Sovereign Cloud Australia Pty Ltd ACN 611 181 830 (referred to in this document as we, us or our) recognises that your privacy is very important and we are committed to protecting the personal information we collect from you. To the extent that we are bound to comply with the Privacy Act 1988 (Cth)(Privacy Act) and the Australian Privacy Principles (APPs), the Privacy Act and APPs govern the way in which we must manage your personal information and this policy sets out how we collect, use, disclose and otherwise manage personal information about you.
Our goal is to provide you with infrastructure-as-a-service, platform-as-a-service and related support services. Sometimes this means that we use information that you provide to us about yourself to customise that experience. We do this to improve your experience with our products and services. In providing our services to you, we will be transparent about how and why we collect and use your information. In some cases, if you do not want us to collect or use your information in a particular way, then we will give you the opportunity to say so.
- what is considered personal information;
- the kind of information we may collect and hold about you, how we collect and hold it, why we collect, hold and use it, and how we use it;
- the protection of your personal information; and
- how and why we may disclose that information, including to overseas recipients and the countries they’re located in;
- how you can access and correct the information we hold about you;
- when we may use your information to contact you;
- how you can make a complaint about an alleged breach of the Australian Privacy Principles (APPs), and how we deal with such a complaint.
This policy applies only to us. It does not apply to any other company or organisation, including those whose digital services have links to our content or services. Third party services which have links to our content or services will govern the use of personal information you submit to them, which may also be collected by cookies when you visit or use them. We do not accept any responsibility or liability for the privacy practices of such third party digital services.
We will review this policy regularly, and may update it from time to time, including taking account of new or amended laws, new technology and/or changes to our operations. If we make changes, we will post those changes on the privacy page of our website.
Types of information collected
The Actdefines some types of personal information as sensitive. We don’t commonly collect sensitive information, which includes information about a person’s race, ethnic origin, political opinions, health, religious or philosophical beliefs and criminal history. In the event we require any sensitive information we would only collect this with your permission, and we will only use it for the purpose for which you provided it.
If you apply for a credit account with us or if we offer you credit terms for payment, we may also collect and hold various information about you and your financial position, including credit information or credit eligibility information. Our separate Credit Reporting Policy sets out how we deal with that information.
Anonymity and pseudonymity
You may access our publicly-facing website anonymously, however to use our services we require you to sign up with valid credentials which will identify you personally. We will not be able to provide you with the services if you do not wish to provide us with the necessary personal information
Purpose of collection
The personal information that we collect and hold about you depends on your interaction with us. Generally, we will collect, use and hold your personal information if it is reasonably necessary for or directly related to the performance of our functions and activities and for the purposes of:
- providing our infrastructure-as-a-service services, platform-as-a-service and related support services to you or someone else you know;
- providing you with educational information related to our services and the industry we operate in;
- communicating with you about your account with us, including issuing bills and seeking payment of those bills;
- to provide you with information on our products and services if you subscribe to an email list, send an enquiry via email or contact form on our website, or otherwise provide us with your contact details; and
- to conduct a credit assessment of you and use information we are permitted by law to use to establish or report on your creditworthiness;
- because you work for us, or apply to us for a job, a cadetship or work experience;
- providing you with information and promotional material about other services that we, our related entities and other organisations that we have affiliations with, offer that may be of interest to you;
- facilitating our internal business operations, including the fulfilment of any legal requirements; and
- analysing our services and customer needs with a view to developing new or improved products and services.
We may also collect personal information about you because you have provided it to us, for instance if you contact us to make comments, complaints or to ask us questions, or you have interacted with one of our digital services, for instance by participating in our social media accounts.
Method of collection
Personal information will generally be collected directly from you through the use of any of our standard forms, over the internet, via our sales and on-boarding process, via email, or through a telephone conversation with you. There may, however, be some instances where personal information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you. We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.
The information that you give us may be:
- Personal information that is required. In some instances, you must provide personal information if you wish to use a particular service or participate in an activity. For example, your billing details will be required if you wish to sign up to a particular service.
- Personal information that is optional. You may choose to provide some personal information which is not required but is directly related to our functions or activities. Usually this type of information will enable us to improve or broaden the services we can offer you. If you choose not to provide this optional information, we would still be able to offer you the service, but perhaps with fewer options than if you had provided the optional information. If we receive unsolicited information about you that we do not require or which is not directly related to our functions or activities, we may be required to destroy or de-identify that information, provided it is lawful and reasonable to do so.
- Permissions. Sometimes you will be asked to confirm that you agree to a particular activity. For example, you may need to expressly agree that you would like to receive a newsletter or promotional material.
You may be able to make changes to the information you provided us (for example, if you change your email address) or withdraw the permission you gave us for a particular service. We will make it clear how you do that.
Failure to provide information
If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services you, or they, are seeking.
If you access our website, we may collect additional personal information about you in the form of your IP address and domain name.
In some cases we may collect data from your internet use that can be linked to you individually. For example, when you log in to a digital service as a registered user, we may store records of information such as the comments you make, the pages you viewed or links you click on. Similarly, if you use our email newsletters we may collect data about the mailings you open and the links you click on from that newsletter.
Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and linked websites are not subject to our privacy policies and procedures.
Cookies do not identify you personally, but they may link back to a database record about you. Most of the data we collect from our website is aggregated, and this information is effectively anonymous to us. Credit card information is never stored in a cookie.
Controlling and deleting cookies
Popular browsers will usually give users a level of control over cookies.
You can set your browsers to accept or reject all, or certain, cookies. You can also set your browser to prompt you each time a cookie is offered.
Most cookies are easy to delete, and the Help function within your browser should tell you how. Some digital services may not load properly or function as intended if cookies are disabled, however it is up to you to determine the balance of convenience and computer privacy that you are comfortable with.
Cookies used by us
We use the following types of cookies:
- Session Computer Browser Cookies – Session cookies let you move from page to page without the need to repeatedly sign in. A session browser cookie is stored in the browser and deleted when the browser shuts down.
- Persistent Cookies – Persistent cookies are used to help us monitor the performance of our digital services by recording your browsing behaviour within the particular digital service.
These browser cookies can only be read by the company that places the cookies on the computer. Persistent cookies are saved to the hard drive until they expire. Unlike session browser cookies, they are not deleted when the browser is shut down.
We use web beacons in combination with cookies to track activity. Turning off a browser’s cookies will prevent web beacons from tracking activity.
Third party cookies
We use a number of suppliers who also set cookies on our digital services on our behalf in order to deliver the services that they are providing. For example, if you share any content from our website to another digital service, a third party cookie may be set by the service you have chosen to share content through. We do not control these cookies, and do not block cookies set by third parties in these ways.
Credit Card Information
We process payments through a secure merchant banking facility, compliant with PCI-DSS (plastic card industry data security scheme). We do not store any credit card information.
Use and disclosure
Disclosure of personal information to third parties
Generally, we only use or disclose personal information about you for the purposes for which it was collected (as set out above). We may disclose your personal information to:
- our employees, contractors, related entities and other organisations with whom we have affiliations so that those organisations may assist us in providing you with the relevant products or services;
- financial institutions for the purpose of payment processing;
- credit reporting bodies, other credit providers, and third parties to whom we assign your debt;
- specific third parties authorised by you to receive information held by us;
- the police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator, for example, if we have reason to suspect that you have committed a breach of any of our terms and conditions, or have otherwise been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary;
- third parties where required by law, binding regulation or court order;
- a purchaser of the assets and operations of our business, if those assets and operations are purchased as a going concern; or
- third parties otherwise with your consent.
We are assisted by a variety of external service providers to deliver and support our services and mitigate cyber security risks, some of whom may be located overseas. These third parties are too numerous to list, and they change from time to time. Some examples of the types of third parties include:
- technology service providers
- website analytics providers such as WordPress located in the US;
- app service providers such as Google located in the US and Ireland;
- cloud service providers such as Microsoft and Cisco located in the US; and
- third party software providers such as Salesforce and Xero located in the US and New Zealand.
In most cases, such third parties will not have access to your personal information, however it may be necessary to disclose your personal information to them in circumstances where failing to do so would prevent us from providing you with the services, or from using the personal information for the purposes for which it was collected. Wherever possible, we impose contractual restrictions at least equivalent to those imposed on us under the Act in respect of collection and use of personal information by those third parties. In some cases, such as social media networks and third parties with non-negotiable terms and conditions, our ability to impose contractual restrictions is limited. In those circumstances, we will carefully consider the risks to the protection of personal information when entering into arrangements with third parties.
Our service providers are not permitted to sell, use or disclose your contact details or contact you for any other purpose unless required by law.
Under no circumstances will we sell your personal information or receive payment for licensing or disclosing your personal information.
Information that you disclose publicly
We interact with services on a range of platforms with interactive features that you can contribute to.
When using digital services, we suggest that you use your discretion and exercise caution when providing your personal information. We have a limited capacity to protect personal information that you choose to share in this way.
If you provide or make your personal information available to other users through our services, you do so at your own risk. If any third party makes personal information available to you through our services, you must treat it as confidential, and use it only for the purpose it was provided.
Ultimately, you are responsible for maintaining the secrecy of your passwords and/or any personal information. Be responsible whenever you are online or using a digital service.
Information that is disclosed via other platforms or services
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
Some of our services may be integrated with external services, including social media networks. This may mean that information, for instance about your interests and activities, is tracked or pulled from other places. Your ability to opt-out of a third party tool or platform will depend on the conditions governing your agreement with that third party.
We will never knowingly send you unsolicited commercial electronic messages. More information on the Spam Act 2003 (Cth) is available from the regulator’s website: www.acma.gov.au/spam.
If you subscribe to a mailing list offered by us, we may use or disclose your personal information (excluding sensitive information) for direct marketing purposes. We will obtain your specific consent to disclose sensitive information for the purposes of direct marketing our services. We may include third party offers in marketing materials we send to you.
You will be able to opt-out of direct marketing at any time with no charge to you, or request us to provide you with our source of information, by email to email@example.com, or through the unsubscribe link found in all marketing emails we send. We will then ensure that your name is removed from our mailing list.
If you receive communications from us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, please contact us using the details provided below.
We store your personal information in different ways, including in paper and in electronic form. The security of your personal information is important to us. We take all reasonable measures to ensure that your personal information is stored safely to protect it from interference, misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures.
At the same time, we are committed to providing innovative and interactive experiences, and to being available to customers on multiple platforms. Some of those platforms are not operated or controlled by us, and our ability to protect your personal information is limited.
We encourage you to be vigilant about the protection of your own personal information when using third party digital services (such as social media platforms). As far as reasonably practicable, we will make sure that our relationships with those third parties include appropriate protection of your privacy.
You acknowledge that the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. We cannot accept responsibility for misuse or loss of, or unauthorised access to, personal information where the security of information is not within our control. If you suspect any misuse or loss of, or unauthorised access to, your personal information, you should let us know immediately. We are not liable for any loss, damage or claim arising out of another person’s use of your personal information.
Where personal information we hold is no longer necessary, we delete the information or permanently de-identify it, subject to specific laws in respect of data retention.
Access and correction
You may access the personal information we hold about you, upon making a written request. We will respond to your request within a reasonable period. We may charge you a reasonable fee for processing your request (but not for making the request for access).
We may decline a request for access to personal information in circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).
If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.
If we refuse to correct your personal information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.
Complaints and feedback
If you wish to make a complaint about a breach of the Privacy Act, the APPs or a privacy code that applies to us, please contact us using the details below and we will take reasonable steps to investigate the complaint and respond to you.
Address: PO Box 5511, Kingston, ACT, 2604
Email address: firstname.lastname@example.org
For more information about privacy in general, you can visit the Office of the Information Commissioner’s website at www.oaic.gov.au.
If you wish to make a complaint about the collection, use or disclosure of your personal information, please contact our privacy officer, and we will work with you to resolve the issue.
If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner. To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.