Data Collection SEE Forge undertakes to collect data by means that are: • fair; • legal; and • transparent.
Data that a client of yours provide, e.g. in a web-form, may be logged. This data may or may not be sufficient to identify them. Any additional data that your client’s web-browser automatically provides may also be logged. If your client discloses personal data to SEE Forge in conjunction with an identifier such as their name or other personal details, SEE Forge will collect data. Moreover, any data that becomes available to SEE Forge through any of the means described in the preceding paragraphs may be able to be associated with that identifier, and hence become data.
Where SEE Forge collects data from sources other than the client, it undertakes: • to do so only by legal means; • to do so only with yours and their Consent; and • to declare to the client what sources it uses, and under what circumstances.
SEE Forge undertakes to declare the purpose of collection in a manner which is clear and meaningful, and to avoid vague, highly inclusive statements such as ‘to support our operations’.
Credit card details SEE Forge does not store any credit card details on any of its data centres. All payment processing are handled direct and secure via eWAY. www.eway.com.au/
Security Statement, Data Encryption and SSL Support SEE Forge has implemented the following security measures to protect the loss, misuse and alteration of the information under our control. They are continuously reviewed and listed in the Appendices “IT Policies – Secure Coding standards”, which can be requested at any time. We use 128 bit SSL (Secure Sockets Layer) encryption, the highest level of encryption currently available, for the transmission of encrypted data over the Internet, with an international security certificate supplied on a per implementation basis. This is a widely-used web technology that encrypts and decrypts a message for online transmission. We also support SSL accelerators. When you access the site using industry standard Secure Socket Layer (SSL) technology, your information is protected using both server authentication and data encryption, ensuring that your data is safe, secure and available only to registered users of the system.
Data Security SEE Forge undertakes to store data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity – see also SEE Forge’s “Information Security policy”. SEE Forge undertakes to store data only in Australia as required under the Office of the Australian Information Commissioner (OAIC) Privacy Act. SEE Forge undertakes to transmit data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity. SEE Forge undertakes to implement appropriate measures to ensure security of data against inappropriate behaviour by SEE Forge’s staff-members and contractors. These include: • training for staff in relation to privacy; • access control, to limit access to data to those staff and contractors who have legitimate reasons to access it; • particularly in the case of sensitive data, audit trails of accesses, including the identities of staff and contractors accessing the data; • reminders to staff and contractors from time to time about the importance of data privacy, and the consequences of inappropriate behaviour; • declaration of appropriately strong sanctions that are to be applied in the event of inappropriate behaviour • clear communication of policies and sanctions; and • processes to audit, to investigate and to impose sanctions.
Data Use Use refers to the application of data by any part of SEE Forge, or any staff-member or contractor of SEE Forge in the course of their work. SEE Forge undertakes to use data only for:
• the purposes for which it was collected; • such other purposes as are subsequently agreed between SEE Forge and You; • such additional purposes as may be required by law. In these circumstances, SEE Forge will take any reasonable steps available to it to communicate to You that the use has occurred, unless it is precluded from doing so by law; and • such additional purposes as are authorised by law (in particular to protect SEE Forge’s interests, e.g. if it believes on reasonable grounds that You have failed to fulfill your undertakings to SEE Forge or have committed a breach of the criminal law).
SEE Forge undertakes to use data only if it has demonstrable relevance to the particular use to which it is being put. SEE Forge undertakes to use data in such a manner as to take into account the possibility that it is not of sufficient quality for the purpose, e.g. because it is inaccurate, out-of-date, incomplete, or out-of-context.
Data Disclosure Disclosure refers to making data available to any party other than SEE Forge and You. The term disclosure may include many different conditions of data transfer, including selling, renting, trading, sharing and giving. SEE Forge undertakes to disclose data only under the following circumstances: • in the course of business being conducted between You and SEE Forge, where disclosure is necessary to a contractor, such as an insurance company. Where data is disclosed in this way, SEE Forge undertakes to exercise control over SEE Forge’s contractors to ensure that their actions are compliant with these Terms; • in other circumstances that are directly implied by the purpose agreed between You and SEE Forge at the time of data collection or subsequently. Where data is disclosed in this way, SEE Forge undertakes to exercise control over SEE Forge’s contractors to ensure that their actions are compliant with these Terms; • with your consent, or at your request; • where required by law, such as a provision of a statute, or a court order such as a search warrant or summons. In these circumstances, SEE Forge will take any reasonable steps available to it to communicate to You that the disclosure has occurred, unless it is precluded from doing so by law; • where permitted by law (e.g. the reporting of suspected breach of the criminal law to a law enforcement agency.
In all cases, SEE Forge undertakes to disclose only such of data as is necessary in the particular circumstances.
Data Retention and Destruction\ Subject to the qualifications immediately below, SEE Forge undertakes: • to retain data only as long as is consistent with its purpose; and • to destroy data when its purpose has expired, and to do so in such a manner that data is not subsequently capable of being recovered.
This undertaking is qualified as follows: • data may be retained in SEE Forge’s logs, backups and audit trails within short-term retention cycles that are devised to protect the company’s operations. In such cases, data will be destroyed in accordance with those cycles; • data may be retained beyond the expiry of its purpose if that is required by law, such as a provision of a statute, or a court order such as a search warrant or summons, or a warning by a law enforcement agency that delivery of a court order is imminent. In these circumstances, SEE Forge: o will take any reasonable steps available to it to communicate to You that data is being retained, unless it is precluded from doing so by law; and o will only retain data while that provision is current, and will then destroy data; • data may be retained beyond the expiry of its purpose if it is authorised by law (in particular to protect SEE Forge’s interests, e.g. if it believes on reasonable grounds that You have failed to fulfill your undertakings to SEE Forge or have committed a breach of the criminal law). In these circumstances, SEE Forge will only retain data while that situation is current, and will then destroy data.
Regards, Team SEE Forge