Your privacy is important to riskfacilitator. We have developed a privacy policy that outlines how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarise yourself with our privacy practices. If you have any questions, contact us directly.

​

Collection and Use of Personal Information

​

Personal information is data that can be used to identify or contact an individual. You may be asked to provide personal information when interacting with riskfacilitator or its affiliated companies. This information may be shared internally and used in accordance with this policy. It may also be combined with other data to improve services, content, and client experience.

​

What We Collect

 

When you engage our services or use our applications, we may collect your name, mailing address, phone number, email address, and contact preferences.

​

How We Use Personal Information

​

We use personal information to:

• Provide and manage services you request

• Ensure platforms and applications function as intended

• Improve our services, content, and customer support

• Communicate important updates, including changes to our terms, conditions, and policies (these communications are mandatory and not subject to opt-out)

• Conduct internal audits, data analysis, and research to enhance client outcomes

 

Collection and Use of Non-Personal Information

​

We collect non-personal information that does not directly identify individuals. Examples include occupation, language, postcode, location data, device identifiers, and usage metrics. This helps us understand user behaviour, improve service delivery, and enhance client experience.

​

Aggregated non-personal data may be used for analysis, marketing, and service development. Where non-personal and personal information are combined, the combined data will be treated as personal information.

​

Cookies and Other Technologies

​

Our website and digital platforms use cookies and similar technologies (such as pixel tags and web beacons) to improve user experience and measure website performance. If Internet Protocol (IP) addresses or other identifiers are considered personal information under applicable law, we treat them accordingly.

​

Users may disable cookies via browser settings. However, some website features may not function properly if cookies are disabled.

​

Log Files and Tracking

​

We collect data such as IP address, browser type, ISP, referring/exit pages, operating system, date/time stamp, and clickstream data. This information supports website administration, user analytics, and service improvements.

​

Email and Click Tracking

​

Our emails may include click-through URLs to track interest in content and improve future communication. Pixel tags may be used to determine whether messages have been opened. You can opt out by avoiding links in emails.

​

Disclosure to Third Parties

​

riskfacilitator may share personal information with:

• Strategic partners who help deliver our services or support our marketing

• Service providers involved in processing, customer service, data management, and feedback collection

​

These parties are contractually obligated to protect your data. Information will not be sold or shared for third-party marketing.

​

Legal Disclosure

​

We may disclose your personal information if required by law, legal process, or public authority request. Disclosure may also occur to protect national security, comply with enforcement obligations, or safeguard riskfacilitator’s operations.

​

In the event of a reorganisation, merger, or sale, data may be transferred to the acquiring entity.

​

International Users

riskfacilitator operates primarily in Australia and complies with the Australian Privacy Act 1988. Information you provide may be accessed by entities in other jurisdictions where necessary for service delivery. The GDPR does not apply unless specifically triggered by applicable engagement.

​

Children

​

We do not knowingly collect information from children under the age of 15. If such information is inadvertently collected, it will be deleted.

​

Third-Party Links and Services

​

Our platforms may link to or integrate with third-party websites and tools. These third parties operate independently and have their own privacy policies. We encourage users to review those policies.

​

Security and Data Protection

​

How We Protect Your Data

​

riskfacilitator embeds security into every step of our development and service process:

• Our applications use secure open-source frameworks, primarily Django, maintained by global development communities

• Development environments are protected with two-step authentication

• Source code, analytics, and infrastructure are hosted by secure third-party providers (e.g. Atlassian, Sentry, New Relic)

​

Encryption and Storage

​

We use Amazon Web Services (AWS) with encryption for all data at rest and in transit. Servers are located in Sydney, Australia unless otherwise requested by the client.

​

Stored data, including documents and attachments, is encrypted in secure Amazon S3 buckets. Access requires authentication credentials. Application databases use disk-level encryption with controlled access.

​

Network and Access Controls

​

All communications between users and our servers are encrypted using HTTPS/SSL protocols. Access to stored data is managed using strict permission structures that are reviewed regularly.

​

Data Segregation

​

Client data is logically separated using access control protocols. Physical separation of data on shared cloud infrastructure cannot be guaranteed.

​

Retention of Personal Information

​

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy unless a longer retention period is required by law. Information collected as part of service deliverables may be stored for up to seven years to support risk documentation and compliance obligations.

​

Client Responsibility for WHS Documentation

​

In cases where clients act as the Person Conducting a Business or Undertaking (PCBU), they retain full responsibility for authoring, maintaining, and owning legally required documentation. riskfacilitator only facilitates and supports these processes.

​

Informed Consent and Engagement

​

By using our services or platforms, you consent to the collection, use, and handling of your data as outlined in this policy and consistent with any signed service agreements or schedules.

​

Privacy Questions

​

If you have any questions or concerns about this policy or our data handling practices, please contact us at:

riskfacilitator Pty Ltd
77 Henrietta Street, Waverley NSW 2024, Australia
Email: info@riskfacilitator.com

​

This policy may be updated periodically. Where material changes are made, a notice will be posted on our website.

​

Last updated: 18 June 2025