Version 4.1.0 at 31 July 2017
Authorised Representative: Gerard McLennan – CEO
At LogbookMe we are committed to protecting user privacy and complying with the regulatory environment. We understand that users value their privacy and may have concerns about the information collected and also how it is used, stored and distributed.
Our approach to user privacy is to embody open and transparent management of information to ensure users are comfortable and fully understand what information we have, how we use it and how they can protect and manage their information with us.
We have documented in this statement how we manage user information including but not limited to what we collect, how we collect it, how it is stored, when we use it and limitations on who has access to the information and how it is output is distributed.
This statement has been written with close reference to the Australian Privacy Act amendments and the Australian Privacy Principles. For the purpose of this document ‘information’ or ‘data’ references Personal Information and ‘users’ references Individuals to whom we have information for.
We will continue to review this statement in light of any updates or legislative changes and the most recent version will be published in the user portal at http://manage.logbookme.com.au (login required) or can be requested directly by contacting us using any of the methods listed at the end of this statement.
We believe that our service is compliant with the relevant legislative provisions.
What Information We Collect
LogbookMe limits the collection of information to what is essential in order for us to deliver products and services to the user. We have documented what information we collect below.
User inputted information
- Email address
- Password set by user
- First Name
- Last Name
- Time zone
- Start odometer reading
- End odometer reading
- Target business use as a percentage
- Vehicle Make
- Vehicle Model
- Vehicle Registration Plate
- Description of trip
- Classification of trip
- Support requests or other forms of contact via our various customer support channels
It is at the users discretion to the degree of accuracy they wish to provide us in their information input however where accurate information is not provided, it may limited our ability to provide services.
- Event name as recorded in calendar by user
- Event location as recorded in calendar by user
- Event time
- Event date
LogbookMe Device Information
- Date of record
- Time of record
- Latitude of vehicle at time of record
- Longitude of vehicle at time of record
LogbookMe Processed Information
- Kilometres for each trip recorded
- Approximate location based on nearest street and suburb for each trip start and end location
How The Information Is Collected
Information is collected from various sources and also produced within our service delivery platform. By providing information through the users account setup and/or using our service, the user consents to our collection and storage of the information. This consent is obtained from each user via a prompt upon first use.
We have provided detail with reference to the information listed above in respect of how the information is collected.
User inputted information
This information is collected through the user or users employer providing the input via online form during user setup or otherwise received directly.
In some instances (where the service is sponsored by a third party e.g. employer) we may receive some information directly. Where this is the case, within a reasonable time frame, we will input the information into the user account and notify the user of the information and how it can be accessed and corrected. If the user has an issue with the information being used by LogbookMe a complaint can be raised to address the concerns.
This information is collected through the calendar feed feature from the users calendar.
This feature is optional and at the user discretion as to whether they enable the functionality. All data is queried on demand and is not stored unless committed and saved by the user.
LogbookMe Device Information
This information is collected through the LogbookMe in-vehicle device.
LogbookMe Processed Information
This information is collected through the processing of LogbookMe Device Information in the LogbookMe Platform.
How Information Is Stored
All information is securely managed and stored by Microsoft Azure. Azure provide managed hosting services in a dedicated secure environment and meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards such as the Australian IRAP.
The Azure data centres are located on the east coast of Australia and are certified with enterprise level encryption (AES-256). Azure also commits to operate within ISO/IEC 27018 which is the code of practice for cloud privacy.
Transmission of Information
All transmissions between our servers and users are protected by SSL encryption to secure and maintain the data integrity.
Transmissions between the LogbookMe Device and our servers are raw data string only and does not have any personally identifiable information. LogbookMe decodes the data in our secure cloud environment.
Why we collect the information and what we use the information for
By submitting and allowing us to collect information for you for the purpose of our service delivery (including core functions and activities) you agree to us storing, processing and collecting your data to comply with our service contract with you or your employer.
We may use data which has been anonymised and aggregated into a form where it is no longer personalised data. This may be used for a wide range of purposes for the benefit of LogbookMe. These may include enabling us to improve the service delivery and service quality, production of new and improved products/services, statistical analysis of usage patterns, behaviour statistics, benchmarking or relative analysis. No personal data that can identify an individual will be used for this purpose.
Inquiry or Complaint Handling
We are committed to maintaining an open and transparent channel to deal with requests from users related to their privacy.
Users can at any time access personal information about the individual that is held by us and also seek correction of such information.
LogbookMe has a dedicated email, email@example.com where requests can be lodged. We undertake to respond to all requests within 24 hours.
If a user does not receive a response within the state timeframe, escalations should be directed to the Managing Director on telephone 1800LOGBOOK or fax (02) 8079 6672 identifying the call as an ‘escalated privacy related request’. These requests will be escalated to senior management and responded to upon receipt.
Upon receipt of an inquiry or complaint our team will investigate the issue and respond with a solution or if more time is required, an outline of the steps we will be taking to address the query and an estimated time frame when we expect to have a response to the user.
Please note that where the request involves information access and/or correction, we will require a formal identification process of the requestor to be completed before any requests will be processed.
Information Updates and User Access to Information
User information is available and can be accessed via our web platform and mobile applications. A user may also receive alerts via email or sms. Alerts disclose limited information, instead of requiring the user to login to action the alert.
Information can be accessed and updated by the user or the user may contact LogbookMe direct and submit a request for update. All update fields are protected by a secure login and any updates will be implemented in real-time.
How information is disclosed and to who
Distribution Of Information
We will not distribute any information without explicit written consent. Our information distribution model relies on the user facilitating any information distribution except in limited circumstances noted below.
We include the below diagram for your reference:
The user has access to information that is suitable for distribution (such as the logbook report) and it is the users responsibility to download/export any information (in the form of reports) and distribute (to relevant parties) it as necessary.
Employer Sponsored Service
Where an employer has sponsored LogbookMe and is using the solution for enterprise purposes we will provide authorised persons with access to the secure LogbookMe reporting portal.
Data access and privacy levels will be set based on the access level of the authorised individual.
This will be communicated directly to users via initial communications and/or presentations and/or user training.
If you are an employee/driver and have any queries or would like to request additional information about the reporting available to your employer, we’re here to help, just contact us at firstname.lastname@example.org
Third Party Access
In remote circumstances, we may have arrangements with employers or third parties to provide and distribute information on behalf on users. We will only provide this service where there is a consent from the individual. This consent will be kept and referenced by selected staff who have access.
Internal LogbookMe Access
We have strict internal controls on who is able to access user information. We generally allow access on a required to perform task then restrict the access once completed.
Our Technical Director, has responsibility for user access and information security. We have restricted access across our team and regular internal audit procedures to uphold our internal information security function.
Third Party Disclosure
We may disclose information to the extent that it is required by law, order of any court, tribunal, authority or regulatory body, enforcement authority, rules of any stock exchange or any professional obligations or requirements. If this happens, if practical and to the extent permitted by law, we will notify the user directly of the requirement to disclose and only disclose the minimum information.
Permitted Extraordinary Disclosures
We may also disclose if a permitted general situation exists in relation to a portion or all of the information or in an instance where a health situation exists requiring the information to be disclosed.
Any extraordinary disclosure requires approval by two directors of Logbook Me Pty Limited
How long information is stored
For your convenience, we store user data for a minimum period of 5 years in Australia and 7 years for New Zealand users.
If users wish for their information to be removed and destroyed, please lodge a request via our inquiry and complaint handling noted above.
Our position on overseas disclosure of information
LogbookMe is operated within Australia and does not store, transmit or disclose any information outside of Australia.
Need clarification or have any questions?
We encourage users to contact us on email@example.com with any further queries. Our team would be more than happy to help.
Logbook Me Pty Limited [ACN 165232520]