Insightus (herein we, us, our) is committed to providing quality services to our users. This policy outlines our ongoing obligations to you in respect of how we manage your personal information. We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your personal information. A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
This policy extends to information covered by the General Data Protection Regulation 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA) where relevant.
We collect personal information for the primary purpose of providing our services to you. By using our services, you are agreeing to disclose certain personal information to us and are further authorising us to use and disclose the information as set out in this policy. Personal information refers to the set of data which can directly identify you as well as additional data which may not identify you.
Information we collect includes, but is not limited to:
- Profile information, such as, first and last name, email, and phone number
- Organisation information, such as, organisation name, address, and phone number
- Location information, such as, precise, and approximate location
- Service usage information, such as, IP addresses, device information, usage, and other log information
- Digital storage and anonymous identifiers, such as, cookies, cache, and browser web storage
This information is obtained through use of our services and during account creation. When we collect personal information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
For personal data we collect or use which is covered by GDPR, i.e., personal information, we are the Controller of the data. In certain circumstances we may also be the Processor or engage with a Processor of the data. As such, we will adhere with the principles set out in the GDPR and process data lawfully, fairly, and transparently. We will further be transparent about how your personal data will be processed, by whom, and why. Personal data collection will be limited to what is necessary and for legitimate purposes only. We will also keep personal data accurate, up to date, and store it for no longer than is necessary. Finally, we will ensure the data are stored securely, confidentially and maintain data integrity while protecting against unauthorised processing, misuse, accidental loss, destruction and damage.
Use of personal information
Our use of your personal information covers the following purposes:
- Supplying our services to you including authorising your use of our services, providing access to our websites and applications, tracking usage for billing purposes, personalisation of our services to improve user experience, and securing our services to prevent fraudulent use
- Sending information to third parties who provide features used by us and our applications, for example to to enable features in the application (we are unable to guarantee the policies of third parties and therefore endeavour to provide limited personal information, such that the third parties are unable to identify any individual user)
- Monitoring and analysing information, such as trends, cookies and usage date, to prepare and plan upgrades to our services and improve the overall quality of our services
- Assisting with your inquiries and resolving issues, complaints and bugs that arise from your use of our services
- Providing you with relevant communication in relation to our business and services
- Other uses which may be added in future versions of this policy
Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Retention of personal information
We will retain your personal information for the time necessary to provide the purposes described above. When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information.
At any time, you may request that we stop processing or delete your personal information by contacting firstname.lastname@example.org. Erasure of personal information will be performed in accordance with the Privacy Act, GDPR and CCPA as is relevant.
Disclosure of personal information
Your personal information may be disclosed in different circumstances including, but not limited to, third parties where you consent to the use or disclosure, either explicitly where required or by accepting this policy; and where required or authorised by law.
Security of personal information
Your personal information is stored such that it is reasonably protected from misuse, loss and from unauthorised access, modification or disclosure, such as through the use of encryption in motion (e.g. TLS/SSL) and encryption at rest (e.g. AES-256). Data are additionally protected using security measures including firewalls, multi-factor authentication and access-controlled environments.
Access to your personal information
You may request details of the personal information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.
We will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal information. To protect your personal information we may require identification from you before releasing the requested information.
We will provide personal information to you in accordance with the Privacy Act, GDPR and CCPA regulations as is relevant. In circumstances set out in the Privacy Act, we may refuse to provide personal information that we hold about you.
Maintaining the quality of personal information
It is an important to us and the quality of the services we provide that your personal information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognise you and make your next visit easier and the Service more useful to you.
Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.
- Enable specific functionality of our services
- Provide analytics on how you use our services
- Storage of preferences
- Essential cookies are required by the service to enable core functionality. These may change the way the service behaves or looks.
- Account cookies are related to user authentication and are used to prevent fraudulent use and access to the services. They may also be used to further change the way the service behaves or looks.
- Analytics cookies collect information on how you interact with and use the services. These inform our planning activities and allow us to make improvements and build features which improve the quality of the services we provide.
- Third party cookies are cookies on our services that were designed by other organisations and individuals. These are used for a range of purposes including reporting usage statistics, personalisation, and delivering advertising.
If you wish to see the cookie data we collect, delete cookies, or refuse to accept cookies, you may do so through the settings of your web browser. Please visit the help pages of your web browser to find instructions on how to do so.
If you choose to delete or refuse to accept cookies, please note that we may be unable to provide the regular and complete use of our services to you. For example, we may be unable to store preferences, and some of our pages may not display correctly.
Information storage and international transfer
Insomuch as is possible, personal information will be stored and processed in either the country or jurisdiction it is collected or in a country or jurisdiction we operate in (currently: Australia) and not transferred between countries or jurisdictions. However, for specific uses within our services, we may require that your information is transferred internationally, including into or out of the European Economic Area and the United States of America.
Personal information that you publish on our services, including our website and mobile applications may be accessed via the internet around the world. As a result, we are unable to prevent the use or misuse of such information by others.
By using our services, you expressly agree to transfer of personal information as described in this section.
Data breach notification
In the event of a data breach, we will notify, at minimum, directly affected persons and organisations without undue delay. Notification will include:
- A description of the data breach that has taken place
- The specific details related which have potentially been accessed
- Whether we believe there is any risk to your rights and freedoms, for example, a risk of identity theft
- Measures taken to remedy or mitigate the breach
Non-discrimination and CCPA
In accordance with the regulations set out in CCPA, you have the right to our services on equal terms regardless of whether or not you exercise your rights under the CCPA.
This policy may change from time to time and is available on our website.
This policy was last updated on 30/11/2022 and is currently effective.