Skip to main content

Data Processing Policy

At On Show Services, trading as Snap it Share it, we are committed to protecting the personal data we process on behalf of our clients and ensuring compliance with applicable privacy laws, including the Australian Privacy Principles (APPs), the General Data Protection Regulation (GDPR), and other global privacy standards.This Data Processing Policy outlines how we handle personal data provided by our clients (referred to as “you”). It is designed to ensure clarity, transparency, and alignment with all relevant legal requirements.

1. Scope of the Policy

This policy applies when we process personal data on your behalf as part of providing our services, such as media storage, sharing, and event-based solutions. By using our services, you agree to the terms of this policy.

2. Roles and Responsibilities

  • You (the Client): Act as the Data Controller and determine the purposes and means of processing personal data.
  • We (Snap it Share it): Act as the Data Processor and process personal data only in accordance with your documented instructions.

3. Personal Data We Process

The types of personal data we may process on your behalf include:

  • General information: Names, email addresses, and phone numbers.
  • Media files: Photos, videos, and other content uploaded to our platform.
  • Event-related data: Guest lists, event details, and associated user information.
  • Technical data: IP addresses, device information, and usage data collected through cookies or similar technologies.

We do not process sensitive personal data (e.g., health or biometric data) unless explicitly instructed and agreed upon in advance.

4. Our Processing Obligations

4.1 Compliance with Laws

We will process personal data in compliance with all applicable privacy laws, including but not limited to:

  • Australian Privacy Principles (APPs) under the Privacy Act 1988.
  • General Data Protection Regulation (GDPR) for data subjects within the European Economic Area (EEA).
  • California Consumer Privacy Act (CCPA) for data subjects in California.

4.2 Processing Instructions

We will process personal data only:

  • Based on your documented instructions.
  • For purposes necessary to provide our services (e.g., storing, sharing, and managing event-related content).
  • As required by law, in which case we will notify you (unless prohibited by law).

4.3 Confidentiality

We ensure that all personnel accessing personal data are:

  • Trained on data protection and security.
  • Bound by confidentiality agreements or obligations.

5. Subprocessors

We may engage third-party subprocessors to assist in providing our services (e.g., cloud storage providers). We ensure that:

  • Subprocessors are subject to data protection obligations equivalent to those in this policy.
  • A current list of subprocessors is available upon request.
  • You are notified of any changes to subprocessors, allowing you to raise objections if necessary.

6. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption: Securing data during transmission and storage.
  • Access control: Restricting access to personal data to authorized personnel only.
  • Regular audits: Periodic reviews of our security practices.
  • Incident management: Procedures to detect, respond to, and mitigate data breaches.

7. Data Breach Notification

If we become aware of a data breach affecting personal data, we will:

  • Notify you without undue delay.
  • Provide relevant details, including the nature of the breach, affected data, and mitigation measures.
  • Assist you in meeting any legal obligations to notify regulators or affected individuals.

8. Data Subject Rights

We will assist you in fulfilling your obligations to respond to data subject requests under applicable privacy laws. This includes:

  • Access, correction, or deletion requests from individuals.
  • Objections to processing or requests for data portability.
  • Requests to withdraw consent where applicable.

We will not respond directly to data subjects unless instructed or required by law.

9. Data Retention and Deletion

  • We will process personal data only for as long as necessary to provide our services or as instructed by you.
  • Upon termination of our services or at your request, we will securely delete or return all personal data, unless retention is required by law.

10. International Data Transfers

As we use global cloud service providers, personal data may be transferred outside of Australia, including to countries that may not have the same data protection laws. When transferring data internationally, we ensure:

  • Compliance with the APPsGDPR, or other applicable laws.
  • The use of appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

11. Audits and Compliance

We will provide you with information and assistance necessary to demonstrate compliance with data protection obligations. Where required, we will:

  • Allow audits or inspections, provided reasonable notice is given.
  • Cooperate with your appointed independent auditors.

12. Liability

Each party is responsible for ensuring compliance with applicable data protection laws. We will only be liable for breaches of this policy caused by our own actions or negligence.

13. Updates to This Policy

We may update this policy from time to time to reflect changes in our services or legal requirements. Updates will be posted on our website, and continued use of our services constitutes acceptance of the updated policy.

14. Contact Information

If you have any questions about this policy or need to exercise your rights, please contact us at:
Emailprivacy@snapitshareit.com