Protecht.ERM Showcase: Manage the full lifecycle of risk management in one system
Register Now

Privacy Policy

This Privacy Policy explains how Protecht Group collects and handles your personal information and applies to all of our Services, which includes this Website. Protecht is a provider of risk management services. This consists of a range of software and technology services, such as Protecht.ERM, Protecht.ALM and Protecht.CCRM. We value your trust and take our privacy obligations seriously. We have developed this Privacy Policy to provide you with clear answers to your questions so you can understand how your Personal Information is collected, held and processed by Protecht Group.

Table of contents

  1. Definitions.
  2. What information do we collect?
  3. Who is the data controller or processor?
  4. How do we hold the information we collect?
  5. How do we use the information we collect?
  6. Who has access to your personal information?
  7. What are your rights to your personal information?
  8. How long do we retain your personal information?
  9. How can you make a complaint?
  10. Additional information.
  11. Protecht Group contact information.

1. Definitions.

In this Privacy Policy, a reference to:

  • Protecht, Protecht Group, we, us or our means Protecht Group PTY LTD (ACN 157 910 444) of Level 8, 299 Elizabeth Street, Sydney, New South Wales, Australia, and any of its related bodies corporate;
  • Customer or Company means, in relation to you, the person or entity that has contracted with Protecht group to allow you to use Protecht's Services. The Customer or Company will generally be your employer, or an identified subgroup (i.e., division, department, etc.) within your employer;
  • User or Customer User means, the person that as part of their job responsibilities with a company's authorisation accesses one or more of our provided services;
  • Personal information means any information about an identified or identifiable individual that can be used (directly or indirectly) to identify you. For example, your name, email address, phone number, online identifier, IP address, location information or photograph. Information that has been anonymised, and from which no individual can be identified either directly or in combination with other data, is not personal information. This includes Personal Information that you provide to us about you or other Users (where you are permitted to do so), or Personal Information collected electronically, about how you use our Services or our Websites, via "cookies" or through your use of our Services or Websites.
  • Platform Data means any content or data that you or third parties submit to Protecht using the Services;
  • Services means all products (including related mobile applications), services and Websites offered by Protecht;
  • Visitor means any person who visits our Websites;
  • Websites means, collectively, www.protechtgroup.com as well as the other websites that Protecht operates and that link to this Privacy Policy; and
  • You or your means either User or Visitor, as applicable.

 

By accessing our Websites, content, communicating with us via email, in person or through our Websites (including requesting a demo of our Service) and/or by using and of our Services, you agree to the terms of this Privacy Policy.

We may update this Privacy Policy from time to time and the most current version will be posted on our Website. If we make any material changes, we will notify you by email (to the address associated with your account). We encourage you to periodically review this page for the latest information on our privacy practices. If you have any questions or concerns about our Privacy Policy, or with the handling of your personal information, please contact our Privacy Officer at privacy@protecht.com.au.

2. What information do we collect?

We collect information, including Personal Information relating to you and your use of our Services from a variety of sources. Some of this information is collected directly from you and some is collected from your interaction with our Services, your Company, or from third parties. How and what information we collect about you will depend on the way that you use our Services, for example, whether you are a User of our Services, or a Visitor to our Websites.

(a) Information we generally collect

  • Contact information: When you provide us with your contact information, whether through use of our Services, creation of an account, or via interaction with our sales or customer support team, we collect your contact information. This may include Personal Information, such as your name and email address.
  • Content you provide through our products: we collect and store content that you post, this content includes any information about you and the company that you may choose to include. Examples of content that we may collect and store include the risk descriptions of your company in risk registers and action plans used to manage those risks. Content also includes the files and links you upload when accessing our services.
  • Usage information: We collect usage data about you whenever you interact with our services. This may include which web pages you visit, what you click on, when you performed those actions, and other activities. Please see our Cookie Policy for more information about the cookies we use in our services.
  • Device and browser data: We collect data from the device you use to access our Services, such as your IP address, operating system, browser details and time of visit. This information may also tell us your location.
  • Cookies and page tags: We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymous data about Visitors to our Websites. This data includes usage details and user statistics. Please see our Cookie Policy for more information about cookies and page tags we use on our Websites.
  • Log data: We keep log files that record data each time a device accesses our servers. The log files contain data about the nature of each access, including the originating IP address. We may combine this automatically collected log information with other information we collect about you. We do this to maintain an audit trail of activity, to improve our Services, to improve our marketing activities, for system analytics, or to monitor or improve functionality.
  • Referral data: If as a Visitor, you navigate to our Websites from an external source (such as a link on another website or via an email), we record information about the source that referred you to us.
  • Other data you submit: We may collect your Personal Information if you submit it to us in other contexts. For example, by giving us a testimonial, attending an event we host or by entering a contest. We may also collect Personal Information at other points throughout our provision Services or certain points within our Website (where you will be notified that Personal Information is being collected). If you contact us at support we will also collect any information that you provide to us voluntarily, such as your operating system version, and other information required to enable us to respond to your request.
  • Interacting with us on social media: We may collect Personal Information about you when you interact with us using social media. For example, if you post material to our Facebook page or "Tweet" us on Twitter.
  • Third parties: We may collect your Personal Information from third parties if you give permission to those third parties to share your Personal Information with us, or where you have made that information publicly available online.
  • Mobile devices: If you connect to the Services using a service provider that uniquely identifies your mobile device, we may receive this identification information, in order to provide the Services to you.

3. Who is the "data controller" or "processor"?

Data protection law in certain jurisdictions differentiates between the "controller" and "processor" of Personal Information. For our customer's users, your company, will be the controller of your Personal Information and Protecht will be the processor. For Visitors, Protecht will generally be the controller of your Personal Information.

4. How do we hold the information we collect?

(a) Security of your Personal Information

The security of your Personal Information is very important to us. All of your personal information is kept private and confidential and we take reasonable steps to ensure that your Personal Information is handled securely and in accordance with this Privacy Policy. Our systems are protected using industry standard security measures to protect the Personal Information submitted to us, both during transmission and once it is received. Protecht is ISO27001 certified.

However, please note that transmitting information over the Internet is never completely secure. Although we do our best to protect your personal information, we cannot guarantee that Personal Information submitted to, maintained by, or transmitted by our systems is absolutely secure in all situations.

Security is a collaborative effort and information transmitted over the internet is susceptible to possible loss, interception and misuse, so we also recommend that you create a sophisticated password for logging in to our services, change that password regularly and ensure you keep it confidential.

If you suspect there has been any unauthorised access to or misuse of your Personal Information, immediately contact our Data Protection Officer at privacy@protecht.com.au.

If you have any concerns about the security of our platform, contact our Information Security Team at security@protecht.com.au.

(b) Where your Personal Information is located

Our servers are based in Australia, so your Personal Information will generally be processed and hosted in Australia.

Users based in the United Kingdom and the European Union

If you live in the UK, or the European Union, your Personal Information will be stored on our servers located in the UK, and may be processed by our support staff based in Slovakia.

5. How do we use the information we collect?

(a) How we use your Personal Information

Personal Information

We may, from time to time, use the Personal Information we collect from you or that you provide to us to:

  • contact you directly regarding our Services;
  • provide you with proper access to and use of our Services;
  • help you use our Services;
  • contact you to provide customer service support;
  • research the effectiveness of our Websites, marketing, advertising and sales efforts;
  • keeping you informed and up-to-date with our Services; or
  • sell or market our Services to you.

Our use of your Personal Information is limited to these purposes. Unless permitted by law, no Personal Information about a User is collected, without an appropriate entity first obtaining the consent of the data subject to the collection, use, dissemination or processing of that information.

(b) United Kingdom and European Union Users

When you use our Services as a user, we process your Personal Information either:

  • with your consent;
  • to fulfil our contractual responsibility to deliver the Services to the customer; or
  • to pursue Protecht's legitimate interests of improving our Services or developing new products and features.

When you use our Services as a Visitor, we process your Personal Information either:

  • with your consent; or
  • to pursue Protecht's legitimate interests of improving our Services or developing new products and features.

(c) Customers and Customer's Users

When you use our Services as a Customer or Customer's User, we may use your Personal Information to:

  • Create your account: We need to collect and use your Personal Information to allow you to create an account and log in to that account.
  • Provide you with our Services: This includes providing you with access to and use of our Platform and customer support, which may require us to access your Personal Information so that we can assist you, for example, in the event of a technical issue.
  • Manage our Services: We use your Personal Information in order to provide you with our Services and to improve our Services. This may include:
    • monitoring, maintaining and improving our Services and features;
    • personalising or customising your experience when you use our Services (including presenting the Protecht suite of services in the best format for you or the device you use to access the Protecht service);
    • creating new services or features;
    • preventing potentially illegal, undesirable or abusive activities;
    • investigating complaints made by you;
    • communicating with you via telephone or SMS message from time to time, as part of secondary fraud protection; or
    • to respond to requests for information required by law, such as subpoenas, warrants or other mandatory information requests.
  • Contact you about our Services or your account: From time to time, we may need to contact you via email, mail or telephone to tell you about changes to our Services, terms or policies.
  • Market our Services: We may also send you news and information about our products or services that you either request from us or we believe may interest you. In most cases, we will contact you via email. As part of our marketing efforts, we may combine information about you from third party sources with information we hold about you to create a user profile, which will help us to make our sales and marketing efforts more relevant to you and to personalise and improve your experience.
  • Respond to legal requests and prevent harm: If we receive a legal request or are informed of a situation that may cause harm, or potential harm to someone, we may need to use your Personal Information in order to respond appropriately to that request or threat.

(e) Visitors

When you use our Services as a Visitor, we may use your Personal Information to:

  • Contact you for marketing purposes: We may send you news and information about our products or Services that you either request from us, or we believe may interest you (unless prevented by law). In most cases, we will contact you via email.
  • Manage our Services: We may use your Personal Information in order to provide our Services and improve those Services. Some of these uses include:
    • personalising or customising your experience when you use our Services (including presenting our Websites in the best format for you or the device you use to access our Websites);
    • creating new Services or features;
    • monitoring, maintaining and improving our Services and features;
    • enforcing our contracts and policies when we are made aware of potential breaches of the security of Personal Information;
    • preventing potentially illegal, undesirable or abusive activities; or
    • responding to requests for information required by law, such as subpoenas, warrants or other mandatory information requests.
  • Profiling for marketing purposes: As part of our marketing efforts, we may combine information about you from third party sources with information we hold about you to create a user profile, which will help us to make our sales and marketing efforts more relevant to you and to personalise and improve your experience.

(f) Anonymity and pseudonyms

In most cases, it will be very difficult for us to provide you with our Services if you do not provide us with your real name and contact details (primarily the email address you use when creating your account). Situations where we might have difficulty interacting with you anonymously, or via a pseudonym, are when you use our Services as a Customer.

If lawful and practicable, you may use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about our Services or this Privacy Policy, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with your Personal Information, we may not be able to provide you with our products or Services or respond adequately to you.

6. Who do we share your Personal Information with?

(a) General

We will share your Personal Information with third parties only in the ways that are described in this Privacy Policy. To provide you with our Services, we will often need to disclose your Personal Information to our staff or the service providers we use to operate our business. Examples of our service providers include hosting services, project management software, email service providers; system monitoring services; customer support services; and website analytics. If a service provider needs to access information about you to perform services on our behalf, they do so only under close instruction from us, including by adopting appropriate security and confidentiality measures designed to protect your Personal Information.

In most cases, the Personal Information that we disclose to our staff or service providers will be directly necessary for us to provide our Services to you. However, there may be other occasions where we need to disclose your Personal Information to our staff, service providers, professional advisors or other third parties, including to:

  • Provide the Services: In providing the Services, we may need to disclose your Personal Information to people who work for us or to one of our service providers. Our agreements with third party service providers always include obligations to protect the security and confidentiality of your personal information. These disclosures may be related to activities such as filling orders, processing payments and mail-outs, storing and managing documents, research, providing professional advice, facilitating creation of accounts, sending you service emails, providing technical support, or providing other services to you.
  • Prevent illegality or enforce our terms and policies: If you engage in or threaten any unlawful activity, we may reasonably believe that it is necessary to disclose your Personal Information to the police, a relevant authority or enforcement body, or your internet service provider, employer, supervisor or network administrator.
  • Protect our rights or the rights of our staff: There may be situations where disclosing your Personal Information is necessary to protect the property, health or safety of Protecht or its staff, our Customers or others. For example, exchanging information with other organisations to protect against fraud.
  • Keep other entities associated with us informed: In some cases, we may need to disclose your Personal Information to our agents, business affiliates, joint venture entities, partners, investors or any applicable subsidiaries or holding companies. For example, the need to disclose your Personal Information to these entities may arise from a legal obligation we owe that entity or to assist our or their legitimate business interests.
  • Run events, competitions and promotions: We may need to disclose your Personal Information to sponsors and promoters when you register or attend an event that we conduct or promote.
  • Perform actions you request or consent to: You may expressly authorise us to disclose your Personal Information to a third party. For example, to resolve a dispute regarding our Privacy Policy or to integrate a third-party service. We may also disclose your Personal Information to a third party with your prior consent.
  • Comply with legal requests: In some situations, we may be compelled to disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose your Personal Information to third parties such as law enforcement officials or to comply with court orders, such as subpoenas or other legal processes.
  • Merge or sell our business: We may share some or all of your Personal Information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Information may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the Personal Information collected by us and will assume and be subject to all the rights and obligations regarding your Personal Information, as described in this Privacy Policy. If Protecht is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website, of any change in ownership, uses of your Personal Information, and choices you may have regarding your personal information.

When we disclose your Personal Information to third parties such as our service providers, we have robust confidentiality and data processing agreements in place with them to ensure they maintain the confidentiality of you Personal Information and have adequate privacy and security measures in place to protect your Personal Information. 

(b)

We may share your Personal Information globally with within the Protecht Group of companies in order to carry out the activities specified in this policy. We may also subcontract processing to, or share your Personal Information with, third parties located in countries other than your country. Your Personal Information, therefore, may be subject to privacy laws that are different from those in your country.

Personal information collected within the European Union may, for example, be transferred to and processed by third parties located in a country outside of the European Union. In such instances, we we will ensure that the transfer of your Personal Information is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place, such as the Standard Contractual Clauses approved by the EU Commission.

7. What are your rights in relation to your Personal Information?

 You have certain rights relating to your Personal Information, subject to local data protection laws. These rights may include:

(a) Accessing your Personal Information held by us (right to access);
(b) Rectifying inaccurate Personal Information and, taking into account the purpose of processing the Personal Information, ensuring it is complete (right to rectification);
(c) Erasing/deleting your Personal Information, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
(d) Restricting our processing of your Personal Information to the extent permitted by law (right to restriction of processing);
(e) Receiving your Personal Information in a commonly used format and transferring your Personal Information to another controller, to the extent possible (right to data portability);
(f) Objecting to any processing of your Personal Information carried out on the basis of our legitimate interests (right to object). Where we process your Personal Information for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
(g) Not being subject to a decision based solely on automated processing, including profiling, which produces legal effects ; and

To the extent we base the collection, processing and sharing of your Personal Information on your consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal. You have control over your Personal Information and how it is collected, used and shared. You can, at any time, exercise your rights by:

  • Updating your account details: You may edit your registration and other account information on your account settings page or your profile page. This information will be updated immediately. To update any other information, please contact our Privacy Officer at privacy@protecht.com.au.
  • Requesting access, correction or deletion of your Personal Information: Upon request, we will provide you with information about whether we process, or provide to a third party to process on our behalf, any of your Personal Information. If you want to review, correct (if necessary) or delete the Personal Information that we have collected and hold about you, please contact our Privacy Officer at privacy@protecht.com.au
  • Requesting an export of your Personal Information: If you request an export of the Personal Information that we hold about you, we will provide you with this information in a standard CSV file format. This data format may not be applicable or compatible with all systems. To request a data export, please contact our Privacy Officer at privacy@protecht.com.au.
  • Limiting or stopping use or disclosure of your Personal Information: If you want to limit or stop our use of or disclosure of your Personal Information to third parties, please contact our Privacy Officer at privacy@protecht.com.au. However, please note that by limiting or stopping the use of your Personal Information by us, or its disclosure to third parties, you may also limit our ability to provide you with our Services.
  • Withdrawing your consent: Where we have relied on your consent to use your Personal Information, you have the right to withdraw that consent at any time by contacting our Privacy Officer at privacy@protecht.com.au. Un-subscribing to communications: If you subscribe to our newsletter(s) or other communications, you may choose to stop receiving those communications by using the unsubscribe instructions included our emails, or by contacting our Privacy Officer at privacy@protecht.com.au.
  • Lodging complaints: You also have the right to complain to a data protection authority about our processing of your Personal Information. For more information, please refer to "How do you make a complaint?" below.
  • Other queries or requests: If you have any queries about our handling of your Personal Information or want to make a request that is not listed above, please contact our Privacy Officer at privacy@protecht.com.au.

To protect your privacy and security, we may take steps to verify your identity before complying with your request. Where the Services are administered for you by an administrator (see "Notice to End Users" below), you may need to contact your administrator to assist with your requests first.

8. How long do we retain your Personal Information?

(a) Users

We retain your Personal Information for as long as we provide our Services to the customer (or until the customer requests we delete your Personal Information), or long as is required to comply with our legal obligations, resolve disputes or enforce our legal rights. We may keep your Personal Information in our encrypted and archived backups for up to 90 days from the point of collection.

(b) Visitors

We will retain your Personal Information for as long as is necessary to provide our Services to you, or to comply with our legal obligations, resolve disputes, and enforce our legal rights.

9. How do you make a complaint?

(a) Contacting our Privacy Officer

Please contact our Privacy Officer if you have any complaints about our handling of your Personal Information, our response to your request or our compliance with this Privacy Policy or relevant privacy laws. We will treat your complaint seriously, and will investigate any alleged breach, including how it occurred, and how best to prevent future breaches (if relevant). You can contact our Privacy Officer at privacy@protecht.com.au.

We will respond to your complaint as soon as possible.

(b) UK and European Union complaints

Our Privacy Officer is our Data Protection Officer (DPO) for the purposes of European Union and UK data protection laws and will primarily deal with any communications with EU or UK data protection authorities. If you live in the European Union and have any complaints regarding our compliance with our Privacy Policy, please contact our Privacy Officer at privacy@protecht.com.au. If you are dissatisfied with our handling of your complaint, please contact the relevant data protection authority in your country. If you are located in the UK, you can contact the UK Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/,or by phoning their dedicated helpline on +44 0303 123 1113. We will cooperate with the UK Information Commissioner's Office or the relevant data protection authority in your country regarding the investigation and resolution of your complaint, and will abide by any specific actions they require of us in order to comply with our Privacy Policy or applicable laws.

(c) Australian complaints

If you live in Australia and have any complaints regarding our handling of your Personal Information, our response to your request or our compliance with the Privacy Act 1988 (Cth), please contact our Privacy Officer at privacy@protecht.com.au. However, if you are dissatisfied with our response, you may raise a complaint with the Office of the Australian Information Commissioner by contacting them at: https://www.oaic.gov.au/about-us/contact-us. 

Notice to End Users

Our Services are intended for use by organisations. Where the Services are made available to you through an organisation (e.g. your employer), that organisation is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your privacy questions to your administrator in the first instance, as your use of the Services is subject to that organisation's internal policies. We are not responsible for the privacy or security practices of an administrator's organisation, which may be differ to this policy.

10. Additional Information

(a) Sensitive Personal Information

If you send or disclose any Sensitive Personal Information ( information related to racial or ethnic origin, political beliefs, sex life or physical or mental health) to us when using the Services, you consent to our processing and use of Such Sensitive Personal Information as necessary to provide the Services. If you do not consent to our processing and use of such Sensitive Personal information, you must not submit Sensitive Personal Information to us via our Services. You may subsequently modify or withdraw your consent to processing of Sensitive Personal Information in accordance with applicable laws in certain jurisdictions and according to Section 8 of this Privacy Policy.

If you do not want your Company to send us Sensitive Personal Information about you, you must make such request directly to your Company.

(b) Cookies and tracking technologies

We and our marketing partners, affiliates, or analytics or service providers use technologies such as cookies, beacons, tags, and scripts, to analyse trends, administer the Website, track User's movements around the Website, and gather demographic information about our User base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

We use cookies to remember Users' settings and preferences and for session management. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Services, but your ability to use some features or areas of our Services may be limited.

We use Local Storage, such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on our Websites or to display advertising based upon your web browsing activity also use Flash cookies and HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5. To manage Flash cookies, please click here.

We partner with a third party to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this Website and other sites in order to provide you advertising based upon your browsing activities and interests. If you prefer not tot have this information used for the purpose of serving you interest-based ads, you may opt-out at any time. If you are located outside of the European Union, Click here for more information. If you are located in the European Union, click here for more information. Please note this does not opt you out of all advertising. You will continue to receive generic ads.

Please see our Cookie Policy for more information on what cookies and tracking technologies we use in our Services.

(c) Social media widgets

Our Websites may include social media features or widgets, such as the Facebook "Like" or "Share" buttons. Use of these features may collect your IP address, detect which page you are visiting on our Websites, and set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the third party providing these features.

(d) Links to other websites

Our Websites may include links to other websites. The privacy practices of those other websites may differ from Protecht's privacy practices. If you submit Personal Information to any of those websites, your Personal Information is governed by their privacy policy. We encourage you to carefully read the privacy policy of any website you visit.

(e) Testimonials

We display Customer or user testimonials and other endorsements on our Websites. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial or any other endorsement, please contact us at privacy@protecht.com.au.

(f) Blog and forums

Our Websites offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To remove your Personal Information from our blog or community forum, please contact us at privacy@protecht.com.au. In some cases, we may not be able to remove your personal information, and in such cases, we notify you and explain why we are unable to fulfill your request.

(g) Protecht.ERM Mobile Application

You can stop all collection of information by the Protecht.ERM Mobile Application by uninstalling it. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.

11. Protecht Group contact details.

If you have any questions, concerns or complaints about our Privacy Policy or our data collection or data processing practices, wish to access your Personal Information, or if you want to report any privacy concerns or data security issues, please contact us at the email address below, and we will respond to you as soon as possible or refer your question, concern or complaint to the appropriate party.

Protecht Group
Email: privacy@protecht.com.au