Company may, in the process of registering a Partner/Reseller, Storage Provider, Purchaser or User, collect Personal Information from such entities intending to directly use NetCrypt or deploy NetCrypt on third-party IT infrastructure.
This Policy is drafted in accordance with international frameworks, such as the OECD Guidelines, as relevant to the foundation for the development of national Privacy Laws in Australia, as well as other nations.
This Policy is governed, executed, and resolved in accordance with relevant laws of Commonwealth of Australia and State of Victoria therein.
Company may amend this Policy at its discretion at any time based on legal compliance requirements. Any change will be effective from the date the revised Policy is posted electronically on the Company corporate website https://www.NetCrypt.com (Website).
Australian Privacy Principles (APPs) means the amended Privacy Act 1988 (Cth.) that includes a set of harmonised privacy principles that regulate the handling of Personal Information by Australian and Norfolk Island Government agencies and private sector organisations as defined in Schedule 1 of Privacy Act 1998 (Cth.).OECD Guidelines mean the 2013 OECD (Organisation for Economic Cooperation and Development) Privacy Guidelines, in particular, the Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (2013); [C(80)58/Final, as amended on 11 July 2013 by C(2013)79].
Personal Information is as defined in s 6 of Privacy Act 1988 (Cth.), which cites “means information or an opinion about an identified individual, or an individual who is reasonably identifiable: a) whether the information or opinion is true or not; and b) whether the information or opinion is recorded in a material form or not.
Relevant legislation means all relevant precedents, codes, statutes, transition legislation, Commonwealth, State and Territory Acts and international convention treaties where relevant in determining privacy rights.
4.0 Policy Statement
- Electronic acceptance of Company Terms of Agreement to use NetCrypt is an automatic acknowledgement of acceptance to this Policy.
- Acceptance to this Policy by the authorized representative binds the accepting entity’s directors, officers, employees, contractors, agents, consultants and successors towards complying with this Policy requirement.
5.0 Collection of data
- 5.1. Collection of data from users.
Company collects the data entities (including but not limited to, Resellers, Storage Providers, Purchasers et al.) voluntarily furnish during the registration process for using and/or deploying NetCrypt in accordance with APPs. Data that is generated while creating the said entity account, e.g. login username, hashed password information and last login date and time to the NetCrypt console are also collected.
- 5.2. Collection of other types of data.
Company may automatically collect information on the deploying entity’s IT infrastructure specifications through the NetCrypt software suite once that entity deploys NetCrypt (e.g. IP address, gateway configurations et al.). The purpose of this collection, in accordance with APPs, is to determine conformance to minimum IT infrastructure requirements for functional deployment of NetCrypt.
6.0 Use of collected data
In accordance with the APPs, data collected by Company is handled internally within the organization by in-house staffs that have a need to know basis of accessing such data. Data, if accessed, is purely for NetCrypt product design enhancement and future business partner identification purposes.
Collected data is not sold to third-party entities.
With respect to recent amendments to the Privacy Act 1988 (Cth.), the scope of ‘trading in personal information’ does not apply to Company as the company does not collect user information for selling to third parties for profit. Company does not, and shall not, advertise or market to users, as well as share their details to third parties for marketing and advertising.
7.0 Disclosure of collected data
Company will not disclose collected data to any third-party legal entity unless explicitly ordered by a competent Australian legal authority through the issuance of subpoenas, court orders et al.
Users using or deploying NetCrypt has the right to request information it has supplied to Company, in which case, based on the APPs, Company shall provide the information to the entity within a reasonable time frame.
8.0 Governance of collected data
Collected data is governed in accordance with industry-standard best practices. Company has implemented information security management systems and frameworks within its organization along the lines of being compliant to ISO 27001 : 2013, which is used in governing collected data.
Company manages all collected data securely and ensures continuous adoption of technology to enhance security and encryption of collected data.
Company retains the collected data until the user’s account is terminated, unless required to enforce the Company Terms of Agreement, resolve disputes or comply with legal obligations.
Company shall retain collected data to the maximum extent required by governing legislation unless explicitly advised by the user, in which case Company shall hand back to the user all its relevant collected data at costs borne by the user.
Company shall not send collected data outside Australian borders without explicitly obtaining consent from users.
9.0 Reporting of collected data
Company does not publicly report data collected from users. Reporting is restricted only to users with only that information they have provided. Company may report collected data to law enforcement agencies or legal institutions upon explicit judicial orders.
10.0 Compliance obligations
Company is compliant to the APPs cited in the amended Privacy Act 1988 (Cth.) that set the minimum standards for handling personal information.
11.0 Technology policies governing Privacy