Introduction
This policy has been written with reference to Global Privacy Principles (“GPPs”), which was introduced to replace all existing principles as well as introduce some significant changes. The “GPP 1”, as part of these principles, now list matters that must be specifically addressed in a company’s privacy policy. The objective of the “GPP 1” is to ensure that entities manage personal information in an open and transparent way.
Definition: Personal Information (“PI”) is defined under the new amendments to the Privacy Act as “personal information or an opinion about an identified individual, or an individual who is reasonably identifiable (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not”.
Purpose
This privacy policy sets out how Satori uses, discloses and protects any personal information that customers provide or that Satori collects from customers or employees. Satori is committed to ensuring that personal information is protected. If customers do not wish to provide personal information to Satori then they do not have to do so; however, it may affect the use of Satori’s Solutions.
Collection of personal information
Satori does not by default store any personal information(“PI”) as part of its solution provided to customers unless this is part of the solution. Satori may store “PI” which relates to its employees which may include:
· name;
· contact information, including email address, telephone, mobile;
· demographic information such as address, postcode; and
· next of kin details, including name, telephone, mobile, email.
Use of personal information
Customers: Satori collects a range of transactional and master data sets from customers. These may include employee-related data files that may contain personal information. The data is only used for data analyses as part of the solution. Satori analyses these data sets to identify anomalies and control breakdowns. This helps customers to ensure that there is no data integrity issues within their system and protects the business from unnecessary risks, costly mistakes, and fraud. Customers provide such information as a data extract (file) when Satori is hosting the environment. These extracts are securely transferred to Satori’s hosted environment (eg: via a secured file transfer protocol (sFTP)) where they are encrypted. For Satori non-hosted environment, customers may provide Satori direct access to the ERP system’s database to extract the required data or simply provide data extracts.
Once the information is analysed, the source files (data extracts) and analysed information (results) are stored in the customer’s database. Customers can only access the result sets that contains personal information using a browser that uses a secured Hypertext Transfer Protocol (Https).
Employee: Satori collects employee personal information to disburse salary and reimbursements and to fulfill the requirements of applicable legislation and regulations around taxation, superannuation, health and safety, work rights, etc.
Storage and Security
Satori is committed to ensure that the information customers and employee provide are secured. Suitable physical, electronic and managerial procedures to safeguard and secure the information have been put in place. This protects data from misuse, interference, loss and unauthorised access, modification and disclosure. Some of these security measures include, firewall ACL/rules, server monitoring, data encryption and password protection.
Disclosure of Personal Information
Satori signs a non-disclosure agreement with its customers. To uphold this agreement, Satori does not share any data with third parties, both within Australia or overseas, unless otherwise directed by the customers. Further, if there is a valid court order, Satori may be obligated to disclose personal information but not customer data. Customers will be notified about the disclosure of data including personal information unless otherwise instructed or directed by the court.
Complaints
If Satori is suspected to have breached any Privacy laws, a complaint about the breach should be sent to [email protected] with the details of the suspected breach. Satori will promptly investigate the complaint and respond in writing, setting out the outcome of the investigation, what steps would be taken to remedy the suspected breach and any other action that will be taken to deal with the complaint.