We are deeply committed to the privacy and security of your data. We adhere to rigorous industry standards and comply with all applicable data protection laws, including the GDPR.
This Privacy Help Center:
- Outlines the steps we take to keep your data safe.
- Answers frequently asked questions about data privacy at WiseTech.
- Enables you to contact us for further information.
Processed based on legal grounds
- Processed for limited and legitimate purposes only.
- Secure and confidential.
Processed in line with data subjects’ rights
- Adequate, relevant, and necessary.
- Kept no longer than necessary for the legitimate purposes.
Processed in a transparent manner
- Accurate and up to date.
- Transferred to third parties only if permitted by law and subject to appropriate agreements.
WiseTech adheres to the GDPR as its global privacy standard, in addition to other local privacy laws where applicable.
The documents provided in this Privacy Help Center are primarily designed to address GDPR compliance. Whether or not the GDPR applies to your business, with WiseTech’s adherence to the GDPR as its global privacy standard you can be assured that your data with WiseTech is being handled in accordance with some of the most rigorous privacy standards globally.
Your personal data with WiseTech
Want to know how WiseTech handles personal data about you as an individual?
Our Privacy and Data Protection Notice sets out our assurances and your rights, with specific provisions if you are subject to the privacy laws of Australia, the EEA or California.
If you would like to contact us regarding your personal data held by WiseTech, please use our online Contact Form. Alternatively, if you’re a WiseTech Global customer, you can raise an eRequest through the eRequest Management Portal.
To provide our products and services to you, we process personal data on your behalf.
To give you confidence about how we manage this, we have developed a Data Processing Addendum (DPA). The DPA forms the central source of information for how we process your data in compliance with applicable laws.
The DPA describes:
- Our authorisation to process personal data you control.
- Information about the types of personal data we process.
- Technical and Organizational Measures we use to safeguard personal data.
The DPA incorporates the model contractual clauses for the safeguarding of international data transfers (SCCs), as updated following the Schrems II Ruling.
Some WiseTech customers choose to undertake a Data Transfer Impact Assessment (DTIA) in relation to personal data processed by WiseTech that is transferred to countries outside the EEA.
The decision as to whether a DTIA is required, and how it is carried out, is a matter for you as the data controller.
Most customers find that the most convenient way to obtain the information they need from WiseTech is to review:
- their Service or License Agreement with WiseTech; and
- our Data Processing Addendum.
Together, these documents address questions that a data controller would typically have for a data processor, such as WiseTech, when completing a DTIA.
The table below shows how information required for a DTIA can either be found in our agreements with you or is a matter for determination by your organization as the data controller.
Example DTIA question
A description of the proposed processing operation.
|This is contained in Schedule 1 and Section 3 of our Data Processing Addendum.|
|A description of the purpose of the transfer.||The purpose of the transfer is to enable the provision of services under the Service or License Agreement with WiseTech.|
An assessment of the necessity and proportionality of the processing operation in relation to the purpose.
|This is a matter for the data controller to determine, having regard to the services provided under their Service or License Agreement with WiseTech.|
An assessment of the laws of the third country to which the data will be transferred. This should consider the specific circumstances of the transfer, as well as the possibility of the transferred data being accessed by public authorities in that third country.
|This is a matter for the data controller to determine. We note that the relevant laws to assess are those of the United States and Australia.|
|Identification and assessment of the potential risks to data subjects associated with the transfer.||This is a matter for the data controller to determine.|
A description of the additional measures that could be taken to mitigate those risks.
|These measures may include steps taken by the data controller as internal organizational measures and controls regarding the use of WiseTech software.|
WiseTech processes personal data while providing our products and services. For example, we process personal data to:
- Complete booking requests.
- Complete contract details.
- Provide customer support.
When we collect your personal data as a data controller, we handle it in accordance with our Privacy and Data Protection Notice.
When we process personal data on behalf of our customers, we undertake processing in accordance with our Data Processing Addendum.
These documents set out our commitments to customers regarding compliance with applicable laws.
As a B2B SaaS provider, WiseTech’s primary role under the GDPR is as a data processor for our customers.
Under our Data Processing Addendum, we provide information on how we comply with the requirements of the GDPR as a data processor, including by providing: - A description of the data processing and the lawful basis for that pr
- Information regarding transfers to third countries and the measures to ensure that these transfers comply with applicable laws.
- A description of the technical and organizational measures we have implemented to safeguard transfers.
- A list of our subprocessors.
To the extent we handle personal data as a data controller, our position is set out in our Privacy and Data Protection Notice.
Our Privacy and Data Protection Notice sets out the rights that residents of certain jurisdictions have when we process your personal data.
In addition to the EEA, our Data Processing Addendum includes specific provisions to address the privacy laws of Australia, Brazil, California, the PRC, South Africa, Switzerland, Taiwan and the UK.
Please complete our Contact Form with your request.
Our Data Processing Addendum incorporates the model contractual clauses under the GDPR (SCCs) for the transfer of personal data to third countries which may not offer an equivalent level of protection.
In addition, and acknowledging the possible additional requirements for the adequacy of protection following the Schrems II ruling, our Data Processing Addendum describes technical and organizational measures we take to safeguard data transfers.
WiseTech engages subprocessors to assist in the processing of personal data. A current list of our subprocessors can be found on our subprocessors page. This list may be updated from time to time.
In accordance with the Data Processing Addendum, any processing undertaken by a Subprocessor must be done pursuant to a written agreement that is no less restrictive than the Data Processing Addendum.
WiseTech has data centers in Germany, the United States and Australia.
WiseTech employees involved in the processing of personal data are subject to confidentiality obligations, as set out in clause 3.4 of our Data Processing Addendum.
Our Data Processing Addendum incorporates the June 2021 model contractual clauses under the GDPR (the SCCs), as updated following the Schrems II ruling.
Our protection of data transfers is not limited to reliance on the SCCs. It also includes other technical and organizational measures such as encryption, which are detailed in Schedule 2 of the Data Processing Addendum
WiseTech customers can implement internal controls to limit the types of personal data that are entered into WiseTech software. Please be aware that this may affect the extent to which you are able to use the full functionality of the software.
We have an ISO27001 certification for our ISMS.