Privacy Policy
Privacy Policy
1. Introduction
This is the Privacy Policy of Hema Maps Pty Ltd (ACN 010 601 911) (trading as "Emprise Group Holdings", "Hema Group" and "Hema Maps") and its related entities including A247 International Pty Ltd (ACN 664 609 045) and Adventures Group Holdings Pty Ltd (ACN 155 672 192) (together "us", "our" or "we").
We are committed to safeguarding your privacy and protecting your Personal Information.
This Privacy Policy sets out how we will handle your Personal Information in accordance with the Privacy Act 1988 (Cth) ("Privacy Act"), the Australian Privacy Principles and the EU General Data Protection Regulation (EU) 2016/679 ("GDPR") (if the GDPR applies to us).
All capitalised terms in this Privacy Policy have the meaning given to that term in the Schedule "Definitions" unless the context requires otherwise.
This policy was last updated on 31 January 2025.
2. Application of this policy
This Privacy Policy applies when you visit the Portal or use any of our Services. By visiting the Portal or by using any of our Services, you agree to the terms of this Privacy Policy. You should not access the Portal and/or use any of our Services if you do not agree with this Privacy Policy.
3. Anonymised Data
Any information that is that is not reasonably capable of being associated with or linked to you or another person ("Anonymised Data") is not Personal Information. Therefore, any Anonymised Data that we collect, process or otherwise use will not be governed by this Privacy Policy.
4. Our collection and use of Personal Information
We collect and use Personal Information from Users of and visitors to the Portal, our Devices and/or Apps.
The specific type of Personal Information that we collect will depend on the reasons for, or circumstances of its collection and may include, but is not limited to, the following:
· User information: name, telephone and mobile number, email address, residential and postal address;
· Device and App information: your Device/App ID, Device/App type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
· Payment and transactional information: banking, credit card or debit card details, billing information, Device information and Technical Usage Data;
· Account information: any additional information relating to you that you provide to us directly through the Portal or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
· Enquiries, communications and social media: information contained in any enquiry you submit to us regarding our Portal or any of our Services, communication content, metadata associated with communications, and information about you shared via our social media accounts (if you communicate with us via one of our social media accounts); and
· Other information: any other information that may be required in order to facilitate your dealings with us.
We usually collect Personal Information directly from you, or we may collect it through our dealings with you. For example, we collect Personal Information from you or about you from:
· your access and use of the Portal;
· your use of any of our Services;
· correspondence between you and us;
· visits to and submissions you make on our Portal or in connection to any of our Services;
· your interactions with our electronic direct mail and/or emails from our marketing campaigns (such as click-throughs using the links included in those emails); and
· registration and forms you may complete and submit in relation to our marketing-related activities and events.
Sometimes, we may receive Personal Information about you from third parties. We will use reasonable efforts to obtain your consent before we contact a third party for this purpose.
We may collect Personal Information from you because we are required or authorised by an Australian law or court/tribunal order to collect that information. We will tell you if collection is required or authorised by law and provide you with details of the law, court or tribunal order.
We may also receive Personal Information about you from your authorised third parties and publicly available sources.
5. Why do we collect, hold and use Personal Information?
If you do not allow us to collect all the Personal Information we reasonably request, we may not be able to deliver any of our Services to you.
We collect, hold and use your Personal Information for the purposes of providing you with access and usage of the Portal and the Services, which include (without limitation):
(GDPR lawful basis: consent)
· providing you with use of our Portal and/or any of our Services;
· ongoing client relationship management purposes;
· offering, promoting, advertising, marketing and selling relevant and suitable Services to you;
· sending you relevant notifications, electronic direct mail, email marketing campaigns and/or newsletters;
· any other purposes identified at the time of collecting your Personal Information;
· developing and improving our business, the Portal and/or any of our Services;
· for monitoring, research and analysis in relation to our business, the Portal and any of our Services;
· involving you in market research, gauging customer satisfaction and seeking feedback;
(GDPR lawful basis: contractual obligation)
· performing and supplying any of our Services to you;
· managing our relationship with you (including maintaining a User profile), communicating with you, identifying you when you contact us, responding to your enquiries and keeping records;
· processing payments you have authorised;
(GDPR lawful basis: legal obligation)
· complying with all of our legal obligations to you and to third parties (including, without limitation, any governmental authority;
· ensuring the security of our Portal and our Services and maintaining back-ups of our database(s);
· for our internal accounting and administration;
· where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;
· in the preparation for, or conduct of, court proceedings or in an administrative or out-of-court procedure (or the implementation of orders of a court or tribunal or on behalf of an enforcement body);
· for the purpose of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice; and
(GDPR lawful basis: protect a person’s vital interests)
· where we reasonably believe that use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety.
If we want to use or disclose your Personal Information for a secondary purpose that is not related to the primary purpose of collection, or is inconsistent with what you would reasonably expect, we will obtain your consent.
6. Disclosure of Personal Information to third parties
By using our Portal, any of our Services and/or by providing us with your Personal Information (or allowing another person to do so), you acknowledge and consent to us disclosing some or all of your Personal Information to third parties.
This includes disclosure of your Personal Information and other details:
· to our related entities as necessary for the provision of any of our Services or to enable them to provide any of the service offerings that you have requested;
· to our third party provider of verification of identity services (in which case you will be asked to agree to the third-party provider’s applicable privacy policy and other policies);
· to government agencies to enable relevant registrations, notifications and/or lodgements in connection with the Portal and/or our Services;
· to a person that uses the Portal or any of our Services on your behalf and/or a person you have authorised;
· if you enable third-party applications to be used in conjunction with the Portal and/or any of our Services, to those third-party applications;
· to our partners, contractors, suppliers, subcontractors and service providers, including without limitation our suppliers of IT-based solutions that assist us in providing any of our Services, distributors of direct marketing communications; marketing agencies, insurers and external business advisors;
· in accordance with requirements or authorisations under applicable laws or to comply with our legal obligations; and
· to any other persons contemplated by this Privacy Policy.
We take reasonable steps to ensure that third-party recipients are obliged to protect the privacy and security of your Personal Information and use it only for the purpose for which it is disclosed. These measures include use of industry-standard, physical procedural and technical security measures and encryption where appropriate. However, regardless of any security measures used, we cannot guarantee the absolute protection and security of any Personal Information stored with us or with any third parties.
Occasionally, we may be required to disclose your Personal Information to third parties which are located outside of Australia. In such instances, we will take all reasonable steps to ensure that those third parties, in whichever jurisdiction, adhere to the terms of this Privacy Policy.
At all times, the third parties that we disclose your Personal Information to:
· are required to provide GDPR compliant services (if they are subject to the GDPR);
· must take reasonable steps, to our satisfaction, to ensure that Personal Information disclosed by us is protected against misuse, interference, loss and unauthorised access, modification and disclosure;
· must ensure that each of its employees who access, use or disclose Personal Information are aware of and comply with the obligations under this Privacy Policy when they are accessing, using or disclosing the Personal Information; and
· must, if they become aware of any misuse, interference, loss, or unauthorized access, modification or disclosure of Personal Information disclosed by us, immediately notify us.
We will not disclose your Personal Information to any third party (except as described above) without your consent, unless such disclosure is required by local Data protection laws or the GDPR and/or where we reasonably believe that it is necessary to lessen or prevent a threat to life, health or safety or for action to be undertaken by an enforcement body, or where allowed to do so in accordance with the local Data protection laws.
To the maximum extent permitted by law, we are not responsible or liable for the protection and privacy of any Personal Information provided to third parties.
You accept and agree that the disclosed Personal Information will be held by third parties and may be used by them in accordance with the Privacy Act and any privacy policy they may have, and in such circumstances, the third-party recipient will be solely responsible for their use of this Personal Information.
7. Our sub-processors
Our current list of sub-processors, their location and the services they perform, includes:
· Amazon Web Services ("AWS") – hosting, data processing, cloud services, storage
· Hubspot – CRM, marketing, marketing automation, customer service
· Shopify – eCommerce and content marketing
· Stripe – payment processing
· Square – payment processing
· Google – display ads, data storage, email
· Microsoft – data storage, email, applications
· Adobe – data storage
· ESRI – data processing and storage
· Safe Software – FME data processing
· HERE Technologies – data processing
· Mireo – software development and user hosting
· KeyCloak – identify authentication
· Google Play – application hosting and customer management
· Apple Store – application hosting and customer management
· CIN7 – order processing and fulfilment
· Xero – financial reporting
Please note that these sub-processors may change over time. We advise you to review this list regularly for any updates that may happen from time to time.
8. Storage and security of Personal Information
Your Personal Information is held and stored on paper, by electronic means (including by way of a third-party client relationship management product or system) or both.
We have physical, electronic and procedural safeguards in place for Personal Information and take reasonable steps to ensure that your Personal Information is protected from misuse, interference, loss and unauthorised access, modification and disclosure.
Our cloud-based servers are located in Australia in data centres which have represented to us that they are GDPR compliant (including by incorporating the Standard Contractual Clauses that the European Commission adopted in June 2021).
In the case of Hubspot, the product infrastructure is hosted on AWS cloud-based servers located in the USA and Germany. Shopify’s data is hosted on cloud-based servers located in the European Economic Area (“EEA”).
When developing and designing products and services that involve the processing of Personal Information, we take into account Data protection to ensure that we can fulfil our Data protection obligations.
Data held and stored on paper is stored in secure premises.
Data held and stored electronically is protected by internal and external firewalls. We encrypt and/or anonymised Data wherever possible. All access to electronic Data including databases requires password access that meets industry complexity standards.
Access to Personal Information is restricted to staff and contractors whose job description requires access. Our employees and contractors are contractually obliged to maintain the confidentiality of any Personal Information held by us. We also implement MFA (multi-factor authentication) safeguards wherever possible.
Data stored or archived off-Portal is contained within secure facilities. We require our storage contractors to implement privacy safeguards.
We undertake regular Data backups, with the Data copied and backed up to multiple locations for redundancy purposes.
Our staff receive regular training on privacy and the importance of keeping Personal Information secure.
9. Retention of Personal Information
We will retain your Personal Information only for as long it is required for any of the purposes set out in this Privacy Policy or for any other lawful purpose. We will retain your Personal Information for the time periods required by law.
10. Destruction of Personal Information
We use secure methods to destroy, your Personal Information when it is no longer needed or legally required to be retained.
Paper records and original documents may be sent for secure destruction or returned to you and/or relevant third parties. Electronic records may be archived to alternative storage and are subject to the procedural safeguards described above.
If you are in the European Union, you have a right (with a few exceptions) to request that your Personal Information is deleted. Regardless of where you are located, if you would like your Personal Information to be deleted, please contact us.
11. Access to and correction of Personal Information
You can request access to or correction of your Personal Information held by us.
If you wish to access, correct or update any Personal Information that we hold about you, please contact us.
We will respond to your request within thirty (30) days of you making the request and give you access in the manner you requested unless it is unreasonable or impracticable for us to do so. Before we accept your request, we will need to use reasonable methods to verify your identity. There may be reasons why we cannot give you access to the information that you have requested, or we refuse to correct your personal information. If that is the case, we will let you know these reasons in writing.
To help us keep our records up to date, please notify us of any changes to your Personal Information.
12. Withdrawal of consent to use Personal Information
You have a right to withdraw your consent to us using your Personal Information at any time. Please contact us via the details set out below if you would like to make such a request. We will process a request within thirty (30) days of receiving your request.
Please note that by withdrawing your consent, we may no longer be able to provide you with access to our Portal or Services.
13. International transfer of Personal Information
When we share Personal Information, it may be transferred to, and processed in, countries other than the country you live in, where our Data hosting provider’s servers are located. These countries may have laws different to what you’re used to. However, where we disclose Personal Information to a third party in another country, we put safeguards in place to ensure your personal Data remains protected.
For individuals in the EEA, this means that your Personal Information may be transferred outside of the EEA. Where your Personal Information is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA Data, or to a third party where we have approved transfer mechanisms in place to protect your Personal Information, for example, by entering into the European Commission’s Standard Contractual Clauses.
For further information, please contact us.
14. What happens if there is a Data Breach?
We will take seriously and deal promptly with any accidental or unauthorised loss, use or disclosure of Personal Information (“Data Breach”).
We are subject to the Notifiable Data Breaches Scheme (“NDB Scheme”) under the Privacy Act. In assessing and responding to suspected notifiable Data Breaches, we will act in accordance with:
· our applicable policies which incorporate the requirements of the NDB Scheme; and
· the guidance of the Office of the Australian Information Commissioner (“OAIC”).
Where a breach of your Personal Information occurs that is likely to cause harm (e.g. releasing unencrypted Personal Information), we will notify you and recommend steps you should take in response to the breach.
Where required by law, the OAIC will also be notified.
If a Data Breach releases Personal Information of a European Union-based user, we will notify the European Data Protection Supervisor within seventy-two (72) hours of becoming aware of the Data Breach.
15. Direct marketing
From time to time we may provide you with offers, marketing communications and targeted advertising by telephone, electronic messages, websites, social media, through the Portal and by any other means. These communications may relate to the products and services we, our related entities or a third party (“Participants”) provide, and other products which we think may be of interest to you.
We may use and disclose your Personal Information for the purpose of direct marketing to you by way of a direct mail, email, SMS, MMS, targeted digital advertising or any other means of marketing communication, where:
· you have consented to us doing so; or
· it is otherwise permitted by law.
You can at any time opt out of electronic direct marketing communications from us via your email marketing preferences. You can also use the unsubscribe facility provided in our electronic marketing communications.
If you elect to opt out, you will still receive service-based communications relating to the Portal, as well as other information that we are required to send you by law, such as changes to our terms and conditions and notifications relating to your transactions.
To opt-out of any marketing communications received from any Participants, you can use the unsubscribe facility provided in the Participant’s electronic marketing communication.
16. Cookies
A cookie is a small data file that is placed on your computer or mobile device when you visit a website. Website owners frequently use cookies in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
To understand how we collect and use cookies, please refer to our Cookies Policy which is available at our website hemamaps.com
17. How we collect and process Business Data
We currently do not collect, process, and manage third-party information submitted by our Users on to our Portal (“Business Data”). Should this change, we will make our Data Processing Addendum available which will apply to our practices as a 'data controller' and 'data processer' of Business Data.
18. Changes to this policy
We may update our Privacy Policy from time to time by either notifying you of a change to the policy and providing you with a link to the updated policy or by publishing a new version on our Portal without notice.
By continuing to use our Portal or otherwise continuing to deal with us, you accept this Privacy Policy as it applies from time to time.
19. Can I provide feedback?
From time to time, you may have the opportunity to participate in surveys or provide feedback intended to improve any of our Services which may involve providing additional Personal Information. Your participation in such activities is subject to your consent.
20. Privacy queries or complaints
If you have a query or wish to make a complaint regarding our privacy practices, please contact us. We will promptly investigate your complaint and notify you of the outcome.
If your complaint relates to how we handle your Personal Information you can also contact the OAIC:
Office of the Australian Information Commissioner
GPO Box 5288
Sydney New South Wales 2001
Australia
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
www.oaic.gov.au
21. Contact us
Privacy Officer
Hema Maps
3 Wyman Place
Braeside Victoria 3195
Australia
Email manager@hemamaps.com
Telephone: 07 3340 0000
Schedule – Definitions
"App" means a software application designed to run on a mobile device such as a phone, tablet, or watch.
"Data" means any data inputted by you or with your authority through the use of the Services and includes, without limitation, data owned or supplied by you or data which may otherwise be generated, compiled, arranged or developed by you in using the Services.
"Device" means any type of device including a computer, mobile phone, tablet or console that meets the minimum specifications required to access the Portal and/or use any of our Services.
"Device Information" means Data that can be automatically collected from any Device used to access the Portal and/or any of our Services, including your Device type, your Device’s network connections, your Device’s name, your Device’s IP address, information about your Device’s web browser and the internet connection used to access the Portal or any of our Services, Geolocation Information, information about apps downloaded to your Device.
"Geolocation Information" means information that identifies your location by using longitude and latitude coordinates obtained through GPS, Wi-Fi or mobile phone triangulation.
"GPS" means Global Positioning System which is a facility that provides users with positioning, navigation and timing services.
"IP" means Internet Protocol which is the set of rules governing the format of data sent via the internet or local network.
"Portal" means the cloud-based software and/or any Site owned and operated by us.
"Personal Information" means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
"Services" means any and all services provided by us through the Portal and any other website, mobile site or portal operated by us from time to time.
"Site" means the website https://www.hemamaps.com or such other domains used by us from time to time for access to this site or any other sites or provision of any of our Services.
"Technical Usage Data" means information we collect from your Device that you use to access the Portal or any of our Services such as what you have searched for and viewed on the Portal, the length of your visit and the way you use any of our Services, including your IP address, statistics regarding how pages are loaded or viewed, the website you viewed before coming to the Portal and other usage and browsing information collected through cookies.
"User" means a user of the Portal and/or any of our Services, as the context requires.
Cookies Policy
1. Introduction
This is the Cookies Policy of Hema Maps Pty Ltd (ACN 010 601 911) (trading as "Emprise Group Holdings", "Hema Group" and "Hema Maps") and its related entities including A247 International Pty Ltd (ACN 664 609 045) and Adventures Group Holdings Pty Ltd (ACN 155 672 192) (together "us", "our" or "we").
We use certain monitoring and tracking technologies, such as cookies, beacons, pixels, tags, and scripts (collectively, "cookies") to provide, maintain, and improve our website, portal and platform or any other website owned or operated by us ("Portal").
This policy contains information about what cookies are, the different types of cookies we use, and how our visitors, customers and users ("you") can switch off or remove cookies from your web browser.
This policy was last updated on 31 January 2025.
For information about our general privacy practices and how we handle personal information, please read our Privacy Policy which is accessible via our website hemamaps.com.
2. Cookies and other tracking technologies
A cookie is a small text file that’s placed on your computer or mobile device when you visit a website via a web browser such as Google Chrome or Safari.
Cookies allow websites to store information like user preferences. Cookies are similar to memories for the website because they allow the website to recognise you when you return, and respond appropriately.
Cookies are typically classified as:
· 'session cookies' which are automatically deleted when you close your browser; or
· 'persistent cookies' which will usually remain on your device until you delete them or they expire.
We also use other tracking technologies such as web beacons (sometimes called ‘tracking beacons’ or ‘clear gifs’) and local storage. These are tiny graphics files that contain a unique identifier that enable us to recognise when someone has visited our website or opened an email that we have sent them.
3. How and why we use cookies
We use cookies to optimise our offerings and marketing activities and to provide you with a better experience, for example, by:
· tracking your preferences;
· identifying technical issues; and
· monitoring and improving the overall performance of our Portal.
We use various types of cookies on our Portal. The different types of cookies are described the following section.
4. Types of cookies
4.1 Performance cookies
This type of cookie helps us to secure and better manage the performance of our services and remembers your preferences for features found on the Portal, so you don’t have to reset them each time you visit.
4.2 Analytics cookies
Every time you visit our Portal, we use analytics tools and services that generate cookies which can tell us (so long as they are allowed and not deleted) whether or not you have visited our Portal in the past, and provide additional information regarding how visitors and users use our Portal (such as how many visitors we have on a certain landing page, how often they visit, or where users tend to click on our Portal).
Your browser will tell us if you have these cookies and, if you don’t (but you do allow new cookies to be placed), we will typically generate and place new ones.
4.3 Registration cookies
When you register and sign into our Portal, we generate cookies that let us know whether you are signed in and to maintain your login session.
Our servers use these cookies to work out which account on our Portal you are signed into and if you are allowed access to a particular area or feature on that account.
While you are signed into our Portal, we combine information from your registration cookies with analytics cookies to learn, for example, which pages you have visited.
4.4 Marketing and advertising cookies
These cookies allow us to know whether you’ve viewed an ad or a type of ad online, how you interacted with such an ad, and how long it has been since you’ve viewed it. We also use cookies set by third-party organisations, so we can more accurately target advertisements to you.
We also set cookies on certain other sites that we advertise on. If you receive one of those cookies, we may use it to identify you as having visited that site and viewing our ad there, if you later visit our Portal. We can then target our advertisements based on this information.
4.5 Third-party integration cookies
Third parties may also set cookies on our Portal. They do this to enable and improve the performance and interoperability of their applications, features or tools that are integrated with our Portal, to track their performance, or to customise their website for you.
5. Why we use Cookies and tracking technologies
Tracking technologies help us in a variety of ways including operating our Portal, enhancing and customising your experience across our Portal, performing analytics and delivering advertising and marketing relevant to you.
Third-party cookies enable third-party features or functionality to be provided on or through our Portal, such as advertising, interactive content and analytics. They also enable us to use advertising networks to manage our advertising on other websites.
6. How to turn off cookies or remove them from your web browser
All modern web browsers allow you to change your cookies settings. You can usually find these settings in the 'Options' or 'Preferences' menu of your web browser.
The links below may assist you to understand these settings. Alternatively, you can use the 'Help' option in your web browser.
6.1 Google Chrome
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
6.2 Microsoft Edge
https://support.microsoft.com/en-nz/help/17442/windows-internet-explorer-delete-manage-cookies
6.3 Firefox
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
6.4 Safari
https://support.apple.com/en-nz/guide/safari/manage-cookies-and-website-data-sfri11471/mac
7. Targeted advertising
Most advertising networks offer you the option to opt out of targeted advertising. See, for example:
· www.aboutads.info/choices; and
· www.youronlinechoices.com.
If you are primarily concerned about third-party cookies generated by advertisers, and you live in Europe, you can also opt out from the collection of your data by advertisers who participate in the Digital Advertising Alliance. This can be done by visiting https://www.youronlinechoices.eu/
Additionally, you can change your settings on your mobile device (e.g., iPhone, iPad or Android) to control whether you see online interest-based ads.
8. 'Do Not Track' signals
'DNT' or 'Do Not Track' is a setting in a web browser that sends a signal to websites, indicating the user's preference not to be tracked for targeted advertising or analytics.
Due to the differences in how web browsers interpret this feature and send those signals, and lack of standardisation, it is not always clear whether visitors and users intend for these signals to be transmitted or whether they are even aware of them. Accordingly, we do not respond to 'Do Not Track' requests.
9. Changes to this policy
We may update our Cookies Policy from time to time by either notifying you of a change to the policy and providing you with a link to the updated policy or by publishing a new version on our website without notice.
By continuing to use our Portal or otherwise continuing to deal with us, you accept this Cookies Policy as it applies from time to time.
10. Contact us
If you have any queries or concerns about this policy or our use of cookies, please contact us using the details below:
Privacy Officer
Hema Maps
3 Wyman Place
Braeside Victoria 3195
Australia
Email: manager@hemamaps.com
Telephone: 07 3340 0000