INTRODUCTION

We are committed to protecting the privacy of individuals and ensuring that data captured through our drone operations is handled responsibly, ethically, and in compliance with privacy laws. This Privacy Charter outlines our approach to data collection, use, storage, and security. Where we collect personal information, we manage it in an open and transparent way. Our full Privacy Policy is available on our website.

1. DATA COLLECTION AND PURPOSE

We collect data only as necessary to fulfill our operational objectives and deliverables, and only as reasonably necessary for, or directly related to, one or more of our functions or activities. The types of data we collect may include visual (images/video), audio, or other sensor-based data such as Light Detection and Ranging (LiDAR), or thermal, as required for the specific task. We assess whether any data captured could reasonably identify a person and take steps to minimise such collection.

2. IDENTIFIABLE INFORMATION AND PRIVACY CONSIDERATIONS

If data collection includes identifiable individuals, we assess the context, such as whether images are captured in public or private settings. Our operations prioritise privacy-friendly practices, including avoiding drone flights over private property where feasible. We employ the use of anonymous or de-identified data wherever possible.

3. STAKEHOLDER CONSULTATION AND COMMUNITY ENGAGEMENT

We identify relevant stakeholders who may require consultation before conducting drone operations. Where necessary, we implement a community engagement strategy to inform and address concerns.

4. DATA QUALITY, SECURITY, AND ACCESS

We have quality control measures in place to ensure the accuracy, relevance, quality, and integrity of collected data, including: pre-flight planning and hardware calibration; flight logging; adequately trained pilots; and using reputable software and storage providers. Data security is paramount, and we implement safeguards such as encryption, access controls, and secure storage to protect against unauthorised access. Only authorised personnel have access to collected data, with strict controls on data usage.

5. DATA RETENTION AND DESTRUCTION

Data is retained only for as long as necessary to meet operational needs, with a default retention period of 30 days unless otherwise agreed. After the retention period, data is either securely archived or permanently destroyed, as appropriate.

6. INDIVIDUAL RIGHTS AND ACCESS TO INFORMATION

Individuals whose information is captured have the right to request access to any personal data collected about them, subject to legal and operational constraints. A complaint-handling mechanism is in place to address privacy concerns in a transparent and effective manner. If you have concerns about how we handle personal information, you can contact us at [email protected]. We will investigate and respond within 30 days. If you are not satisfied, you may escalate the complaint to the Office of the Australian Information Commissioner (OAIC).

7. PRIVACY RISK MANAGEMENT AND MITIGATION

We conduct privacy impact assessments to identify and address potential concerns before operations commence. Privacy risks are mitigated through: operational controls, such as staff training and compliance protocols; technical controls, including encryption, secure data storage, and access limitations; communication strategies, such as public notifications and stakeholder engagement. Where possible, operations are scheduled at times that minimise the capture of personal information.

8. COMPLIANCE AND CONTINUOUS IMPROVEMENT

We regularly review and update our privacy practices to align with legal, technological, and community expectations. If privacy risks are found to be unacceptable, we consider alternative methods or, where necessary, do not proceed with the operation. Recommendations from privacy impact assessments guide our approach, ensuring a balance between operational goals, privacy rights, and community values.

9. INCIDENT RESPONSE AND PRIVACY BREACH HANDLING

We have a structured process for responding to any privacy or data breaches, including immediate assessment, mitigation, and notification procedures where required. The potential value of data to unauthorised users is considered in security planning to minimise risks of misuse.

We respect your privacy and invite you to be in contact with us if you have any questions or concerns.

The Hoverscape PTY LTD Team