top of page

Privacy & GDPR Statement 

​

Version 1.0 as at 1 September 2025.
Authorised Representative: Gerard McLennan – CEO.

​

At “APIAN Integration” (herein referred to as “APIAN”) we are committed to protecting user privacy and complying with the regulatory environment. We understand that users value their privacy and may have concerns about the information collected and how it is used, stored, and distributed.

​

Our approach to user privacy is to ensure open and transparent management of information to ensure users are comfortable and fully understand what information we have, how we use it and how they can protect and manage their information with us.

​

We have documented in this statement how we manage user information including but not limited to what we collect, how we collect it, how it is stored, when we use it and limitations on who has access to the information and how its output is distributed.

​

This statement has been written with close reference to the Australian Privacy Act amendments and the Australian Privacy Principles and the relevant Workplace Surveillance legislation. For the purpose of this document ‘information’ or ‘data’ references Personal Information and ‘users’ refers to individuals to whom we have information for.

​

We will continue to review this statement in light of any updates or legislative changes and the most recent version will be published in the user portal at https://manage.APIAN.com (login required) or can be requested directly by contacting us using any of the methods listed at the end of this statement.

​

We believe that our service is compliant with the relevant legislative provisions.

​

What Information We Collect

APIAN limits the collection of information to what is essential in order for us to deliver products and services to the user. We have documented what information we collect below.

​

Please note that there are instances where we may not collect the information based on the scope of the deployment and configuration.

​

User inputted information

  1. Email address

  2. Password set by user

  3. First Name

  4. Last Name

  5. Mobile Number

  6. Company/Employer

  7. Time zone

  8. Vehicle Make

  9. Vehicle Model

  10. Vehicle Registration Plate

  11. All relevant data points accessible through original equipment manufacturer (OEM)

  12. Description of trip

  13. Classification of trip

  14. Support requests or other forms of contact via our various customer support channels

 

It is at the user’s discretion to the degree of accuracy they wish to provide us in their information input, however where accurate information is not provided, it may limit our ability to provide services.

​

Calendar Integration

  1. Event name as recorded in calendar by user

  2. Event location as recorded in calendar by user

  3. Event time

  4. Event date

 

Vehicle Location Information (if activated)

  1. Date of record

  2. Time of record

  3. Latitude of vehicle at time of record

  4. Longitude of vehicle at time of record

 

Vehicle activity Information (if activated)

  1. Start odometer reading

  2. End odometer reading

  3. Kilometres for each trip recorded

  4. Approximate location based on nearest street and suburb for each trip start and end location

 

Driver Behaviour Information (if activated)

  1. Speed

  2. Hard Acceleration

  3. Hard Braking

  4. Hard Cornering

  5. Sudden Deceleration

 

Third Party Information

  1. Based on requirements

 

How The Information Is Collected

Information is collected from various sources and also produced within our service delivery platform. By providing information through the users account setup and/or using our service, the user consents to our collection and storage of the information. This consent is obtained from each user via a prompt upon first use.

​

We have provided detail with reference to the information listed above in respect of how the information is collected.

​

User inputted information
This information is collected through the user or user's employer providing the input via online form and/or system prompts during user setup or otherwise received directly.

​

In some instances (where the service is sponsored by a third party e.g. employer) we may receive some information directly. Where this is the case, within a reasonable time frame, we will input the information into the user account, and it is the employers responsibility to notify the user of the information and how it can be accessed and corrected. If the user has an issue with the information being used by APIAN a complaint can be raised to address the concerns through their employer or by contacting APIAN.

​

Calendar Integration
This information is collected through the calendar feed feature from the user's calendar.

This feature is optional and at the user discretion as to whether they enable the functionality. All data is queried on demand and is not stored unless committed and saved by the user.

​

Vehicle Location Information & Driver Behaviour
This information is collected through the APIAN’s integration through approved third-party OEM integration.

​

Vehicle Activity Information
This information is collected through the processing of data sourced through approved third-party OEM integration with APIAN.

​

Third Party Information
This information is provided by a third party to APIAN strictly for the use as defined.

​

How Information Is Stored

All information is securely managed and stored by Microsoft Azure. Azure provides managed hosting services in a dedicated secure environment and meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards such as the Australian IRAP.

​

The Azure data centres are located on the east coast of Australia and are certified with enterprise level encryption (AES-256). Azure also commits to operating within ISO/IEC 27018 which is the code of practice for cloud privacy. APIAN protects data with real-time redundancy.  APIAN also follows ISO standards according to ISO27001 and ISO9001 framework.

​

Transmission of Information
All transmissions between our servers and users are protected by SSL encryption to secure and maintain the data integrity.

Transmissions between the APIAN and our servers are raw data string only and do not contain personally identifiable information. APIAN decodes the data in our secure cloud environment.

​

Protection of Information
APIAN operates within the ISO 27001 and ISO9001 framework.

​

The secure management of the APIAN’s ICT infrastructure, systems and information, as defined in the Statement of Applicability version 1, dated 20 July 2019. (ISO 27001:2013).

​

Provision of fleet and data management services including processing, collation, analytical analysis of data and other associated services for organisations. (ISO 9001:2015).

​

Why we collect the information and what we use the information for

By submitting and allowing us to collect information for you for the purpose of our service delivery (including core functions and activities) you agree to us storing, processing and collecting your data to comply with our service contract with you or your employer.

​

We may use data which has been anonymised and aggregated into a form where it is no longer personalised data. This may be used for a wide range of purposes for the benefit of APIAN. These may include enabling us to improve the service delivery and service quality, production of new and improved products/services, statistical analysis of usage patterns, behaviour statistics, benchmarking or relative analysis. No personal data that can identify an individual will be used for this purpose.

​

APIAN may, from time to time, send users information about new features, services, or updates relevant to our platform. We will only send such communications where the user has provided consent or where consent is implied under the Privacy Act.

Users may opt out of receiving direct marketing communications at any time by using the unsubscribe function included in the communication or by contacting us at https://www.apianintegration.com/contact. Opting out of direct marketing will not affect your access to our core services.

​

Inquiry or Complaint Handling

We are committed to maintaining an open and transparent channel to deal with requests from users related to their privacy.

​

Users can at any time access personal information about the individual that is held by us and also seek correction of such information.

​

APIAN has a support channel that can handle any request relating to this policy, simply click on https://www.apianintegration.com/contact  and our team will undertake to respond to all requests.

​

If a user does not receive a response within a reasonable timeframe, escalations should be directed to the CEO on telephone 1800 564 2665 identifying the call as an ‘escalated privacy related request’. These requests will be escalated to senior management and responded to upon receipt.

​

Upon receipt of an inquiry or complaint our team will investigate the issue and respond with a solution or if more time is required, an outline of the steps we will be taking to address the query and an estimated time frame when we expect to have a response to the user.

​

Please note that where the request involves information access and/or correction, we will require a formal identification process of the requestor to be completed before any requests will be processed.

​

Information Updates and User Access to Information

User information is available and can be accessed via our web platform and mobile applications. A user may also receive alerts via email, push notification or sms. Alerts disclose limited information, instead of requiring the user to login to action the alert.

​

Information can be accessed and updated by the user or the user may contact APIAN directly and submit a request for update. All update fields are protected by a secure login and any updates will be implemented in real-time.

​

How information is disclosed and to who

 

Distribution Of Information

We will not distribute any information without explicit written consent. Our information distribution model relies on the user facilitating any information distribution except in limited circumstances noted below.

​

The user has access to information that is suitable for distribution (such as the logbook report) and it is the user’s responsibility to download/export any information (in the form of reports) and distribute (to relevant parties) it as necessary.

​

Employer Sponsored Service

Where an employer has sponsored APIAN and is using the solution for enterprise purposes we will provide authorised persons with access to the secure APIAN portal.

​

Data access and privacy levels will be set based on the access level of the authorised individual. Where information is requested that is outside of the usual access levels, APIAN requires written authorisation from a verified authorised representative.

​

Access levels will be communicated directly to users via initial communications and/or presentations and/or user training.

If you are an employee/driver and have any queries or would like to request additional information about the reporting available to your employer, we’re here to help, please contact us at https://www.apianintegration.com/contact

 

Third Party Access

In remote circumstances, we may have arrangements with employers or third parties to provide and distribute information on behalf of users. We will only provide this service where there is written consent from the authorised person. This consent will be kept and referenced by selected staff who have access.

​

Internal APIAN Access

We have strict internal controls on who can access user information. We generally allow access only when required to perform tasks, then we restrict the access once completed.

​

Our Chief Technology Officer (CTO), has full responsibility for user access and information security.  We have restricted access across our team and conduct regular internal audit procedures to uphold our information security function.

​

Cookies and Analytics

Our website and mobile applications may use cookies and similar technologies to enhance user experience, improve service delivery, and analyse how our services are used. Cookies are small data files stored on your device which help us recognise repeat visits and preferences.

​

We may also use third-party analytics services (such as Google Analytics) to help us understand how users interact with our site and applications. These tools collect information such as IP address, browser type, pages visited, and time spent on the site.

​

Users can control or disable cookies through their browser settings. Please note that disabling cookies may affect the functionality of some parts of our website or applications.

​

Analytics data is collected in aggregate form and does not identify individual users.

 

Third Party Disclosure

We may disclose information to the extent that it is required by law, order of any court, tribunal, authority or regulatory body, enforcement authority, rules of any stock exchange or any professional obligations or requirements. If this occurs, where practical and to the extent permitted by law, we will notify the user directly of the requirement to disclose and only disclose the minimum information.

​

Permitted Extraordinary Disclosures

We may also disclose if a permitted general situation exists in relation to a portion or all of the information or in an instance where a health situation exists requiring the information to be disclosed.

​

Any extraordinary disclosure requires approval by two directors of APIAN Integration PTY LTD.

​

How long information is stored

For your convenience, we store user data for a minimum period of 5 years in Australia and 7 years for New Zealand users.  We securely destroy or de-identify personal information once it is no longer required for the purposes outlined in this statement or as required by law.

​

If users wish for their information to be removed and destroyed, please lodge a request via our contact us website page.

​

Our position on overseas disclosure of information

APIAN operates across Australia and New Zealand (ANZ) and does not store ANZ data outside of Australia. APIAN also operates in the United Kingdom and United States, all data from these countries are stored in Australia.

​

GDPR & International Data Protection Compliance

If you are located in the European Union or the United Kingdom, APIAN processes your personal data in compliance with the General Data Protection Regulation (GDPR) and the UK GDPR.

​

Data Controller:  APIAN Integration Pty Ltd is the “data controller” for personal data collected through our services.
 

Legal Bases for Processing:  We process personal data only where a lawful basis exists, including:
 

  • Performance of a contract with you or your employer.

  • Compliance with our legal obligations.

  • Our legitimate interests (such as ensuring platform security, service improvement, and fraud prevention).

  • Your consent, where applicable (for example, for direct marketing).

  • ​

Data Subject Rights: In addition to the rights already outlined in this statement, EU and UK users have the right to:
 

  • Request access to and a copy of the personal data we hold.

  • Request correction or rectification of personal data.

  • Request deletion (“right to be forgotten”).

  • Restrict or object to processing of personal data.

  • Request portability of personal data to another provider.

  • Withdraw consent at any time (without affecting the lawfulness of prior processing).

  • Lodge a complaint with a supervisory authority in your country of residence.
     

To exercise these rights, please contact us via https://www.apianintegration.com/contact.

 

Cross-Border Data Transfers
All personal data is stored in Australia. Where we transfer personal data outside of the EU or UK, we take appropriate safeguards to ensure your data remains protected, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognised mechanisms.

​

US Data Protection
APIAN also operates in the United States. While there is no single federal privacy law equivalent to GDPR, APIAN complies with applicable state privacy laws, including the California Consumer Privacy Act (CCPA), where relevant. US users may request access to, correction of, or deletion of their personal data at any time by contacting us.

​

Need clarification or have any questions?

We encourage users to contact us on https://www.apianintegration.com/contact with any further queries. Our team would be more than happy to help.

​

Contact

APIAN Integration PTY LTD [ABN 65 684 122 834]

Contact us: https://www.apianintegration.com/contact

bottom of page