Collection and use of personal information
What personal information we collect
When you purchase our services, use our applications, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences.
How we use your personal information
The personal information we collect allows us to provide the services you request. It also helps us to ensure the services work as intended.
We also use personal information to help us develop, deliver and improve services, content and advertising.
From time to time, we may use your personal information to send important notices, such as communications about our services and changes to our terms, conditions and policies. Because this information is important to your interaction with riskfacilitator, you may not opt out of receiving these communications.
We may also use personal information for internal purposes such as auditing, data analysis and research to improve riskfacilitator’s, services and customer communications.
Collection and use of non-personal information
We also collect non-personal information − data in a form that does not permit direct association with any specific individual. We may collect, use, transfer and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:
We may collect information such as occupation, language, postcode, area code, unique device identifier, location and the time zone where a riskfacilitator service is used so that we can better understand customer behaviour and improve our services.
Cookies and other technologies
As is true of most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp and clickstream data.
We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site and to gather demographic information about our user base as a whole. riskfacilitator may use this information in our marketing and advertising services.
In some of our email messages, we use a “click-through URL” linked to content on the riskfacilitator website. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.
Disclosure to third parties
At times riskfacilitator may make certain personal information available to strategic partners that work with riskfacilitator to provide products and services, or that help riskfacilitator market to customers. Personal information will only be shared by riskfacilitator to provide or improve our services; it will not be shared with third parties for their marketing purposes.
riskfacilitator shares personal information with companies who provide services such as information processing, fulfilling its contracted services, managing and enhancing customer data, providing customer service, assessing your interest in our services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever riskfacilitator operates.
It may be necessary − by law, legal process, litigation and/or requests from public and governmental authorities within or outside your country of residence − for riskfacilitator to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
We may also disclose information about you if we determine that disclosure is reasonably necessary to protect our operations. Additionally, in the event of a reorganisation, merger or sale we may transfer any and all personal information we collect to the relevant third party.
In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. The fact that you may be located in Europe does not, however, on its own entitle you to protection under the GDPR. Our website and services do not specifically target customers located in the European Union and we do not monitor the behaviour of individuals in the European Union, and accordingly the GDPR does not apply.
Protection of personal information
riskfacilitator takes precautions — including administrative, technical and physical measures — to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, disclosure, alteration and destruction.
riskfacilitator online services use Secure Sockets Layer (SSL) encryption on all web pages where personal information is collected. To make purchases from these services, you must use an SSL-enabled browser such as Safari, Firefox or Internet Explorer. Doing so protects the confidentiality of your personal information while it’s transmitted over the Internet.
When you use some riskfacilitator services or applications or post on an riskfacilitator forum, chat room or social networking service, the personal information you share is visible to other users and can be read, collected or used by them. You are responsible for the personal information you choose to submit in these instances. For example, if you list your name and email address in a forum posting, that information is public. Please take care when using these features.
Retention of personal information
We do not knowingly collect personal information from children under 15. If we learn that we have collected the personal information of a child under 15 we will take steps to delete the information as soon as possible.
Third-party sites and services
riskfacilitator websites, products, applications and services may contain links to third-party websites, products and services. Our products and services may also use or offer products or services from third parties. Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
How we protect your data
We take security of your data into consideration at every step of the software development process. It all starts with the app itself. Leading, trusted, and reliable open source frameworks. All our apps are built on secure open source web frameworks. This ensures there is a large community of software and security experts dedicated to ensuring the security of the framework underneath your app. If and when security issues are discovered, due to the power of the open source community, they are swiftly patched, and we then pull in the latest updates to your app with every deployment. We rely on open source for the framework of your app, as reinventing the wheel when it comes to security of your data is a vulnerability waiting to happen. We primarily use Django, a python-based web framework. Django has one of the best reputations across web frameworks and is used in large applications such as Instagram, Spotify, and YouTube. We also work with other web frameworks.
Secure development environments
Our development environments and tools are all protected with two-step authentication, ensuring your information and IP is protected. This includes storage of source code and the source code repository, cloud infrastructure consoles, cloud storage systems. Some data such as source code, analytics, error data, performance metrics are hosted by third parties such as Atlassian (Source Code & Issue Management), Sentry (Error Reporting), New Relic (APM).
Data encryption & storage
We utilise Amazon Web Services (AWS) as our cloud provider and ensure all data at rest and in transit is encrypted. All severs running your application and storing your application’s data are physically located in Sydney, Australia by default, unless explicitly requested otherwise by the client.
Any documents, images, attachments stored from your application are stored in an encrypted Amazon S3 bucket which requires an authentication token and ID to access.
The database powering the application also utilises data encryption on the disk level, secured by an Amazon generated decryption key.
Networks & infrastructure
All data being transmitted to and from the application servers are encrypted using HTTPS/SSL encryption.
All data stored by your application is segregated from other applications using permissions and access control structures. These are reviewed regularly to ensure there are no issues or lapses in security. As we are using a cloud provider, we can’t guarantee physical separation of data on a hardware level.
riskfacilitator Pty Ltd 77 Henrietta Street, Waverley 2024 Australia.
Last updated: 1 November 2023