which it was collected (e.g., for the fulfilment of an agreement with you). However, we may be obliged to store some Personal Data for a longer time, taking into account factors including:

  • legal obligation(s) under applicable law to retain data for a certain period of time (e.g. compliance with tax and accountancy requirements);
  • the establishment, exercise or defence of legal claims (e.g., for the purposes of a potential dispute).

Whilst we continue to process your Personal Data, we will ensure that it is treated in accordance with this Data Privacy Policy. Otherwise, we securely erase or anonymise your Personal Data once it is no longer needed.

If you would like to find out how long we keep your Personal Data for a particular purpose, you can contact us at: support@cytrack.io. For more information on how long cookies are stored, please refer to our Cookie Policy.


G. How do we protect your data?

We acknowledge that your Personal Data may be confidential. We will maintain the confidentiality of and protect your Personal Data in accordance with our Data Privacy Policy and all applicable laws, including the General Data Protection Regulation 2016/679 ("GDPR").

We have implemented technological and operational security measures in order to protect your Personal Data from loss, misuse, or unauthorised alteration or destruction. Such measures include the use of firewalls, encryption, proper access rights management processes, careful selection of processors and other technically and commercially reasonable measures to provide appropriate protection for your Personal Data. Where appropriate, we may also make backup copies and use other such means to prevent accidental damage to or destruction of your Personal Data. These measures ensure an appropriate level of security in relation to the risks inherent in the processing and the nature of the Personal Data to be protected.

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. For any payments which we take from you online we will use a recognised online secure payment system.

We will notify you promptly in the event of any breach of your Personal Data that might expose you to serious risk.


H. Your rights

The following section explains your rights that you may exercise. The various rights are not absolute and each is subject to certain exceptions or qualifications in accordance with the GDPR and other generally applicable provisions of data privacy law.

  • The right to be informed – you have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data. This is why we are providing you with the information in this Data Privacy Policy and in any legal notices or terms and conditions provided to you.
  • The right of access – you have the right to obtain from us confirmation as to whether or not your Personal Data is being processed by us, and about certain other information (similar to that provided in this Policy) about how it is used. You also have the right to access your Personal Data, by requesting a copy of the Personal Data concerning you. This is so you are aware and can check that we are using your information in accordance with data protection law. We can refuse to provide information where to do so may reveal Personal Data about another person or would otherwise negatively impact another person’s rights.
  • The right to rectification – you can ask us to take measures to correct your Personal Data if it is inaccurate or incomplete (e.g., if we have the wrong name or address for you).
  • The right to erasure – this is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to keep using it or its use is unlawful. This is however not a general right to erasure and there are some exceptions, e.g. where we need to use the information in defence of a legal claim or to be able to comply with a legal obligation.
  • The right to restrict processing – you have the right to ‘block’ or suppress the further use of your Personal Data when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your Personal Data, but may not use it further.
  • The right to data portability – you have the right to obtain and reuse certain Personal Data for your own purposes across different organisations (being separate data controllers). This only applies to your Personal Data that you have provided to us that we are processing with your consent and for the purposes of contract fulfilment, which is being processed by automated means. In such a case we will provide you with a copy of your data in a structured, commonly used and machine-readable format or (where technically feasible) we may transmit your data directly to a separate data controller.
  • The right to object – you have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by Cytrack, or by a data recipient. We will be allowed to continue to process the Personal Data if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or we need this for the establishment, exercise or defence of legal claims. If you object to the processing of your Personal Data for direct marketing purposes, we will no longer process your Personal Data for such purposes.
  • The right to withdraw consent – where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that occurred prior to such withdrawal. This right to withdraw consent includes your right to opt-out of Cytrack’s marketing communications.

I. How to contact us

If you wish to request further information or exercise any of the above rights, or if you are unhappy with how we have handled your Personal Data, please contact us at: support@cytrack.io.

Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result, we are not in a position to identify you, we may refuse to action your request.

We will generally respond to your request within one month of receiving your request. We can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted.

We will not charge you for such communications or actions we take, unless:

  • you request additional copies of your Personal Data undergoing processing, in which case we may charge for our reasonable administrative costs, or
  • you submit manifestly unfounded or excessive requests, in particular because of their repetitive character, in which case we may either charge for our reasonable administrative costs or refuse to act on the request.

If you are not satisfied with our response to your complaint or believe our processing of your Personal Data does not comply with data protection law, you can file a complaint to the relevant data protection authority.


Last updated 26 June 2018

Version CQT 390 -1 – 050621