Privacy Policy
Privacy Policy last updated: January 13, 2023.
Welcome to www.ctrl.co (Site)! In this Privacy Policy, CTRL, our, we or us means CTRL Security Pty Ltd (ACN 619 316 380) – the owner, operator and provider of the Site and of various cybersecurity services (collectively the Services) offered through the Site – and its related bodies corporate. We are committed to protecting your privacy through compliance with:
Please read this Privacy Policy (Policy) carefully as it outlines how we collect, use, disclose and store your personal information. We may modify this Policy at any time, and by continuing to use our Site or Services, you accept the Policy as it applies and as amended from time to time with notice. Your continued use of our Site or Services after any modification to this Policy will constitute your acceptance of such modification.
This Policy will give you an understanding of:
Personal Information
We collect personal information when you submit an enquiry or contact us using any part of the Site (Enquiry Data). We may collect the following Enquiry Data from Site visitors and members:
The Enquiry Data may be processed for the purposes of responding to your enquiries and providing our Services. The legal basis for this processing is based on:
We may also use your Enquiry Data to market to you and provide you with notifications. You can choose to opt in or out of any marketing services we provide you.
We may receive information when you view content on or otherwise interact with our Services (Log Data). We may receive this Log Data automatically. This Log Data includes information such as personal information from your interaction with us and its content, our Services and our advertising, including without limitation device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Site, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address, server address, date and time of your visit or access to our Site, information of documents you download, pages visited, search terms, cookie information, and standard web log data. The Log Data may be processed for the purposes of operating our Site, providing our Services, ensuring the security of our Site and Services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is based on:
In some circumstances, personal information is provided to us by third parties such as our related entities, service providers or other organisations conducting activities on your behalf. With your expressed consent, your personal information may be used and disclosed to us this way. The purposes as outlined above may include the processing of such personal data to the extent necessary for us to comply with a law, regulation or legal request or to protect the safety of any person or to prevent fraud. Cookies and other similar technologies We may use cookies and similar technologies like pixels, web beacons and local storage to collect and store personal and non-personal information about how you use our Site and our Services. Cookies are files that store information on the device on which you are using or accessing some aspects of our Site. Cookies also retain your details and preferences, so you can easily continue your browsing session upon return to our Site. If you do not want to activate cookies, you can opt-out of receiving them by amending the settings of your internet browser, although you may find that some parts of our Site will consequently have limited functionality and personalisation if you do so. We may share non-personal and personal information with our affiliated organisations, such as advertisers and/or advertising networks to deliver advertising, and to help measure the effectiveness of an advertising campaign from time to time. By continuing to use our Site, you consent to our use of cookies and similar technologies. We will handle any information collected by cookies in the same way that we handle other personal information described in this Policy. Third party analytics tools We may use third-party analytics tools to:
Third-party analytics tools collect information such as how often you visit our Site, the web pages you visit, add-ons, and other analytics data that assists us in improving our Services. These tools might include, but are not limited to, Google Analytics, Google AdWords conversion tracking, Google Tag Manager, or Facebook Ads conversion tracking. We reserve our rights to modify, add or remove any third-party analytics tools. By using our Site, you consent to the processing of any non-personal data these tools will collect in the way and for the purposes described above.
Our principal purpose in collecting, using and storing your personal information is to provide the Services in a personalised, safe and efficient manner. We collect, use, store, share and disclose your personal information to:
We will not use or disclose your information for a secondary purpose unless you consent to us doing so, or under certain circumstances as permitted by relevant law. With your consent, we may collect personal information about you or from your authorised representatives for the purpose of providing you with our Services and marketing other services which we consider may be of interest to you or obtaining your feedback. For example, we may send you service-related emails (e.g., updates of Terms, news, technical and security notices, and changes and/or updates to features of our Services and this Policy). We or our business partners may use your personal information to contact you via phone, SMS and MMS messaging, email or direct mail to promote and market our products and services directly to you. By providing us with your personal information, you consent to us or our business partners contacting you for the purposes of direct marketing, even if you have registered your home and/or mobile number on the Do Not Call Register.
We generally collect personal information directly from you when you:
We may also collect your personal information from third parties including:
By providing personal information to us, you consent to us collecting, using, disclosing and storing your personal information in accordance with this Policy. You may choose to deal with us anonymously where it is lawful or practical to do so, such as when you make a general enquiry about our products and/or services. You can choose not to provide us with your personal information. However, this may mean that:
By providing us with your personal information and data, you expressly consent and allow for us to provide, sell and commercialise your data to a third party for which we will obtain a benefit – including third party marketing and affiliate companies.
If you have an account with us, you will be able to view and manage your privacy settings. Alternatively, if you do not have an account, you may manually submit a request to us if you object to any personal data being stored, or if you wish to restrict or withdraw any consent given for the collection of your personal data. You may contact us at [email protected] to correct or update your personal information or withdraw your consent to the processing of all your personal data at any time. We may need to obtain proof of your identity before implementing your request and may refuse to provide you with certain information where permitted or required by law. In certain circumstances, the law permits us to deny you access to your personal information if (please note this not an exhaustive list):
If we deny you access to your personal information, we will give you reasons for our decision not to provide you with such access to your personal information in accordance with the Privacy Act or GDPR. You may withdraw your consent or manage your opt-ins by either viewing your account on the Site or clicking the unsubscribe link at the bottom of any marketing materials we send you. We provide you with the means to download the information you have shared through our Services via our Privacy Officer, available at [email protected]. There is no application fee for making a request to access your personal information. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for information or where the information is held by a third-party provider. You may delete your account at any time (including if you want to revoke your consent to our use of your information) by contacting us at [email protected].
We may disclose your personal information to the following third-party suppliers and service providers (both within and outside Australia) for the purposes described in this Policy, such as:
We may disclose your personal information to entities within Australia who may store or process your data overseas. In the event that a disclosure is made in an overseas country (which we consider unlikely), the information will not be protected by the Privacy Act. In any event, by providing your details, you consent to your information being disclosed in this manner. We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the APP or equivalent privacy laws. We will not share, sell, rent or disclose your personal information in ways different from what is disclosed in this Policy. We destroy personal information which is no longer needed for the purpose for which it was collected, unless we are otherwise required or authorised by law to retain the information for a period of time. If you deactivate and delete your account, your data will no longer be visible on your account. Please keep in mind that third parties may still retain copies of information you have made public through our Site. If you wish to delete your data, please contact us.
Where we transfer personal data outside of the European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.
We store your personal information in electronic form in secure databases owned and operated by our third-party service providers. We manage the security of your personal information by using SSL encryption. While we take reasonable steps to ensure your personal information is protected from loss, misuse, unauthorised access, modification or disclosure, security measures over the internet can never be guaranteed. This means that we cannot guarantee the security of your personal information. In the event of a breach, we will attend to the required reporting arrangements. We cannot accept responsibility for the misuse, loss or unauthorised access to, your personal information where the security of information is not within our control. Our Site may contain links to websites, other apps and social media sites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless stated otherwise, we are not responsible for the privacy practices of, or any content, on those linked websites, and have no control over or rights in them. The privacy policies that apply to third-party websites may differ substantially from this Policy, so we encourage you to read those privacy policies before using those websites. If you are visiting or accessing the Site from outside Australia, please be aware that you are sending information (including personal information) to Australia where our servers are located. Such information may then be transferred within Australia or back out of Australia to other countries outside of your country of residence, depending on the type of information and how it is stored by us. These countries (including Australia) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage and use of your personal information will at all times continue to be governed by this Policy.
We take data breaches very seriously.
If you reside in Australia, in the event that there is a data breach, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.
We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.
If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action, we take is successful in making serious harm no longer likely, then no notification or statement will be made.
Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.
If you reside in the European or EFTA States, we will endeavour to meet the 72-hour deadline as imposed by the GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you. Further, where there is likely to be a high risk to your rights, we will endeavour to contact you without undue delay.
If you reside in the European Union or EFTA States, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between us, or is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent. If you wish to exercise your rights, please contact us.
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you.
These communications may be sent in various forms, including email, SMS, fax and mail, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
If and when we amend this Policy in any way, we will make all reasonable efforts to bring those changes to the attention of our visitors and members.
An updated version of our Policy will be maintained on our Site so that you remain aware of our policies. The updated version will become effective on the date it is posted, which will be listed on the page as the new effective date. We encourage you to check our Site from time to time to view our most current policy.
You can contact us at [email protected] to:
When you contact us, the personal information which you provide us will only be used for the purpose(s) that you disclose it for, for example, for answering your inquiry or for providing information about our Services. You may notify us at any time that you do not wish to receive marketing or promotional material by contacting us directly or through the “Unsubscribe” mechanism in our marketing or promotional emails.
We welcome feedback about privacy issues and will attend to all questions and complaints promptly.
Please contact us at the email address below. If you would like to seek access to any personal information which we hold about you, or if you have any questions or complaints about how we collect, use, disclose, manager or store your personal information, you can contact the department that collected your personal information in the first instance, or write to [email protected]. We will aim to resolve any complaints within 10 days.
You can confidentially contact our Data Protection Officer at [email protected].
If you reside in the European Union or EFTA States and wish to raise a concern about our use of your information you have the right to do so with your local supervisory authority, which can be found here.