1 Overview
(a) Allette is commits to the secure maintenance of all personally identifiable information (PII) in compliance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (the Privacy Act).
(i) The APPs govern how to collect, use, disclose, store, secure, and dispose of personal information.
(ii) The APPs is available from the website of The Office of the Australian Information Commissioner.
2 Personal information
(a) Personal Information, for the purposes of this policy, and as defined by the Privacy Act, means facts, or opinions, about an identifiable individual regardless of:
(i) Whether the information or opinion is true or not.
(ii) Whether the information or opinion is recorded in a material form or not.
(b) Examples of personal information include: name, address, academic history, email address, and phone number of a person.
3 Consent
(a) “Consent” refers to the voluntary, informed and explicit agreement of an individual for the processing of their personal information. The expression of consent should be clear, specific, and unambiguous. To obtain consent, Allette undertakes the following:
(i) To provide a clear and easily understood explanation regarding the need for the information, how we will use it, and who will have access to it.
(ii) To ensure that consent is freely given, is a genuine choice of options, and can be withdrawn.
(iii) To record when, and in what context, was the granting of consent so we can schedule a review and refresh of it.
4 Reasons to collect, retain, use, and disclose personal information
(a) Allette collect, hold, and use personal information for the purpose of conducting business functions and activities such as granting customer employees access to customer systems or providing them with technical support.
(b) Other reasons might include the following:
(i) To issue a API key, software license, register or activate a product.
(ii) Accept payment, provide invoices, or refunds.
(iii) Tracking or improving our product and service.
(iv) Provide other services, such as training.
(c) Allette limit the collection of personal information to only what is essential for the specific business functions and activities.
(d) Where we collect any third party personal information, for example, other authorised users, customers, or customer employees, it must have consent from each individual.
5 When is personal information collected?
(a) Allette most commonly collects personal information in these instances:
(i) People purchase, register, or install our products.
(ii) People use our technical support or consulting services.
(iii) People granting access to their systems so Allette can provide technical support or consulting services.
(b) Other ways that engaging with Allette might cause the collection of personal information are:
(i) Through normal communications such as email, correspondence, telephone, or business card.
(ii) By attending public functions, events, seminars, roadshows, conferences, or training.
(iii) Entering competitions.
(iv) Visiting the Allette website.
(v) Participating in forums or posting on social media in relation to our products.
6 Information accuracy
(a) To the degree possible, personal Information will be kept accurate, complete, up to date, and reliable for its intended use.
(b) Allette will periodically review and update all records for accuracy and relevance. Where appropriate, records will securely purged.
7 Personal information
7.1 Use of personal information
(a) The use of personal information will only be for the purpose for which consent was given.
(b) Any use of personal information will accord with the allowable purposes under the Privacy Act, including:
(i) To allow communication.
(ii) To record the purchase of products or services.
(iii) To promote updates or additions to our range of products and services.
(iv) To respond to enquiries.
(v) Where communication uses email the opportunity to opt out of unsolicited messages will always be available.
7.2 Disclosure of personal information
(a) In accordance with the Privacy Act, disclosure of information will be under the following circumstances:
(i) Consent has been provided.
(ii) It would be reasonable to expect contact.
(iii) Required by law or upon request from authorized government agencies.
(b) Where Allette has been subject to a security breach, such as intrusion or ransomware, anyone with potential exposure will be notified in accordance with legislation or upon advice from authorities.
8 Information storage, destruction, and security
(a) Storage, encoding and encrypting all personally identifiable information (PII) is in accordance with best practice security and data masking techniques.
(b) Allette regularly review the technology and techniques for processing PII against the latest, known vulnerabilities.
(c) Access to PII by internal personnel must to meet a management-approved requirement, and must be done in a way that ensures the logging of any access.
(d) The retention of PII will be for only the time necessary to meet the business purposes of its original collection and consent.
(e) When the need for the PII has been met, all reasonable steps will be taken to destroy or permanently de-identify it.
9 Access to information
(a) The Privacy Act provides the right for people to access the personal information held about them and to correct or update it.
(b) Anyone wishing to access or update their personal information, please contact Allette in writing (see below).
(c) There is no fee for processing this request to access data, but it will require proof of identification.
10 Complaints and enquiries
Any queries or complaints regarding the Allette Privacy Policy can be sent to the following:
ISMS Manager
Allette Systems (Australia) Pty Ltd
Level 2, 73 Union Street, Pyrmont, NSW 2009
or email us at - isms@allette.com.au
11 Policy review
The security of personal information is an ongoing concern for Allette, requiring a commitment to proactive management and planning. To maintain the highest possible levels, triggers for the review will be:
(a) Any revision to internal policies or procedures affecting the integrity of this policy.
(b) Automatically, after twelve months without a review.