Last Updated: October 16, 2020
We understand that privacy is important to visitors to our website (our “Site”) and users of our products and services (our “Products”), and we are committed to respecting your privacy.
2. What is the Purpose of Our Policy?
a) Providing the system and services that we offer; and
b) The normal day-to-day operations of our business.
a) The Australian Privacy Principles set by the Australian Government for the handling of Personal Information under the Privacy Act 1988 (Cth) (Privacy Act); and
b) The regulations and principles set by the European Union’s General Data Protection Regulation (GDPR) for the handling of Personal Data.
3. Who and What does this Policy apply to?
3.2 We handle Personal Information in our own right and also for and on behalf of our customers and users.
3.5 If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.
3.6 We consider the protection of the privacy of children paramount. Our services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under the age of 16 without obtaining parental consent. If an individual is under 16 years of age, then they should not use or access the service at any time or in any manner. If we learn that Personal Information has been collected on the service from persons under 16 years of age and without verifiable parental consent, we will take the appropriate steps to delete such information.
4. What Personal Information do we collect?
4.1 In the course of business, it is necessary for us to collect Personal Information. This information allows us to identify who an individual is for the purposes of our business, share Personal Information when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
a) Personal Information. We may collect personal details such as an individual’s name, location, date of birth, nationality, and other information defined as “Personal Information” in the Privacy Act that allows us to identify who the individual is;
b) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, residential, business, and postal address, and other information that allows us to contact the individual;
c) Billing Information: We may collect any information required to issue quotes and invoices, including Business Registration details, billing address details, and any additional information that allows us to transact with the individual and/or provide them with our services.
d) Product Information: We may collect information about the details of the products we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and respond to your inquiries.
e) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases, and other information for statistical purposes; and
f) Information, an individual, sends us. We may collect any personal correspondence that an individual sends us, that is provided to us through customer surveys, or that is sent to us by others about the individual’s activities.
h) We may also collect Non-Personal Information about an individual such as information about your usage of the product including your license ID, account ID, device ID, device type, geo-location information, computer and connection information, statistics on page views and product usage, traffic to and from the sites, ad data, IP address, and standard web log information
i) Where Non-Personal Information is collected, the Australian Privacy Principles and the GDPR do not apply.
5. How do We Collect Personal Information?
5.1 Most information will be collected in association with an individual’s use of the Product, or website, an inquiry about the Product, or general dealings with us. We may, however, also receive Personal Information from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies, and our business partners. In particular, information is likely to be collected as follows:
5.2 Registrations/Subscriptions.When individuals register or subscribe for a service, list, account, connection, or other processes whereby they enter Personal Information details in order to receive or access something, including a transaction;
a) When an individual submits their details to open an account with us;
b) When an individual supplies us with goods or services;
c) When an individual communicates with us through correspondence, Slack, email, or when you share information with us from other social applications, product, or websites;
d) Access and Interaction. When an individual accesses or interacts with us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
e) Pixel Tags. Pixel tags enable us to send email messages in formats customers can read, they tell us whether mail has been opened, and allow us to gather information about website and Product visitors and what actions they took so that we can improve our Product and Service offering.
5.3 As there are many circumstances in which we may collect information both electronically and physically, we will endeavor to ensure that an individual is always aware of when their Personal Information is being collected.
5.4 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information, in accordance with the Australian Privacy Principles and the GDPR.
6. Why do we Collect, Use, and Disclose Personal Information?
6.1 In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected other than with the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
6.2 We will only process Personal Information when we can identify a lawful basis to do so. It is always our responsibility to ensure that we can demonstrate which lawful basis applies to the particular processing purpose.
6.3 The most common lawful bases relied upon are:
a) Consent: we will only rely upon express, clear, and informed consent. Any consent provided may specify and/or restrict the purpose and can be withdrawn at any time without penalty. We will keep a record of when and how we got consent from an individual.
b) Legitimate interests: we will only rely upon an identifiable legitimate interest where we can demonstrate that the processing of Personal Information is necessary to achieve it by balancing it against the individual’s interests, rights, and freedoms. We will keep a record of our legitimate interest assessments.
6.5 If it is necessary for us to disclose an individual’s Personal Information to third parties in a manner compliant with the Australian Privacy Principles and the GDPR in the course of our business, we will inform you that we intend to do so, or have done so, as soon as practical.
6.6 We will not disclose or sell an individual’s Personal Information to unrelated third parties under any circumstances unless the prior written consent of the individual is obtained.
6.7 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
a) The provision of goods and services between an individual and us;
b) Verifying an individual’s identity;
c) Communicating with an individual about:
d) Their relationship with us;
e) Our goods and services;
f) Our own marketing and promotions to customers and prospects;
g) Competitions, surveys, and questionnaires;
h) Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
i) As required or permitted by any law (including the Privacy Act).
6.8 The individual shall have the right to object at any time to the processing of their Personal Information for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. If we receive such a request, we will stop the processing of Personal Information for direct marketing purposes immediately without charge or penalty.
6.9 There are some circumstances in which we must disclose an individual’s information:
a) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive, or unlawful activity that a governmental authority should be made aware of;
b) As required by any law (including the Privacy Act); and/or
6.11 We may utilize third-pay service providers (such as Gmail from Google, Inc.; ActiveCampaign, LLC.; AWS Marketplace, Amazon Web Services; Red Hat Marketplace, IBM) to communicate with an individual and to store contact details about an individual. These service providers are located in the United States of America. No Health Information is stored in any third-party services in Australia or elsewhere.
7. Opting “In” Or “Out”
7.1 An individual may opt to not have us collect and/or process their Personal Information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
a) Opt-In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us (for clarity, consent must involve an unambiguous positive action to opt-in); or
b) Opt-Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
7.2 If an individual believes that they have received information from us that they did not opt-in or out to receive, they should contact us on the details below.
8. How we Manage the Safety and Security of Personal Information
8.2 We will take all reasonable precautions to protect an individual’s Personal Information from unauthorized access. This includes appropriately securing our physical facilities and electronic networks.
8.3 We take all reasonable and appropriate technical and organizational measures designed to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction of personal information. This includes appropriately securing our physical facilities and electronic networks.
8.4 We use SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorized access to, Personal Information where the security of information is not within our control.
8.5 We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws) unless otherwise required by the Privacy Act and the GDPR. The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
8.6 If an individual suspects any misuse or loss of, or unauthorized access to, their Personal Information, they should let us know immediately.
8.7 We are not liable for any loss, damage, or claim to arise out of another person’s use of the Personal Information where we were authorized to provide that person with the Personal Information.
8.8 Where there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information, then:
a) We will immediately establish the likelihood and severity of the resulting risk to wider rights and freedoms of natural persons;
b) If we determine there is a risk from the security breach, then we will immediately notify the relevant supervisory authority and provide all relevant information on the particular breach, and by no later than 72 hours after having first become aware of the breach;
c) If we determine there is a high risk from the security breach (a higher threshold than set for notifying supervisory authorities), we will immediately notify the affected individuals and provide all relevant information on the particular breach without undue delay.
d) We will document the facts relating to any security breach, its effects, and the remedial action taken, and investigate the cause of the breach and how to prevent similar situations in the future.
9. How To Access, Correct, or Remove your Personal Information
9.1 Users of our product can update their Personal Information at any time to ensure it is accurate and complete by contacting the Data Protection Officer on the details below.
9.2 We will correct any errors in the Personal Information we hold about an individual within 28 days of receiving written notice from them about those errors, or two months where the request for rectification is complex.
9.3 Subject to the Australian Privacy Principles and the GDPR, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information as soon as practicable, and by no later than 28 days of receiving the written request. The individual is free to retain and reuse their Personal Information for their own purposes. We may be required to transmit the Personal Information directly to another organization if this is technically feasible.
9.4 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
9.5 Where a request to access Personal Information is manifestly unfounded, excessive, and/or repetitive, we may refuse to respond or charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them. Where we refuse to respond to a request, we will explain why to the individual, informing them of their right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within 28 days.
9.6 We may be required to delete or remove all Personal Information we have on an individual upon request in the following circumstances:
a) Where the Personal Information is no longer necessary in relation to the purpose for which it was originally collected and/or processed;
b) When the individual withdraws consent;
c) When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing;
d) The processing of the Personal Information was otherwise in breach of the GDPR;
e) The Personal Information has to be erased in order to comply with a legal obligation; and/or
f) The Personal Information is in relation to a child.
9.7 We may refuse to delete or remove all Personal Information we have on an individual where the Personal Information was processed for the following reasons:
a) To exercise the right to freedom of expression and information;
b) To comply with a legal obligation for the performance of a public interest task or exercise of official authority.
c) For public health purposes in the public interest;
d) Archiving purposes in the public interest, scientific research historical research or statistical purposes; or
e) The exercise or defense of legal claims.
10. How to Make a Complaint or Raise a Dispute
10.1 If an individual has a complaint about our handling of their Personal Information, or if they believe that we have breached the Privacy Act, they should address their complaint in writing to the details below.
10.2 If we have a dispute regarding an individual’s Personal Information, we both must first attempt to resolve the issue directly between us.
10.3 An individual shall have the right to seek a judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her Personal Information in non-compliance with the GDPR. Any proceedings should be commenced in Victoria, Australia, where we are established.
10.4 If we become aware of any unauthorized access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
11. Contacting Individuals
From time to time, we may send an individual important notices, such as changes to our terms, conditions, and policies. Where such information is materially important to the individual’s interaction with us, they may not opt-out of receiving these communications.
12. Contact Us
Data Protection Officer
Operatr Pty Ltd
Level 8, 805/220 Collins St,
Melbourne VIC 3000
You may contact the Data Protection Officer by email in the first instance.