Privacy Policy

Thanks for using SITESEC and thanks for reading this Privacy Policy.

The SITESEC Service is provided for Sitesec Pty Ltd “the Provider” (Company registered number 611552053) of U8 Henry Street, Loganholme, Queensland, 4129, Australia by Videoloft Limited “the Developer” (Company registered number 08121657) of 127 Milton Park, Abingdon, Oxfordshire, England OX14 4SA.

In order to provide the SITESEC app, the Developer sometimes need to collect information about you. This Privacy Policy explains:

  • what information may be collected about you
  • how the information is used
  • whether it’ll be disclosed to anyone else

The data processor is Videoloft Limited whose address is Unit 7, 127 Olympic Avenue, Milton Park, Abingdon, OX14 4SA, United Kingdom and email address partners@videoloft.com.

What information will the Developer collect about me?

When a SITESEC account is created for you by the Provider, the Developer may receive personal information about you; currently this information comprises your name, email address and company name (where applicable).

When the Provider creates your account, the Developer (and, if applicable, their contractors) are enabled to provide you with the products, services or activities you select. The Developer may also collect a range of information about the way you use the Service, including without limitation device settings, app settings and usage. For example, they collect the names of your devices, so that they can show you a meaningful list of cameras to view.

The Developer does not have access to any personal information concerned with payment such as credit card numbers. You are paying your subscription fee directly to the Provider, your payment relationship is with them and not the Developer.

Under the European General Data Protection Regulation (GDPR) you remain the owner and data controller of your personal video data. Where the Developer stores the data, they act as data processor. The Developer will only view your video data in 2 scenarios: 1. With your express permission, for example if they are resolving a particular technical problem they might seek your permission to view it 2. As may be required as part of sharing the information with someone else in accordance with the strict restrictions set out below.

How will the Developer use the information they collect about me?

The Developer will use your personal information for a number of purposes including the following:

  • to provide the Service and to deal with your requests and enquiries;
  • • for "service administration purposes", which means that the Developer or the Provider may contact you for reasons related to the service you have signed up for (e.g. to provide you with password reminders or to notify you that a particular product, service or activity will be suspended for maintenance);
  • to provide you with information about the services, products or activities;
  • to personalise the way the service is presented to you;
  • • to use IP addresses to identify the location of users, to block disruptive use, to establish the number of visits from different countries and
  • to analyse and improve the service and provide you with the most user-friendly experience.

What is the legal basis for the Developer processing your personal data?

The Developer’s processing of personal data will satisfy at least one of the following processing conditions:

  1. Consent – you have given consent to the processing for one or more specific purposes. You have the right to withdraw consent at any time but this will not affect the lawfulness of processing based on consent before its withdrawal;
  2. Necessary for performance of a contract - The processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. Where this ground applies the provision of the information is a contractual requirement and if you fail to provide it we will be unable to provide the services that you have requested;
  3. Legal obligation - The processing is necessary for compliance with a legal obligation to which we are subject;
  4. Vital interests - The processing is necessary in order to protect your or another person’s vital interests, e.g. in medical emergencies;
  5. Public functions - The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  6. Legitimate interests - The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. Legitimate interests include transfer of data for internal administrative purposes, market research activities, direct marketing purposes, preventing fraud, ensuring network and information security and reporting criminal acts or threats to public security.

How long will the Developer keep your Information?

The Developer will generally keep your personal data until it is no longer required for the lawful purpose(s) for which it was obtained.

Will the Developer share my personal information with anyone else?

The Developer may share your information with our advisers, suppliers, customers and partners as is necessary to ensure that you are provided with the services you have requested. They will not share your information with any third parties for reasons other than providing the services you have requested.

The Developer collects information about you to provide your services and manage your account. In providing the services, they may send your details to, and also use information from credit reference agencies and fraud prevention agencies.

The Developer will keep your information confidential except where (i) disclosure is required or permitted by law (for example to law enforcement agencies who require the information from them in a formal legal request or pursuant to court orders or legal process), or (ii) they have your consent to disclose the information, or (iii) as deemed necessary, in our reasonable discretion, to protect the legal rights or property of the Developer or a customer or third party, or to prevent personal injury, or (iv) in the event they are required to transfer personally identifiable information to a third party in the event of a sale, merger, assignment, joint venture or other transfer or disposal of all or part of its business, though any new owner would be required to adopt the same protections.

Where is my data stored?

Any video that you record using the service is stored in the Developer’s “cloud” which is hosted by Amazon Web Services, who also host thousands of other major brands across the world. The Developer uses two AWS data centres, one in Ireland and one in North Virginia, USA. When the Provider creates your account, we choose the closer data centre. For example, users in Europe will have their videos stored in Ireland and users in the Americas will have their videos stored in the USA.

The Developer may also share some personal data or usage data (not video) with the third parties below:

  • Some usage data, such as what features you have used in the app, is gathered and stored in Google Firebase. This data is used to analyse what the users are doing as a group in order to help the Developer improve the service. It is not used to analyse what you are doing as an individual unless you contact the Provider or the Developer and ask them to investigate a problem that you have experienced.

Please note that this may include the transfer of your personal data to one or more countries outside the UK.

Deleting video & personal data

Your video is stored in the Developer’s cloud and it is automatically deleted after a number of days depending on your account level. Once deleted, the video cannot be recovered as no back-ups are stored.

If you delete a motion event in the SITESEC app, no video is deleted. In fact, motion events deleted in this way can be recovered by the Developer if necessary. You should tell the Provider if you need an event to be recovered, but note that the video event will only be available for as long as your cloud storage plan.

Please contact the Provider if you wish to delete your SITESEC account. Once your account has been deleted, your email address is removed immediately from the Developer’s database. This means that any error logs the Developer stores can no longer be tracked back to you individually. All of your video will be deleted within 48 hours. Also your device names are removed from the Developer’s database.

Your right to be forgotten

In certain circumstances you have a right to be forgotten by the Developer. They do not need to comply if the processing is necessary for rights of freedom of expression or information or for compliance with a legal obligation under law or in certain other limited circumstances permitted by applicable law.

The way to be forgotten is to simply ask the Provider to delete your account. All your video will get deleted within 2 days and your email address will be removed from the Developer’s database, so there will be no way to link any server logs back to your account. The Developer keeps the server logs as ‘anonymized data’ so that they can analyse it to help them improve the service.

Your right to extract your personal data

You have the right to request a copy of the information that the Developer holds about you via a subject access request. If you would like a copy of some or all of your personal information, please contact the Provider, supplying an email address to which the information should be sent. The Developer may use reasonable means to verify the identity of the person making the request. If the Developer holds a large quantity of data, they may ask you to specify the information or processing activities to which the request relates. They will provide an electronic copy of the information free of charge but may charge a reasonable, administrative-cost fee if further copies are requested. The Developer will respond to subject access requests within a month. They can extend this by a further two months if the request is complex or if they have received a large number of requests. The Developer can refuse to respond to the request if it is manifestly unfounded or excessive (or charge an administrative fee). They may refuse a request where it is not made for the purpose of allowing you to be aware of and verify the lawfulness of the processing we are carrying out. They can withhold personal data if disclosure would adversely affect the rights and freedoms of others, e.g. involving the conduct of a business in, for example, intellectual property rights, trade secrets and confidential information.

You can extract and download all of your video using the features of the service. If you have a valid reason, such as wanting video as evidence in a court case, the Developer can help speed this process for you if you contact the Provider. The only personal data that the Developer stores other than your video is your email address, device names and the titles and descriptions of your clips – you can see all of these in the app.

What are your other rights?

In certain circumstances you have the right to object to the processing of your personal data. The Developer will comply with the request where their processing is for direct marketing purposes or based on the processing conditions of public interest or legitimate interests. They will not comply if the processing is for legal claims or based on a compelling legitimate interest which overrides your interests.

If you have a complaint, please raise this with your Provider in the first instance using the contact details shown above. If necessary, you may also contact the Developer using the contact details above. If you remain dissatisfied you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.