Your privacy is important to riskfacilitator. So we’ve developed a privacy policy that covers how we collect, use, disclose, transfer and store your information.  Please take a moment to familiarise yourself with our privacy practices and let us know if you have any questions.

Collection and use of personal information

Personal information is data that can be used to uniquely identify or contact a single person. You may be asked to provide your personal information anytime you are in contact with riskfacilitator or a riskfacilitator affiliated company. riskfacilitator and its affiliates may share this personal information with each other and use it consistent with this privacy policy. They may also combine it with other information to provide and improve our services, content and advertising.

What personal information we collect

​

• When you purchase our services, use our applications, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences.

How we use your personal information

​

• The personal information we collect allows us to provide the services you request. It also helps us to ensure the services work as intended. 

• We also use personal information to help us develop, deliver and improve services, content and advertising.

• From time to time, we may use your personal information to send important notices, such as communications about our services and changes to our terms, conditions and policies. Because this information is important to your interaction with riskfacilitator, you may not opt out of receiving these communications.

• We may also use personal information for internal purposes such as auditing, data analysis and research to improve riskfacilitator’s, services and customer communications.

Collection and use of non-personal information

We also collect non-personal information − data in a form that does not permit direct association with any specific individual. We may collect, use, transfer and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

​

• We may collect information such as occupation, language, postcode, area code, unique device identifier, location and the time zone where a riskfacilitator service is used so that we can better understand customer behaviour and improve our services.

• We also may collect information regarding customer activities on our website, and from our other services. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website and services are of most interest. Aggregated data is considered non-personal information for the purposes of this privacy policy.If we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined.

Cookies and other technologies

riskfacilitator’s website, online services, interactive applications, email messages and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, tell us which parts of our website people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non-personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this privacy policy. If you want to disable cookies , check with your provider to find out how to disable cookies. Please note that certain features of the riskfacilitator website will not be available once cookies are disabled.

As is true of most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp and clickstream data.

We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site and to gather demographic information about our user base as a whole. riskfacilitator may use this information in our marketing and advertising services.

In some of our email messages, we use a “click-through URL” linked to content on the riskfacilitator website. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.

Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers. 

Disclosure to third parties

At times riskfacilitator may make certain personal information available to strategic partners that work with riskfacilitator to provide products and services, or that help riskfacilitator market to customers.  Personal information will only be shared by riskfacilitator to provide or improve our services; it will not be shared with third parties for their marketing purposes.

Service providers

riskfacilitator shares personal information with companies who provide services such as information processing, fulfilling its contracted services, managing and enhancing customer data, providing customer service, assessing your interest in our services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever riskfacilitator operates.

Others

It may be necessary − by law, legal process, litigation and/or requests from public and governmental authorities within or outside your country of residence − for riskfacilitator to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

We may also disclose information about you if we determine that disclosure is reasonably necessary to protect our operations. Additionally, in the event of a reorganisation, merger or sale we may transfer any and all personal information we collect to the relevant third party.

 

GDPR

In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. The fact that you may be located in Europe does not, however, on its own entitle you to protection under the GDPR. Our website and services do not specifically target customers located in the European Union and we do not monitor the behaviour of individuals in the European Union, and accordingly the GDPR does not apply.

Protection of personal information

riskfacilitator takes precautions — including administrative, technical and physical measures — to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, disclosure, alteration and destruction.

riskfacilitator online services use Secure Sockets Layer (SSL) encryption on all web pages where personal information is collected. To make purchases from these services, you must use an SSL-enabled browser such as Safari, Firefox or Internet Explorer. Doing so protects the confidentiality of your personal information while it’s transmitted over the Internet.

When you use some riskfacilitator services or applications or post on an riskfacilitator forum, chat room or social networking service, the personal information you share is visible to other users and can be read, collected or used by them. You are responsible for the personal information you choose to submit in these instances. For example, if you list your name and email address in a forum posting, that information is public. Please take care when using these features.

Retention of personal information

We will retain your personal information for the period necessary to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. You can help ensure that your contact information is accurate, complete and up to date by contacting us. 

Children

We do not knowingly collect personal information from children under 15. If we learn that we have collected the personal information of a child under 15 we will take steps to delete the information as soon as possible.

Third-party sites and services

riskfacilitator websites, products, applications and services may contain links to third-party websites, products and services. Our products and services may also use or offer products or services from third parties. Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

International users

Information you provide may be transferred or accessed by entities around the world as described in this privacy policy. riskfacilitator abides by the Australian Government Privacy Act 1988. 

Security

How we protect your data

​

We take security of your data into consideration at every step of the software development process. It all starts with the app itself. Leading, trusted, and reliable open source frameworks. All our apps are built on secure open source web frameworks. This ensures there is a large community of software and security experts dedicated to ensuring the security of the framework underneath your app. If and when security issues are discovered, due to the power of the open source community, they are swiftly patched, and we then pull in the latest updates to your app with every deployment. We rely on open source for the framework of your app, as reinventing the wheel when it comes to security of your data is a vulnerability waiting to happen. We primarily use Django, a python-based web framework. Django has one of the best reputations across web frameworks and is used in large applications such as Instagram, Spotify, and YouTube. We also work with other web frameworks.

 

Secure development environments

 

Our development environments and tools are all protected with two-step authentication, ensuring your information and IP is protected. This includes storage of source code and the source code repository, cloud infrastructure consoles, cloud storage systems. Some data such as source code, analytics, error data, performance metrics are hosted by third parties such as Atlassian (Source Code & Issue Management), Sentry (Error Reporting), New Relic (APM).

 

Data encryption & storage

 

We utilise Amazon Web Services (AWS) as our cloud provider and ensure all data at rest and in transit is encrypted. All severs running your application and storing your application’s data are physically located in Sydney, Australia by default, unless explicitly requested otherwise by the client.

 

Stored data

 

Any documents, images, attachments stored from your application are stored in an encrypted Amazon S3 bucket which requires an authentication token and ID to access.

 

Database

 

The database powering the application also utilises data encryption on the disk level, secured by an Amazon generated decryption key.

 

Networks & infrastructure

 

All data being transmitted to and from the application servers are encrypted using HTTPS/SSL encryption.

 

Data segregation

 

All data stored by your application is segregated from other applications using permissions and access control structures. These are reviewed regularly to ensure there are no issues or lapses in security. As we are using a cloud provider, we can’t guarantee physical separation of data on a hardware level. 

Privacy questions

If you have any questions or concerns about riskfacilitator’s privacy policy or data processing, please contact us. riskfacilitator may update its privacy policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated privacy policy.

riskfacilitator Pty Ltd  PO Box 117 Waverley 2024 Australia.

Last updated: 1 August 2022