Skip to content
Last Updated 29 April 2021

Privacy Policy

ENCOMPAAS SOFTWARE LTD PRIVACY POLICY

 

This Privacy Policy applies with respect to data subjects located in Australia, the European Union and United Kingdom.

 

Effective as of 29 April 2021

 

This policy (‘Privacy Policy’) explains how EncompaaS Software Ltd (ACN 628 933 371) (‘EncompaaS’) seeks to protect the Personal Information of individuals. EncompaaS is committed to protecting the safety and security of the personal information of individuals whose information EncompaaS has access to including the customers and employees of prospective and current EncompaaS clients, and other persons with whom EncompaaS interacts (each an ‘Individual’ or ‘you’).

 

The Privacy Policy has been developed in accordance with data protection laws of Australia, the European Union and the United Kingdom. This includes the Privacy Act 1988 (Cth) (‘AU PA’), the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (‘EU GDPR’), the Retained Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of s 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419) (‘UK GDPR’) and the UK Data Protection Act 2018.

 

Under the AU PA, “Personal Information” is defined as: “Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.”

 

With respect only to residents of the European Union and the United Kingdom, Schedule 1 of this Privacy Policy provides additional terms for the protection of “Personal Data” under the EU GDPR and UK GDPR. Personal Data should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.

Please read this Privacy Policy carefully in order to understand how your Personal Information is collected, held, used, or otherwise processed by us.

 

EncompaaS reserves the right to make changes or updates to this Privacy Policy from time to time. If this happens we will update this Privacy Policy and notify you of any changes, most likely via email. However, you should also periodically check this Privacy Policy for any updates.

 

1. ABOUT ENCOMPAAS

 

EncompaaS is a developer and provider of cloud-based, enterprise level services for data compliance and information governance across regulated industries (‘Services’).

 

EncompaaS provides its Services through developing and licencing information governance and compliance “Software as a Service” (‘SaaS’) offerings, through cloud-based platforms (together, ‘EncompaaS Platforms’).

 

In making the EncompaaS Platforms available, we are sensitive to Individuals’ concerns about the safety of their Personal Information.

 

In essence, EncompaaS will typically only:

  • collect, use or share your Personal Information with your consent (unless it is not reasonable in the circumstances to obtain your consent and it is legally permissible for us to do so) or when required by a legal obligation; and
  • interact with your Personal Information in order to: (a) provide the EncompaaS Platforms and operate our business generally, and (b) help us improve and develop the EncompaaS Platforms.

EncompaaS has developed our privacy framework to assist Individuals, and to comply with privacy legislation and regulations applicable to us and our management of your Personal Information.

 

2. HOW ENCOMPAAS COLLECTS YOUR PERSONAL INFORMATION

 

EncompaaS collects Personal Information in one of three main ways:

  • Directly from Individuals, when they interact with EncompaaS or the EncompaaS Platforms (e.g. enquire about the EncompaaS Platforms);
  • Passively from Individuals, when they interact with the EncompaaS Platforms (e.g. through recording technical data generated while Individuals use EncompaaS Platforms); and
  • From third-parties in certain, specific circumstances (e.g. if Personal Information about an individual is provided to EncompaaS in the process of developing a platform for one of our clients).

The specifics of Personal Information collected in each situation is discussed further below.

 

3. WHEN ENCOMPAAS COLLECTS INFORMATION FROM INDIVIDUALS AND WHAT WE COLLECT

 

(a) Personal Information collected directly

 

When an Individual makes an enquiry or sends us an expression of interest on our website or other elements of the EncompaaS Platforms following types of Personal Information directly and consensually:

  • Basic contact information, including your name, email, phone number, organisation and role;
  • Enquiry information, such as the details of indications of interest in having an EncompaaS Platform developed or licenced, or other information provided by in an enquiry;
  • Any content that you post and submit to EncompaaS Platforms and our social media pages, which includes any content from third-party platforms.

If an Individual is appointed as their organisation’s point of contact with EncompaaS, we may collect basic contact information (including an Individual’s name, email, phone number and role):

 

If you access EncompaaS Platforms on behalf of a corporate entity, or through a third-party service or platform (e.g. LinkedIn), we will collect information that is made available to EncompaaS by those services or platforms. You can generally control the information we receive from these sources by using the privacy settings on the third-party services or platforms.

 

When Individuals order Services (e.g. in respect of a EncompaaS Platform that has been commissioned), we may directly and consensually collect the Personal Information outlined in the relevant correspondence or form. Ordinarily this will include basic contact information required for our record keeping purposes.

 

When Individuals respond to a survey we may directly and consensually collect the Personal Information disclaimed and explained on the survey form.

 

When Individuals provide EncompaaS with unsolicited feedback or otherwise interact with EncompaaS on their own accord we may collect any contact information provided (including Personal Information), as well as any feedback.

 

When Individuals make an application for employment at EncompaaS, we may collect any Personal Information provided within that application, such as the contents of a personal statement made in support of an application.

 

(b) Personal Information collected passively

 

As Individuals come into contact with, or otherwise interact with EncompaaS Platforms or EncompaaS’ advertisements, we may collect the following types of Personal Information about their experience:

  • Content that is posted and submitted, including posts on our social media accounts or in discussion threads, as well as similar content that is posted about Individuals by others;
  • If an Individual’s organisation has requested specific user accounts to be generated for their employees over an EncompaaS Platform, we may collect background account information about those individuals (e.g. notification and other account settings).
  • The following types of browser, system and device information regarding EncompaaS’ and other devices Individuals use to access EncompaaS Platforms:
    • Locational information, such as in the form of the IP address from which EncompaaS Platforms are accessed, particularly when accessing the internal;
    • Web data tracking information, such as data from cookies stored on Individuals’ devices, including cookie IDs and settings, as well as logs of your usage of EncompaaS Platforms;
    • Device information provided by devices Individuals link to EncompaaS Platforms (e.g. device information from a smartphone) which at times might result in us collecting other secondary information about Individuals; and
    • System usage information, including logs of an Individuals’ access and use of the EncompaaS Platform.

 

(c) Personal Information collected from third-parties

In certain specific situations, EncompaaS will collect Personal Information about Individuals from third- parties. The types of Personal Information collected include:

  • Publicly available basic contact and biographical information (e.g. details available on LinkedIn, or any other biographical, display picture or other information);
  • Third-party account information made available to us if Individuals link their EncompaaS Platform account or usage to third-party services or platforms; and
  • Web data tracking information that fit certain parameters of who we think could become EncompaaS clients (e.g. heat maps developed through Google Analytics which track patterns of individual interactions with our web pages).

EncompaaS may also collect Personal Information through pseudo-anonymised data sets acquired from clients or other third-parties. These data sets might contain Personal Information that is not immediately attributable to identifiable individuals, but might come to constitute Personal Information when combined with other information available to EncompaaS.

 

4. WHY ENCOMPAAS COLLECTS YOUR PERSONAL INFORMATION AND WHAT WE USE IT FOR

 

Although EncompaaS collects Personal Information from Individuals in a number of circumstances, EncompaaS will only collect this information in order to provide and develop the EncompaaS Platforms and Services. Here are the main ways we use Personal Information to achieve these objectives:

 

Communicating with Individuals

 

EncompaaS will use basic contact, enquiry and feedback in order to communicate with Individuals about their enquiries or feedback, interest in EncompaaS Platforms or Services, and for other administrative purposes related to the specific reason for which the Personal Information was collected.

 

If Individuals have consented, EncompaaS will also use these types of Personal Information to share relevant news and updates about EncompaaS and the EncompaaS Platforms.

 

Administration and delivery of EncompaaS Platforms

 

EncompaaS will use basic contact information and other organisational information (e.g. provided about an Individual by their organisation) to engage with Individuals effectively and efficiently in providing the Services, and EncompaaS Platforms. EncompaaS will also use these types of information for administrative purposes (e.g. resetting account information or permissions as applicable).

 

Ensuring User safety

 

EncompaaS will use any type of information collected to prevent and address risks to all Individuals (e.g. EncompaaS will use information to investigate suspicious or threatening).

 

Research and development

 

EncompaaS will use the following types of information to develop, test and improve the EncompaaS Platforms and Services:

  • Survey and feedback information, as well as any content that is submitted;
  • Basic account preferences;
  • Background account, browser, system and device information; and
  • Third-party account or web tracking information.

Together these types of Personal Information are used to provide us with an overview of how the EncompaaS Platforms are being used, any shortcomings the EncompaaS Platforms or Services may have, and subsequently to highlight what will be the best means of improving experiences for all Individuals.

 

EncompaaS’ preference will be to de-identify these types information first, and then use it for this purpose in conjunction with de-identified browser and device information (see section 6 below for an explanation of what we mean by “de-identified”).

 

Marketing

Where Individuals have consented, or subject to law, EncompaaS will use basic contact, enquiry and organisational information to provide Individuals with relevant marketing materials and offers. Individuals can always opt out of this through the functionality provided in each marketing communication (e.g. by clicking “unsubscribe” at the bottom of an email).

 

5. ENCOMPAAS’ DISCLOSURE OF PERSONAL INFORMATION

 

Generally, EncompaaS does not disclose Personal Information to any third-parties except:

  • Service providers EncompaaS engages to help us provide and develop the EncompaaS Platforms (e.g. cloud service providers);
  • In some specific circumstances, Individuals’ employers (e.g. the organisation of an Individual); and
  • Law enforcement agencies, or another party that has a legitimate legal right to access the information.

The above disclosures will only be made in circumstances where the recipient has provided an undertaking that they will maintain the confidentiality of the information and that they recognise the appropriate limitations placed on the use of the information. Disclosures will also always be in accordance with this Privacy Policy. In the case of Individuals’ organisations, EncompaaS will seek the explicit consent of the Individual before disclosing their information.

 

Overseas Disclosure

 

Some of the third-parties EncompaaS discloses Personal Information to are located overseas. This is particularly the case for our cloud service providers which have servers in the United States and the United Kingdom that EncompaaS currently uses.

 

Sometimes, subject to relevant law, we may also disclose Individuals’ Personal Information to agents of Individuals, or their organisations, that are overseas.

 

As with disclosures to third-party service providers, overseas disclosures are always made once EncompaaS has taken all reasonable steps to determine the information will be treated as at least as favourably under the AU PA and other applicable privacy laws.

 

5. ENCOMPAAS’ DISCLOSURE OF PERSONAL INFORMATION

 

Generally, EncompaaS does not disclose Personal Information to any third-parties except:

  • Service providers EncompaaS engages to help us provide and develop the EncompaaS Platforms (e.g. cloud service providers);
  • In some specific circumstances, Individuals’ employers (e.g. the organisation of an Individual); and
  • Law enforcement agencies, or another party that has a legitimate legal right to access the information.

The above disclosures will only be made in circumstances where the recipient has provided an undertaking that they will maintain the confidentiality of the information and that they recognise the appropriate limitations placed on the use of the information. Disclosures will also always be in accordance with this Privacy Policy. In the case of Individuals’ organisations, EncompaaS will seek the explicit consent of the Individual before disclosing their information.

 

Overseas Disclosure

 

Some of the third-parties EncompaaS discloses Personal Information to are located overseas. This is particularly the case for our cloud service providers which have servers in the United States and the United Kingdom that EncompaaS currently uses.

 

Sometimes, subject to relevant law, we may also disclose Individuals’ Personal Information to agents of Individuals, or their organisations, that are overseas.

 

As with disclosures to third-party service providers, overseas disclosures are always made once EncompaaS has taken all reasonable steps to determine the information will be treated as at least as favourably under the AU PA and other applicable privacy laws.

 

6. ENCOMPAAS’ TREATMENT AND STORAGE OF INFORMATION

 

EncompaaS’ general approach

 

EncompaaS will keep your Personal Information confidential and not sell or knowingly divulge Individual information to any external third-parties, unless:

  • We believe, in good faith, that we are required to share the Personal Information with a third- party in order to comply with legitimate legal obligations;
  • The disclosure is to a third-party processor of Personal Information that acts on our behalf and/or under our instruction in order to enable us to deliver the EncompaaS Platforms (e.g. a cloud service provider);
  • Other entities which may acquire ownership or operation of EncompaaS or the EncompaaS Platforms; and/or
  • To protect the safety of Individuals, and the security our EncompaaS Platforms.

EncompaaS seeks the informed and voluntary consent of Individuals whenever it collects their information, or as soon as possible after.

Individuals can always refuse or revoke this consent, but sometimes this will affect EncompaaS’ ability to provide them with the EncompaaS Platforms. EncompaaS will advise Individuals if this is the case.

 

De-identification

 

De-identified information refers to information that cannot reasonably be used to identify a particular Individual.

 

De-identified information that will never be able to personally identify particular Individuals is referred to as anonymised information (e.g. statistics that show 90% of Users were happy with an EncompaaS Platform). Additionally, de-identified information that can identify individuals only if it is combined with another, separate piece of information is referred to as pseudonymised information (e.g. account ID numbers for a particular EncompaaS Platform).

 

Where possible EncompaaS will aim to collect, store and use anonymised information as a first preference, and if not, then pseudonymised information.

 

However, sometimes it will be impractical for Individuals’ information to be de-identified or treated in this way, and in this case, EncompaaS will continue to use and hold the information in a personally identifiable state. For example, if EncompaaS needs to reply to an Individual’s enquiry we will have to use the contact information provided.

 

Security

 

EncompaaS is committed to information security. We will use all reasonable endeavours to keep the Personal Information we collect, hold and use in a secure environment. To this end we have implemented technical, organisational and physical security measures that are designed to protect Personal Information, and to respond appropriately if it is ever breached (e.g. EncompaaS has developed an extensive Data Breach Response Plan which we use to prepare and respond to data breaches).

 

When information collected or used by EncompaaS is stored on third-party service providers (e.g. Azure or Hewlett Packard cloud servers), EncompaaS takes reasonable steps to ensure these third-parties use industry standard security measures that meet the level of information security EncompaaS owes Individuals.

 

As part of our privacy framework we endeavour to routinely review these security procedures and consider the appropriateness of new technologies and methods.

 

Data Breaches

 

In the circumstances where EncompaaS suffers a data breach that contains Personal Information, we will execute our Data Breach Response Plan and endeavour to take all necessary steps to comply with the Notifiable Data Breach Scheme outlined under the AU PA.

 

This means we will immediately make an objective assessment of whether a breach of Personal Information is likely to result in serious harm to Individuals, and if this is the case, endeavour to notify the affected Individual(s) and the Australian Information Commissioner.

 

7. ENCOMPAAS’ RETENTION OF INFORMATION

 

EncompaaS retains Personal Information until it is no longer needed to provide or develop the EncompaaS Platforms, or until the individual who the Personal Information concerns asks us to delete it, whichever comes first. It may take up to 30 days to delete Personal Information from our systems following a valid request for deletion.

 

However, EncompaaS will retain:

  • Personal Information in circumstances where we have legal and regulatory obligations to do so (e.g. for law enforcement purposes, employment law, corporate or tax record keeping, and where the information is relevant to legitimate legal proceedings, or in keeping with its’ requirements under other Australian record keeping legislation); and
  • Anonymised information for analytic and service development purposes.

The information we retain will be handled in accordance with this Privacy Policy.

 

8. SPECIFIC RIGHTS OF EUROPEAN RESIDENTS

 

Individuals who are habitually located in the European Union (‘EU Residents’) and in the United Kingdom (‘UK Residents’) have additional rights in respect of their Personal Data (a term that is fundamentally interchangeable with Personal Information).

 

Individuals who are EU Residents or UK Residents should refer to Schedule 1 for more information regarding how EncompaaS’ privacy practices in relation to their Personal Data, including more appropriate contact details in respect of all EU and UK privacy related matters.

 

9. MANAGING PERSONAL INFORMATION YOUR INFORMATION

 

Accessing and ensuring the accuracy of Personal Information

 

EncompaaS takes reasonable steps to ensure that the Personal Information we collect and hold is accurate, up to date and complete.

 

Individuals have a right to access and request the correction of any of Personal Information we hold about them at any time. Any such requests should be made by directly contacting us at the details set out below. EncompaaS will grant access to the extent required or authorised by the AU PA and applicable laws, and will take all reasonable steps to correct the relevant Personal Information where appropriate.

 

There may be circumstances in which EncompaaS cannot provide Individuals with access to information. We will advise you of these reasons if this is the case.

 

Contacting EncompaaS

 

EncompaaS has appointed a Privacy Officer to be the first point of contact for all privacy related matters and to assist in ensuring our compliance with our privacy obligations.

 

Privacy Officer

 

Privacy Officer: Deb Dwyer

Email: [email protected]

 

If you have any queries or wish to make a complaint about a breach of this policy or the AU PA, you can contact or lodge a complaint to our Privacy Officer using the contact details above. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information.

 

The Privacy Offer will respond to your query or complaint as quickly as possible. EncompaaS will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email) of the relevant determination. If you are not satisfied with the determination you can contact us to discuss your concerns or complain to the Australian Privacy Commissioner via www.oaic.gov.au.

 

This Privacy Policy was last updated on 29 April 2021.

 

SCHEDULE 1

 

SPECIFIC RIGHTS OF EUROPEAN AND UNITED KINGDOM RESIDENTS

 

EncompaaS is committed to ensuring its compliance with the EU GDPR and UK GDPR.

 

In addition to describing how our Privacy Policy meets EncompaaS’ obligations for Australian Individuals, this Schedule 1 describes some additional obligations with respect to Individuals who are habitually located in the European Union (‘EU Residents’) and in the United Kingdom (‘UK Residents’) who have additional rights in respect of their Personal Data.

 

Personal Data is defined in the EU GDPR and UK GDPR as: “Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. This should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.

 

To the extent to EncompaaS is primarily a “controller” or “processor” of Personal Data as part of its’ EU GDPR and UK GDPR compliance, EncompaaS provides the EncompaaS Platforms in a way that ensures:

  • Personal Data (i.e. Personal Information) is:
    • processed fairly, lawfully and in a transparent manner; and
    • collected and processed only for specified and lawful purposes. (NB see sections 2 - 5 of this Privacy Policy).
  • Processed Personal Data (i.e. Personal Information that is used, held or disclosed by EncompaaS) is:
    • adequate, relevant and not excessive;
    • accurate and, where necessary, kept up to date;
    • kept secure, and not longer than necessary;
    • not transferred to countries outside the European Economic Area (‘EEA’) or the United Kingdom without adequate protection; and
    • treated in accordance with Individuals’ legal rights.

Whilst EncompaaS strives to provide all Individuals with appropriate access and control over their data, individuals covered by the EU GDPR and UK GDPR are also able to:

  • Prescriptively restrict, limit or otherwise provide instructions to EncompaaS regarding how we can use their Personal Data. This includes being able to object to how and why their Personal Data is used (e.g. by the removal of their consent for particular functions);
  • Verbally request the erasure (i.e. deletion) of their information; and
  • Request EncompaaS provides all Personal Data held about them in a portable format, meaning in a way that is structured, commonly used and machine-readable. Individuals who exercise this right to data portability are also able to direct EncompaaS to transmit this data to other entities who they intend to allow to process their Personal Data.

EncompaaS will allow and assist Individuals that are EU or UK Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).

 

If you are an Individual who is also an EU or UK Resident the most appropriate contact for any privacy queries, complaints or suggestions is our EU or UK Privacy Representative through the details provided below. If you are submitting a complaint you will need to provide sufficient details regarding your complaint, as well as any supporting evidence and/or information.

 

Our EU or UK Privacy Representative or Privacy Officer will respond to your query or complaint as quickly as possible. EncompaaS will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email) of the relevant determination.

 

EU Privacy Representative: Ian Jones Email: [email protected]

UK Privacy Representative: Ian Jones Email: [email protected]