Legal 

VAULT PRIVACY POLICY

Last modified: 26 April 2017

 

PLEASE READ THIS PRIVACY POLICY CAREFULLY.

 

This Privacy Policy is designed to tell you (the Subscriber or you) what will happen to the information Subscribers provide through our website, our Vault Enterprise platforms, any of our mobile or tablet applications or services, or through any other form of communication with Vault IQ AU Pty Ltd ACN 600 563 568 or Vault IQ NZ Ltd NZBN 9429034599266 (Vault, us or we), or other bodies corporate that we control, that controls us, or that is under common control with us, employees, officers, agents or contractors (Related Parties).  Please be sure to read this entire Privacy Policy before using our website, our Vault Enterprise Platforms, any of our mobile applications, or submitting personal or sensitive information to us or our Related Parties, and by doing so Subscribers consent to the data practices described in this Privacy Policy.  In this Privacy Policy, a reference to an Order means an order for a service provided by us and a reference to Data means any data created or stored by you using a Vault service, which may include personal and sensitive information.

Data Ownership

The Subscriber retains full ownership for all Data that they input, and all Data they may contract another party to input, for the purpose of using a Vault service.

We make no claim to any Data, or any other miscellaneous information, the Subscriber may provide to us pursuant to an Order for a Vault service.

We will only use information that you provide in accordance with this Privacy Policy and for the purposes stated in any applicable Order or terms of service.

Personal Information

This Privacy Policy concerns any personal information or sensitive information which is provided to us. For the purpose of this Privacy Policy:

  • Personal information is any information about an identified individual or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
  • Sensitive information is any personal information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health, genetics, biometrics or biometric templates.  We will collect, use or disclose sensitive information provided by Subscribers in accordance with this Privacy Policy but only as allowed by law, for example where we have received consent to do so (if consent is legally required) or the collection is required by law.

Consent and confirmation

By using our websites, using our Vault Enterprise platforms or any of our mobile applications, or otherwise providing us directly, or through others, with personal or sensitive information, Subscribers:

  • agree with the terms of this Privacy Policy;
  • consent to the collection, use, and disclosure of that information in accordance with this Privacy Policy and applicable privacy laws; and
  • confirm that they have obtained all necessary consents in relation to the disclosure of personal or sensitive information to Vault.

Passive information collection

As Subscribers navigate through our websites, our Vault Enterprise platforms and access and use any of our mobile applications, certain information can be passively collected (that is, gathered without anyone actively providing the information) through various technologies, such as cookies, internet tags or web beacons and navigational data collection.

Our websites and mobile applications may use and combine such passively collected anonymous information to provide better services to our customers, website visitors and mobile application users, customise the website, our Vault Enterprise platforms and mobile application based on users preferences, compile and analyse statistics and trends and otherwise administer and improve the website, our Vault Enterprise platforms and mobile applications for our Subscribers’ use.  Such information is not combined with personally identifiable information collected elsewhere on the websites, our Vault Enterprise platforms or through the mobile application unless we have received consent to do so.

How we collect personal information

We collect personal information that is necessary for our business activities and in order to provide and develop our services.  We may do this in a number of ways, including:

  • directly from our Subscribers when they provide it to us or our Related Parties;
  • directly from our Subscribers’ systems when they provide or otherwise facilitate an electronic connection to our system or the systems of any of our Related Parties;
  • from publicly available resources; or
  • by analysing our own records of our Subscribers use of our services, websites and mobile applications.

We also may collect personal information when legally required to do so.

What personal information do we collect and why?

The type of personal information we collect may include, names, dates of birth, addresses, postcodes, telephone numbers, email addresses, licences, certifications, medical information, credit card information and information on how people use, and preferences regarding, our products and services.  If we are not provided with the personal information that we request, we may not be able to meet the requests of our Subscribers or provide our products or services to Subscribers.

The personal information Subscribers provide us may be used for a number of purposes connected with our business operations, which include to:

  • verify identity;
  • facilitate provision of our products and services;
  • address or respond to any requests from Subscribers;
  • inform Subscribers of existing and proposed products and services which we provide;
  • better understand Subscribers’ needs in relation to the products and services that we provide; and
  • develop and improve the quality and scope of the products and services we provide, and seek feedback.

Personal information may be used so that we and/or Related Parties can provide Subscribers with information about our products and services, such as by way of direct mail or telemarketing, and, where Subscribers have opted in, by email, Push Notifications, SMS and MMS, or to request feedback for promotional purposes.  Subscribers always have the right to opt-out of receiving such information.  Subscribers may exercise that right by contacting us as set out below or by using the opt out facility provided in the message.

We may also use personal information for purposes related to those described above which would reasonably be expected by our Subscribers.

We will not use information for purposes other than those described above unless we have obtained consent or as permitted or required by law (including for law enforcement or public health and safety reasons).

Our websites and mobile applications are not intended for children under the age of 16.  We will not knowingly collect information about children under the age of 16 or from website visitors and mobile application users in this age group. If you believe we have collected information about a child under 16, please contact us so that we may delete the information.

Sharing personal information

We may disclose personal information in certain circumstances, such as where we are required or authorised by law or where we have obtained consent to us doing so.

We also may disclose personal information to:

  • others in accordance with a request made by the Subscriber concerned;
  • our Related Parties and business partners;
  • our data storage providers; and
  • persons engaged in providing us with professional, business, technology and corporate services, when reasonably required.

When making such a disclosure we will take reasonable steps to ensure that the recipient is bound by privacy obligations.

Unless we have obtained consent, we otherwise will not disclose personal information to third parties other than as set out above.

Retention of information

We generally retain personal information for as long as we consider it potentially useful and then we securely delete the information, however we only retain personal information for as long as we are legally entitled to. Unless legally prohibited from doing so, we will delete this information from our servers following termination of a Subscriber’s subscription or at an earlier date if Subscribers request.

We will only send personal information outside the country specified in your order:

  • if we are authorised to do so by law;
  • for any of the purposes set out in this Privacy Policy (but only to parties that are subject to obligations in relation to personal information no less onerous than those in this Privacy Policy); or
  • if we have obtained consent to us doing so.

In the course of our ordinary business operations we commonly store personal information with third party data storage providers located in the following countries:

  • Australia (in which case the backup location is Australia).
  • New Zealand (in which case the backup location is New Zealand).
  • Singapore (in which case the backup location is Hong Kong).

Access and correction

Subscribers may request access to any of the personal information we hold about them or their Related Parties or Users by contacting us as specified below.  Where legally permitted, we reserve the right to charge a reasonable fee for the costs of retrieval and supply of any requested information.

We will take steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date.  To ensure personal information is accurate, please notify us of any errors or changes to personal information provided by Subscribers and we will take appropriate steps to update or correct such information in our possession.

Storage and security

We provide a number of options for Data storage which can be selected when the Subscriber completes an Order with us. These options can include data sovereignty for stored and backup Data, or options to securely encrypt stored Data.

We will take reasonable steps to safeguard information provided by Subscribers from loss, misuse, interference, unauthorised access, modification or disclosure.

Links to other websites

Our website, Vault Enterprise platforms and mobile applications may contain links or references to other websites and applications to which this Privacy Policy may not apply.  Subscribers should check their own privacy policies before providing personal information.

Complaints

If Subscribers have any questions or concerns about our collection, use or disclosure of personal information, or if Subscribers believe we have not complied with this Privacy Policy or the Act, please contact us as set out below.  One of our senior employees will investigate the complaint and determine whether a breach has occurred and what action, if any, to take. We will act in accordance with our internal Privacy Breach Policy and applicable law if the initial investigation reveals a breach of this Privacy Policy.

Vault and our Related Parties will take any privacy complaint seriously and will aim to resolve any such complaint in a timely and efficient manner, and our target response time is 5 days.

Vault and our Related Parties expect our procedures will deal fairly and promptly with complaints. However, if Subscribers remain dissatisfied, they can also make a formal complaint with the official authority for privacy and information in the jurisdiction of the service location specified in your Order.  In Australia, this authority is the Officer of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia) who can be contacted as follows:

 

Office of the Australian Information Commissioner (OAIC)

Complaints must be made in writing

1300 363 992

Director of Compliance  

Office of the Australian

Information Commissioner

GPO Box 5218

Sydney NSW 2001

www.oaic.gov.au

In New Zealand, this authority is the Office of the Privacy Commissioner (which is the regulator responsible for privacy in New Zealand) who can be contacted as follows:

 

Office of the Privacy Commissioner (OPC)

Complaints can be made orally or in writing

0800 803 909

Office of the Privacy Commissioner

PO Box 10094

Wellington 6143

www.privacy.org.nz

How to contact us

Subscribers wishing to exercise rights to opt-out of receiving our marketing materials, or having any questions or concerns about this Privacy Policy or our information practices (including whether and what type of health information we hold about them or their Related Parties), should contact us by:

Telephone

1300 723 240 Australia

0508 475 2846 New Zealand

Post

Attn: General Manager

Australia: 145-147 Bouverie Street, Carlton, 3053, Melbourne, Victoria, Australia.

New Zealand: Level 1, 106 Wrights Road, Christchurch, 8024, New Zealand.

Email

privacy@vaultintel.com

Changes to this Privacy Policy

Our Privacy Policy may change from time to time as updated on our website.  Before providing us with personal information, please check this Privacy Policy on our website for any changes. We will also notify Subscribers of any updates to the policy.

 

Policy Versions

Version One: 22nd December 2016

Version Two: 26 April 2017