GDPR Privacy Policy

Saropa Pty Ltd (“Saropa”, “us”, “we”, or “our”), legally based in Australia, is responsible for this privacy policy.

We understand your privacy is of critical importance. In this privacy policy you will find information about your rights with regard to your data and how you can make use of those rights. We also inform you on how cookies are collected, processed and stored and for what purposes this is done.

The privacy policy may at times be edited, for example, due to legislative changes. It is therefore advised to consult this privacy policy periodically.

Personal Data That We Process

We will collect, store and process the information that you voluntarily provide to us when making use of our repository service for personal information (“Service”) or contacting us in any other way.

This includes personally identifiable information, like your name and contact information (“Personal Data”). The following Personal Data may be processed by Saropa:

  • your first and last name, address, email address and phone number;
  • the contact information that you provide about your emergency contact(s), like their name and phone number;
  • your date of birth;
  • your national identifying number (Social Security, National Insurance, PPS, etc.);
  • information about your physical appearance, like your eye colour, skin colour, weight and/or height;
  • information about your employment or education, like information about your salary or student identification number;
  • geo-tracking data;
  • any other Personal Data that you actively provide when contacting us or making use of the Service.

Sensitive Personal Data

The Personal Data that is collected by making use of the Service includes data that is, by its nature, of particularly sensitive nature (“Sensitive Data”). We only collect such Sensitive Data when it is voluntarily provided by you and after you have given your explicit consent to us doing so, to better serve and meet your needs.

The Sensitive Data we may process includes:

  • information concerning your health and medical history;
  • genetic data;
  • data about your religious or other beliefs;
  • any other Sensitive Data that you actively provide when contacting us or making use of the Service.

Usage and Connection Data

We also may use software tools like Google Analytics, to measure and collect session information, like the length of your visit to our website and/or Service, page response times, page interaction information and methods used to browse away from the page.

In addition, we may collect the Internet protocol (IP) address used to connect your computer or mobile device to the Internet; as well as other connection information, like information about your (mobile) operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.

For what purpose and on what basis we process Personal Data

We use your Personal Data to provide you with the Service. We also use your Personal Data to give the contact persons you provided access to the Service during a crisis.

We may use your contact information to respond to your questions, inquiries or requests.

We may use software tools like Google Analytics to improve our Service and/or website and create a better user experience. Where we do so, and where consent is not the specific basis for this particular processing, we rely on our legitimate interests to understand how our services are used, to enhance their functionality, and to diagnose and troubleshoot malfunctions.

We may also use Personal Data for marketing purposes, but only if you have previously indicated that you wish to receive such messages. If you no longer wish to receive such messages from us, you can contact us using the contact details provided at the end of this privacy statement.

We do not process your Personal Data for other purposes and only with your explicit consent or for the implementation of the agreement that we have entered into with you.

We conduct a balancing test to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms. You have the right to object to processing based on our legitimate interests (see 'View, modify or delete data' section for how to exercise your rights).

Sharing of Personal Data with Third Parties

We share your Personal Data with third parties only when it is necessary for providing and delivering our Service to you, or when legally required.

Examples of third parties we may share data with include:

  • Our hosting provider, who manages the infrastructure for our website and Service.
  • Other essential service providers who assist us in operating our Service (e.g., analytics providers as described previously, payment processors if applicable).

When we share your Personal Data with these third parties, we do so under strict contractual agreements. These agreements ensure that:

  • They use your data only for the specific purpose of providing the contracted service to us.
  • They implement appropriate security measures to protect your data (including encryption where appropriate for data in transit and at rest).
  • They do not use your data for their own purposes or share it further without authorization.
  • They delete or return your data once it is no longer needed for the service.

We will not provide your Personal Data to other parties for their own independent use unless we have your explicit consent or are required to do so by law.

Server Location and International Data Transfers

To provide our Service effectively and ensure resilience, Saropa utilizes a global infrastructure with servers and data processing facilities that may be located in various countries around the world, including Australia, countries within the European Economic Area (EEA), the United States, and other regions. The specific location where your Personal Data is processed may depend on factors such as the point from which you access our Services or the location of other users you interact with.

Regardless of where your Personal Data is processed, we are committed to ensuring its protection. When your Personal Data is transferred from the European Economic Area (EEA) to, or accessed from, a country outside the EEA that has not been deemed by the European Commission to provide an adequate level of data protection, we ensure that such transfers are lawful and that your data remains protected. We primarily achieve this by:

  • Implementing Standard Contractual Clauses (SCCs) approved by the European Commission between Saropa (or the relevant Saropa entity processing your data) and the data importer (which may be another Saropa entity or a third-party service provider). These SCCs are supplemented by Transfer Impact Assessments (TIAs) and additional technical, organizational, and contractual safeguards as necessary to ensure an essentially equivalent level of protection to that in the EEA.
  • Relying on an adequacy decision from the European Commission for the recipient country, where applicable (for example, if data is transferred to a country recognized as adequate).
  • For transfers to third-party service providers located outside the EEA, ensuring they are bound by similar contractual obligations and transfer mechanisms.
  • In limited circumstances, utilizing other valid transfer mechanisms or derogations recognized under the GDPR.

Our third-party hosting providers and other service providers who may process your Personal Data on our behalf are also required to adhere to these international data transfer requirements when handling data originating from the EEA.

You can request further information about the specific safeguards applied to the transfer of your Personal Data by contacting us using the details provided in this policy.

How long we keep Personal Data

Your data will be stored by us for a longer period of time, but never longer than necessary for realizing the goal(s) for which the data was collected, unless we are required by law to keep your data longer than that.

Cookies

We use cookies and similar technologies ("cookies") to authenticate users, track the activity on our Service and/or website, to help us analyze how they are used and to improve them.

A cookie is a small text file that is stored on your computer, tablet or smartphone when you first visit our website and/or Service. The cookies we use are necessary for the technical operation of the website and Service and for your ease of use. They ensure that the Service and website work properly, identify you and, for example, remember your preferences. We also use cookies to aid in security measures used to protect user accounts. We may also use cookies to optimize our Service and website.

Below is described which cookies are used.

Functional cookies

Functional cookies are necessary for the functioning of the Service and website. Certain components of the Service and website cannot be used without these cookies. These cookies are used anonymously and therefore have little impact on your privacy.

Session cookies

With the help of a session cookie we can see which parts of the Service and website you have viewed during your visit. We can therefore adjust our Servic and website as much as possible to the surfing behaviour of our visitors. These cookies are automatically deleted as soon as you close your web browser.

Prevent use of cookies

You can opt out of cookies by setting your internet browser so that it no longer stores cookies. In addition, you can also delete all information that were previously saved via the settings of your browser. It is possible that in that case you will not be able to use all functions of our website and/or Service anymore.

If you do not want your visitor behaviour to be recorded, you can download a plugin from Google that prevents this. For Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera this plugin is available via: tools.google.com/dlpage/gaoptout. This setting then applies to all websites that you visit, not just our website.

Web Analytics Provider

A Web Analytics Provider (WAP), such as Google Analytics, collects data on visitor behaviour on our website and/or Service. This helps us understand how visitors navigate and interact with our services, allowing us to optimize their operation and design.

The WAP may share this information with other third parties if legally required, or if these third parties process information on the WAP's behalf. We do not control these disclosures by the WAP. We do not permit the WAP to use the analytics information obtained from our services for their other services.

The information collected by a WAP is typically anonymized or pseudonymized to the greatest extent possible. For instance, your full IP address is generally not directly accessible to us through these tools.

If a WAP, like Google Analytics, transfers data outside the European Economic Area (EEA) (e.g., to servers in the United States), we take steps to ensure that appropriate safeguards are in place for such transfers. These safeguards may include:

  • Relying on the WAP's use of Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by a Transfer Impact Assessment (TIA) to ensure an essentially equivalent level of data protection.
  • Verifying if the WAP is certified under an adequacy decision recognized by the European Commission, such as the EU-U.S. Data Privacy Framework (where applicable and valid for the specific WAP and data transfer).

Children under 16

We do not intend to collect data about visitors of the website who are younger than 16 years of age, unless they have permission from parents or guardians. Since we cannot check whether a visitor is older than 16, we advise parents and guardians to be involved in the online activities of their children, to prevent that data about children is being collected without parental consent.

In the event that you are under the impression that we have collected personal information about a minor without parental permission, please contact us via our contact details at the bottom of this page. We will then remove this information.

How we protect Personal Data

As the provider of the Service we are aware that privacy and security is of special importance for our customers. We pay special attention to the security of all the information that is uploaded to the Service.

Saropa takes the protection of your data seriously and takes suitable and appropriate security measures to prevent abuse, loss, unauthorized access, unwanted disclosure and unauthorized changes.

Saropa uses an appropriate combination of administrative protocols, physical barriers and technology to help prevent unauthorised persons or intruders from gaining access to information.

We have acquired and will continue to update appropriate technology, such as “fire-walls” and encryption programmes to exclude unauthorized access, hacking and computer virus infection from Saropa’s computer system.

If you feel that your data is not properly protected or there are indications of abuse, please contact us via our contact details as stated at the bottom of this page.

View, modify or delete data

You have the right to access, correct, and delete your Personal Data. In addition, you have the right to withdraw your consent for data processing at any time (where processing is based on consent), to object to the processing of your Personal Data by Saropa (under certain conditions), and the right to request the restriction of processing of your Personal Data (under certain conditions).

You also have the right to data portability. This means you can request us to send the Personal Data we hold about you in a structured, commonly used, and machine-readable format to you or to another organization you nominate.

Exercising Your Rights

To exercise any of these rights, please contact us using the details provided at the bottom of this policy. To help us verify your identity and process your request efficiently, please provide sufficient information to identify yourself and specify the right you wish to exercise. We may request a copy of your proof of identity, with sensitive details (such as passport photo, ID numbers) redacted for your security.

We will respond to your request as quickly as possible, and in any case, no later than one month from receipt of your request (this period may be extended by two further months where necessary, taking into account the complexity and number of requests, in which case we will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay).

Right to Lodge a Complaint

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that Saropa's processing of your Personal Data infringes the GDPR. If you are in the European Union or European Economic Area, you can typically lodge a complaint with the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement. You can find a list of national data protection authorities on the European Data Protection Board's website.

Questions and Contact

For questions or remarks about the processing of your Personal Data or this privacy policy you can contact us via the following email address: dpo.gdpr.privacy@saropa.com.

GDPR Policy Changelog

This GDPR policy was last reviewed and updated on May 10, 2025.

  • International Data Transfers (Analytics): Revised section on Web Analytics Providers (WAP) to remove outdated references to Privacy Shield. Updated to reflect current valid transfer mechanisms (e.g., SCCs, EU-U.S. Data Privacy Framework) for data transfers outside the EEA by WAPs like Google Analytics.
  • Server Location & Third-Party Data Sharing: Clarified information on primary server locations. Enhanced details on contractual safeguards with third-party service providers, including data security and limitations on use. Explicitly addressed international transfer mechanisms for data processed by these third parties or on servers outside the EEA.
  • Data Subject Rights: Added the "right to restriction of processing" to the list of user rights. Clarified the right to lodge a complaint with a supervisory authority and provided guidance on identifying it.
  • Data Protection Officer (DPO): Added a statement clarifying Saropa's DPO status and relevant contact procedures.
  • Lawful Basis (Legitimate Interests): Provided greater specificity on the use of "legitimate interests" as a lawful basis for certain processing activities (e.g., service improvement analytics) and highlighted the user's right to object.

https://app.saropa.com

home terms privacy gdpr emergency contact print
© 2024