Privacy Portal

Privacy FAQs

The information provided in these FAQs is for education purposes only. This information is not intended to be a substitute for you obtaining advice on your individual circumstances.

This information is current as at 31 May 2021.

We collect:

  • information you provide to us, such as your name and email address when you register to use our services;
  • information you upload to our platform, such as templates and photos; and
  • information about your use of our services, for example how many inspections you conducted within a specific time period.

You can find a more detailed description of the information we collect in our Privacy Policy.

You own the data, information, templates, content, video, images and other materials and information that you provide to us in connection with your use of our services or that you upload to our platform. We call this ‘Your Data’.

We may generate aggregated data sets, reports and analysis relating to your use of our services. We ensure that this data is anonymized and does not identify you. We own the data in these aggregated data sets, reports and analysis and may use this data for internal purposes only.

We collect your data to provide our services to you and to improve the services for you, and our more than 28,000 customers. You can find out more information here.

We do not sell your information to marketers, advertisers or third parties.

Your data may be accessed by employees of SafetyCulture who are currently located in Australia, the United States, Europe and the Philippines.

We may also share your data with third parties in a limited number of circumstances, as provided in our Privacy Policy.

The two main groups of people we share your data with are: (1) other users you nominate to access your account; and (2) our third party service providers who assist us in providing the services to you.

Our Privacy Policy provides more detailed information on the information we share.

We may collect, store, host and use your data in the United States and in other jurisdictions in which we operate, including Australia, the United Kingdom and the Philippines.

We host your data with Amazon Web Services, Inc.

We have an active and robust cyber security program and are committed to ensuring that the data you provide to us is secure.

We are continually working to improve our cyber security practices and take security very seriously.

You can read more about our approach to security on our website.

We keep your data for as long as we need it to provide our services to you, to fulfil our obligations under our agreement with you and our Privacy Policy, and to comply with any obligations that we may have at law.

You can choose to delete actions, issues, inspections and templates from our systems. You’ll find more information on what steps you need to take in the ‘Additional Resources’ section below.

You can exercise certain controls and choices regarding your data. You can exercise these options by visiting your account or contacting our Customer Support Team.

Your choices may include:

  • restrictions on the collection or use of your information;
  • correction and deletion of your data (to the extent permitted by applicable data protection laws);
  • removal from our marketing and promotional email lists;
  • access to the information we collect and hold about you; and
  • the transfer of your personal data to another nominated third party (to the extent possible).

You can find out more about your rights here.

Please be aware that we may not be able to provide certain services or support to you, if you choose to exercise certain controls.

We process your personal data in accordance with our Terms and Conditions and Privacy Policy.

Our Terms and Conditions and Privacy Policy are specific to our services and cover the specific processes and procedures we have in place to protect your data.

We maintain appropriate technical and organisational measures to protect your data, including:

  • the use of the standard contractual clauses for data transfers between EU and non-EU countries approved by the European Commission;
  • our agreements with our employees, contractors and third party service providers also contain appropriate provisions with regard to the confidentiality and protection of your data; and
  • we undertake security assessments of third parties with whom we share your data to ensure we have confidence in their systems and procedures.

Yes, our current Terms and Conditions and Privacy Policy include provisions to assist customers with local requirements, including GDPR and CCPA compliance.

We periodically review new legislation which comes into force and assess its impact on our systems and processes.

You can continue to use our service as you usually would. For the time being, organisations transferring personal data from the European Economic Area (EEA) to the UK can continue to transfer personal data without implementing any further controls.

SafetyCulture is an Australian company with global offices in the UK, US and the Philippines.

Our current Terms and Conditions incorporate the European Commission’s standard contract clauses for data transfers between EU and non-EU countries. This aids you in your compliance with the GDPR when transferring personal data to our services outside the European Economic Area.

We have prepared a more detailed article on data transfers between the EEA and UK post-Brexit here. You can also review the European Commission’s statement here.

You will find the current version of our Privacy Policy here.

Legal announcements

29 Oct 2021

New Standard Contractual Clauses

The European Commission has approved new Standard Contractual Clauses (SCCs) that facilitate the transfer of personal data outside the European Economic Area (EEA) to third countries where there is no adequacy decision in place (you can find a list of countries that have been recognised as having an adequate level of data protection here). The […]

29 Oct 2021

Adequacy decision: EU determines that UK has an adequate level of data protection

We previously published an article detailing the transfer of personal data between the European Economic Area (EEA) and the United Kingdom (UK) post-Brexit. You can find that article here. On 28 June 2021, the European Commission determined that the UK had an adequate level of data protection. This means that for transfers of personal data […]

20 May 2021

Data transfers under the GDPR after the UK’s withdrawal from the EU

To date, organisations have not had to make any changes to how they transfer personal data between the European Economic Area (EEA) and the United Kingdom (UK) as a result of Brexit. This may change after 30 June 2021, if the European Commission does not make an adequacy decision in relation to the UK. We […]

20 Apr 2021

Data transfers under the GDPR to the US after the Court of Justice of the European Union’s decision in the Schrems II case

On 1 August 2016, the EU-US Privacy Shield (Privacy Shield) framework become operational. This allowed organisations in the European Union (EU) to transfer personal data to certified organisations in the United States (US) without the need for further safeguards. An organisation was first required to be certified under the Privacy Shield before it could receive […]