Draftable Pty Ltd and its related entities (together, “Draftable”, “we”, “our” or “us”) have created this Privacy and Data Protection Policy (the “Policy”) to demonstrate our respect, commitment and vigilance in safeguarding the privacy and data security of the individuals and organizations with whom we deal and to ensure compliance with all applicable privacy, data protection and data security laws.
Draftable collects, uses, keeps or otherwise processes personal information in compliance with all applicable privacy and data protection legislation, namely the Australian Privacy Principles set out in the Australian Privacy Act 1988, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), and all relevant regulations.
This Policy gives you information on how Draftable collects, uses, keeps or otherwise processes your personal data, including when you contact us, visit our website, apply for a job, or use our products or services.
The nature of our products and services and the fact we operate in a business-to-business (“B2B”) environment means that we intend to retain very little or none of your personal data, and we continue to strive to ensure that we retain as little personal data as possible of our customers.
The personal data we collect, hold, use or otherwise process about you depends on the nature of our interactions and the circumstances about its collection. We may collect, hold, use or process the following data about you:
We may also collect other data you choose to provide to us and details of the interactions that you have with us.
Whenever it is reasonable and practicable to do so we will collect data about you directly from you. We do this in various ways including when you:
We may also collect data about you through our business relationships and contacts as well as from third-party sources, including publicly available sources such as Twitter, Facebook pages, LinkedIn profiles, company websites and online directories.
We are not in the business of selling our customers' personal data.
We collect, hold, use, disclose and otherwise process personal data for a range of purposes, including:
If we are unable to collect your personal data, we may not be able to communicate or respond to you or do business with you or your organisation.
We have set out below, in a table format, a description of the primary ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates or third parties. The linked sites are not under the control or supervision of Draftable. If you follow a link to any of these websites, please note that these websites have their own privacy policies or notices and that Draftable does not accept any responsibility or liability for these policies or notices. We recommend that you check these policies or notices before you submit any personal data to these websites. These links are provided merely as a convenience, and do not imply any endorsement of the site by Draftable.
Draftable products and services are not designed for and are not marketed to people under the age of eighteen (18) or such other age designated by applicable law (“minors”). We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our products or services. If you are a minor, please do not use our products or services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us at firstname.lastname@example.org if you believe we might have personal information from or about a minor that should be removed from our system.
You have the right to withdraw consent to marketing at any time by contacting us or by using the opt-out links in our communications. Where you opt out of receiving these marketing or promotional messages, this will not apply to personal data provided to us as a result of a product or service purchase.
If you are an existing customer, we will only contact you by email with information about products and services similar to those that were the subject of a previous sale to you.
We will not sell or rent your personal information to third parties or share your data with third parties for marketing purposes. We may use third party software to send you information for marketing purposes, but such third parties will not have access to or be able to read your personal information.
If you receive an email which claims to come from us but does not use our domain, or if you are suspicious that an email may not be approved by us, then please send a copy of the email to email@example.com so we can investigate.
The security of your personal data is fundamental to the way that we do business and starts with our core infrastructure.
We securely store your personal data on our servers located in the EU and the US.
We endeavour to hold all personal data securely in accordance with our internal security procedures, industry standards and applicable law. We update and test our security on an ongoing basis.
We maintain appropriate administrative, physical, technical and organizational measures to protect your personal data received, accessed or processed by us against unauthorized or unlawful processing or accidental loss, destruction, damage or disclosure.
As a global enterprise, we have international sites and users all over the world. When you give us personal data, that data may be used, processed or stored anywhere in the world, including countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. We will only transfer personal information to a supplier with appropriate safeguards in place (including, where appropriate, ‘standard contractual clauses’ set down from time to time by the European Commission) and where the supplier has provided assurances that they will provide at least the same level of privacy protection as is required by this Policy and in compliance with law. We will take necessary steps to prevent or stop such processing where we know that a supplier is using or sharing personal information in a way that is contrary to this Policy.
In addition to those described in the “Why we collect, hold, use, disclose and process your personal data” section above, we may also use and/or process your personal data for one or more of the following purposes:
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We take all reasonable measures to ensure that all personal data we collect, hold and use is complete, up to date and relevant. You can contact us at any time (using the “Contact Details” below) to request access to or to correct your personal information. Once we have verified your identity, we will generally provide you access to your personal data. However, there may be some instances where we are permitted or required (such as by law or regulation) to deny access or where we may refuse to correct your personal data. In such a situation, we will communicate the reasons for our decision. If we do not allow you to access or correct such data, and you do not agree with our decision, you can make a complaint by following the process below.
GDPR gives EU-based individuals certain rights with respect to their personal data, including the right to access information held about them.
In accordance with the GDPR, data subjects in the EU can exercise their rights by emailing our General Counsel and making one of the following requests:
Our General Counsel is contactable at firstname.lastname@example.org.
If you have any questions, concerns or complaints about how we have handled your personal information, then you may contact us using our “Contact Details” below. To help us respond to you, please include as much detail as possible about the information that you would like to access or correct and, if applicable, how you'd like to access this information.
Once we have received your message, we will investigate and respond to you as soon as practically possible. We will try to respond to your message or resolve your complaint as quickly as possible and by no later than thirty (30) days after we receive your message. If your complaint takes longer to resolve, we'll keep you informed of our progress with the investigation.
If you are not satisfied with our response, you can contact us to further discuss your concerns or exercise your legal rights in the relevant jurisdiction. For example, in Australia, you may lodge a complaint with the Australian Information Commissioner (for more information here, please visit: www.oaic.gov.au).
Documents you compare are protected by a secret URL. Anyone you share the URL with can view the comparison. Comparisons are deleted after no one has viewed them for a period of time.
Documents you compare are not shared with us. All operations on documents take place locally, so you can safely use Draftable Desktop on confidential documents.
The information that is shared with Draftable includes your name, email address, company, number of potential users, and your phone number on an optional basis, to start a trial.
Draftable Desktop communicates with our servers to check for updates and to ensure that your license key is valid.
Draftable Desktop submits information about usage statistics and errors that occur when running. Error reports may sometimes contain confidential information such as filenames. This feature can be disabled via the settings function or by contacting Support.
Draftable reserves the right to amend this Privacy and Data Protection Policy at any time, for any reason, without notice to you, other than the posting of the updated Privacy and Data Protection Policy at this website. We encourage you to regularly check our website for any such updates and to see the current Privacy and Data Protection Policy that is in effect and any changes that may have been made to it.
If you would like more information about our approach to privacy and data protection, or if you wish to contact us regarding the terms in this Policy and how it may apply to you, please contact us:
Last updated: February 2023