Field One
LoginFree trial

Data Processing Addendum (DPA)

Last updated: 2025-01-01

This Data Processing Addendum ("DPA") forms part of the agreement between Oplerra and the Customer and applies where Oplerra processes Personal Data on behalf of the Customer in the course of providing the Oplerra platform and related services.

This DPA is intended to support compliance with applicable Australian privacy laws (including the Privacy Act 1988 (Cth) and the Australian Privacy Principles) and to meet common council and enterprise procurement requirements.

1. Definitions

For the purposes of this DPA:

  • Customer means the entity that has entered into an agreement with Oplerra for use of the services.
  • Oplerra means the Oplerra entity providing the services.
  • Personal Data means any information relating to an identified or identifiable individual processed under this agreement.
  • Processing has the meaning given under applicable privacy laws and includes any operation performed on Personal Data.
  • Data Controller means the entity that determines the purposes and means of Processing Personal Data.
  • Data Processor means the entity that Processes Personal Data on behalf of the Data Controller.
  • Subprocessor means a third party engaged by Oplerra to Process Personal Data on behalf of the Customer.

2. Roles of the Parties

  • The Customer acts as the Data Controller for all Personal Data processed using the Oplerra platform.
  • Oplerra acts as a Data Processor, processing Personal Data solely on documented instructions from the Customer, as necessary to provide and support the services.

The Customer is responsible for:

  • determining the lawfulness of the Processing;
  • providing appropriate notices to data subjects; and
  • ensuring that Personal Data provided to Oplerra is collected and used in accordance with applicable law.

3. Description of Processing

Oplerra Processes Personal Data for the following purposes:

  • delivery of field operations, asset management, safety, and compliance workflows;
  • generation of operational records, reports, and audit evidence;
  • user authentication, access control, and system administration; and
  • customer support and service improvement.

Categories of Personal Data

Depending on Customer use of the platform, Personal Data may include:

  • names, email addresses, and contact details;
  • user account and role information;
  • job, project, and operational records;
  • safety forms, incident records, and compliance documentation;
  • photographs, documents, and other media uploaded by users.

Categories of Data Subjects

  • Customer employees;
  • contractors and subcontractors;
  • supervisors, managers, and administrators;
  • other individuals whose data is entered into the system by the Customer.

Duration of Processing

Personal Data is Processed for the duration of the Customer agreement, unless otherwise instructed by the Customer or required by law.

4. Security Measures

Oplerra implements appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful Processing, loss, destruction, or damage.

These measures are described in Oplerra's publicly available Security Overview, which forms part of this DPA by reference and may be updated from time to time to reflect improvements in security controls.

5. Subprocessors

The Customer authorises Oplerra to engage Subprocessors as necessary to provide the services.

At the time of this DPA, Subprocessors may include:

  • DigitalOcean – cloud infrastructure, managed databases, and object storage (Australia region)

Oplerra ensures that Subprocessors are subject to contractual obligations that provide a level of protection for Personal Data equivalent to those set out in this DPA.

Customers will be notified of material changes to Subprocessors where required by applicable law or contract.

6. Data Subject Rights Assistance

Taking into account the nature of the Processing, Oplerra will assist the Customer, upon reasonable request, to respond to requests from data subjects to exercise their rights under applicable privacy laws, including access, correction, or deletion requests.

Oplerra will not respond directly to data subject requests unless authorised by the Customer or required by law.

7. Personal Data Breach Notification

In the event of a suspected or confirmed Personal Data breach affecting Customer data, Oplerra will notify the Customer without undue delay and provide reasonable information to support investigation, mitigation, and regulatory notification obligations.

8. Data Return and Deletion

Upon termination or expiry of the Customer agreement, and upon Customer request:

  • Oplerra will make Personal Data available for export where reasonably practicable; and
  • Oplerra will delete or securely dispose of Personal Data within a reasonable period, except where retention is required by law.

9. Audits and Information Requests

Upon reasonable written request, Oplerra will provide information necessary to demonstrate compliance with this DPA, taking into account confidentiality, security, and operational constraints.

10. Governing Law

This DPA is governed by and construed in accordance with the laws specified in the Customer agreement, and in the absence of such specification, the laws of Australia.

11. Order of Precedence

In the event of any conflict between this DPA and the Customer agreement with respect to Processing of Personal Data, this DPA shall prevail.

Except as modified by this DPA, the terms of the Customer agreement remain in full force and effect.