2. How Laminar Communications collects and holds Personal Information

2.1 Collection generally

We will collect your Personal Information and Personal Data directly from you when you download the App and create an account. It is completely optional for you to engage in these activities.

 

Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory information or any other information we require in order for us to provide our products or services to you, we may be unable to provide our products or services to you in an effective manner, or at all.

 

2.2 How we hold your Personal Information and Personal Data

Once we collect your Personal Information and Personal Data, we will hold it securely and store it on infrastructure owned or controlled by us. We provide some more general information on our security measures in Section 6 (Data security and quality).

 

3. Uses and discloses of Personal Information and Personal Data

3.1 Use and disclose details

We provide a detailed list at Section 1 of some common uses and disclosures we make regarding the Personal Information and Personal Data we collect.

 

3.2 Other uses and disclosures

We may also use or disclose your Personal Information and Personal Data and in doing so we are not required to seek your additional consent:

(a) when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your Personal Information and Personal Data to be used or disclosed for such a purpose;

(b) if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual's life, health or safety or to lessen or prevent a threat to public health or safety;

(c) if we have reason to suspect that unlawful activity has been, or is being, engaged in; or

(d) if it is required or authorised by law.

 

3.3 Use and disclosure procedures

In the event we propose to use or disclose such Personal Information and Personal Data other than for reasons set out in the above table at Section 1 or as otherwise outlined in this Privacy Policy, we will first notify you or seek your consent prior to such disclosure or use.

 

Your Personal Information and Personal Data is disclosed to these organisations or parties only in relation to the products or services we provide to you or for a purpose permitted by this Privacy Policy.

We take such steps as are reasonable to ensure that these organisations or parties are aware of the provisions of this Privacy Policy in relation to your Personal Information and Personal Data.

3.4 Communications opt-out

If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us via the details set out at the top of this document and we will ensure the relevant communication ceases. Any other use or disclosure we make of your Personal Information and Personal Data will only be as required or authorised by law or as permitted by this Privacy Policy or otherwise with your consent.

 

4. Sensitive information

4.1 Sensitive information generally

Sensitive information is a subset of Personal Information and Personal Data. It means information or opinion about an individual's racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.

 

4.2 Collection and use of sensitive information

We do not collect sensitive information from you.

 

5. Anonymity and pseudo-anonymity

To the extent practicable and reasonable, we will endeavour to provide you with the option of dealing with Laminar Communications on an anonymous basis or through the use of a pseudonym. However, there may be circumstances in which it is no longer practicable for Laminar Communications to correspond with you in this manner and your Personal Information may be required in order to provide you with our products and services or to resolve any issue you may have.

 

6. Data security and quality

6.1 Laminar Communications' security generally

We have taken steps to help secure and protect your Personal Information and Personal Data from unauthorised access, use, disclosure, alteration, or destruction. You will appreciate, however, that we cannot guarantee the security of all transmissions or Personal Information and Personal Data, especially where human error is involved or malicious activity by a third party.

 

6.2 LamChat Security

In unencrypted and encrypted rooms, users connecting to the Matrix.org homeserver (directly or over federation) will be able to see messages and files according to the access permissions configuration of the relevant room. This data is stored in the format it was received on our servers, and can be viewed by New Vector engineers (employees and contractors) under the conditions outlined below.

 

In encrypted rooms, the data is stored in our databases but the encryption keys are stored only on your devices or by yourself. Users can optionally backup an encrypted copy of their keys on the Service to aid recovery if they lose all their keys and devices. This key backup is encrypted by a recovery key that only the user has access to. This means that nobody, even Element engineers (employees and contractors) can see your message content in our database, and if you lose access to your encryption keys you lose access to your messages forever.

 

We use HTTPS to transfer all data. End-to-end encrypted messaging data is stored encrypted using AES-256, using message keys generated using the Olm and Megolm cryptographic ratchets.

 

Notwithstanding the above, we will take reasonable steps to:

(a) make sure that the Personal Information and Personal Data we collect, use or disclose is accurate, complete and up to date; and

(b) protect your Personal Information and Personal Data from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods;

 

 

 

 

6.3 Accuracy

The accuracy of Personal Information and Personal Data depends largely on the information you provide to us, so we recommend that you:

(a) let us know if there are any errors in your Personal Information and Personal Data.

 

We provide information about how you can access and correct your information in Section 7.

 

7. Access to and correction of your Personal Information and Personal Data

You are entitled to have access to any Personal Information and Personal Data relating to you which we hold, except in some exceptional circumstances provided by law (including the Privacy Act). You are also entitled to edit and correct such information if the information is inaccurate, out of date, incomplete, irrelevant or misleading.

 

If you would like access to or correct any records of Personal Information and Personal Data we have about you, you are able to access and update that information (subject to the above) by contacting us via the details set out at the top of this document.

 

8. Resolving Privacy Complaints

8.1 Complaints generally

We have put in place an effective mechanism and procedure to resolve privacy complaints. We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if any decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.

 

8.2 Contacting Laminar Communications regarding complaints

If you have any concerns or complaints about the manner in which we have collected, used or disclosed and stored your Personal Information and Personal Data, please contact us:

Telephone: 1300 48 6373

Email: admin@laminar.co

Address: P.O. Box 3245, Hendra, QLD, 4011

 

8.3 Steps we take to resolve a complaint

In order to resolve a complaint, we:

(a) will liaise with you to identify and define the nature and cause of the complaint;

(b) may request that you provide the details of the complaint in writing;

(c) will keep you informed of the likely time within which we will respond to your complaint; and

(d) will inform you of the legislative basis (if any) of our decision in resolving such complaint.

 

8.4 Register of complaints

We will keep a record of the complaint and any action taken in a Register of Complaints.

 

 

9. GDPR

9.1 Definitions

In providing our products and services, or collecting and using your Personal Data, we are required to comply with the GDPR where you are a European Union resident.

 

The following defined terms have the associated meanings:

(a) 'Data Subject' has the meaning attributed to that term in the GDPR.

(b) 'GDPR' means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC; and

(c) 'Personal Data' means the Personal Data (having the meaning attributed to that term in the GDPR) of the Data Subjects whose data is processed for the purposes of the provision of our retail services.

 

9.2 GDPR Obligations

If you are a resident of the European Union for the purposes of the GDPR, then in addition to what is set out in Sections 1 - 8 above, the following applies to you.

 

Under the GDPR, Laminar Communications is considered a 'data controller' in the provision of its services to you, and as such determines the purposes and means for processing of personal data.

 

In addition to your rights of access and correction as set out above, as a Data Subject you may:

(a) (access) request access to your Personal Data held by Laminar Communications;

(b) (rectification) request to update or rectify any of the Personal Data that we hold about you by contacting us at the details specified above and request Personal Data updates;

(c) (erasure) withdraw your consent to Laminar Communications' use of your Personal Data as described in this policy by deletion or erasure of your Personal Data that we hold where that data is no longer required for the purpose for which it was collected;

(d) (restriction on processing) obtain from Laminar Communications a restriction on processing of your Personal Data where:

(1) accuracy of the Personal Data is contested;

(2) the processing by the processor is unlawful (and you oppose erasure but request restriction of use);

(3) Laminar Communications no longer needs your Personal Data; or

(4) you have objected to processing pursuant to your right to object under Article 21(1) of the GDPR;

(e) (data portability) request that Laminar Communications:

(1) provides you with a copy of the Personal Data that Laminar Communications holds about you in a portable and machine readable form; or

(2) share your Personal Data with a nominated third party.

 

9.3 Exercising Data Subject rights

If you wish to exercise any of your Data Subject rights, then please send your request in writing to the details above in section 8.2. We will process your request promptly and in any event, within one month of receipt of receiving it.

 

9.4 Complaints

If you have any concerns in relation to Laminar Communications collection or processing of your Personal Data, then you also have a right to complain to a supervisory authority (within the meaning of the GDPR).

 

10. Consent, modifications and updates

10.1 Interaction of this Policy with contracts

This Privacy Policy is a compliance document prescribed by law rather than a legal contract between two or more persons. However, certain contracts may incorporate all, or part, of this Privacy Policy into the terms of that contract. In such instances, Laminar Communications may incorporate the terms of this policy such that:

(a) certain sections or paragraphs in this policy are incorporated into that contract, but in such a way that they do not give rise to contractual obligations onto Laminar Communications, but do create contractual obligations on the other party to the contract; and

(b) the consents provided in this policy become contractual terms provided by the other party to the contract.

 

10.2 Acknowledgement

By using our website, purchasing a product or service from Laminar Communications, where you have been provided with a copy of our Privacy Policy or had a copy of our Privacy Policy reasonably available to you, you are acknowledging and agreeing:

(a) to provide the consents given by you in this Privacy Policy; and

(b) that you have been informed of all of the matters in this Privacy Policy.

 

10.3 Modifications and updates

We reserve the right to modify our Privacy Policy as our business needs require. We will take reasonable steps to notify you of such changes (whether by direct communication or by posting a notice on our website). If you do not agree to our continued use of your personal information and personal data due to the changes in our Privacy Policy, please cease providing us with your Personal Information and Personal Data and contact us via the details set out at the top of this document.