Protecht.ERM Showcase: Manage the full lifecycle of risk management in one system
Register Now

Privacy Policy


Protecht is a provider of risk management services.  This includes a range of software and technology services, such as Protecht.ERM, Protecht.ALM and Protecht.CCRM.

We are committed to protecting your personal data and privacy rights.  This Privacy Policy outlines how we collect, manage and protect your personal data. The policy applies to:

  • our websites,
  • our services,
  • our clients and potential clients, and
  • our employees and job applicants.

Types of Personal Data We Collect

If you are a client or potential client, we collect personal data including your name, email address, phone number, company name, country/region and IP address.

If you are an employee or apply for a job at Protecht, we collect personal data such as your name, contact details, resume, date of birth, bank account details and tax file number.  We also collect sensitive personal data such as psychometric testing data and criminal record data.

How We Collect, Use and Disclose Personal Data

We collect personal data in the course of running the day-to-day operations of our business, for the primary purposes of providing and marketing our risk management services.  We never sell your personal data.

We share and disclose personal data only for our primary purposes and we limit sharing and disclosure only to the following recipients:

  • We share personal data with third-party service providers who we use to collect and store information.
  • In our capacity as a service provider, we disclose personal data at the direction of our clients or when required by law.

We combine personal data from certain sources (for instance HubSpot and Salesforce) when doing so allows us to use and manage the data more effectively.

We collect personal data directly and through third-party providers as follows:


We collect log data automatically when you visit our website.  The website logs can include information such as your IP address, the pages you visited, the date and time of your visit and your browser type.  We use log data to maintain the security and performance of our website.

Our website uses tracking technologies such as cookies, beacons and tags to collect data about user activity on the website.  We use tracking data to remember user preferences, and to measure and evaluate the effectiveness of our website and marketing strategy.

We use third parties to collect this tracking data: Google Analytics and HubSpot.  For details on how Google Analytics collects and uses data, visit  For details on how HubSpot collects and uses data, visit

Marketing and Customer Relationship Management

We collect the personal data that you provide to us when you subscribe to our services or blog, or if you choose to receive more information when you download any of our content offers (eBooks, Case Studies or White papers).  This data may include your name, email and phone number.

We also collect contact details through marketing events that we hold or participate in.  This information is usually collected from your business card that you have provided to us.

We use this personal data to contact you about our relevant content, products, and services.  You may unsubscribe from these communications at any time.

We use HubSpot to manage our mailing lists.  For details on how HubSpot protects personal data, visit

We use Salesforce as our customer relationship management platform.  For details on how Salesforce protects personal data, visit


Our software services use cookies to collect data about user activity.  This data may include button clicks, link clicks, JavaScript errors, browser types, and geographic regions.  We use this data to improve functionality and performance of our services.  We use Dynatrace to collect this data.  For details on how Dynatrace collects and uses data, visit

Our clients collect data when using our services for their risk management activities.  This client data may contain personal data such as names and contact details of the client’s employees and customers.  All client data is collected and controlled by our clients.  We only store the client data (using third-party service providers).

If you use our e-learning services (via Protecht.ERM or through our website) your personal data may be stored by our e-learning partner GRC Solutions.  For details on how GRC Solutions protects personal data, visit

Job Applications

We use HubSpot to collect and manage candidate details for job applications submitted through our website.  We use third party service providers to conduct tests and background checks.  We use personal data on candidates only for considering the candidate for employment.

How We Store, Retain and Secure Personal Data

Personal data that we collect is stored either by us on premises in Australia or by our third-party service providers who may store the data in Australia, or overseas in the EU, USA, Canada or Singapore.

We retain personal data only for as long as needed according to the purposes for collecting the data. Business documents and data such as financial records and employee records are retained as required by law (typically for seven years).

We store client data (collected by clients using our services) using third-party service providers.  All client data is stored local to the client (either in Australia or the EU).  We dispose of client data when the service is terminated or as directed by the client.

We implement technical, physical and procedural security measures to protect all data we collect and store from unauthorised access, use, modification and disclosure.  These measures include application and network access controls, encryption, security training and regular audits.  We have incident management procedures in place to investigate and notify about privacy data breaches.

Your Rights to Access and Control Your Personal Data

You have rights to access and control your personal data held by us, including:

  1. to access your personal data
  2. to rectify your personal data so that it is accurate and complete
  3. to erase your personal data
  4. to restrict our use of your personal data
  5. to object to our use your personal data
  6. to obtain a copy of your personal data, and/or have it transferred to another service provider

Complaints Handling Procedure

If you wish to make a complaint about the way we have handled your personal data, please contact our Privacy Officer in writing at the postal or email address set out below.

We will generally provide you with a written response based on the findings of our investigation within 30 days of receipt of your original complaint.  If this is not possible, we will contact you to advise on about the progress we have made and the estimated completion date for the investigation process.

If you are not satisfied with our response, you can contact your data protection authority.

Contact Us

Please contact our Privacy Officer if

  • you have any questions about this Privacy Policy or our privacy practices,
  • you wish to make a request to access or control your personal data, or
  • you wish to make a complaint.

Privacy Officer
Protecht Pty Ltd
PO Box 20619

World Square
Sydney NSW 2002
Phone: +61 2 8005 1265

Effective Date: This Privacy Policy was last modified on July 2018.