– effective as of Jan 2021
Alex Solutions Pty Ltd (the “Company”) is committed to protecting the privacy of individuals who visit the Company’s Websites (“Visitors”), individuals who register to use the Services as defined below (“Customers”), and individuals who register to attend the Company’s corporate events (“Attendees”). This Privacy Statement describes the Company’s privacy practices in relation to the use of the Company’s Websites and the related applications and services offered by the Company (collectively, the “Services”).
The Company will comply with the Australian Privacy Principles (APP) set forth by the Office of the Australian Information Commissioner and the General Data Protection Regulation (GDPR) set forth by the European Parliament and Governing Council.
For more information on the Australian privacy principles, please visit the Office of the Australian Information Commissioner website here.
For more information on the General Data Protection Regulation (GDPR) principles, please visit the European Commission website here.
This Privacy Statement covers the information practices of websites that link to this Privacy Statement, including alexsolutions.com.au and websites deployed to deliver Services to our Customers (“Alex Instances”); collectively referred to as the Company’s Websites” or “the Company’s Websites”.
The Company’s Websites may contain links to other websites. The information practices or the content of such other websites is governed by the privacy statements of those other websites. The Company encourages the review of the privacy statements of other websites to understand their information practices.
Information collected
When expressing an interest in obtaining additional information about the Services, or registering to use the Company’s Websites or other Services, or registering for an event, the Company may require Visitors, Customers, and Attendees to provide the Company with personal contact information, such as name, company name, address, phone number, and email address (“Required Contact Information”). When purchasing the Services or registering for an event, the Company may also require Customers to provide the Company with financial qualification and billing information, such as billing name and address, and the number of employees within the organisation that will be using the Services (“Billing Information”). The Company may also ask Visitors, Customers, and Attendees to provide additional information, such as company annual revenues, number of employees, or industry (“Optional Information”). When Visitors apply for a job with the Company, Visitors, Customers, and Attendees may also require applicants to submit additional personal information as well as a resume or curriculum vitae (“Applicant Information”). Required Contact Information, Billing Information, Applicant Information, Optional Information and any other information submitted to the Company to or through the Services is referred to collectively as “Data.”
During navigation of the Company’s Websites, the Company may also collect information through the use of commonly-used information-gathering tools, such as cookies and web beacons (“Website Navigational Information”). Website Navigational Information includes standard information from your web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Websites (such as the web pages viewed and the links clicked). For additional information about the collection of Website Navigational Information by the Company and others, please see the table in Section 4 below.
The Company uses Data about Customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, the Company will use the information provided to contact you about your interest in the Services.
The Company also uses Data about Attendees to plan and host corporate events, host online forums and social networks in which event Attendees may participate, and to populate online profiles for Attendees on the Company’s Websites. Additional information on the Company’s privacy practices with respect to Data about Attendees may be found in additional privacy statements on the event Websites, as the case may be. Please see item number 5 for more information on bulletin boards, blogs, or chat rooms provided by the Company in connection with its corporate events.
The Company may also use Data about Customers and Data about Attendees for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company, its affiliates, and its partners, such as information about promotions or events.
The Company uses Website Navigational Information to operate and improve the Company’s Websites. The Company may also use Website Navigational Information alone or in combination with Data about Customers and Data about Attendees to provide personalised information about the Company.
The Company uses commonly-used information-gathering tools, such as cookies and web beacons, to collect information during navigation of the Company’s Websites (“Website Navigational Information”). This section describes the types of Website Navigational Information used on the Company’s Websites and how this information may be used.
The Company uses cookies to make interactions with the Company’s Websites easy and meaningful. When visiting one of the Company’s Websites, the Company’s servers send a cookie to the client computer. Standing alone, cookies do not personally identify a user; they merely recognize the user’s web browser. Unless the user chooses to identify themselves to alexsolutions.com.au, either by responding to a promotional offer, opening an account, or filling out a web form (such as a “Contact Me” or a “Request a demo” web form), the user remains anonymous to the Company.
The Company uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from the user’s computer when the user closes their browser software or turn off their computer. Persistent cookies remain on the user’s computer after the user closes their browser or turns off their computer.
The following sets out how the Company’s Websites uses different categories of cookies and your options for managing cookies’ settings:
Type of Cookies |
Description |
Managing Settings |
---|---|---|
Required Cookies | Required cookies enable users to navigate the Company’s Websites and use its features, such as accessing secure areas of the Websites and using Services.
If users have chosen to identify themselves to the Company, the Company uses cookies containing encrypted information to allow the Company to uniquely the user. Each time a user logs into the Services, a cookie containing an encrypted, unique identifier that is tied to a user’s account is placed on the user’s browser. These cookies allow the Company to uniquely identify the user when the user is logged into the Services and to process online requests. |
Because required cookies are essential to operate the Company’s Websites and the Services, there is no option to opt out of these cookies. |
Performance cookies | These cookies collect information about how Visitors use the Company’s Website, including which pages visitors go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies a Visitor. All information these cookies collect is aggregated and anonymous. It is only used to improve how the Company’s Website functions and performs.
From time-to-time, the Company may engage third parties to track and analyze usage and volume statistical information from individuals who visit the Company’s Websites. The Company may also utilise Flash cookies for these purposes. |
To learn how to opt out of performance cookies using your browser settings click here.
To learn how to manage privacy and storage settings for Flash cookies click here. |
Functionality cookies | Functionality cookies allow the Company’s Websites to remember information users have entered or choices users make (such as username, language, or region) and provide enhanced, more personal features. These cookies also enable users to optimise their use of Services after logging in. These cookies can also be used to remember changes users have made to text size, fonts and other parts of web pages that users can customize.
The Company uses local shared objects, also known as Flash cookies, to store user preferences or display content based upon what users view on Websites to personalise user visits. |
o learn how to opt out of functionality cookies using your browser settings click here. Note that opting out may impact the functionality you receive when using the Company’s Websites.
To learn how to manage privacy and storage settings for Flash cookies click here. |
When users visit the Company’s Websites, the Company collects user Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, the Company uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company’s Web sites.
The Company also collects IP addresses from Customers when they log into the Services as part of the Company’s “Identity Confirmation” and “IP Range Restrictions” security features.
Data from the Services (Usage logs and Analytics Data). The Company also collects and processes usage data when Customers use the Services (e.g., ingest volume, search concurrency, number of unique user logins, operating system, internet protocol address, source type (count), session duration and other use data) (“Usage Data”) in order to provide, maintain, and improve Services.
In addition, the Company collects and processes anonymised, aggregated data about a group or category of Services, features or users in order to improve the Services (“Analytics Data”). For example, Analytics Data may include anonymized Usage Data, information about the server environment (e.g., OS type/version, CPU type/version, database type/version, disk utilisation), information about the devices operating the Services (e.g., browser type/version, OS type/version, device type/version), or such other similar information about user configuration or operation of the Service features or functionality.
The Customer may post a list of Customers and testimonials on the Company’s Web sites that contain information such as Customer names and titles. The Company always obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.
The Company will not share Data about Visitors, Customers and Attendees unless formal consent has been obtained beforehand. The Company does not share, sell, rent, or trade any information with third parties.
The Company will not share Data about Visitors, Customers and Attendees unless formal consent has been obtained beforehand. The Company does not share, sell, rent, or trade any information with third parties.
The Company will not share Data about Visitors, Customers and Attendees unless formal consent has been obtained beforehand. The Company does not share, sell, rent, or trade any information with third parties.
The Company reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.
The Company offers Visitors, Customers, and Attendees who provide contact information a means to choose how the Company uses the information provided. Visitors, Customers, and Attendees may manage receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails. Additionally, Visitors, Customers, and Attendees may end a request to [email protected].
Customers may electronically submit data or information to the Services for hosting and processing purposes (“Customer Data”). The Customer will not review, share, distribute, or reference any such Customer Data except as provided in the Company’s Subscription Agreement, or as may be required by law. In accordance with the Customer’s Master Subscription Agreement, the Customer may access Customer Data only for the purpose of providing the Services or preventing or addressing service or technical problems or as may be required by law. Additional information about the Company’s privacy and security practices with respect to Customer Data is available upon request to [email protected].
The Company uses robust security measures to protect Data about Visitors, Customers, and Attendees. The Company maintains Data about Visitors, Customers, and Attendees. This information, which is stored in the Services, is secured as follows:
Third-Party Architecture: The architecture used to host Customer Data submitted to the Services is typically provided by a third party provider, Amazon Web Services, Inc.
(“AWS”). Currently, the architecture hosted by AWS in provisioning of the Services is located in Sydney, Australia.
Security Controls: The Services include a variety of security controls. These controls include:
Security Procedures, Policies and Logging: The Services are operated in accordance with the following procedures to enhance security:
User Authentication: Access to the Services, directly or via API, requires a valid user ID and password combination, or an API key/secret, both of which are encrypted via TLS while in transmission.
Encryption: Customer data is encrypted leveraging 128 bit AES encryption in transit. Note: Customer data is not encrypted at rest.
Physical Security: Production data centres used to provide the Services, where the Services are off-premise, have systems that control physical access to the data centre. These systems permit only authorised personnel to access secure areas. The facilities are designed to withstand adverse weather and other reasonably predictable natural conditions, are secured by around-the-clock guards, physical access screening and escort controlled access, and are also supported by on site back-up generators in the event of a power failure.
Reliability and Backup: All networking components, load balancers, Web servers and application servers are configured in a redundant configuration. All Customer Data submitted to the Services is stored on a primary database server that is clustered with a backup database server. All Customer Data submitted to the Services is backed up daily.
Patching: All networking components, load balancers, Web servers and application servers and Software provided by Alex Solutions PTY LTD, used to host, handle and / or store Customer Data, are patched in-line with AWS standard patching service levels.
Return of Customer Data: During the contract term, customers may export a copy of any Customer Data made available for export through the Services. Within 30 days post contract termination, Customers may request return of their respective Customer Data, to the extent such Customer Data can be copied and exported from the Services and the ability to export such data is generally made available to customers, by contacting [email protected].
Deletion of Customer Data: After contract termination, to request deletion of Customer Data submitted to the Services, contact us at [email protected]. After such deletion is initiated by the Company, Customer Data will remain in inactive status on back-up media for 7 days, after which it will be overwritten or deleted. This process is subject to applicable legal requirements.
The Company reserves the right to change this Privacy Statement. The Company will provide notification of the material changes to this Privacy Statement through the Company’s Web sites at least thirty (30) business days prior to the change taking effect.