This Policy outlines how we deal with “personal information”, which is information about an individual whose identity is apparent, or can reasonably be ascertained, from that information (Personal Information).
We collect Personal Information in conjunction with our cloud based survey services via email, SMS, inbound and outbound telephone calls (Services).
We collect Personal Information in four main ways.
We collect information directly from individuals (Active Collection) when an individual or organisation
(a) (Registrations) registers or subscribes for a service, list, account, membership, connection or other process whereby that individual enters his or her details to apply for, receive or access something, including a transaction; or
(b) (Contact) contacts us via any medium, including telephone, fax or email.
We engage in Passive Collection whenever users of the Services include any Personal Information in any content they create or store through or on our Services.
We and some of the third party services providers we use (such as Google Analytics) collect some information through automated processes (Automated Collection) including the following:
(a) (Logs) when you visit our website or use the Services, our server and analytics service may log details about your visit such as your IP address, the time and duration of visit, the link from which you visited, and information about your browser and operating system; and
(b) (Cookies) we will likely place a cookie on your device when you visit our website.
An important part of our business involves providing a platform for third parties to process contact and survey information (Third Party Collection). We engage in third party collection when:
(a) (Survey processes) clients use our Services to conduct surveys, since this involves processing the Personal Information of the individuals they wish to contact with surveys using our databases; and
(b) (Client documents and databases) clients provide us with access to their documents or databases containing Personal Information;
Through the processes above, we collect the following categories of Personal Information about individuals:
(a) (Content) whatever Personal Information is included in content you enter using our Services;
(b) (Identity Information) name, signature, location, website address, date of birth, nationality, license & registration details, bank account details, family details, employment details, educational qualifications and third-party usernames;
(c) (Contact Information) email address, social media profiles, telephone & fax number, third-party usernames, residential, business and postal addresses;
(d) (Internet Data) Internet Protocol or “IP address”, referring web site addresses, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics; and
(e) (Business Information) business or project, if it is run in the individual’s personal capacity, including information on professional affiliations or services offered.
Where our clients collect such information through surveys, it may be accessible to us because we host our clients’ data. However, it is not our usual practice to access such information or to seek to identify any individuals with it.
The APPs categorise certain types of Personal Information as “sensitive information” (Sensitive Information).
Sensitive Information includes:
(a) information or an opinion (that is also Personal Information) about an individual’s:
(i) racial or ethnic origin;
(ii) political opinions;
(iii) membership of a political association;
(iv) religious beliefs or affiliations;
(v) philosophical beliefs;
(vi) membership of a professional or trade association;
(vii) membership of a trade union;
(viii) criminal record; or
(ix) sexual orientation or practices;
(b) health information about an individual, including:
(i) any information or opinion about the individual’s health, health services, or wishes regarding health care; and
(ii) information collected to provide, or in providing, a health service of any kind; and
(c) genetic information (whether health information or not)
We do not actively collect Sensitive Information, but information that our clients collect and that we host for them may fall into this category.
We hold and store Personal Information using third party application providers (such as Amazon Web Services). This occurs when we use an application for the purposes of our business and store data in association with that application on infrastructure provided by those third party application providers;
We will take reasonable precautions to protect Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
We secure Personal Information that we collect with credentials, encryption, session expiry, firewalls, SSL network encryption, and through the use of reputable vendors. For more information on security, please contact us using the contact details below.
We do not actively delete specific items of Personal Information. The decision about when to delete such specific items of Personal Information that is no longer needed lies with our clients. When our clients delete their accounts, however, we delete all information that we stored in relation to their account, including Personal Information that they collected.
We collect, hold and use Personal Information about our clients for the purpose of providing the Service to them. In this context, our handling of Personal Information includes our handling of Personal Information includes holding and using the Personal Information so that we can:
(a) (Communicate) communicate with individuals for the purpose of providing the Services, including notifications, support; communications about our goods and services; marketing and promotions; and competitions, surveys and questionnaires;
(b) (Transact) transact with individuals for the purpose of providing the Services;
(c) (Business Development and UX) assess the progress and success of our Services, develop business opportunities, and enhance user experience of our Services; and
(d) (Secure access) providing secured access to users using an account and allowing users to retrieve their password if they forget it.
We tend not to use information collected via automated means to identify specific individuals. Rather, it is generally used for data analysis.
When we deal with Personal Information about individuals collected by our clients, the purpose of collection, holding and use is also to provide the Service to the client. The Services allow our clients to:
(a) (Store) store survey data; and
(b) (Process) process data, for example by aggregating and analysing survey data according to meta data attributes.
In providing hosting and processing services to our clients, we do not seek to identify specific individuals whom our clients have surveyed. When we provide support to our clients, however, this may occasionally involve directly accessing Personal Information and identifying specific individuals.
We allow our clients access to Personal Information that they have stored through our Services. Access to Personal Information stored by our customers through the Services is only available to nominated users of that customer. A representative of the customer will be responsible for creating users and applying the security access profile. Passwords are encrypted when stored in our database.
When we use the services of companies that we work with to provide our Services, this may involve providing some degree of access to Personal Information. Such third party services may include:
(a) (Hosting) Cloud and web hosting service providers, including Amazon Web Services, which we use for data hosting (see https://aws.amazon.com/privacy/); and
(b) (Saas) providers of software as a service, including:
(c) (Data analytics) Google Analytics, which we use to process information about website visits (see http://www.google.com/intl/en/policies/privacy/); and
(d) (Online payment) providers of online payment systems.
We will only share Personal Information with these third parties to the extent reasonably necessary to perform their functions.
The collection and use of Personal Information by such third parties may be subject to separate privacy and security policies. For more information on the third party service providers we use, and their privacy policies, please contact us using the details listed below.
For information on disclosures to overseas recipients, see below.
Our clients are usually in a better position than us to edit and change Personal Information that they have stored within the Services. Individuals who wish to access or change survey data stored with us should contact the entity that surveyed them.
However, clients and their customers can also contact us using the details below to arrange, where appropriate, access, correction to or, deletion of their Personal Information.
We reserve the right to refuse access or correction where there are reasonable grounds for doing so, for example if providing access would be unlawful or would compromise the privacy of another person.
(b) When you notify us of a complaint about our handling of your Personal Information, we will deal with the complaint by responding to it in writing within a reasonable period (usually 10 business days from the day we receive your email).
(c) We will endeavour to work with you to resolve the complaint entirely within 30 days, although that period may be longer if it is reasonable to take longer given the nature of your complaint.
(d) If you are unsatisfied with our response, you may make refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).
(a) Our use of third party service providers may result in the processing of your Personal Information overseas. You may not have the same rights in relation to the handling of your Personal Information by overseas recipients as you would under Australian privacy law.
(b) By providing us with Personal Information, you consent to the transfer of your Personal Information to recipients outside Australia.
(c) If you consent to such transfer, we will not be accountable for overseas recipients’ handling of your Personal Information. In any event, we take reasonable steps to ensure that the Personal Information that has been transferred will not be held, used or disclosed by the recipient of the information inconsistently with the APPs.