Privacy Policy
Privacy Policy
This Privacy Policy was last updated on 13/09/2023
1. Definitions
1.1 In this Privacy Policy (Policy):
(a) Client means an individual, company or other legal entity that engages CAT to provide its Products or Services to it.
(b) You, your means, where the context requires, in the case of an individual using the CAT Website or purchasing Products and Services through CAT directly or the CAT Website, that individual, or in the case of an individual using the CAT Website or purchasing Products and Services through CAT directly or the CAT Website on behalf of a Client or other company or other legal entity, that company or other legal entity.
(c) CAT, us, we, our means Cyber Audit Team Pty Ltd ABN 43 619 724 506 and all legal entities owned or controlled by Cyber Audit Team Pty Ltd ABN 43 619 724 506 (across any jurisdiction).
(d) CAT Website means the online services accessible via the following website:
https://cyberauditteam.com
https://cyberskills.com.au
(e) Personal Information means information about an identifiable natural person.
(f) Privacy Officer means the Privacy Officer, the contact details of which are provided at clause 19 of this Policy.
(g) Products and Services means all products and services offered by CAT, including the provisions of information security and cyber security services, providing access to various learning paths’ and training courses or other services offered by CAT from time to time as described on the CAT Website.
2. Introduction
2.1 This Policy sets out how we collect, handle and use information that identifies you, for example: your name, email and address.
2.2 We care about your privacy and have put measures in place to protect you and the information you have entrusted to us.
2.3 We may update this Policy from time to time. Although, we will not provide notice of the changes to you. You can view the latest version of this Policy on the CAT Website at any time.
2.4 In this Policy, we set out:
(a) the types of information that we may collect; and
(b)how that information will be used, handled, stored, and disclosed.
3. Application
3.1 This Policy applies to Personal Information that we may collect about you in the manner outlined in this Policy. To the extent permitted by law or as otherwise set out in the Policy, this Policy does not apply to any information that may be collected by a third party (including a Client) and how that third party may use, handle, store or disclose your Personal Information.
4. Information we collect about you
4.1 We may collect, use, store and transfer Personal Information about you, which information is generally grouped into one of the following types of data:
(a) being your first name, last name, title, address and email address collected through the CAT Website or collected by CAT or inputted directly by you or a Client;
(b) your billing address, shipping address, email address and telephone numbers;
(c) to the extent required by law or by any third-party payment processor that we may use, your bank account details, credit card details or other payment information;
(d) details about payments to and from you and other details of Products or Services you or a Client have purchased from us;
(e) information regarding the IP addresses used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, cookies, operating system and platform and type of device;
(f) details regarding purchases or orders made by you from us, your interests, preferences, feedback and reviews;
(g) information about how you use the CAT Website and our Products and Services;
(h) being information regarding your preferencing in receiving marketing from us and your communication preferences;
(i) information, communication, or opinions about any of our Products and Services, transactions, payment history and business activities;
(j) as part of any application for employment process with us, we may collect Personal Information that:
(i) has been provided in the application form which may include; contact details, employment history, immigration status, education details, licenses and qualifications, and this may include Personal Information about you gathered from curriculum vitae, tender documents or any other documents required for your employment;
(ii) identifiers (such as tax file number and business number), citizenship and residency details, details regarding and information provided by your referees, details regarding and information provided by your guarantor(s) and business partner(s), results of any pre-employment or profile tests, employment history, education history, identity documents and next of kin details; and
(iii) interviews, briefings or general conversation;
(k) subject to clause 9.2, information we may receive from third-parties such as a Client, business partners, sub-contractors in technical and delivery services, advertising networks, analytics providers and search information providers, third-party applications that plug into the Products and Services and payment providers or merchants;
(l) digital media and content such as video, footage and audio.
5. Collection of ‘sensitive information’
5.1 CAT will not request any sensitive information from you as defined under section 6(1) of the Privacy Act 1988 (Cth), unless:
(a) you are adequately informed before giving consent;
(b) you give consent voluntarily;
(c) the consent is current and specific;
(d) you have the capacity to understand and communicate their consent; or
(e) as required or authorised by or under an Australian law or a court/tribunal order.
6. How do we collect information from you
6.1 We use different methods to collect data from you and about you, including:
(a) (direct interactions) – you may give us your identity, contact, financial, profile and proof of identity data by creating an account with us, completing online forms or corresponding with us.
(b) (interactions you have with other sources) – subject to clause 9.2, we may receive identity, contact, financial, transaction, usage and marketing and communications data from third-parties such as a Client, business partners, sub-contractors in technical and delivery services, advertising networks, analytics providers and search information providers, third-party applications that plug into the Products and Services and payment providers or merchants;
(c) (automated technologies or interactions) – we may collect information automatically when you visit our CAT Website, for example your IP address and device type or details of what pages you looked at and what links you clicked on. This information is useful for us to improve the value of our Products and Services to you. We may use the following technologies to collect technical and third-party data:
(i) “cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, please see: https://allaboutcookies.org;
(ii) “log files” track actions occurring on the CAT Website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps; and
(iii) “web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the CAT Website and Products and Services.
7. How do we use your Personal Information?
7.1 We may use your personal data to:
(a) communicate with you;
(b) to register you as a new customer or create an account with us;
(c) to provide technical or other support to you;
(d) to enhance, administer and manager the CAT Website and services and develop new ones to administer and protect our business and the CAT Website;
(e) to deliver the relevant CAT Website content and measure or understand the effectiveness of the CAT Website and to ensure the proper function of the CAT Website and online software;
(f) to protect you;
(g) to market to you including a newsletter (if we choose to) and make suggestions and recommendations to you about goods, services or promotions that may be of interest;
(h) to analyse, aggregate and report;
(i) to perform a contract with you and provide you with the Products and Services including, manage payments, fees, and charges, perform fraud checks and collect and recover money owed to us;
(j) to improve the Products and Services or businesses that we undertake;
(k) to maintain a record in the event of any Product and Service or warranty request;
(l) to manage our relationship with you which may include, notifying you about changes to our terms or this Policy, asking you to leave a review or take a survey, engaging with you in relation to any support request or communication that you may submit;
(m) to facilitate internal training, ensure the effective delivery of Products and Services and to resolve disputes or problems, whether initiated by us or you; and
(n) to improve our Products and Services and the business activities we undertake.
(the Primary Purposes).
7.2 Where we collect Personal Information, we will process the information only for the Primary Purpose, and:
(a) where we have legitimate interests to process the Personal Information and they are not overridden by your rights;
(b) in accordance with a legal obligation; and
(c) where we have your consent.
8. Whether giving it is compulsory or voluntary
8.1 CAT will ensure that where possible, any Personal Information requested from you can be provided voluntarily or anonymously. You do not have to provide us with the Personal Information we request but this may mean that you cannot use some or all of the CAT Website or our Products and Services.
9.Data Retention
9.1 We will retain your Personal Information for as long as is necessary for a lawful purpose connected to our relationship with you and for the Primary Purposes.
9.2 If it is determined that we should not have possession of Personal Information under a relevant law, we will destroy the Personal Information or ensure that the Personal Information is de-identified.
9.3 We will only collect Personal Information from a third party where it is reasonably necessary for, or directly related to CAT’s functions or activities as outlined in clause 7 of this Policy.
10. Do Not Track Settings
10.1 Please note that we do not alter our CAT Website data collection and use practices when we see a ‘Do Not Track’ signal from your browser.
11. Storing your Information
11.1 To offer a consistent service to you, we may store and manage data electronically or in paper form. Where data is stored electronically, it is done so by a third-party cloud service provider that may store your Personal Information (or a backup of your Personal Information) in a data centre or an online cloud service, as determined by the third-party provider from time to time.
11.2 The data that we collect from you may be transferred to and stored on these servers or subject to clause 14, processed by staff operating in other jurisdictions or who work for CAT.
11.3 We will take all steps reasonably necessary to ensure that your Personal Information is secured from misuse, interference, loss, unauthorised access, unauthorised modification, or unauthorised disclosure. Any Personal Information will be handled in accordance with this Policy and the Act. Despite using all steps reasonably necessary, the transmission of information through the Internet is not completely secure.
11.4 Submission of any Personal Information to us is an acknowledgement that you agree to such use, storage, and disclosure as outlined in this Policy.
12. How we disclose your Information
12.1 There may be times when we need to share your Personal Information with third parties.
12.2 If we receive Personal Information from any third party, including a Client, we will take reasonable steps to ensure that before we collect the information:
(a) we are satisfied that you would reasonably expect us to obtain the Personal Information;
(b) you have authorised the collection of that information; and
(c) that the information is accurate.
12.3 We may share your information with:
(a) any and all of our affiliates;
(b) third parties including business partners, suppliers and subcontractors, industry bodies and associations;
(c) where we are required to disclose your information in order to comply with any legal obligation, to enforce any agreements, or to protect the rights, property, or safety of us and our customers, or others. This includes, where relevant, exchanging information with organisations for the purposes of fraud protection and credit risk reduction;
(d) an actual or potential buyer (and its agents and advisors) in connection with an actual or proposed purchase, merger or acquisition of any part of our business; and
(e) other third-parties where we have your consent, including your implied consent given where disclosure is required for the performance of a contract with you.
13. When will we disclose Personal Information
13.1 Personal Information will only be used or disclosed for purposes related to the Primary Purposes for which it was collected and is relevant to you. CAT will obtain consent from you where appropriate and necessary. Exceptions to this include where:
(a) the use or disclosure is required to lessen or prevent a serious and imminent threat to an individual’s life, health or safety, or to public health and safety;
(b) we suspect fraud or unlawful activity;
(c) the use or disclosure is necessary to assist a law enforcement agency or government regulatory body in its law enforcement functions or investigations; or
(d) the use or disclosure is required or authorised by or under law.
14. International Data Transfers
14.1 We may collect and store Personal Information globally from each jurisdiction we operate in and from each legal entity that is owned or operated by us in different international jurisdictions and may transfer, process and store your Personal Information outside of Australia, to wherever we or our third-party service providers operate for the Primary Purposes. We will take reasonable steps to ensure that any third-party service providers engaged outside of Australia to process and store your Personal Information, do so in accordance with this Policy and any applicable law.
15. Accessing and Correcting your Information
15.1 You may request access to Personal Information that we hold about you at any time by contacting our Privacy Officer (using the details set out in clause 19 of this Policy.) We will respond to any such request for access to Personal Information within a reasonable time and will provide you access to the Personal Information that we hold relating to you unless we are authorised not to do so by law.
15.2 Where permitted by law, we may charge you a reasonable fee for processing your request to access your Personal Information and should we decline you access to your Personal Information, a written explanation will be provided setting out the legal reasoning for doing so. For example, but not limited to, if the information doesn’t exist, cannot be located, the information may involve an unwarranted breach of someone else’s privacy, or releasing it may pose a serious threat to someone’s safety.
15.3 If upon receiving your Personal Information, or at any other time, you believe the Personal Information that we hold about you is incorrect, out of date, incomplete, irrelevant, or misleading, please notify our Privacy Officer (using the details set out in clause 19 of this Policy.) CAT will take reasonable steps in the circumstances to ensure, having regard to the lawful purpose that it was collected, that the information is accurate, up to date, complete and not misleading.
15.4 If we decline to correct your Personal Information as requested by you, a reason for refusal will be provided, except to the extent that it would be unreasonable to do so, having regard to the grounds for refusal.
16. Complaints
16.1 If you believe we have not fulfilled our obligations under any relevant law or have not complied with the terms of this Policy or would like to appeal a decision made by us in relation to your Personal Information, you can make a complaint in writing to our Privacy Officer, using the contact details set out clause 19 of this Policy.
16.2 We will respond to you within a reasonable period of time (or where a period is specified by any law, that period) to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.
17. Our external provider’s privacy policies
17.1 We may hold your Personal Information on behalf of the Client in which you are dealing with or employed by. Accordingly, where you are dealing with a Client and you are concerned that there may have been a breach of this Policy by an independent third party associated with us and/or a Client, please contact the Privacy Officer at the details set out in clause 19.1 of this Policy.
17.2 We hold your Personal Information on behalf of the Client for the following purposes:
(a) to facilitate various Products and Services on behalf of a Client to you;
(b) for the Client to maintain its data and records about you in a centralised customer relationship management system;
(c) for the Client to communicate with you in a secure manner;
(d) for you to make payments to a Client;
(e) for a Client to market to you;
(f) for a Client to organise and store your Personal Information in a consistent manner for the Client to better provide its services to you;
(g) to provide analytics services, of any kind, to Clients;
(h) to provide to any entity in our group of companies;
(i) where disclosure is required or authorised by or under an Australian law, a law in any jurisdiction in which we operate or a court/tribunal order; and
(j) where we reasonably believe that the use or disclosure of your Personal Information is necessary for one or more enforcement-related activities conducted by, or on behalf of, an enforcement body.
18. Unsubscribe
18.1 When it comes to marketing communications, you can ask us not to send you these at any time by following the unsubscribe instructions contained in our communication, or making your request from to the Privacy Officer, details as outlined in clause 19 of this Policy.
19. Contact
19.1 If you have any comments, concerns or questions regarding this Policy or Personal Information that we hold about you, please contact our Privacy Officer by email to privacy@cyberauditteam.com or by post at:
Privacy Officer
PO Box 5311
Q Supercentre
Mermaid Waters, QLD, 4218