Privacy Policy - CTRL Cybersecurity

Privacy Policy

Overview

Welcome to www.ctrl.co (Site)! In this Privacy Policy, CTRL, our, we or us means CTRL Security Pty Ltd (ACN 619 316 380) – the owner, operator and provider of the Site and of various cybersecurity services (collectively the Services) offered through the Site – and its related bodies corporate. We are committed to protecting your privacy through compliance with:

the Privacy Act 1988 (Cth) (Privacy Act);
the Australian Privacy Principles (APP);
the General Data Protection Regulation (GDPR); and
any other privacy laws applicable to us.

Please read this Privacy Policy (Policy) carefully as it outlines how we collect, use, disclose and store your personal information. We may modify this Policy at any time, and by continuing to use our Site or Services, you accept the Policy as it applies and as amended from time to time with notice. Your continued use of our Site or Services after any modification to this Policy will constitute your acceptance of such modification.

Objective

This Policy will give you an understanding of:

the types of personal information we collect;
why we collect, use and disclose personal information;
how we collect, use, store, disclose and otherwise handle personal information;
how you can manage your personal information;
when we disclose your personal information;
how we deal with data security and third-party links;
how we administer changes to this Policy; and
how you can contact us to give feedback or submit complaints, and how we deal with any such complaint.

Types of information we collect

Personal Information

Enquiry Data

We collect personal information when you submit an enquiry or contact us using any part of the Site (Enquiry Data). We may collect the following Enquiry Data from Site visitors and members:

full name;
email address;
company name;
telephone number and other contact details; and
any other information relating to you that you provide to us directly or indirectly through our Site, including information you provide through emails, social media and contact forms.

The Enquiry Data may be processed for the purposes of responding to your enquiries and providing our Services. The legal basis for this processing is based on:

your consent through your voluntary submission of the information and agreeing to this Policy;
the personal data being necessary for the performance of a contract to which you are a party;
for carrying out pre-contractual measures; and/or
any other legitimate interests as detailed in this Policy.

We may also use your Enquiry Data to market to you and provide you with notifications. You can choose to opt in or out of any marketing services we provide you.

Device and Log Data

We may receive information when you view content on or otherwise interact with our Services (Log Data). We may receive this Log Data automatically. This Log Data includes information such as personal information from your interaction with us and its content, our Services and our advertising, including without limitation device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Site, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address, server address, date and time of your visit or access to our Site, information of documents you download, pages visited, search terms, cookie information, and standard web log data. The Log Data may be processed for the purposes of operating our Site, providing our Services, ensuring the security of our Site and Services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is based on:

the personal data being necessary for the performance of a contract to which you are a party;
for carrying out pre-contractual measures; and/or
the legitimate interests of carrying out our business in favour of the well-being of all our employees and the shareholders, providing personalised Services to you, and any other legitimate interests as detailed in this Policy.

In some circumstances, personal information is provided to us by third parties such as our related entities, service providers or other organisations conducting activities on your behalf. With your expressed consent, your personal information may be used and disclosed to us this way. The purposes as outlined above may include the processing of such personal data to the extent necessary for us to comply with a law, regulation or legal request or to protect the safety of any person or to prevent fraud. Cookies and other similar technologies We may use cookies and similar technologies like pixels, web beacons and local storage to collect and store personal and non-personal information about how you use our Site and our Services. Cookies are files that store information on the device on which you are using or accessing some aspects of our Site. Cookies also retain your details and preferences, so you can easily continue your browsing session upon return to our Site. If you do not want to activate cookies, you can opt-out of receiving them by amending the settings of your internet browser, although you may find that some parts of our Site will consequently have limited functionality and personalisation if you do so. We may share non-personal and personal information with our affiliated organisations, such as advertisers and/or advertising networks to deliver advertising, and to help measure the effectiveness of an advertising campaign from time to time. By continuing to use our Site, you consent to our use of cookies and similar technologies. We will handle any information collected by cookies in the same way that we handle other personal information described in this Policy. Third party analytics tools We may use third-party analytics tools to:

analyse usage trends on our Site, including the tracking and reporting of Site traffic, ad conversion tracking, traffic analysis and marketing optimisation; and
collect this data in aggregate form so that it cannot identify any individual.

Third-party analytics tools collect information such as how often you visit our Site, the web pages you visit, add-ons, and other analytics data that assists us in improving our Services. These tools might include, but are not limited to, Google Analytics, Google AdWords conversion tracking, Google Tag Manager, or Facebook Ads conversion tracking. We reserve our rights to modify, add or remove any third-party analytics tools. By using our Site, you consent to the processing of any non-personal data these tools will collect in the way and for the purposes described above.

Why we collect and use your personal information

Our principal purpose in collecting, using and storing your personal information is to provide the Services in a personalised, safe and efficient manner. We collect, use, store, share and disclose your personal information to:

conduct our business, generate content and provide customer support and payment services (including updates and improvements);
administer contracts including to negotiate, execute and or manage a contract with you;
for our administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes;
to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties, including but not limited to providing your information to a contractor, and providing other goods and services provided to our users;
to provide your updated personal information to our related bodies corporate, contractors, employees or service providers;
provide, administer, market and manage the Site, including but not limited to, providing you with customised search results for use on our Site;
research, develop and improve the Site and our Services;
communicate with you;
conduct surveys to determine use and satisfaction with the Site and our Services;
detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Terms, this Policy or any other policy;
enforce our Terms, this Policy or any other policy;
verify information for accuracy or completeness (including by way of verification with third parties);
comply with our legal obligations, a request by a governmental agency or regulatory authority or legally binding court order;
combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out in this Policy;
aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you;
resolve disputes and to identify, test and resolve problems;
notify you about the Site and updates to the Site from time to time;
supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences; or
protect a person’s rights, property or safety.

We will not use or disclose your information for a secondary purpose unless you consent to us doing so, or under certain circumstances as permitted by relevant law. With your consent, we may collect personal information about you or from your authorised representatives for the purpose of providing you with our Services and marketing other services which we consider may be of interest to you or obtaining your feedback. For example, we may send you service-related emails (e.g., updates of Terms, news, technical and security notices, and changes and/or updates to features of our Services and this Policy). We or our business partners may use your personal information to contact you via phone, SMS and MMS messaging, email or direct mail to promote and market our products and services directly to you. By providing us with your personal information, you consent to us or our business partners contacting you for the purposes of direct marketing, even if you have registered your home and/or mobile number on the Do Not Call Register.

How we collect and use your

We generally collect personal information directly from you when you:

share your information with us on our Site;
communicate with us over email, online chat systems, the phone or in person;
participate in one of our surveys or competitions;
interact with our Site and advertising;
purchase one of our products or services; and
use or access our Site and have set your internet browser to allow us to use cookies to store information from your browser or device.

We may also collect your personal information from third parties including:

service providers;
credit reporting bodies;
marketing companies;
referrals who may have referred you to us; and
organisations with whom we have an agreement to share information for marketing purposes.

By providing personal information to us, you consent to us collecting, using, disclosing and storing your personal information in accordance with this Policy. You may choose to deal with us anonymously where it is lawful or practical to do so, such as when you make a general enquiry about our products and/or services. You can choose not to provide us with your personal information. However, this may mean that:

we will not be able to provide you with our products and/or services, or be limited in how we can do so;
we will not be able to interact with you;
we may be unable to process and open an account for you; and/or
we will not be able to properly investigate or resolve any complaint you submit.

By providing us with your personal information and data, you expressly consent and allow for us to provide, sell and commercialise your data to a third party for which we will obtain a benefit – including third party marketing and affiliate companies.

Manage your personal information

If you have an account with us, you will be able to view and manage your privacy settings. Alternatively, if you do not have an account, you may manually submit a request to us if you object to any personal data being stored, or if you wish to restrict or withdraw any consent given for the collection of your personal data. You may contact us at [email protected] to correct or update your personal information or withdraw your consent to the processing of all your personal data at any time. We may need to obtain proof of your identity before implementing your request and may refuse to provide you with certain information where permitted or required by law. In certain circumstances, the law permits us to deny you access to your personal information if (please note this not an exhaustive list):

access would be unlawful or pose a serious and imminent threat to an individual’s life, health or safety, or a serious threat to public health or public safety;
access would have an unreasonable impact on the privacy of others;
the information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings;
access would reveal the intentions of a party in relation to negotiations or prejudice those negotiations; or
access may prejudice enforcement activities or a security function.

If we deny you access to your personal information, we will give you reasons for our decision not to provide you with such access to your personal information in accordance with the Privacy Act or GDPR. You may withdraw your consent or manage your opt-ins by either viewing your account on the Site or clicking the unsubscribe link at the bottom of any marketing materials we send you. We provide you with the means to download the information you have shared through our Services via our Privacy Officer, available at [email protected]. There is no application fee for making a request to access your personal information. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for information or where the information is held by a third-party provider. You may delete your account at any time (including if you want to revoke your consent to our use of your information) by contacting us at [email protected].

Disclosure and destruction of personal information

We may disclose your personal information to the following third-party suppliers and service providers (both within and outside Australia) for the purposes described in this Policy, such as:

our employees, related entities and employees of those entities;
our business partners;
our professional advisers, dealers and agents;
third parties and contractors who provide services to us, including customer enquiries and support services, manufacturing services, shipping and freight services, debt-recovery functions, information technology service providers, marketing and advertising services;
payment systems operators;
our sponsors or promoters of any competition which we conduct;
any third parties authorised by you to receive information held by us; and
government, regulatory and law enforcement agencies as required, authorised or permitted by law.

We may disclose your personal information to entities within Australia who may store or process your data overseas. In the event that a disclosure is made in an overseas country (which we consider unlikely), the information will not be protected by the Privacy Act. In any event, by providing your details, you consent to your information being disclosed in this manner. We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the APP or equivalent privacy laws. We will not share, sell, rent or disclose your personal information in ways different from what is disclosed in this Policy. We destroy personal information which is no longer needed for the purpose for which it was collected, unless we are otherwise required or authorised by law to retain the information for a period of time. If you deactivate and delete your account, your data will no longer be visible on your account. Please keep in mind that third parties may still retain copies of information you have made public through our Site. If you wish to delete your data, please contact us.

International transfer of personal data

Where we transfer personal data outside of the European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.

Data security, storage and third-party information

We store your personal information in electronic form in secure databases owned and operated by our third-party service providers. We manage the security of your personal information by using SSL encryption. While we take reasonable steps to ensure your personal information is protected from loss, misuse, unauthorised access, modification or disclosure, security measures over the internet can never be guaranteed. This means that we cannot guarantee the security of your personal information. In the event of a breach, we will attend to the required reporting arrangements. We cannot accept responsibility for the misuse, loss or unauthorised access to, your personal information where the security of information is not within our control. Our Site may contain links to websites, other apps and social media sites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless stated otherwise, we are not responsible for the privacy practices of, or any content, on those linked websites, and have no control over or rights in them. The privacy policies that apply to third-party websites may differ substantially from this Policy, so we encourage you to read those privacy policies before using those websites. If you are visiting or accessing the Site from outside Australia, please be aware that you are sending information (including personal information) to Australia where our servers are located. Such information may then be transferred within Australia or back out of Australia to other countries outside of your country of residence, depending on the type of information and how it is stored by us. These countries (including Australia) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage and use of your personal information will at all times continue to be governed by this Policy.

Notifiable Data Breaches

We take data breaches very seriously.

If you reside in Australia, in the event that there is a data breach, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.

We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.

If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action, we take is successful in making serious harm no longer likely, then no notification or statement will be made.

Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.

If you reside in the European or EFTA States, we will endeavour to meet the 72-hour deadline as imposed by the GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you. Further, where there is likely to be a high risk to your rights, we will endeavour to contact you without undue delay.

Automated individual decision-making (including profiling)

If you reside in the European Union or EFTA States, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between us, or is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent. If you wish to exercise your rights, please contact us.

Direct Marketing Materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you.

These communications may be sent in various forms, including email, SMS, fax and mail, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

Changes to Policy

If and when we amend this Policy in any way, we will make all reasonable efforts to bring those changes to the attention of our visitors and members.

An updated version of our Policy will be maintained on our Site so that you remain aware of our policies. The updated version will become effective on the date it is posted, which will be listed on the page as the new effective date. We encourage you to check our Site from time to time to view our most current policy.

Contact us and opting out

You can contact us at [email protected] to:

request access to information that we have about you;
correct any information that we have about you; and
delete information that we have about you.

When you contact us, the personal information which you provide us will only be used for the purpose(s) that you disclose it for, for example, for answering your inquiry or for providing information about our Services. You may notify us at any time that you do not wish to receive marketing or promotional material by contacting us directly or through the “Unsubscribe” mechanism in our marketing or promotional emails.

Feedback and Complaints

We welcome feedback about privacy issues and will attend to all questions and complaints promptly.

Please contact us at the email address below. If you would like to seek access to any personal information which we hold about you, or if you have any questions or complaints about how we collect, use, disclose, manager or store your personal information, you can contact the department that collected your personal information in the first instance, or write to [email protected]. We will aim to resolve any complaints within 10 days.

You can confidentially contact our Data Protection Officer at [email protected].

If you reside in the European Union or EFTA States and wish to raise a concern about our use of your information you have the right to do so with your local supervisory authority, which can be found here.