Privacy Policy

On 12 March 2014 the Australian Privacy Principles (the Principles) entered into force. The Principles are found in Schedule 1 of the Privacy Act 1988 (Cth) (the Act). The Principles establish requirements for the way organisations collect, store and use an individual’s personal information. SECTARAis subject to the Principles and, to the extent applicable, the EU General Data Protection Regulation (GDPR) and is committed to safeguarding the privacy of its customers and website visitors.

This privacy policy (the Policy) outlines the way in which SECTARAcollects and manages personal information and other matters which must be disclosed to individuals under the Principles. References in the Policy to SECTARAmean the company trading as ‘SECTARA Pty Ltd’ (ABN 32 619 000 289).

“Personal information” is information which SECTARAholds which is identifiable as being about you.  This includes information such as your name, email address, identification number or any other time of information that can reasonably identify an individual, either directly or indirectly.

The Policy applies to personal information that individuals provide to SECTARA or which SECTARAotherwise obtains, whether that information is provided under any agreement, at SECTARA’s offices, through its website, or through email, telephone or other communication with SECTARA’s employees or agents.

1. Collection of Information

Collection of Personal Information

SECTARAwill, from time to time, receive and store personal information you enter onto SECTARA’s website, provided to SECTARAdirectly or given to SECTARAin other forms.

SECTARAmay collect the following kinds of personal information from clients, a client’s representative(s) or otherwise from users of SECTARA’s website:

  • full name;
  • employer and role; and
  • contact details, including a postal and a work address, email address and telephone number(s).

SECTARAmay also collect additional information at other times, including but not limited to, when you provide feedback including via the SECTARA“Knowledge Base”, when you provide information about your personal or business affairs, change your content or email preferences, respond to surveys and/or promotions, provide financial or credit card information, or communicate with SECTARA’s customer support.

Additionally, SECTARAmay also collect any other information you provide while interacting with SECTARA.

By providing SECTARAwith personal information, you consent to the supply of that information subject to the terms of this Policy.

SECTARAwill only collect personal information by lawful and fair means and where that information is reasonably necessary for one or more of the SECTARA’s functions or activities, as identified in SECTARA’s Purposes at clause 3 of the Policy.

SECTARAcollects personal information from clients and users with their consent in a variety of ways, including when they interact with SECTARAelectronically or in person, when they access the SECTARAwebsite and when SECTARAprovides services.  SECTARAmay also receive personal information from third parties.  SECTARAwill only collect personal information from a third party where it is unreasonable or impractical to collect the information directly from the client or user. Such third parties include organisations that maintain publicly accessible or fee-for-access records.  Where SECTARAreceives personal information from third parties, SECTARAwill protect it as set out in this Policy.

Collection of Sensitive Information

Sensitive information is defined in the Act as information about an individual’s ethnic origin, beliefs (whether political, religious or philosophical), sexual orientation, criminal history, health, genetics and membership of political or trade associations. SECTARAis not in the business of collecting such information and will not collect or request any such information.

2. Storage of, and Access to, Personal Information

Storage and Security of Personal Information
SECTARAstrives to provide an environment which ensures that personal information is stored in a secure and confidential manner.

SECTARAemploys a two-fold system for the storage of personal information. Personal information is securely stored in cloud-based business systems (discussed further below), and if held as hard copy documents, in secure, physical file(s) at SECTARA’s offices. SECTARAhas suitable physical, electronic and managerial procedures and systems in place for the security of both its computer network and business premises.

SECTARAwill take such steps as are reasonable in the circumstances to protect the personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

SECTARA’s cloud computing systems are hosted by Amazon Web Services in Australia. We deem the following client information to be “Sensitive Data” (not to be confused with “sensitive information” under the Act, discussed above):

  • Passwords;
  • Scope, Context and Criteria;
  • Control Comments;
  • Risk Control Effectiveness ratings;
  • Risk Descriptions; and
  • Recommended Treatments.

Sensitive Data “at rest” is encrypted using Amazon Web Services’ cloud front, and when “in transit” is encrypted using transport layer security (TLS).

Where SECTARAemploys data processors to process personal information on SECTARA’s behalf, SECTARAonly does so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.

Notwithstanding the above, the transmission and exchange of information is carried out at your own risk.  SECTARAcannot guarantee the security of any information that you transmit to SECTARAor receive from SECTARA.  Although we take all reasonable measures to safeguard against unauthorised disclosures of information, SECTARAcannot assure you that personal information that SECTARAcollects will not be disclosed in a manner that is inconsistent with this Policy.

In circumstances where SECTARAis no longer actively working with a client and no longer needs the information for any of its Purposes, those files are securely stored for a period of seven (7) years.  Only authorised SECTARAemployees and third parties specifically authorised by SECTARAare permitted to access these storage facilities.

Destruction of Personal Information

SECTARAensures that personal information that has not been used or disclosed for a period of seven (7) years is depersonalised and securely destroyed.

Access to, and Correction of, Personal Information

An individual is entitled to request access to the personal information that SECTARAholds about them by making a request to SECTARA’s Privacy Officer, using the contact details specified at clause 6.

SECTARAwill respond to the request and provide access to the information within a reasonable time. There will be no charges associated with the making of such a request or the subsequent provision of information.

SECTARAreserves the right to refuse to provide personal information that SECTARAholds, in certain circumstances set out in the Act.

Where an individual requests SECTARAto correct the personal information that SECTARA holds about that individual, SECTARAwill take such steps (if any) as are reasonable in the circumstances to correct the information. SECTARAis entitled to refuse to correct the personal information in certain circumstances set out in the Act, provided SECTARAgives the individual a written notice containing the reasons for the refusal.

Where SECTARAis satisfied that the personal information it holds about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, SECTARAwill take such steps (if any) as are reasonable in the circumstances to correct the personal information.

3. The Purposes for which Personal Information is Collected

SECTARAcollects personal information only to the extent that such information is reasonably necessary for, or directly related to, one or more of the SECTARA’s Purposes.

SECTARA’s “Purposes”  include (but are not limited to) the following functions and activities:

  • the supply of services, including the supply of software on a subscription basis to clients and the provision of SECTARA’s “Knowledge Base” service;
  • the provision of information and updates to clients and users (including with respect to existing and new products, services and opportunities);
  • making existing clients, potential clients and users aware of new and additional products, services and opportunities;
  • to consider making offers of employment or to maintain details of SECTARA’s existing employees;
  • the receipt of services by an organisation or its employees;
  • the provision of information on security risk matters, whether through periodic SECTARA’s marketing correspondence, seminars or other marketing events;
  • to improve SECTARA’s products and services and better understand the needs of clients and users;
  • administering SECTARA’s business activities;
  • managing, researching and developing SECTARA’s products and services; and
  • investigating any complaints.

SECTARAmay contact clients and users by a variety of measures including, but not limited to telephone, email, sms or mail.

4. Disclosure of Personal Information

Disclosure of Information within Australia

SECTARAmay disclose your personal information to any of SECTARA’s employees, officers, insurers, professional advisors, agents, suppliers or subcontractors insofar as reasonably necessary for the Purposes set out in this Policy.

For SECTARAto carry out any one or more of the Purposes, it may be necessary for SECTARAto disclose personal information to third parties who play a part in facilitation of services to a client and/or their representative(s).

SECTARAmay, from time to time, need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.

SECTARAmay also use your personal information to protect the copyright, trademarks, legal property, property or safety of SECTARA, its clients or third parties.

If there is a change of control in SECTARAor a sale or transfer of business assets, SECTARAreserves the right to transfer to the extent permissible at law its user databases and client databases, together with any personal information and non-personal information contained in those databases.  This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality.

SECTARAwill only use or disclose personal information for the Purpose or Purposes for which it was collected. SECTARAwill not use or disclose personal information for any other purpose (a secondary purpose) unless:

  • the relevant individual consents to that use or disclosure of the information;
  • the individual would reasonably expect SECTARAto use or disclose the information for the secondary purpose and the secondary purpose is related to one or more of the Purposes; or
  • the use or disclosure of the information is required or authorised by or under an Australian Law.

SECTARAwill only disclose information in good faith and where required by any of the above circumstances.

By providing SECTARAwith personal information, you consent to the terms of this Policy and the types of disclosure covered by this Policy.  Where SECTARAdiscloses your personal information to third parties, SECTARAwill request that the third party follow this Policy regarding the handling of personal information.

Disclosure of Information outside Australia

Information that SECTARAcollects may from time to time be stored, processed in or transferred between parties located in countries outside of Australia.

SECTARAmay disclose personal information to a person or entity that is not in Australia (the Overseas Recipient).  SECTARAwill only disclose personal information to an Overseas Recipient where:

  • SECTARAreasonably believes that the Overseas Recipient is subject to a law that affords protection of personal information that is substantially similar to the protection afforded under the Act and that SECTARAcan enforce such protection under the overseas law; or
  • SECTARAtakes reasonable steps to ensure that the Overseas Recipient acts in accordance with the Principles in relation to the storage, use and disclosure of the personal information.

You acknowledge that personal information that you submit for publication through the SECTARAwebsite or services may be available via the internet around the world.  SECTARAcannot prevent the use (or misuse) of such personal information by others.

5. Direct Marketing

Direct marketing occurs where entities use the personal information that they collect to market related or other goods and services to the individual who provided the information. A common example is where an organisation emails an individual a monthly newsletter.

SECTARAmay use or disclose personal information for direct marketing only where SECTARAcollected the personal information from the individual, the individual would reasonably expect the SECTARAto use or disclose the information for that purpose and the individual has not made a “opt out” request pursuant to the below paragraph.

Requests not to receive Direct Marketing

An individual is entitled to request not to receive direct marketing communications from SECTARAby contacting SECTARA’s Privacy Officer, using the contact details specified at clause 6.

SECTARAwill give immediate effect to any such request. Options to unsubscribe (“opt out”) from such communications will also be available in the footer of each element of such correspondence.

Please note that subscribers will not be permitted to unsubscribe or opt-out of SECTARAService Announcements.

6. Contact Details

Should you have any queries about the Policy, or the Principles, or wish to lodge a complaint about a potential breach of the Principles by SECTARA, please contact SECTARA’s Privacy Officer using the contact details listed below.

Privacy Officer
Level 26, 1 Bligh St

Phone:        +61 (0)2 9048 9181
Email:         [email protected]

SECTARAwill endeavour to respond to an individual communication within thirty (30) days. Should SECTARAfail to respond within a thirty-day period, an individual may contact the Office of the Australian Information Commissioner, which can investigate queries or complaints in relation to a potential breach of the Principles.

Please be aware that the Policy may be updated from time to time by SECTARA.  SECTARAmay modify this Policy at any time, in SECTARA’s sole discretion and all modifications will be effective immediately upon SECTARA’s posting of the modifications on the SECTARAwebsite or notice board.  Please check back from time to time to review this Policy.

7. Website

When you visit the SECTARAwebsite ( SECTARAmay collect certain information such as browser type, operating system, website visited immediately before coming to the SECTARAsite, etc.  This information is used in an aggregated manner to analyse how people use SECTARA’s site, such that SECTARAcan improve its service.

SECTARAmay from time to time use cookies on the SECTARAwebsite.  Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site.  Cookies are not malicious programs that access or damage your computer.  Most web browsers automatically accept cookies, but you can choose to reject cookies by changing your browser settings.  However, this may prevent you from taking full advantage of the SECTARAwebsite.  The SECTARAwebsite may, from time to time, use cookies to analyse website traffic and help SECTARAprovide a better website visitor experience.  In addition, cookies may be used to serve relevant ads to website visitors through third party services.  These ads may appear on this website or other websites you visit.

SECTARA’s website may, from time to time, have links to other websites not owned or controlled by SECTARA. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that SECTARAis not responsible for the privacy practices of other such websites. SECTARAencourages its users to be aware, when they leave the SECTARAwebsite, to read the privacy statements of each and every website that collects personal identifiable information.

8. GDPR for the European Union (EU)

SECTARAwill comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.  SECTARAprocesses your personal information as a processor and/or to the extent that we are a controller as defined in the GDPR.

SECTARAmust establish a lawful basis for processing your personal information. The legal basis for which SECTARAcollects your personal information depends on the data that SECTARAcollects and how SECTARAuses it.  SECTARAwill only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. SECTARA® will keep your data safe and secure.

SECTARAwill also process your personal information if it is necessary for SECTARA’s legitimate interests, or to fulfil a contractual or legal obligation.  SECTARAprocesses your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

SECTARAdoes not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

You must not provide SECTARAwith your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. SECTARAdoes not knowingly collect or process the personal information of children.

If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. SECTARAcomplies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.  To this end, except as otherwise provided in the GDPR, you have the following rights:

  • to be informed how your personal information is being used;
  • access your personal information (SECTARAwill provide you with a free copy of it);
  • to correct your personal information if it is inaccurate or incomplete;
  • to delete your personal information (also known as “the right to be forgotten”);
  • to restrict processing of your personal information;
  • to retain and reuse your personal information for your own purposes;
  • to object to your personal information being used; and
  • to object against automated decision making and profiling.

Please contact SECTARAat any time (via the contact details in clause 6 above) to exercise your rights under the GDPR. Please note that SECTARAmay ask you to verify your identity before acting on any of your requests.