Last modified September 28th, 2020
Important Notice for EEA Customers: Are you subject to European Economic Area (EEA) regulations? Contact us to learn how we can help you to comply with the General Data Protection Regulation (GDPR).
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
This policy is intended to help you understand:
- What information we collect about you
- How we use the information we collect
- How we share information we collect
- How we store and secure the information we collect
- How to access and control your information
- How we transfer information we collect internationally
- Other important privacy information
This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business. Where we provide the Services to an organisation (for example your employer), that organisation controls the information processed by the Services. For more information, please see ‘Notice to End Users’ below.
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
Information you provide to us
We collect information about you when you input it into the Services or otherwise provide it directly to us.
Account and Profile Information: We collect information about you when you register for an application, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information when you register for the Services. You also have the option of adding a display name, profile image, and other information within our Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our products: The Services include the Compliance Fox products you use, where we collect and store content that you add, post, send, receive and share. This content includes any information about you that you may choose to include. Examples of content we collect and store include: the records and files you create, the users you create or the users who join your application, the messages you send from the Services, content of emails you send us, and any feedback you provide to us. Content also includes the files and links you upload to the Services.
We collect other content that you submit to other web pages we operate, which include social media or social networking pages operated by us. For example, you provide content to us when you provide feedback or when you participate in any discussions, surveys, activities or events.
We collect certain payment and billing information when you register for certain paid Services. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; and how you interact with others on the Services.
Device and Connection Information: As with most other website-based services, we collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Information we receive from other sources
We may receive information about you from other Service users, from third-party services, and from our business and channel partners.
Other users of the Services:
Other users of our Services may provide information about you when they submit content through the Services. We also receive your email address from other Service users when they provide it in order to invite you to the Services. Similarly, an administrator may provide your contact information when they designate you as the billing or technical contact on your company’s account.
Other services you link to your account:
Compliance Fox Partners:
We work with a network of partners who provide consulting, implementation, training and other services around our products. Some of these partners also help us to market and promote our products, and resell our products. We receive information from these partners, such as billing information, billing and technical contact information, company name and what country you are in.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or where required or authorised by law.
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
To provide the Services and personalise your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. For example, we use your organisation name and logo you provide in your account to identify you to other Service users.
For research and development: We are always looking for ways to make our Services smarter, faster, more secure, integrated, and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the services you use. We also test and analyse certain new features with some users before making the feature available to all users.
To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services, including notifying you of system activity, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, and administrative messages. We send you email notifications when you or your users interact with the Services, for example, when a user makes changes to a record. We also send you communications as you onboard to a particular Service to help you become more proficient in using that Service. Where an opt out is available in our communications, you will find that option within the communication itself or within your account settings.
To market, promote and drive engagement with the Services: We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you. These communications are aimed at improving the benefits you receive from the Services, including information about new features and functionality we think may be of interest to you. You can control whether you receive these communications as described below under “Opt-out of communications.”
Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyse crash information, and to repair and improve the Services.
For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
We share information we collect about you in the ways discussed below, but we are not in the business of selling information about you to advertisers or other third parties.
Sharing with other Service users
When you use the Services, we share certain information about you with other Service users.
You can add content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select. Please be aware that some aspects of the Services like login pages and contact pages can be made publicly visible, meaning any content posted, including information about you or your organisation, can be publicly viewed and indexed by and returned in search results of search engines. You can confirm whether certain Service properties are publicly visible from within the account settings of your Services.
Sharing with third parties
When you use the Services, we share certain information about you with other Service users. We share information with third parties that help us operate, provide, improve, integrate, customise, support and market our Services.
Service Providers: We work with third-party service providers to provide hosting, backup, storage, virtual infrastructure, payment processing, SMS and email communication, analysis and other services for us, which may require them to store or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
Compliance Fox Partners: We work with third parties who provide consulting, sales, and technical services to deliver and implement customer solutions around the Services. We may share your information with these third parties in connection with their services, such as to assist with billing and implementation, to provide localised support, and to provide customisations. We may also share information with these third parties where you have agreed to that sharing.
Third-Party Widgets: You, your administrator or other Service users may choose to install widgets and social media features, such as the Twitter “tweet” button. These widgets and features collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are hosted by a third party. Your use of and any information you submit to any third-party widgets is governed by their privacy policies, not this one.
With your consent: We share information about you with third parties when you give us consent to do so. For example, we display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.
Compliance with Enforcement Requests and Applicable Laws
Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, enforce our agreements, policies and terms of service, protect the security or integrity of our products and services, protect Compliance Fox, our customers or the public from harm or illegal activities, or respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Sharing with affiliated companies
How we store and secure information we collect
Information storage and security:
We use a data hosting service provided by Google, Inc in the United States, Europe, Asia and Australia to host the information we collect, and we use industry-standard technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep information:
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymise your information or, if this is not possible (for example, because the information has been stored in back-up archives), then we will securely store your information and isolate it from any further use until deletion is possible.
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, and to support business operations. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyse personal characteristics about your organisation, or your users.
If the Services are made available to you through an organisation (e.g., your employer), we retain your information as long as required by the administrator of your account.
If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opted to receive email from us or ceased using your Compliance Fox account.
You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.
You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator (see “Notice to End Users” below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.
Your request and choices may be limited in certain cases: For example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by integrating with third-party software, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Access and update your information: Our Services and related documentation give you the ability to access and update certain information about you from within the Service. For example, you can access your profile information from your account and search for content using key word searches in the Service. You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.
Deactivate your account: If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact Compliance Fox support. Please be aware that deactivating your account may not delete your information; your information remains visible to other Service users based on your past participation within the Services. For more information on how to delete your information, see below.
Delete your information: Our Services and related documentation give you the ability to delete certain information about you from within the Service. For example, you can remove content that contains information about you using the key word search and editing tools associated with that content, and you can remove certain profile information within your profile settings. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Request that we stop using your information: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don’t have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable).
Opt out of communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you may continue to receive important transactional messages from us regarding the Services. You can opt out of some transactional notification messages in your account settings.
Cookie Controls: Relevant browser-based cookie controls are described in the help guide of your web browsing software.
We collect information globally and we transfer, process and store your information within your selected Processing Region. Unless otherwise indicated, the Processing Region is Australia. We do also have Third-Party service providers who undertake minor processing tasks in the United States, tasks for the purpose of providing the Services. We only transfer your information where we have policies and contracts in place with our service providers. A list of sub-processors is provided below.
International transfers within the Services: To facilitate our global operations, we transfer some information to international locations and allow access to that information from countries in which the we have operations for the purposes described in this policy. These countries may not have equivalent privacy and data protection laws to the laws of many of the countries where our customers and users are based.
The following is a list of third party service providers that store and process data on behalf of Compliance Fox in order to provide the Services.
Notice to End Users
Many of our products are intended for use by organisations. Where the Services are made available to you through an organisation (e.g. your employer), that organisation is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organisation’s policies. We are not responsible for the privacy or security practices of an administrator’s organisation, which may differ from this policy.
Adminstrators are able to:
- Require you to reset your account password;
- Restrict, suspend or terminate your access to the Services;
- Access information in and about your account;
- Access or retain information stored as part of your account;
- Install or uninstall third-party integrations
In some cases, administrators can also:
- Restrict, suspend or terminate your account access;
- Change the email address associated with your account;
- Change your information, including pro le information;
- Restrict your ability to edit, restrict, modify or delete information
If you do not want an administrator to be able to assert control over your account or use of the Services, you can contact your administrator and express your concerns. Please contact your organisation or refer to your administrator’s organisational policies for more information.
Notification of Privacy Breaches
A Privacy Breach occurs when there is unauthorised access to personal information where a reasonable person would conclude that such a breach is likely to cause serious harm to the individual to whom the information relates, and where we have not been able to prevent the likely risk of that harm.
Although we have never experienced a breach, we have systems in place for monitoring of privacy and data breaches, including unauthorised access and malicious penetration attempts. If such an event occurs, we will report the breach in accordance with the Notifiable Data Breaches scheme, as set out on the Office of the Australian Information Commissioner website. We will notify the affected entities as well as the Commissioner as soon as possible after the breach has been identified. As required under Australian Privacy law, we would also use the relevant form to report a notifiable data breach to the Commissioner.
Making a Complaint
You may make a complaint about a breach of this policy, the APPs, or a registered APP code (if any) that binds Compliance Fox. Complaints can be made by contacting us using the details listed below, or by using the relevant form found on the Office of the Australian Information Commissioner website.
You can deal with us anonymously
Where it is lawful and practicable you can deal with us anonymously. For example, if you have a complaint or concern about our site, or a general question about any of our products, you are welcome to contact us without identifying yourself. In some cases. However, if you do not provide us with this information we may not be able to fully provide you with our services or respond adequately to you.
Your information is controlled by Compliance Fox Pty Ltd. If you have questions or concerns about how your information is handled, please direct your inquiry to us using the contact information below.
Compliance Fox Pty Ltd
426 King St Newcastle, NSW 2302 Australia
Australia: (02) 8318 7988