Data Protection Framework
1. Customer and Citizen Data
You may decide to send us your personal information via the SpaceDraft website if you are seeking more information from us, requesting to use our facilities, attend one of our events, or for other similar purposes. Your decision to disclose your personal data to us is entirely voluntary, and by doing so, you are confirming that you provide us with your specific consent to use your personal data only for the limited and specific purposes for which you have disclosed it to us.
SpaceDraft may access and use your personal data only for the purposes for which you have submitted it to us to (a) provide information to you, (b) make contact with you, (c) provide services to you, or (d) maintain the operations and security of the website and related services which we provide to you. We will not use your personal information for any other purposes unless we have sought and obtained your specific consent to do so.
We will always handle and store your personal data in accordance with industry best practice aligned with ISO27001, the international standard for information security. This includes the activities and procedures undertaken by our SpaceDraft personnel and authorised third parties (see Section 6), and the technical controls which we have implemented to prevent unauthorised access, compromise or theft of information from our records, applications, supporting computer systems and premises.
2. Sensitive Personal Data
GDPR specifies a set of personal data categories which are considered to be “sensitive”, and which require special consideration by Data Controllers. This website, and any services which are available from this website, do not knowingly collect or process any sensitive personal data, and supporting Data Protection Impact Assessments are available upon request from our Data Protection Manager (see Section 10).
3. Children’s Personal Data
This website, and any services available from this website, are not directed to children under the age of 13, except with the Education Account (see below). If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact our Data Protection Manager (see Section 10) immediately so that we can take appropriate action.
SpaceDraft Education Account
Children under the age of 13 may use “SpaceDraft Education Account” under the supervision of their teacher. We will only collect student data where such collection is authorised by participating educational institutions who have obtained parental consent. We will share student data with our third party service providers solely to the extent necessary for them to perform a business or technology support function for us. This may include data processing, account management or the provision of usage analytics.
Upon termination of a school’s SpaceDraft Education Account, we will delete all student user accounts associated with that school.
Educational institutions will have direct control of student data at all times. If a school wishes to inspect, review, amend or delete data we have collected from a student, they may submit an authorised request to the contact details provided in section 10 below. Such a request must come from the email address that owns the SpaceDraft Education Account. To protect children’s privacy and security, we will take reasonable steps to help verify the school’s identity before granting access to any personal information.
4. Customer and Citizen Data Rights
As prescribed within the EU General Data Protection Regulation, you have several rights connected to the provision of your personal data to us using this website. These include your rights to request that we:
- Confirm to you what personal data we may hold about you, if any, and for what purposes
- Change or withdraw any consent which you have provided in relation to your personal data (if that is the legal basis for us holding it)
- Correct any inaccurate or incomplete personal data we may be holding about you
- Provide you with a complete copy of your personal data for you to move elsewhere, under specific circumstances
- Stop our processing of your personal data, whilst a received data processing objection from you is being resolved
- Permanently erase all your personal data promptly, and confirms to you that it has done so (unless there is a valid reason why we are unable to do this)
To contact SpaceDraft to exercise your rights, please see Section 10 below.
If we do not address your data subject request, or we fail to provide you with a valid reason why it is unable to do so, you have the right to contact the Office of the Australian Information Commissioner to make a complaint.
They can be contacted via https://www.oaic.gov.au/privacy/privacy-complaints/.
6. Declaration of Sub-Processing
For you to make an informed decision on whether to provide your personal data to SpaceDraft using this website, we need to make you aware of the details of organisations that act as data processors to SpaceDraft and which we use for specific activities related to the operation of our organisation and the provision of its services:
- Amazon Web Services for data hosting (Sydney, Australia region).
The specific activities within which each of these organisations participate have been recorded within the applicable SpaceDraft Data Protection Impact Assessments and these are available upon request from our Data Protection Manager (see Section 10).
7. Website Cookies
Cookies are small text files sent by us to your computer, or from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them, or until they expire.
8. External Links
This website may include relevant hyperlinks to external websites not controlled by SpaceDraft. Whilst all reasonable care has been exercised in selecting and providing such links, you are advised to exercise caution before clicking on them. We cannot guarantee the continued suitability of external links to content we do not control, nor do we continually verify the safety or security of the destination website. Please be advised that your use of external links is at your own risk and we cannot be responsible for any damages or consequences caused by your use of them.
10. Contacting SpaceDraft
The Data Protection Manager
183 Stirling Hwy, Nedlands, Australia, 6009