Privacy Policy

Introduction

This policy has been written with reference to the Australian Privacy Principles (“APPs”), which was introduced to replace all existing principles as well as introduce some significant changes. The “APP 1”, as part of these principles, now list matters that must be specifically addressed in a company’s privacy policy. The objective of the “APP 1” is to ensure that entities manage personal information in an open and transparent way.

Definition: Personal Information (“PI”) is defined under the new amendments to the Privacy Act as “personal information or an opinion about an identified individual, or an individual who is reasonably identifiable (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not”.

Purpose

This privacy policy sets out how Satori uses, discloses and protects any personal information that client provides or that Satori collect from client or employees. Satori is committed to ensure that personal information is protected. If client do not wish to provide personal information to Satori then they do not have to do so; however, it may affect the use of Satori’s Solutions.

Collection of personal information

Satori stores personal information such as:

  • name;
  • contact information, including email address, telephone, mobile;
  • demographic information such as address, postcode; and
  • next of kin details, including name, telephone, mobile, email.

Use of personal information

Client: Satori collects a range of transactional and master data sets from clients. This includes employee master file that contains personal information. Satori analyses these data sets to identify anomalies and control breakdowns. This helps client to ensure that there is data integrity within their system and protects the business from unnecessary risks, costly mistakes and fraud. Clients provide such information as a data extract (file) when Satori is hosting the environment. These extracts get transferred to Satori’s hosted environment via a secured file transfer protocol (sFTP).  For Satori non-hosted environment, clients give Satori  direct access to the ERP system’s database or also provide data extracts.

Once the information is analysed, the source files (data extracts) and analysed information (results) is stored on a client dedicated server (hosted or non-hosted). Clients can only access the result sets that contains personal information using a browser that uses a secured Hypertext Transfer Protocol (Https).

Employee: Satori collects employee personal information to disburse salary and reimbursements and to fulfil the requirements of applicable legislation and regulations around taxation, superannuation, health and safety, work rights, etc.

Storage and Security

Satori is committed to ensure that the information client and employee provide are secured. Suitable physical, electronic and managerial procedures to safeguard and secure the information have been put in place. This protects data from misuse, interference, loss and unauthorised access, modification and disclosure. Some of these security measures include, firewall ACL/rules, server monitoring, data encryption and password protection.

Disclosure of Personal Information

Satori signs a non-disclosure agreement with clients. To uphold this agreement, Satori does not share any data with third parties, both within Australia or overseas, unless otherwise directed by the client. Further, if there is a valid court order, Satori will be obligated to disclose personal information. Client will be notified about the disclosure of data including personal information unless otherwise instructed or directed by the court.

Complaints

If Satori have breached the Australian and New Zealand Privacy laws, a complaint about the breach should be sent to SatoriAlerts@satoriassured.com with the details of the breach. Satori will promptly investigate the complaint and respond in writing, setting out the outcome of the investigation, what steps would be taken to remedy the breach and any other action that will be taken to deal with the complaint.