Privacy Policy

This Privacy Policy applies to all personal information collected by Cloud Assess Pty Ltd ACN 164 642 684 (“Cloud Assess”, “We”, “our”, or “us”). Cloud Assess is committed to complying with its obligations under the Privacy Act 1988 (Act) (Privacy Act) and the Australian Privacy Principles (APP) in respect of that information. In this document, “personal information” has the meaning set out in the Privacy Act, and (in summary) means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or otherwise.

Please read this Privacy Policy carefully. Your use of any part of our website, our mobile applications, or the services on our platform will constitute your consent to the collection, transfer, processing, storage, disclosure, and other uses of your personal information in accordance with this Privacy Policy.

If you do not agree with the terms and conditions of this Privacy Policy, please do not use our website or services. This Privacy Policy is subject to change at our discretion, and we reserve the right to modify this Privacy Policy at any time. The current version will always be available on our website at https://cloudassess.com/privacy-policy

We may, in connection with particular services we offer or provide to you, make other privacy disclosures to you or seek your authority to use your personal information in ways which are different from or more specific than those stated in this Privacy Policy. In the event of any inconsistency between the provisions of this Privacy Policy and those other disclosures, the other disclosures will apply. Where applicable privacy laws provide for exceptions or exemptions, we may rely on those exceptions or exemptions in our information handling practices.

This Privacy Policy (other than section 9) explains how we manage personal information about individuals other than employees. Section 9 explains the position of employees.

Collection via our platform

Our website and applications provide a platform for registered training organisations (Trainers) to host course assessments and other training materials for their authorised administrators, assessors and students (Users).

We engage with personal information as primary collector if, for example, you are invited to and access our services as a Trainer or User, if you visit our platform, or if you correspond with us, and as a secondary collector where we provide services, which may involve hosting and disclose personal information of Trainers and Users who access the materials made available on our platform. We may also indirectly collect personal information where it is uploaded to our platform by a Trainer or User as course or assessment content (Third Party Content).

Other ways we collect personal information

Some of the other circumstances when we may collect personal information in connection with our business include:

• when you sign up for a trial of our platform;
• if you are referred to us by a reseller or referral partner;
• when you enter into contracts with us, and when we administer and perform our contracts with service providers and suppliers;
• when you apply for a role with us;
  from correspondence (whether in writing or electronically) or when you contact us via telephone, social media platforms or other means;
• if you attend any of our premises, we may record certain contact details and health information (such as details of your COVID-19 vaccination status) so that we can comply with applicable laws, and we may also record your image and/or voice if we have surveillance systems operating at those premises;
• and as otherwise required to manage our business.

General

The types of personal information we collect about you depends on the circumstances in which the information is collected. Typically, the types of personal information we may collect can include (but is not limited to) your name, address, email address and phone numbers.

Platform users

If you register as a Trainer or User on our platform or otherwise access our platform, we may collect:

identity data including your name, company name and username or similar identifier, and the name of users who access the platform;

• contact data including your contact details such as your billing and delivery address, email address and telephone number;
• financial data including banking, credit card, or other payment information;
• transaction data including details about payments to and from you on the platform;
• technical data including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our platform;
• profile data including your username and password;
• usage data including information about how you use our platform, and services; and the courses and materials you make available on the platform; and
• marketing and communications data including your preferences in receiving marketing from us and our third parties and your communication preferences.

Given the purpose of our platform is to facilitate training, assessment, and issuing qualifications, all of which require being able to identify Users, other than providing general publicly available information (such as through our website), it is unlikely to be practical for us to deal with individuals who wish to remain anonymous or would prefer to identify themselves only by way of pseudonym. As such, the process for becoming a registered User or Trainer will require disclosure of personal information.

Other collection circumstances

If we request or receive goods or services from you or have any other commercial dealings with you, we will collect your name and business contact details and your banking / payment details.

If you are an individual contractor to us or apply for a role with us, we may also collect information relevant to your engagement with us including qualifications, length of engagement, resume, current and former employment details, pay rate and salary, bank details, feedback from supervisors, training records and logs of your usage of our equipment (e.g. phones, computers and vehicles).

If you call us via telephone, we may monitor and in some cases record such telephone conversations for staff training, quality assurance and record-keeping purposes.

If you attend one of our premises and have CCTV devices operating, we may record your image and/or voice through the use of Closed-Circuit Television (CCTV) systems footage of you via our CCTV devices, for the purposes of managing security of the premises and health and safety of occupants and the public generally.

We only collect sensitive information about you with your consent, or otherwise in accordance with the Privacy Act. In this document, “sensitive information“ has the meaning set out in the Privacy Act, and includes certain specific types of personal information such as health information, and information about a person’s racial or ethnic origin, sexual orientation or practices, criminal record, religious beliefs or affiliations, political opinions, membership of a political, professional or trade association, and biometric and genetic information.   If you do provide sensitive information to us for any reason (for example, if you provide us with information about a disability or allergy you have), you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it to us and as permitted by the Privacy Act and other relevant laws.

In addition to the types of personal information identified above, we may collect personal information as otherwise permitted or required by law.

Where you do not wish to provide us with your personal information, we may not be able to provide you with requested services and/or certain functionality of our platform.

General

As a general rule, we only use, disclose and process personal information for purposes that would be considered relevant and reasonable in the circumstances. The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.

We may use or disclose your personal information:

• for the purposes for which we collected it (and related purposes which would be reasonably expected by you);
• for other purposes to which you have consented; and
• as otherwise authorised or required by law.

In general we collect, use and disclose your personal information so that we can do business together and for purposes connected with our business operations.

Some of the specific purposes for which we collect, hold, use and disclose personal information are described below.

To facilitate use of the platform

We may collect, hold, use and disclose personal information for the purposes of:

• providing you with access and use of our platform and its functionality;
• allowing Trainers or Administrators to establish, view and modify courses and assessments on the platform;
• allowing authorised Users to access the course materials and other services on the platform;
• allowing Administrators, Assessors and Trainers to review the progress and responses provided by Users;
• facilitating the proper use of our platform and services to allow Trainers and Users to use the services as intended;
• retaining an archive of activities conducted on the platform, to allow Administrators or Trainers to issue and validate qualifications; and
• contacting and providing notices to Administrators, Trainers and Users in relation to the platform and content hosted on the platform.

Where Third Party Content is uploaded to our platform, we will not directly use any personal information it contains, but it may be disclosed to Trainers or Users in the ordinary course of our platform.

Other purposes

Some of the other specific purposes for which we collect, hold, use and disclose personal information are as follows:

• to receive goods or services from you;
• to consider you for a job (whether as an employee or contractor) or other relationships with us;
• to provide you with invoices for our services;
• to operate, monitor, develop and improve our website, mobile applications and services, and to secure them from unauthorised access;
• to confirm your identity;
• to optimise and customise the user experience (including content and advertising) for users of our websites, mobile applications and services;
• to contact you (directly or through our service providers and marketing research agencies) to obtain your feedback and to find out your level of satisfaction with our services;
• to facilitate our internal business operations, including comply with our legal and regulatory obligations;
• to protect the security, health and safety of our premises, facilities, personnel and visitors;
• to address any issues or complaints that we or you have regarding our relationship; and
• to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner.

We may disclose your personal information to third parties in connection with the purposes described in section 3 of this Privacy Policy.  This may include disclosing your personal information to the following types of third parties:

• if you are a User, to allow Administrators, Assessors and Trainers to review your use of our platform and progress and responses you have provided via the platform;
• our suppliers, contractors and organisations that provide us with technical and support services or who manage some of our business functions;
• our related entities (who may use and disclose the information in the same manner we can);
• our accountants, insurers, lawyers, auditors and other professional advisers;
• any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees);
• in the unlikely event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisors; and
• debt collection agencies.

We may also disclose your personal information in accordance with any consent you give or where disclosure is authorised, compelled or permitted by law.

If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.

If you post information to certain public parts of our website or to our social media pages, you acknowledge that such information may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.

We prioritise the security of your personal information whilst it is in our possession. Electronic files relating to our online products and services are stored securely on protected information systems and are only accessible through our secure network.

In addition, our employees and contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us. However, to the extent permitted by law, we will not be held responsible for events arising from unauthorised access to your personal information.

If we hold information which we no longer need (for any purpose for which the information may be used or disclosed) or are no longer required to keep, we will take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.

To improve your experience on our platform, we may use ‘cookies’: small data files that are served by our platform. These are used by us for a variety of purposes including to increase your security, monitor single user access and to operate and personalise the platform.

You may refuse to accept cookies by selecting the appropriate setting on your internet browser. However, please note that if you do this, you may not be able to use the full functionality of our platform.

We may, or our Trainers and Users may, insert links to third-party websites, applications or resources, for which this Privacy Policy does not apply. We are not responsible for those third party websites, applications or resources. If you access such websites, applications or resources, you do so at your own risk and we make no representations or warranties regarding third parties’ privacy practices. We encourage you to read the privacy statements/policies of every website, application or resource you use.

When we, our Trainers or our Users link to a third party website, application or resource, this does not automatically imply that we endorse that website, application, resource and their contents. This Privacy Policy does not cover the use of cookies by any third parties.

We may reach out to you to solicit feedback for our products and services. You may receive marketing communications from us if you are an Administrator, Trainer or User, or where:

• you have consented to us doing so (this may be where, for example, you requested information from us or purchased services from us and you have not opted out of receiving that marketing); or
• where we are permitted by law to do so.

We will get your opt-in consent before we share your personal information with any third party for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a service purchase, product/service experience or other transactions.

We collect information in relation to employees as part of their application and during the course of their employment, either from them or in some cases from third parties such as recruitment agencies, referees, government bodies (e.g. police checks, if required) and academic and professional bodies (e.g. to validate details and currency of qualifications).  Such information may include contact details, qualifications, resume, current and former employment details, pay rate and salary, bank details, feedback from supervisors, training records and logs of your usage of our equipment (e.g. phones, computers and vehicles).

Under the Privacy Act, personal information about a current or former employee may be held, used or disclosed in any way that is directly connected to the employment relationship.  We handle employee information in accordance with legal requirements and our applicable policies in force from time to time.

You may contact our privacy officer (see below) to request access to the personal information that we hold about you and/or to make corrections to that information, at any time.

We will endeavour to take all reasonable steps to keep information which we hold about you accurate and up to date. If at any time, you discover that information held about you is incorrect, you may contact us to have the information corrected.

Where you request a copy of the personal information that we hold which relates to you, we will respond to your request within a reasonable time, though in some cases we may not be able to provide you with access, such as where it would be prohibited by law. We will also update any inaccurate information about you if you inform us that the information is inaccurate, out of date, incomplete, irrelevant or misleading. There are no charges for requesting access to or the correction of your personal information.

You can contact our privacy officer regarding access to or correction of your information by any of the following methods:

Address: Level 1/21 Harbour Village Parade, Coomera, QLD 4209
Email address: privacy@cloudassess.com
Telephone: +61 7 5634 9574

Subject to the below, we do not generally disclose personal information to recipients based outside Australia and we utilise cloud service providers in Australia to store data relating to the platform.

We engage third party service providers (based primarily in the United States) to enable us to send system messages and to contact end users of the platform, including by email. Depending upon how users of the platform utilise our platform, in limited cases personal information may be disclosed outside Australia in notifications made via the platform (for example, if we send a user a notification when they are travelling outside Australia (e.g. an SMS); if we send notifications to an email address and the recipient’s email service provider’s infrastructure is based outside Australia; or if third party service providers utilise overseas data centres and infrastructure to facilitate and send such notifications).

We conduct due diligence on the service providers we utilise and that may have access to personal information to ensure they implement appropriate security controls and maintain appropriate security certifications, and to ensure they only use and have access to such information to the extent necessary for us to make the platform available and to otherwise perform our obligations.

Whenever we transfer your personal information outside of Australia, we will do so in accordance with the requirements of applicable privacy and data protection laws.

If you wish to make a complaint about a breach of the Privacy Act, the APPs, or a privacy law that applies to us, please contact our privacy officer using the details below.

When contacting us please provide as much detail as possible in relation to your complaint.

We take all complaints seriously, and will respond to your complaint in accordance with any applicable timeframes imposed by law and otherwise within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need.

If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:

Office of the Australian Information Commissioner

GPO Box 5218, Sydney  NSW  2001

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

If you have any queries or concerns about our privacy policy or the way we handle your personal information, please contact our privacy officer at:

Address: Level 1/21 Harbour Village Parade, Coomera, QLD 4209
Email address: info@cloudassess.com
Telephone: +61 7 5634 9574