CRA-PRIVACY POLICY – Company & Culture Risk Analysis

Our Privacy Policy

Des Allen Pty Ltd. - ABN: 58 166 075 136

Privacy Statement:

Des Allen Pty Ltd. ("DAPL") respects the rights to privacy and is committed to safeguarding the privacy of our clients, customers and visitors to our website(s) or by clients using any of our software applications. This privacy Policy explains how we collect, store, use and disclose personal information.

Similarities exist between information Privacy Acts across the globe and our privacy policy will be continuously updated to accommodate these accordingly, to establish international compliance.

Des Allen Pty Ltd. as a 'Sole Trader' has chosen to voluntarily 'Optin' to ensure compliance to the Office of the Australian Information Commissioners ("OAIC") Privacy Act 1988.

Any queries regarding our Privacy Policy please make contact via our "Contact Us" page on our website https://desallen.com and we will be happy to assist.

Purpose of Collecting Personal Information:

Personal information is collected in order that we can:

- Identify our clients, prospective clients, their representatives and 3rd Party service providers that support or require our services.

- Deliver our services and service requirements directly to our individual clients, their personnel and other 3rd Parties that operationally support them.

- Perform our management and administrative duties to support our clients including quality assurance, complaints and problem resolution.

- Obtain feedback and comment on our products and serivces

- To develop further and implement solutions to improve and enhance our products and services.

Personal Information We Collect:

To allow us to provide our products and services to Clients (businesses and organisations), we require legitimate, minimal yet essential information about the organisation and personal information regarding the individuals, within the organisation.

With out this personal information we cannot deliver our products and services and the client can not obtain the benefits from the services we offer.

The type of direct information required is kept to a minimum and includes Company Name; Email Address; Telephone Number; Company Hierarchal Structure; Individuals' Names; Individuals' Company Email Address and/or their Mobile Phone Number; IP Address(required during the use of our software application, but not displayed or disclosed)

Information defined in the Privacy Act 1988, as "Sensitive Information" e.g. Religion, Ethnicity, Gender, Associations etc.) is not collected. If however this was to change, and where we were required to store Sensitive Information we would seek written permission and request the purpose of collecting such sensitive information and ensure the appropriate compliance requirements were followed and maintained.

NB: It must be noted, that although Des Allen Pty Ltd delivers its' services through 3rd Party Consultants we are bound by OAIC Privacy Act 1988 and acknowledge that our products are used by 3rd Party's and/or their Clients using the services to 'collect' personal information and so expand upon their privay commitments through this privacy policy and other confidentially agreements that may be in place between the parties.

How Persoanl Information Is Collected:

Personal information is collected through normal channels of inquiry and interactions with interested parties and existing and potential clients, and in particular those that purchase a licence for our software products.

In the vast majority of cases solicited personal information will be collected electronically via the Client (Company or Organisations) as they already hold the personal information required by Des Allen Pty Ltd. licensed software application product. This is presented for collection and processing either directly by the client or by the 3rd Party Consultant, acting on behalf of the clients, as they conduct their agreed services.

Individuals' personal data is only collected or processed based upon consent. This consent will be either form the individuals and/or from the client giving consent to process the data on behalf of the individual's (company employee, if a client-employee contractual agreement has been agreed and signed).

DAPL are not involved directly in the entering of personal information, however has requirements that 3rd party and client has in place their own privacy policies that conform to local compliance authority regulations.

Storage, Access and Security of Personal Information

Personal Information access is limited to personnel who specifically need it to carry out their duties and business responsibilities. This may apply across 3 potential APP Entities:

- The Clients personnel, authorised to use the registered and licensed software

- A 3rd Party(s) that support the client with their services in the use of the registered and licenced software. E.g. Client Consultants: SMS/Text Services.

To maintain privacy and security, Client consent to access the database and correct any reported issues, must be obtained.

As part of our software and storage service delivery to keep data safe we have in place suitable managerial, manual and electronic procedures and have taken reasonable steps to ensure clients personal information is kept secure from unauthorised access, misuse or loss.

Des Allen Pty Ltd. partners and/or associates and any 3rd Party consultant or consultancy are contractually bound to respect the confidentiality of any personal information held by us and to comply with local governing legal data protection regulations.

To assist us in protecting personal information privacy, clients must maintain secrecy of their access codes and credentials when accessing our website and/or web application software

Disclosure and Use of Personal Information

Personal information is collected and used for the purposes as described in the secion: "Purpose of Collecting of Personal Information."

We may also disclose personal information to 3rd Party Service providers and/or contractors who assist us in the delivery of our products and services. An example is a client using 3rd Party SMS delivery service to deliver SMS or Text messages to mobile phones to allow individuals to use the sytem as they do not have/require a company email address.

We may also be required to disclose personal information where there is a legal requirement through an authorised agency. E.g. criminal investigations.

Any individual regardless of client, consenting to use the registered and licensed software application to complete a Personal Assessment, gains upon completion, immediate access to their results, which is the outcome of using their personal informtation (email address, name or phone number.)

Direct Marketing

Des Allen Pty Ltd. We do not disclose, sell, or trade personal information to third parties for the purpose of them marketing directly to clients and their personnel, regardless of the client being local or overseas.

WE do not perform or hire mass email or telephone marketers to solicit information from Clients' personnel.

Any disclosure of an individuals' personal information for the purpose of marketing would only be conducted after the consent of both the client and of the individual(s) had been obtained.

We may from time to time offer a newsletter or update of enhancements and new features, that will be directed to a specific manager(s). They can ask to be removed from any such list if they prefer not to receive them, by contacting us via our administration email in the Contact Us section of our website.

We may form time to time, ask selected Clients Managers or 3rd Party consultants, to comment on efficacy and benefits or concerns on teh use of the liecensed system to enhance or promote our product(s).

Access to Personal Information

Des Allen Pty Ltd. is the provider of the software system that clients and 3rd party consultants may use. For clients this may also mean a 3rd Party mobile phone SMS provider, that clients may use. ???????

This means that other APP entities have access to individuals' personal information. Each entity however would be required to have their won privacy policy and operational procedures that comply with the resident country privacy compliance regulations.

Personal information is the vast majority of cases is for clients' personnel (Managers and Employees) and comprise of name, company email address and/or their mobile telephone number and consequently in our case, individuals already know their personal information.

Information considered "Sensitive Information: by the Privacy Act 1988 is not collected or held.

From time to time a personal assessment may be required to completed by an employee or manager (individual) however, their personal information is always at hand and they have immediate access - at any time - so their personal information is readily available electronically with having to request it.

However, if there is a need to request access to an individuals' personal information this can be made by contacting [email protected] alternatively contact our Administrator on +61 412 292 835.

Quality/Accuracy of Personal Information

We strive to ensure that certain personal information collected during is accurate - particularly where our software products are concerned. However other personal information e.g. employee names are so diverse, accuracy is best left to the Client from whom the information come from. We do take measures to validate information e.g. duplications or invalid email format. An example is validating an email address format.

The licensed software product accepts information as in entered by the client. In the event personal information is requested to be altered by DAPL we will seek permission to access said personal information, in order to correct.

However, should a client or 3rd party consultant believe that personal information bing processed is incorrect in some way, then the client can request alterations on behalf of an individual, be emailing [email protected] so we can make reasonable efforts to assess the situation and arrange correction.

Right to be Forgotten

At any time should an individual request that they be "Forgotten", they can inform their employer in accordance with compliance regulations and request to have their personal information removed from current and backup files , can be made to DAPL, who will act upon accordingly.

Personal Storage Limitations:

Storage of personal data for employees of an organisation will be stored for the length of time the client deems it necessary, whilst they hold a current software licence. Historical analysis and trends form part of the software product analysis and the trends are based upon employee and management responses to personal assessments.

As mentioned, individuals can have their personal information removed at any time. For the client (organisation) retention of data is based upon an annual licence fee for the software product. Licences that elapse or if DAPL is informed by the client or through the 3^rd party consultancy, that the licence is no longer required, then ALL data associated with the client is removed. Notification of this action is part of the License agreement.

Queries and Complaints:

We continuously endeavour to improve our products, our services and our procedures so that personal information is protected and treated in accordance with the compliance regulatory authorities. If there is a reason that we appear to have been negligent or have lapsed in some way in accordance with this policy or the OAIC Policy Principles then please make contact with so that a satisfactory conclusion can be reached and any identified issues resolved to the client’s satisfaction.

On this basis our approach will be:

- To listen and understand the nature of the complaint(s);
- Together discuss and develop ways to correct the situation(s);
- Establishing a new approach and plan a direct course of action towards ensuring the issue is not repeated; and
- Follow up to ensure the issue(s) have been addressed and the situation(s) remedied.
- Any complaints can be directed to the Administrator at: [email protected]

In the event an individual feels the solution has not been to their satisfaction, then they can go to the OAIC website: https://www.oaic.gov.au/privacy/privacy-complaints in order to further their complaint. The OAIC contact details are: [email protected]. Or Tel: 1300 363 992.

Cross Border Disclosure:

The nature of our business may require overseas 3^rd Party entities to support overseas clients in the use of our software systems. We strive at all times to ensure the compliance by all 3^rd Parties, to meet the standards and regulations as stipulated in the Australian Privacy Act 1988.
On this basis contractual non-disclosure agreements are mandatory for all 3^rd Party entities/services associates of Des Allen Pty Ltd. and/or for 3^rd Parties’ clients.

Likewise, on the basis that we wish to do business with clients or 3^rd party entities residing overseas, we are in the process of ensuring compliance with the governing legal data protection regulatory authorities of those countries. e.g. EU-GDPR; UK-GDPR – UK-ICO; NZ – The Privacy Act 1993.

This is currently being undertaken on a country by country basis where our products and services are/will be required.

Regardless of country, the collection and disclosure of personal information as outlined in this privacy policy document, would as a minimum apply.

Please see Appendix A: for a list of countries that collect, hold and disclose personal information on behalf of Des Allen Pty Ltd.
If there are any queries regarding the disclosure and safety of Personal Information, please address them to: [email protected]

Government Related Identifiers:

We have endeavoured to ensure that the minimum amount of personal information is collected for use by our software.
Consequently, the nature of an individual’s Personal Information that is collected and used, does not include any personal information that is classified as “Sensitive Information” by the Australian Privacy Act and where a government assigned ‘sensitive identifier’ e.g. Australian Passport No’s; drivers licence; Medicare No’s etc. is assigned.
There is however a Government assigned identifier i.e. ABN: No’s. for any company(s) we conduct our business with and is required when we invoice from time to time.

This is done through a separate manual process.

There is no relationship between the Governments Identifier (company ABN/ACN No.) and our software products that are used by a client, where personal information associated with any individual (employee) could be accidently or otherwise, assigned the Government Identifier and used in error.

The Use of Cookies:

To meet the needs of our software users, cookies are used when a person logs into our website or uses the application software system and navigates around the system. Cookies help the user to stay logged in and quickly visit and revisit pages in the system.

We may also use Google Analytics for marketing to various global locations but do not access any clients’ personal information for direct marketing purposes.

If you wish to ‘Opt out’ from google analytics tracking, go to https://tools.google.com/dlpage/gaoptout and follow their instructions.

Cookies are used by the web browser in conjunction with the IP address which can change if the user for example uses the company desktop terminal and then later, logs in using their laptop at home.

However, we do not use or disclose this electronic feature to access any of a clients’ personal Information.

Controlling Cookies
Web browsers in general have some form of control of most cookies through the browser settings. To find out more about cookies and seeing what cookies have been set and how to manage and delete them, visit: www.allaboutcookies.org

Compliance With Other Data Regulatory Authorities:

DAPL is also in the process of ensuring our software and privacy policies adhere to and are compliant with:

       EU – GDPR
       EU – GDPR / UK ICO (Information Commissioners Office)
       NZ Privacy Policy

Last Updated: 13/01/2020

Appendix A:

Currently our servers are located in Singapore however personal Information is and may be collected, held and disclosed in other locations overseas by our 3 Party Consultants. These locations may be updated from time to time and listed accordingly.

Locations:
       Australia
       New Zealand
       Netherlands
       USA
       United Kingdom