Privacy statement

1. Introduction

• Provider has adopted this Policy in accordance with the privacy law of Australia.
• This Policy outlines how Provider deals with Personal Information, which it collects in conjunction with the Services.
• Provider may also collect information about Individuals who do not use the Services.
• Capitalised words in this Policy are defined terms. Defined terms are explained at the end of this Policy.

2. Collecting information directly from people

Provider collects Personal Information directly when an Individual:

• contacts Provider by telephone, fax, email, live chat support tools or another form of communication;
• gives Provider his or her information in person on a paper form;
• sends the Provider a message through SMS or a third party app;
• other ways Provider collects information directly;
• registers or subscribes for an account;
• the Service automatically captures Personal Information in content Individuals post on the Services;
• Provider’s server and analytics service may log details about website visits;
• location services, when switched on, capture Individuals’ locations;
• Provider’s website will likely place a cookie on Individuals’ devices;
• store visitors’ I.P. addresses; and
• when paying the Provider through online payment applications

3. Collecting information from third parties

Provider collects Personal Information about Individuals from third parties when:

• Individuals link their account on the Service with accounts on social networks such as Facebook;
• Provider utilises Customer Relationship Management software (CRM);
• third parties give Provider access to files or software applications containing Personal Information;
• Provider conducts research on Individuals, including potential customers;
• Provider utilises analytics and measurement tools such as Google Analytics, Inspectlet, Visual Website Optimiser;

4. Organisations using the services

Provider provides the Services to Organisations, which use them as business and information management tools. Both Provider and the Organisations may collect Personal Information from Individuals, including when:

• Individuals register for or access a website provided by the Organisation with the Services;
• Organisations collect information directly from Individuals using the Service;
• Organisations give Provider access to their files or software applications containing Personal Information; and
• Organisations enter or process information (such as notes or files) about Individuals using the Services.

5. Types of Information that Provider collects and holds

Using processes described in this Policy, Provider collects the following categories of Personal Information about Individuals:

• (Content) whatever Personal Information is included in content Individuals enter using Provider’s Services;
• (Identity Information) name, signature, date of birth, nationality, license & registration details, bank account details, family details, employment details, educational qualifications, usernames;
• (Contact Information) email address, social media profiles, telephone & fax number, third-party usernames, residential, Provider and postal addresses;
• (Behaviour Information) habits, movements, trends, decisions, associations, memberships, finances, purchases;
• (Internet Data) webpage views, IP address, referring web site addresses, location, deivce type, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics; and
• (Payment Data) credit card expiry details, card types, payment history information.

6. Sensitive Information

Privacy law categorizes certain types of Personal Information as "sensitive information". Provider does not actively collect sensitive information, but information that Individuals post or store using the Services may fall into this category.

If Individuals submit, post or store any sensitive information using our Services, Provider takes this as consent to its management of it in accordance with this privacy policy.

7. How Provider stores Personal Information

Provider holds and stores Personal Information using:

• (Storage Services) third party data storage services, including applications and software such as Dropbox, Google Drive, Trello, Xero and Harvest;
• Provider's own servers housed at server farms; and
• (Provider Devices) devices operated by employees of Provider’s business; and
• (Paper Files) printed paper and third party archival storage services.

8. Security

Provider will take reasonable precautions to protect Personal Information from unauthorised access. This includes measures to secure the Provider’s physical facilities and electronic networks.

Provider secures Personal Information that Provider collects with credentials, passwords, pins, encryption, session expiry, firewalls, SSL network encryption, and through the use of reputable vendors, third party network scans and audits.

For more information on security, please contact Provider using the details in the "contacting us" below.

9. Deletion procedures

Provider deletes Personal Information when users close their account with us, after the Individual chooses the account closure date all hosted information is removed by an overnight automated process and historical backups are progressively deleted based on rolling date backups.

10. Why data is held, used and disclosed

Provider’s handling of Personal Information includes holding, using and sometimes sharing the Personal Information so that Provider can:

• provide functionality within the Services;
• provide notifications and support;
• offer marketing and promotions, competitions, surveys and questionnaires;
• transact with Individuals and process payments;
• assess and improve the Services;
• provide secure access to the Services;

For more information on when Provider shares Personal Information, see below.

11. Handling of data

Some collection, holding, use and disclosure of information happens simply by virtue of Individuals and Organisations using the Services.

The purpose of the Service is to allow Provider, Organisations and Individuals to enter, manage and communicate information, including Personal Information, relating to development, managing and hosting of websites and web based applications.

12. Disclosing Personal Information

Provider shares Personal Information with others in the following ways:

• displaying information about Individuals on pages, profiles, walls, and accounts;
• publishing details about Individuals in their pages on Provider’s website;
• sharing profile and activity information with social networks, and posting to those social networks if Individuals have given permission for this to occur;
• showing usernames and contact details on forums, comments, messages and correspondence; and
• facilitating the sharing of information about sales, inquiries and payments.

13. Service providers can access personal information

When Provider uses the services of companies that Provider works with to provide the Services, they may get access to the Provider’s data, including Personal Information. Such third party services may include:

• (Hosting) Cloud and web hosting service providers;
• (SaaS) providers of software as a service, including but not limited to, Xero (see https://www.xero.com/au/about/privacy/), Trello (see https://trello.com/privacy), Harvest (see https://www.getharvest.com/privacy-policy), Dropbox (see https://www.dropbox.com/privacy);
• (Support) providers of IT support services, web and software development;
• (Data analytics) Google Analytics (see [http://www.google.com/intl/en/policies/privacy/](http://www.google.com/intl/en/policies/privacy/));
• (Online payment) providers of online payment systems including Stripe (see https://stripe.com/au/terms) and Paypal (see https://www.paypal.com/au/webapps/mpp/ua/privacy-full);
• (Apple device functionality providers) Apple location services, Siri dictation, Apple Maps, Apple Notifications (see [http://www.apple.com/au/privacy/](http://www.apple.com/au/privacy/))

Provider will only share Personal Information with these third parties to the extent reasonably necessary to perform their functions.

These third parties may have their own privacy and security policies. For more information about this, please contact Provider using the details listed in the "contacting us" section below.

For information on disclosures to overseas recipients, see below.

14. Disclosing information overseas

The Provider may store or process some Personal Information overseas. Individuals may not have the same rights relating to their information when it is overseas as they would under Australian privacy law.

By providing Provider with Personal Information, Individuals consent to the transfer of their Personal Information to overseas recipients as contemplated by this privacy policy.

If Individuals consent to such transfer, Provider will not be accountable for overseas recipients’ handling of their Personal Information.

15. Contacting us

Individuals contact the Provider using the details below if they want to access, correct or delete Personal Information or lodge a complaint.

Privacy Officer

privacy@safehost.com.au

Provider reserves the right to refuse access or correction where there are reasonable grounds for doing so, for example if providing access would be unlawful or would compromise the privacy of another person.

16. Complaints process

If Individuals have a complaint about privacy, they can contact Provider using the details listed above.

Provider will respond to complaints in writing within a reasonable period (usually within 10 business days from the day Provider receives an email).

Provider will try to work with Individuals to resolve complaints entirely within 20 business days, although that period may be longer if it is reasonable to take longer given the nature of the complaint.

If Individuals are unsatisfied with our response, they may refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).

17. Amendment

Provider may amend the Privacy Policy at its sole discretion. Individuals that continue to use the Services after receiving notice from Provider of such an amendment, agree to be bound by the Privacy Policy as amended.

18. Definitions

Individual, Individuals

means a natural person.

Organisation, Organisations

means third party Organisations using the Services.

Personal Information

means information about an Individual whose identity is apparent, or can reasonably be ascertained, from that information. This includes information like names, telephone numbers, email addresses and physical addresses.

Policy, Policies

means this document, drafted in accordance with the Privacy Act 1988 (Cth).

Provider

means Safehost Pty Ltd.

Service, Services

means website design and development, web application design and development, database design and programming, hosting and domain name registration services, consulting services for online product marketing and optimisation.