This is the default policy provided to clients of the software.

Purpose

The purpose of this policy is to outline how the company will meet legal and regulatory requirements to ensure Privacy of Personal Information as required by the Privacy Act 2018 and equivalent acts in other jurisdictions we operate in, including:

• New Zealand – Privacy Act 2020
• European Union – General Data Protection Regulation 2016/679 (GDPR)
• Canada – Personal Information Protection and Electronic Documents Act (PIPEDA)
• South Africa – Protection of Personal Information Act 2013
• United Kingdom and Ireland – Data Protection Act 1998.

Scope

Engagement Hub software is designed to enable licensees/ clients to meet their obligations under the Privacy Act 1988, and the Australian Privacy Principles outlined in schedule 1. You will need to check the Privacy Policy of the licensee/ client to confirm what personal information they collect and how they manage this.

Engagement Hub has no access to information collected by our licensees/ clients, which is controlled and managed by the Licensee/ Client Administrator/s. In rare circumstances, Engagement Hub may be asked to troubleshoot, train, or undertake consultancy services that may provide us temporary access to the personal information collected by licensees/ clients. In these instances, we abide by the Licensee/ Client’s privacy statement as a third-party service provider.

Principle

Personal information is classified and treated as classification level Confidential, and all associated policies, controls and processes apply.

Privacy Protection Policy Statement

This policy confirms our commitment to protect the privacy of the personal information of our customers, clients, employees, and other interested parties in line with relevant legislation laid out in the Legal and Contractual Compliance Register, in particular the Privacy Act 1988 and the Australian Privacy Principles.

We have engaged in a programme of Information Security Management which is aligned to the international standard ISO27001 to ensure our Information Security Management System protects personal information using best practice policies and processes.

Definitions

Personal information

Is defined in the Privacy Act as “Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and
• whether the information or opinion is recorded in a material form or not.”

Sensitive Information

‘Sensitive information’ is a subset of personal information and is defined as:

• information or an opinion (that is also personal information) about an individual’s:
• racial or ethnic origin
• political opinions
• membership of a political association
• religious beliefs or affiliations
• philosophical beliefs
• membership of a professional or trade association
• membership of a trade union
• sexual orientation or practices, or
• criminal record
• health information about an individual
• genetic information (that is not otherwise health information)
• biometric information that is to be used for the purpose of automated biometric verification or biometric identification.

Consent

The four key elements of consent, as defined by the Office of the Australian Information commissioner, are:

1. the individual is adequately informed before giving consent
2. the individual gives consent voluntarily
3. the consent is current and specific, and
4. the individual has the capacity to understand and communicate their consent.

What Personal Information is Collected?

End-Users of our Services (Clients' Stakeholders):

Engagement Hub software is designed specifically to enable a Licensee/ Client to engage stakeholders/ communities to inform/ collect feedback on matters specific to their organisation. The software comprises a website builder with built in data collection tools, a stakeholder relationship management database and an electronic direct mail tool, which together allow the Licensee/ Client to consult and gather feedback from their stakeholders.

Visitors to Licensee/ Client engagement sites can use this software without any personal information being collected. Collection of personal information only occurs when visitors elect to participate in a consultation by providing feedback/ submissions, requesting notification on updates and areas of interest. The type and amount of personal information collected will vary between Licensees/ Clients. For an end-user to register an account, the following information is required:

• First name
• Verified email address
• Screenname/pseudonym
• Password

Clients may elect to obtain additional relevant information on their end-users for the purposes of communications and analytics. This is at the discretion of the client and may include information such as:

• Surname
• Profile picture
• Phone number
• Physical address, postcode, or other locational attributes
• Demographic information such as age, gender, etc.
• Information about your preferences
• Your IP addresses
• Your recorded thoughts, ideas, opinions, etc. as expressed by you. This may include sensitive information if you are asked to provide opinions in areas considered sensitive .

Collection of personal information only occurs if you elect to participate by providing feedback. It may be collected in a range of ways including through a registration process or through various activities and interactions on the site such as using a Submissions/ Contact Us form, completing an Online Survey or Quick Poll.

• If you choose to participate in an online discussion, you will be asked to register, where, at a minimum you will be asked for a verified email address, your first name, screen name and password.
• Registration is also the mechanism for you to optionally provide to receive Electronic Direct Mail.
• Registration also enables you to follow a project and/or register interest in particular topic areas resulting in automated email communication based on these interests.
• Once registered, you have access to your own dashboard where you can:
  • Edit your contact details
  • Amend your preferencesAccess online feedback submitted by you
  • Unsubscribe from Electronic Direct Mail
  • Delete your account
• When completing an online submission/ contact us form your first name and email address are required.

The Licensee/ Client has the option to select from different data collection instruments, which provide different levels on anonymity ranging from anonymity in public to anonymity to the Administrators of the site.

• You will need to check the Privacy Policy of the Licensee/ Client to confirm what personal information is being collected and how they get your consent.
• Engagement Hub itself does not have access to this information, which is under the control of the Licensee/ Client, unless we are invited to temporarily access this information to provide advice, troubleshooting, training or other additional services.

How your Personal Information is used:

End-Users of our Services (Clients' Stakeholders):

You will need to check the Privacy Policy of the Licensee/ Client to confirm how they use the personal information collected.

Automated features within Engagement Hub software that may use your personal information include:

• Automated email notifications confirming actions completed (ie Registration, Submissions received, Comments published etc).
• Electronic Direct Mail/ Newsletters sent, if permission has been given to receive this. You may access and change your preferences by logging into your profile to change your settings at any time.
• Email notification of updates requested. You may access and change your preferences by logging into your profile to change your settings at any time.

Engagement Hub will only ever have access to the personal data collected by Licensee/ Client’s if responding to a service request from the Licensee/ Client to:

• Respond to an enquiry about how to best use the software
• Assist in analysing the usage and data collected.

Cookie collection and use

As is common practice with almost all professional websites, this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This section describes what information they gather, howe we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookie from being stored however this may downgrade or break certain elements of the site’s functionality.

How we use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to the site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that you do not disable cookies.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details with third party cookies you might encounter through this site.

The site uses Google Analytics which is one of the most widespread and trusted analytics solution on the webs for helping us to understand how you use the stie and ways that we can improve your experience. These cookies may tract things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

We also use social media buttons and or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites, including: X (previously Twitter), Facebook, will set bookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

How do we protect your Information?

Engagement Hub takes the privacy of your information very seriously and we use industry standard practices to keep your personal Information safe and secure. Our policies and procedures follow the Privacy Principles set out in Annex A of the Australian Privacy Act 1988.

Personal Information Classification and Handling

Personal data classification and handling is in line with the Information Classification and Handling Policy.

Personal Information Retention

Client, employee and supplier personal data is retained and destroyed in line with the Information Classification and Handling Policy, Asset Management Policy, and the Data Retention Schedule.

Client end-user data is managed by the client administrators.

How does an end-user access, change or delete their personal information?

Registered end-users can access and amend their personal information by logging into their dashboard.

If an end-user deletes their account, their feedback is retained but no longer identifiable.

If an end-user requires assistance to have their data and/or feedback permanently deleted, in the first instance they should contact the client directly to delete.

Alternatively, assistance can be provided by the Engagement Hub team at [email protected].

Personal Information Transfer / Transmit

Client, employee and supplier personal data is transferred in line with the Information Transfer Policy and employees ensure the appropriate level of security in line with the policy and company processes.

Data, including personal information, on client Engagement Hub sites is encrypted in transit, at rest, and on all backups using:

• AES256
• SHA-2 (256)

Access to Engagement Hub software is only available through secure HTTPS. Data in transit is encrypted over HTTPS protocols. For secure communication protocol we utilise TLS with the most recent patch level (TLS1.3 at the transport layer).

All data storage is redundant with redundant databases residing in a private subnet.

Will my personal information be transferred overseas?

Engagement Hub does not transfer any personal information overseas.

Personal Information Storage

Personal Information storage is in line with the Information Classification and Handling Policy, Physical and Environmental Security Policy, Cloud Security Policy, Cryptographic Control and Encryption Policy, Backup Policy, and the Data Retention Schedule.

Engagement Hub software is hosted in a secure data centred located in Sydney, Australia. Physical, technical and administrative systems and processes are in place to safeguard your data and personal information.

Engagement Hub software’s systems (including but not limited to computing, operating and network infrastructure) are monitored twenty-four (24) hours per day, every day of the year to detect any issues, which shall include but not be limited to environmental monitoring, network monitoring, load balancing monitoring, web server and database monitoring, firewall services and intrusion detection.

Breach

In the event of a breach of the principles of the Privacy Act 2018 employees inform their line manager, and /or a member of the Management Review Team and/or Senior Management and invoke the Incident Management Process.

Breaches are assessed and where appropriate and required the Data Subjects and / or the Information Commissioners Office are informed without undue delay.

Unsolicited Communication - SPAM Act

My Business App Pty Ltd does not have access to clients’ end-user personal information, which is collected by Licensee/ Clients on their Engagement Hub site/s. Clients’ can only send bulk electronic communication to their end-user/s if the user has consented to receive electronic direct mail via the registration process. End- users can access and change their preferences at any time.

Terms of Use

Please also visit the Terms of Use which establish the use, disclaimers and limitations of liability governing use of this website.

We reserve the right to modify this policy from time to time, at our sole discretion. If we make a material change to the Privacy Policy we will notify you and the modified policy shall be effective once we notify you of the change. if we do not make any material amendments then we will post the modified policy on our website and it will be effective once posted. We recommend that you regularly check our website to make sure you are aware of our most up to date policy.

Further Assistance

If you have concerns or questions about our privacy, please contact My Business App Pty Ltd at [email protected] or send a letter to My Business App Pty Ltd at 45 Evans Street, Balmain, NSW, 2041 Australia.