At Consult Urth (“Service”) we take privacy and the security of your data very seriously, so we’d like to be transparent with you about how we collect, utilize and protect it.
A lot of what you’ll read in this document is designed to address various laws and regulations such as the Privacy Act 1988 (Privacy Act) AU and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended. That said, we’d like to take a moment to share a few overarching guidelines that inform how we treat data and privacy here at Consult Urth now and going forward:
• Data you provide us, or that is collected on your behalf, is owned entirely by you and will be available to you on demand as well as removed on demand.
• We consider ourselves as custodians of data and only collect and share the minimum amount required to provide you with a great service.
We’ve made an effort to make this document as clear and easy to understand as we can, but if you have any questions, please don’t hesitate to contact us.
If you do not agree with this policy, please do not access or use our Service.
Who this policy applies to
• Our Customers who have signed up for our Service
• End-Users of our Customers who interact with our Service
What this policy covers
The goal of this policy is to help you understand:
• What data we collect from you
• What data we collect automatically
• How we use data we collect
• How we share data we collect
• How we store and secure data we collect
• How you can access and manage your data
• Other important privacy information
What data we collect from you
We collect data about you when you provide it to us by using our Service, as described below.
• Account and profile information – We collect information about you when you register for the Service, such as name and email address, as well as other various settings and contact information.
• Content you provide through our Service – When using our Service we collect various information about your company, the Services you provide to your customers and the Services you receive from your suppliers.
• Information you provide through our support channels – If you elect to use our customer support, we will collect any information you choose to share with us.
• Payment information – If you decide to upgrade to one of our premium plans, we will collect payment information such as credit card details.
What data we collect automatically
By using the Service there is some information we get from you automatically.
• Your use of the Service – When you use the Service we track certain information to help us better understand how you’re using the Service, such as what features you use and how frequently.
• Device and connection information – We collect various pieces of information about your network connection, such as IP address, so that we can protect the Service against abuse. We also collect information about your device such as what type it is (laptop, tablet, etc) and what browser you’re running so that we can improve the quality of the Service, as well as resolve any issues you may encounter.
How we use data we collect
How we use your data depends on how you utilise the Service. These are the purposes for which we use your data.
• To provide the Service and customize your experience – We use your information to provide the Service and tailor it to your needs.
• For product development and research – To improve our Service, we will often look at our customer data to better understand what it is you’re using the Service for. For example, if we find that customers are using certain web conference providers, we will use that information to develop integrations with those services.
• For customer support – We use your information to resolve technical issues and to respond to requests for assistance.
• For safety and security – We use information about you to verify your account and to monitor for suspicious or fraudulent behaviour.
How we share data we collect
Our Service inherently requires sharing some of your data with other Service users and some third parties in order to function.
Sharing with other Service users
• For consulting – We must share some of your data with consultant(s) so that they know what they’re consulting about and with whom.
• For administration – For certain kinds of accounts we will share your information with the administrator(s) of the account. For example your name and email are shared with your account administrator.
• For benchmarking – We must share some of your data for industry benchmarking services so that we can provide comparable peer to peer data.
Sharing with third parties
Third parties that we share data with do so under direct instruction from us, and abide by policies designed to protect your information.
• Service providers – We work with a few third-party service providers to enable customer support, hosting/development, payment processing and communications.
• Integration partners – If you choose to take advantage of our various integrations, we will share the minimum amount of data with them to perform the desired task.
• Legal / law enforcement – In exceptional circumstances we may share information about you with a third party if we believe sharing is necessary to comply with applicable laws, regulations or governmental requests.
How we store and secure data we collect
We use extreme care when handling your data and always use industry standards where applicable.
How we store and transmit data
• We store your data in Amazon Web Services data centre located in the Australia. You can read more about their physical security here.
• We always use secure connections (TLS/SSL) to transmit data in between Service users and third parties.
• We encrypt all data stored in our databases at rest.
• Payment data is stored with our billing provider, which is PCI-DSS compliant
• Access to our database is limited to a select group of employees.
• We make an effort to protect your data through a number of security measures, however please remember that no system is 100% secure.
How long we keep data
We keep user data for varying lengths of time, depending on the type of data and how you’ve configured our Service.
• Account data – We retain account data for the lifetime of the account, as it’s mandatory to use the Service. We also retain any data necessary to comply with legal obligations and resolve disputes.
• Content you provide – If your account is deactivated, we retain some of your content so that other Service users that you have collaborated with will be able to continue using the Service in an expected manner.
• Business data – By default we retain business related data for the lifetime of the account. However you can request our Service to delete data after a certain period of time after it is no longer useful to you.
• Payment data – We retain payment data for the lifetime of the account as it’s mandatory in order to use our Service.
Notification of security breach
We will notify you within 72 hours of becoming aware of a security breach or configuration weakness which could have allowed your data to be exposed.
How you can access and manage your data
We strongly believe in giving you access to export or delete your data at will.
You have several rights that can be exercised at any time:
• The right to request a copy of your data in a structured, electronic format
• The right to object to our use of your data
• The right to request deletion of your data (“Right to be forgotten”)
In some cases we may not be able to comply with requests, such as a situation where compliance would result in another user’s personal data being exposed, or where we are prohibited by law.
In situations where you have asked us to share your data with a third party, you may need to contact those parties to have your request fulfilled.
If you have unresolved concerns or feel your rights were infringed, you may have the right to complain to a data protection authority in your country of residence.
How to make a data request
You’ll need to make a data request to our customer support team.
To make a data request, please login to your account and use the customer support tools. Alternatively, you can send us an email from the address you used to create the account.
In some situations we may ask for additional proof of identity so we can ensure the privacy of our other customers.
How to access and update your data
Our Service allows you to access and update your information from within the Service. For example, you can access your profile information from your account, as well as business related data and other content you had previously supplied us.
How to delete your data
If you would like to have account data deleted, please make a data request. Please note that we may need to retain certain data within your profile for record keeping purposes or to comply with our legal obligations.
Opt out of communications
You may opt out of receiving promotional communications from us by using the unsubscribe link at the bottom of each email. Even after you opt out of promotional emails, you will continue to receive transactional emails from us.
Data portability is the ability to obtain some of your data in a format you can move from one Service to another. Should you request it, we will provide you with an electronic file of your account data.
Other important privacy information
Our policy towards children
Our Service is not designed for individuals under 16 years of age, and we do not knowingly collect personal information from them.
Changes to this policy
We may change this policy from time to time. Any changes will be posted to this page, and if they are significant, we will notify you via email and within the Service. We will also keep previous versions of this policy which are available upon request. You are advised to review this policy periodically for any changes.
If you disagree with any changes to this policy, you will need to stop using the Service.
If you have any questions, concerns, or data requests, please reach out by logging in to our Service and using the customer support tool there, or by emailing us at firstname.lastname@example.org.
Updated: 01 January 2021