Privacy policy

This policy was last revised on .

This privacy policy applies to CyberMetrix and our handling of personal information. CyberMetrix (ABN 67 609 784 358) is a technology company that provides Software as a Service (SaaS) and Platform as a Service solutions for governments and organisations (i.e. our customers).

Due to the commercial nature of our services, CyberMetrix, for the most part, collects the information of individuals in their professional capacity. For example, we collect information of the person who registers or activates the organisation’s administrator or user account, as part of their role within the customer organisation.

That being said, we recognise and value the protection of your personal information, which is an important part of our relationship with customers.

This Privacy Policy explains how we handle personal information. As an Australian company, we apply the privacy principles set out in the Australian Privacy Act 1988 (Cth), which guide how we collect and manage personal information. Importantly, we:

  • give you clear information about our personal information handling practices,
  • only collect personal information that is necessary for our functions,
  • understand the purpose of our services, and restrict our use and disclosure of personal information in that regard, and
  • take reasonable steps to keep the personal information we have secure.
Personal information

Personal information is information that identifies a person (or could reasonably lead to them being identified).

When providing our services, we collect some personal information. The types of personal information we collect and process depends on our relationship with you. We generally collect and process personal information from the following groups of people:

  • Website visitors – We collect some personal information when people visit this website.
  • Customers and prospective customers – Our customers are generally organisations, companies, corporations and government departments or agencies. The personal information we collect includes, for example, details of the contact person registered on the organisation’s administrator or user account.
  • Customers that use our SaaS and PaaS services – When our customers activate their administrator or user account, we require some personal information to register the account. This information is limited and relates to details of the person in their professional capacity, i.e. business email and phone.
  • People who are interested in working for CyberMetrix – We collect personal information of job applicants, and (where relevant) an applicant’s referees.
Personal information we collect

The types of personal information we collect and process are set out below. We generally collect this information when you interact with our platform and website. We may also collect this information in person, via email, mail or phone.

Analytics data

We collect and use analytics and cookie data from a person’s use of the website (www.cybermetrix.com.au), to understand how people interact with our site.

We generally collect this information through the use of cookies. More information about this is contained in our Cookie Notice.

Information we collect and process when you use our website and platforms includes:

  • Your device’s IP address
  • The date and time that you visited our website
  • Whether you have been to our website before
  • What site referred you to our website
  • Approximate location of the device you used to interact with our website
Enquiries Information

If you are a contact person for an organisation, we collect and process minimal personal information when you ask about our platforms and services. Enquiries can be made via email, post, or when you submit an online ‘contact us’ form.

Information we collect and process may include the name of an organisation’s contact person, the organisation’s preferred phone, email and address details, and details of the enquiry or correspondence with us.

Customer contact information

We may use the details of a customer’s nominated contact person to communicate with our customer, including in regards to the platform, our services, sales, and accounts. Information we collect and process may include the name of the customer’s contact person, the organisation’s preferred phone, email and address details.

We may send promotional emails to a customer’s nominated contact person, where they have opted to receive marketing material. Whilst these emails may be sent to a customer’s contact person, they are intended for our customers, i.e. organisations. If at any time the customer wishes not to receive promotional communication from us, they may unsubscribe using the unsubscribe method described in the email.

Customer Registration information

We collect and process limited personal information to register or activate our customer’s CyberMetrix account. We collect details of the customer’s nominated person via our platform when you register your organisation’s account, including:

  • First name
  • Last name
  • Country location
  • Business mobile number
  • Business email
  • Password
  • Role within the customer organisation
  • Profile picture (where it includes an image of a person)

When a customer uses our platform, they may provide us with contact information or other personal information that relates to an individual in their professional capacity, working for our customer’s suppliers or customers. We collect and use this information for the purpose of providing our cyber security services to our customers.

Help and Support Information

A customer may submit a question or request support by submitting a form located within the customer’s administrator or user account. When the customer requests support, we collect the name of the customer’s contact person, business email address and details of the question, issue or support request, and our correspondence with you in regard to the request.

Payment Information

We collect and process payment information to provide our products and services. When customers provide payment information to us, they will usually provide the payment information of the customer organisation; not payment information of an individual.

There may be limited circumstances where personal payment information is provided to and processed by us (such as name on card, card type, amount purchased). We do not knowingly receive payment information of a person; rather, we ask our customers to use their approved corporate payment facilities.

Feedback Information

We collect and process feedback information to improve the types and quality of services offered, and the manner in which those services are provided to customers. We may collect your opinions and feedback by conducting surveys or market research, or by seeking other information from you on a periodic basis.

Access and correction request or privacy complaint information

When you submit a request to access or correct your personal information, or submit a privacy complaint, we use this information to process your request or investigate your concern, and to communicate with you. We collect and use your name, contact information and details regarding your request or concern.

Recruitment information

When you apply for a job with us, we collect and process your personal information as part of the application, and potentially, the hiring process. Recruitment information we collect and process may include name, email, phone, address, resume, cover letter details and references.

Why we collect and use personal information

We collect and process personal information for a number of reasons, which have been described in the table below:

We collect and use… Purpose
Analytics data To analyse the usage of our website and platform, including through the use of cookies, to improve your user experience. If you do not wish for us to use cookies, you can follow the process set out in our Cookie Notice.
Enquiries information To answer your questions about our cyber security maturity assessment platform and services
Customer contact information To enter into a contract with you (e.g. Terms of Use)
To provide you with access to the CyberMetrix platform
To communicate with you as part of our cyber security services
To send our customers promotional emails. Whilst these emails may be sent to a customer’s contact person, they are intended for our customers organisations.
Help and support information To provide help and support in our customer’s use of the CyberMetrix platform
Payment information To accept payment for your purchase of our products or services
Feedback information To improve the types and quality of services offered, and the manner in which those services are provided to customers
Access and correction requests, and privacy complaint information To process your request or investigate your concern, and communicate with you
Recruitment information To process your job application and, if you are successful, to offer you a job and commence your employment
Who we share your personal information with

CyberMetrix uses external parties (i.e. vendors) to provide services and functions on our behalf. In order for vendors to provide these services, we may share personal information that relates to the services being provided. We ensure that vendors only process personal information for the purpose it was provided to them, and not for any other purpose.

Our primary vendors that provide services on our behalf include:

We also have contracts with other domain specialists, subject matter experts, management consultants and information technology professionals to assist in providing our services. There may be limited instances where we share your information with these external parties for the purpose of providing services on our behalf.

We do not sell or share personal information with any advertisers, sponsors, content providers, media outlets, law enforcement or other person or entity, unless:

  • We have your express permission, or
  • There is a lawful ability or requirement for us to do so.
Anonymity

If you contact us with a general question, we may interact with you anonymously or through the use of pseudonym.

However, due to the nature of our business, we are unable to provide our cyber security maturity assessment platform anonymously, as we require factual information in order to register customer accounts and provide our cyber security maturity assessment services.

How we manage personal information

At CyberMetrix, we securely manage and dispose of personal information that we collect and process, as outlined below:

Storage

We store personal information that we collect using public cloud services that are secured using best practice authentication techniques to protect your data from unauthorised access, modification or disclosure. CyberMetrix stores data, including personal information, with Google and Amazon Web Services. The information is stored in the jurisdiction in which we collected it from (for example, where personal information is collected from within the US, the data is stored on servers located int the US) when it is possible to do so.

We also use vendors to store specific types of personal information (such as analytics and accounting information) on our behalf. The personal information stored by vendors relates directly to their functions and services, and is stored in accordance with our contract with these providers.

Security

CyberMetrix have implemented a range of data security practices and controls, including (but not limited to):

  • Use of access controls, including multi-factor authentication,
  • Security awareness training,
  • Encryption of personal information during transit and at rest where possible,
  • Personal information is stored and backed up in secure offsite locations,
  • Back-ups of data is regularly tested for full operational recovery,
  • Use of anti-virus on all company workstations and laptops, and
  • Installation of firewalls where our network connects to the public internet.

Protection of personal information from unauthorised access, disclosure, alteration or loss is a priority for us. Any concerns about the security of personal information collected or processed by CyberMetrix should be reported to us at using our contact details below.

Retention

We keep your personal information for different periods, depending on the purpose that it was collected for. Where we no longer require personal information for the purpose it was collected, we will securely destroy that data.

Accessing and correcting your personal information

CyberMetrix supports your right to:

  • Access personal information we hold about you, or
  • Correct your personal information, where you think that it is inaccurate, incomplete or out of date.

If you would like to access personal information we hold about you, we are happy to tell you what it is. We will not, however, tell someone else what personal information we hold about you (unless you permit us or there is a lawful ability or requirement for us to do so).

If you think the personal information we hold about you is incorrect, out of date or misleading, we are happy to correct it.

Questions and concerns?

If you have a question about this Privacy Policy or are concerned about how we handle personal information, please contact us at:

Online

Via the Contact Form on the footer of our website.

Address
Privacy Officer
CyberMetrix
GPO Box 1515
Brisbane, QLD 4001
Australia

If you have made a privacy compliant and are not happy with how we responded to your concern, you are able to contact the Office of the Australian Information Commissioner (OAIC). The OAIC’s process is available here.

Updates to this Privacy Policy

We may decide to update this Privacy Policy to ensure that our personal information handling practices are correctly reflected. If we make a significant change to this policy, we will notify you by publishing a notice on our website.

This policy was last revised on .

Success!

Your message has been sent.

image description

Send us a message.

We’ll get back to you within the hour.

Click here