This Privacy Policy describes how Communic8 Group Pty Ltd manages personal information of our registered customers (“Members”, “Member”) and the Members’ contacts (“Contacts”, “Contact”) and visitors to our websites and Platform (“Visitors”, “Visitor”). In this Privacy Policy, "we", "our" and "us" are all references to Communic8 Group Pty Ltd ABN 26 139 494 054 of Level 3/155 Queen St, Brisbane City QLD 4000 Australia. In this Privacy Policy, “you” and “your” are all references to the user of our platform in the context of being a Member, Contact or Visitor.
We are committed to respecting your privacy and complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (the "Privacy Act"). We also comply with the EU General Data Protection Regulation ("GDPR") in relation to all personal data that we process ("GDPR Data").
This Privacy Policy sets out our policy on the collection, use and disclosure of your personal data on the Platform, and how you can exercise your privacy rights. Our Platform Services are intended for use by our Members, and as a result, for much of the personal information we collect and process about Contacts through the Platform Services, we act as a processor on behalf of our Members. Communic8 Group Pty Ltd is not responsible for the privacy or security practices of our Members, which may differ from those set forth in this Privacy Policy.
Communic8 is a communications engagement platform targeting enterprise communication, sales and marketing, and organisational change management (collectively, our "Platform Services"). In accordance with our statutory obligations under the Privacy Act, this Privacy Policy also describes:
The period for which we store personal data;
Your rights to access and rectify or to request erasure of personal data;
Your right to withdraw consent to the processing of personal data;
The right to lodge a complaint with the Office of the Australian Information Commissioner (or in the case of the GDPR, the relevant supervisory authority);
Why we collect and process personal data, the categories of personal data that we process, and who we disclose it to;
Details of the security measures that we take to help protect your personal data;
Other information about how we collect, use, disclose and process personal data.
Our identity and contact details
Communic8 is owned and operated by Communic8 Group Pty Ltd ABN 26 139 494 054 of Level 3/155 Queen St, Brisbane City, QLD 4000 Australia. Relevant contact details are set out at the end of this Privacy Policy.
Personal data that we process
- Subscription/registration, payment, transaction and profile data
- Data entered into and/or uploaded into the Platform Services by our Members, Contacts and Visitors when accessing the Platform Services
- Data relating to communications between us and our Members and Members’ Contacts
- Analytics data
- Cookies data
The purposes for the processing
We process personal data in order to provide our Platform Services and for other reasons set out in our Privacy Policy. We only process personal data in accordance with our legitimate interests and otherwise in accordance with applicable data protection laws. With respect to cookies, where we are required to do so by applicable law, we rely on user consent as our lawful basis for processing. See our Cookie Policy at https://www.communic8.com/cookie-statement for further information about how we address our legal obligations with respect to cookies.
Who we disclose personal data to
We only disclose personal data to third parties who perform services on our behalf to the extent necessary for them to perform those services. We do not sell personal data to third parties for their own marketing purposes and we only disclose the minimum amount of personal data required. We may disclose personal data that we collect to third parties for all or any of the purposes set out in this Privacy Policy.
Security
We take our privacy obligations very seriously. Accordingly, we only process personal data in a manner that ensures appropriate security of the personal data, including by protecting the personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures. Our Privacy Policy and Security Policy provides detailed information about the security measures that we take to protect personal data.
Transfer of data to other countries
We may transfer your personal data to our contractors and service providers who assist us with providing our products and services to you, where we consider it necessary for them to provide that assistance. For the full list of potential regions and countries where our data may be transferred to or from, see our AWS Global Infrastructure list of regions and availability zones documented at the following URL: https://aws.amazon.com/about-aws/global-infrastructure/ We comply with the Privacy Act 1988 (Cth) and where applicable, the GDPR, when we transfer personal data overseas.
Cookies
We use cookies on Communic8 where strictly necessary to provide you with our Platform Services. If we request your consent and you consent to our use of a cookie, you may withdraw your consent to our use of those cookies at any time. See our Cookie Statement for more information about the cookies we use and how to withdraw your consent. https://communic8.com/cookie-statement
Your rights
If we collect personal data about you, you have rights under the Privacy Act 1988 (Cth) (and the GDPR – where the GDPR applies) that we must and will honour in relation to your personal data. These rights are described in this Privacy Policy, the Privacy Act and the GDPR.
How long we store personal data for
Only for as long as is necessary. In relation to personal data that we collect through our online platform, we only retain this personal data for 30 days after the end of the provision of services relating to the processing. We will destroy (or de-identify the personal data where we are entitled to do so) or return it to the relevant data subject.
Automated decision making
We do not use automated-decision making in our business.
If we decide to change this Privacy Policy, we will post the updated version on this webpage so that you will always know what personal data we gather, how we might use that information, and whether we will disclose it to anyone. If you are a Member of our Platform Services that we make available via Communic8, we will notify you of any changes to our Privacy Policy by sending an email to you using the email address that you provide to us when subscribing to Communic8 or any new email address that you specify in your account on Communic8.
In this Privacy Policy, "personal data” has the meaning given in the GDPR.
The Privacy Act defines "personal information" as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
whether the information or opinion is true or not; and
whether the information or opinion is recorded in a material form or not.
Note: Section 187LA of the Telecommunications (Interception and Access) Act 1979 extends the meaning of personal information to cover information kept under Part 5‑1A of that Act.
Article 4(1) of the GDPR defines "personal data" as any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Our policy is to minimise the amount of personal data we collect. Accordingly, we only collect personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
We collect personal data that you give us, whether by email, telephone, in person, via application forms or otherwise. We may also obtain personal data directly from third parties such as our resellers, related companies, installers, sales agents and any of their representatives. In addition, we may obtain personal data from public sources, where available. However, if it is reasonable and practicable to do so, we will collect personal data about an individual only from that individual.
We will only collect personal data for specified, explicit and legitimate purposes and we will not further process personal data that we collect in a manner that is incompatible with those purposes. If you enter and/or upload into the Platform Services and/or otherwise provide us with personal data about any person other than you, please notify us so that we can ensure that the data subjects are provided with the information required by Australian Privacy Principle 5 and Article 14 of the GDPR.
We will not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of our entity's functions or activities and we will not collect sensitive information unless you consent to the collection and the sensitive information is reasonably necessary for one or more of our functions or activities, or we collect it pursuant to subclause 3.4 of the Australian Privacy Principles. Please notify us if you are not of consenting age (16 years) or not otherwise able to provide us with consent, and if so do not provide us with any consent for the purposes of applicable privacy law.
We will not process any data that is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, except where permitted by the Australian Privacy Principles and the GDPR.
Our policy is to minimise the amount of personal data we collect. Accordingly, we only collect personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The personal data that we collect and how we use it is as follows:
Subscription/registration, payment, transaction and profile data: If you register or subscribe to our Platform Services, as a Member we will collect and otherwise process the following categories of personal data: names, telephone numbers, mobile numbers, email addresses, business addresses, records of products and services purchased by our subscriber and any end users using the Platform Services. We will process this personal data in order to administer our Member subscriptions, registrations and accounts on the Platform Services, for the purposes of providing our Members with access to and use of the Platform Services, to enforce our Members’ obligations to pay the fees and charges to us and to otherwise enforce compliance by our Members with our Terms of Use and the contractual obligations that they owe to us. We will also process this personal data in order to provide our Members with information and assistance about the Platform Services, and to communicate with our Members in connection with any maintenance notices (that we may issue when the Platform Services are unavailable), renewal notices and service status updates for the purposes of keeping our Members informed and up to date about the status of our Platform Services.
Data entered into and/or uploaded into the Platform Services by you when accessing the Platform Services: We collect and process any personal data that you upload or enter into the Platform Services either manually or via computer systems, smartphone devices and tablets, namely: names, mobile numbers, email addresses and business addresses. The Platform Services will also process any other personal information that you voluntarily enter or upload to Communic8. We will process this personal data on behalf of you in our capacity as a processor in order to provide you with the Platform Services and the functionality provided by the Platform Services in accordance with their specific instructions (unless applicable law to which we are subject requires other processing of that personal data by us, in which case we will inform you of that legal requirement, if applicable (unless that law prohibits us from doing so on important grounds of public interest). We will also process this personal data as a controller to monitor compliance with the terms and conditions of our Terms of Use, to maintain backups of our databases and to detect unauthorised use and faults with the Platform Services (such as, by examining log files and error messages). The personal data will also be used to provide you with professional services (including technical support and training services) if and where required pursuant to our Terms of Use.
Data relating to communications between us and you: When you contact us, we will collect and process personal data including your name, your IP address and any other personal data that you provide to us during the communications. For example, you may contact us to ask questions about our Platform Services, seek technical support or advice and to express interest in subscribing to the Platform Services or for the purposes of upgrading or modifying your account on our platform. We will process this personal data in order to provide you with information and assistance about the Platform Services, and to communicate with you in connection with any breach, expiry, termination or suspension of the Platform Services.
Analytics data: We collect and process personal data known as analytics data for statistical and analytical purposes, designed to measure and monitor how our Platform Services are being used and to highlight any areas for improvement, optimisation and enhancement of the Platform Services, including your location, IP addresses, cookie data, information about devices accessing the Platform Services (IP address, the type of device used to access the Platform Services and the operating system), the amount of time you spent on our cloud platform and in which parts of the platform, and the path you navigated through the platform. We will process this personal data in order to monitor and detect unauthorised use of the Platform Services and to establish how the Platform Services are used and to highlight areas for potential improvement of the Platform Services. We often aggregate this data with other data. However, where the data is classified as personal information (or in the case of GDPR Data, personal data) we treat it in accordance with this Privacy Policy.
Cookies:We use cookies on Communic8. However, we will not use cookies without your express consent, unless the cookies are strictly required in order for us to provide the Platform Services. Cookies are pieces of information that a web site transfers to a computer's hard disk for record-keeping purposes. This helps us tailor and improve the information we present to you, promoting higher end user satisfaction when you visit our site. The use of cookies is common in the Internet industry, and many major web sites use them to provide useful features to their end users. A cookie may be used to tell when your computer or device has contacted Communic8. Cookies may also be used to personalise your experience with us. Where we request your consent for a cookie we will explain to you what the cookie is proposed to be used for, what information it collects, and give you an opportunity to withdraw your consent to the placement of the cookie on your machine or device if you do consent. You may configure your web browser on your computer or device to reject or block cookies if you wish. If we request your consent to a cookie and you consent to our use of the cookie, you may withdraw your consent to our use of the cookie on your computer or device at any time by contacting us. For more detailed information about our use of cookies on Communic8, read our Cookie Statement found here: http://www.communic8.com/cookie-statement
We do not use automated-decision making in our business.
We only disclose personal data to third parties who perform services on our behalf to the extent necessary for them to perform those services. We do not sell personal data to third parties for their own marketing purposes and we only disclose the minimum amount of personal data required. We may disclose personal data that we collect to third parties for all or any of the following purposes:
To provide you with the Platform Services – in which case we disclose your personal data to our upstream hosting suppliers who host Communic8 and the personal data that you enter into and/or upload in to the Platform Services. Our hosting suppliers host that personal data on their computer servers;
So that we can obtain assistance with the provision of the Platform Services – in which case we may disclose your personal data to members of our corporate group who we may subcontract the provision of all or part of the Platform Services to;
Handling claims and complaints – in which case we may disclose your personal data to our lawyers and insurers;
In order to identify you - when we are contacted with questions or concerns regarding the products and services we provide;
In order to configure a new service for you;
In order to record billing details – in which case we provide your bank account and credit card details to our bank and merchant facility providers;
In order to interface with third party platforms – where you configure your account on Communic8 or use the Platform Services to do so – in which case we will disclose personal data that you upload or enter into Communic8 as necessary for that interfacing to occur;
For professional advice - when providing information to our legal, accounting or financial advisors/representatives or debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
If we sell the whole or part of our business of Communic8 or merge with another entity – in which case, we will provide to the purchaser or other entity the personal data that is the subject of the sale or merger;
Where required by law.
We may also provide your personal data to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:
To obtain professional advice;
To obtain or maintain insurance;
The prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
To protect or enforce our rights or defend claims;
Enforcement of our claims against you or third parties;
The enforcement of laws relating to the confiscation of the proceeds of crime;
The protection of the public revenue;
The prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
The preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of the court or tribunal.
Where disclosure is required to protect the safety or vital interests of employees, end users or property.
Communic8 may include links to, or interface with third party websites and platforms. Our linking to those websites and platforms does not mean that we endorse or recommend them. Where you use Communic8 or the Platform Services to provide personal data to a third party website or platform, you do so at your own risk. We do not warrant or represent that any third party website or platform operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party websites and platforms prior to sending your personal data to them.
You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on Communic8. These widgets and tools may collect your IP address and other personal data. Your interaction with such widgets and tools, and any single sign-on services such as Open ID is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal data.
We take our privacy obligations very seriously. Accordingly, we only process personal data in a manner that ensures appropriate security of the personal data, including by protecting the personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.
The technical and organisational measures that we have implemented are as follows:
We maintain physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and alarms.
We require all of our employees and contractors to comply with privacy and confidentiality terms and conditions in their employment contracts and subcontractor agreements.
We carry out security audits of our systems which seek to find and eliminate any potential security risks in our electronic and physical infrastructure as soon as possible.
We have a Data Breach Response Plan in place
We have data backup, archiving and disaster recovery processes in place
We have processes in place to ensure integrity and resilience of systems, servers and personal data
You can only browse limited pages of Communic8 without registering as a Member of Communic8, such as the pages that generally describe the services that we make available through Communic8, and our Contact Us page. However, when you become a Member of Communic8, we need to collect personal data from you in order to identify you and setup an account for you on Communic8. We will also collect personal data from you when you use the Platform Services when you enter the personal data into Communic8, when you contact us for technical support and assistance with your account, when gathering analytics data about your use of Communic8 and for the other purposes set out above in the Privacy Policy. You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about our Platform Services, but not if you wish to actually access our Platform Services or use any of our other services. It is not practical for us to provide you with the Platform Services if you refuse to provide us with personal data.
We do not send "junk" or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact you. These transaction-based e-mails are automatically generated. Anytime you receive e-mail that you do not want from us you can request that we not send further e-mail by contacting us via email at: support@communic8.com Upon receipt of any such request, we will remove you from our database to ensure that you cease to receive automated emails from us.
If, as a Member’s Contact, you no longer want to be contacted by one of our Members through our Platform Services, please unsubscribe directly from that Member’s email opt-out or contact the Member directly to update or delete your data. If you contact us directly, we may remove or update your information within a reasonable time and after providing notice to the Member of your request.
Subject to the following section "GDPR offshore transfers", and provided that we comply with the provisions of the Australian Privacy Principle 8 (Cross-border disclosure of personal information), we may transfer your personal data to our contractors and service providers who assist us with providing our products and services to you, where we consider it necessary for them to provide that assistance. For the full list of potential regions and countries where our data may be transferred to or from, see our AWS Global Infrastructure list of regions and availability zones documented at the following URL: https://aws.amazon.com/about-aws/global-infrastructure/ Note: Some multimedia files, including images, documents and videos are stored on our third-party multimedia content distribution service provider (Cloudinary) servers, which may be located at different geographic regions. Please contact support@communic8.com for further information on the Communic8 servers.
We will only engage new third parties to process GDPR Data entered into and/or uploaded into the Platform Services by you for us to process as a processor on your behalf ("subprocessors") if you have authorised us to do so pursuant to a specific or general written authorisation and otherwise in compliance with the requirements of the GDPR.
We will not transfer GDPR Data about you to any country or organisation outside of the European Union, except:
as reasonably necessary for us to provide or procure the provision of the Platform Services; or
as instructed by you.
Unless otherwise agreed in writing by you, any transfer by us of personal data that you upload and/or enter into the Platform Services for us to process on your behalf (which is the subject of the GDPR) outside the European Union will not be carried out unless we have taken such measures as are necessary to ensure the transfer complies with all applicable data protection laws. This may include (without limitation) transferring pursuant to the standard contractual clauses approved by the European Commission (including those clauses annexed to Commission decision of 5 February 2010 (2010/87/EU) as amended or superseded), or transferring to a country or organisation in a country outside the European Union that the European Commission has determined provides adequate protection for your personal data.
We will not keep your personal data in a form which permits identification of you for longer than is necessary for the purposes for which the personal data is processed. We will only process personal data that you enter into Communic8, and only thereafter for the purposes of deleting or returning that personal data to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person's vital interests). We will, following your cessation of use of the Platform Services, at your option delete or return to you all of the personal data uploaded and/or entered into the Platform Services by you. Where you require that personal data to be returned, it will be returned to you after the end of the provision of services relating to the processing ("Processing Conclusion Date"), and we will thereafter delete all then remaining existing copies of that personal data in our possession or control as soon as reasonably practicable thereafter, but in any event not more than 30 days after the Processing Conclusion Date, unless applicable law requires us to retain the personal data in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
Where the personal data is not GDPR Data and is personal information for the purposes of the Privacy Act, within the 30 day period following the Processing Conclusion Date instead of destroying the personal information we will take such steps as are reasonable in the circumstances to de-identify the personal information that we hold about you where we no longer need it for any purpose for which it may be used in accordance with this Privacy Policy if the information is not contained in a Commonwealth record and we are not required by Australian law (or a court or tribunal order) to retain it.
Subject to the provisions and exceptions set out in the Privacy Act and GDPR, under the Privacy Act and/or GDPR, you have a number of rights, including:
the right to request from us access to and rectification or erasure of your personal data or restriction of processing concerning your personal data;
the right to object to the processing of your data;
the right to data portability;
the right to withdraw consent (where you have consented to the processing of your personal data for one or more specific purposes);
the right to lodge a complaint with the Office of the Australian Information Commissioner or any supervisory authority;
the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or it similarly significantly affects you.
Please contact us if you wish to opt out of any communications that we send you or if you wish to exercise any of your rights under the GDPR. We will handle all such requests in accordance with our legal obligations. If you withdraw your consent for processing, object to the processing of your personal data or request us to erase your personal data and as a result it is not possible or practical for us to continue providing you with the Platform Services, we may terminate your subscription and/or access to Communic8 and charge you any applicable cancellation/termination fees in accordance with our Terms of Use.
Please contact us if you wish to access your personal data that we hold about you, using the details set out at the end of this Privacy Policy. We will handle your request for access to your personal data in accordance with our statutory obligations. To ensure that we only obtain, collect, use and disclose accurate, complete and up to date personal data, we invite you to contact us and inform us if any of your personal details we hold change or if any of the personal data held by us is otherwise incorrect or erroneous. We will provide you (or if you wish, another controller) with a copy of the personal data we hold about you in a structured, commonly used and machine-readable format. We can provide access, modification and deletion of the personal data that you have uploaded or entered into Communic8 by contacting us.
Since 22 February 2018, data breaches that are likely to result in serious harm must be reported to affected individuals and the Office of the Australian Information Commissioner, except where limited exceptions apply. For the purposes of the GDPR, certain types of data breaches must also be reported to affected individuals if the breach is likely to result in a high risk of adversely affecting individuals' rights and freedoms. In addition, the GDPR requires organisations to report certain types of data breaches to the relevant supervisory authority. We have prepared a response plan for addressing data breaches that may occur and have allocated responsibility for managing breaches to a relevant individual or team. We will notify you of any data breach that may affect you where we are required to do so in accordance with our legal obligations.
Communic8 is owned and operated by Communic8 Group Pty Ltd ABN 26 139 494 054 of Level 3/155 Queen St, Brisbane City QLD 4000 Australia. If you wish to contact us for any reason regarding our privacy practices or the personal data that we hold about you, please contact us at the following address:
Attn: Privacy Representative
Level 3/155 Queen St
Brisbane
City, QLD 4000
Australia
privacy@communic8group.com
We will use our best endeavours to resolve any privacy complaint within 30 business days following receipt of your complaint. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution.
If you are not satisfied with the outcome of a complaint you make refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted using the following details:
Call: 1300 363 992
Email: enquiries@oaic.gov.au
Address: GPO
Box 5218, Sydney NSW 2001
In relation to GDPR Data, you may lodge a complaint with any relevant supervisory authority.