This policy was last revised on .
Due to the commercial nature of our services, CyberMetrix, for the most part, collects the information of individuals in their professional capacity. For example, we collect information of the person who registers or activates the organisation’s administrator or user account, as part of their role within the customer organisation.
That being said, we recognise and value the protection of your personal information, which is an important part of our relationship with customers.
- give you clear information about our personal information handling practices,
- only collect personal information that is necessary for our functions,
- understand the purpose of our services, and restrict our use and disclosure of personal information in that regard, and
- take reasonable steps to keep the personal information we have secure.
Personal information we collect
The types of personal information we collect and process are set out below. We generally collect this information when you interact with our platform and website. We may also collect this information in person, via email, mail or phone.
We collect and use analytics and cookie data from a person’s use of the website (www.cybermetrix.com.au), to understand how people interact with our site.
Information we collect and process when you use our website and platforms includes:
- Your device’s IP address
- The date and time that you visited our website
- Whether you have been to our website before
- What site referred you to our website
- Approximate location of the device you used to interact with our website
If you are a contact person for an organisation, we collect and process minimal personal information when you ask about our platforms and services. Enquiries can be made via email, post, or when you submit an online ‘contact us’ form.
Information we collect and process may include the name of an organisation’s contact person, the organisation’s preferred phone, email and address details, and details of the enquiry or correspondence with us.
We may use the details of a customer’s nominated contact person to communicate with our customer, including in regards to the platform, our services, sales, and accounts. Information we collect and process may include the name of the customer’s contact person, the organisation’s preferred phone, email and address details.
We may send promotional emails to a customer’s nominated contact person, where they have opted to receive marketing material. Whilst these emails may be sent to a customer’s contact person, they are intended for our customers, i.e. organisations. If at any time the customer wishes not to receive promotional communication from us, they may unsubscribe using the unsubscribe method described in the email.
We collect and process limited personal information to register or activate our customer’s CyberMetrix account. We collect details of the customer’s nominated person via our platform when you register your organisation’s account, including:
- First name
- Last name
- Country location
- Business mobile number
- Business email
- Role within the customer organisation
- Profile picture (where it includes an image of a person)
When a customer uses our platform, they may provide us with contact information or other personal information that relates to an individual in their professional capacity, working for our customer’s suppliers or customers. We collect and use this information for the purpose of providing our cyber security services to our customers.
A customer may submit a question or request support by submitting a form located within the customer’s administrator or user account. When the customer requests support, we collect the name of the customer’s contact person, business email address and details of the question, issue or support request, and our correspondence with you in regard to the request.
We collect and process payment information to provide our products and services. When customers provide payment information to us, they will usually provide the payment information of the customer organisation; not payment information of an individual.
There may be limited circumstances where personal payment information is provided to and processed by us (such as name on card, card type, amount purchased). We do not knowingly receive payment information of a person; rather, we ask our customers to use their approved corporate payment facilities.
We collect and process feedback information to improve the types and quality of services offered, and the manner in which those services are provided to customers. We may collect your opinions and feedback by conducting surveys or market research, or by seeking other information from you on a periodic basis.
When you submit a request to access or correct your personal information, or submit a privacy complaint, we use this information to process your request or investigate your concern, and to communicate with you. We collect and use your name, contact information and details regarding your request or concern.
When you apply for a job with us, we collect and process your personal information as part of the application, and potentially, the hiring process. Recruitment information we collect and process may include name, email, phone, address, resume, cover letter details and references.
Why we collect and use personal information
We collect and process personal information for a number of reasons, which have been described in the table below:
|We collect and use…||Purpose|
|Enquiries information||To answer your questions about our cyber security maturity assessment platform and services|
|Customer contact information||
To provide you with access to the CyberMetrix platform
To communicate with you as part of our cyber security services
To send our customers promotional emails. Whilst these emails may be sent to a customer’s contact person, they are intended for our customers organisations.
|Help and support information||To provide help and support in our customer’s use of the CyberMetrix platform|
|Payment information||To accept payment for your purchase of our products or services|
|Feedback information||To improve the types and quality of services offered, and the manner in which those services are provided to customers|
|Access and correction requests, and privacy complaint information||To process your request or investigate your concern, and communicate with you|
|Recruitment information||To process your job application and, if you are successful, to offer you a job and commence your employment|
Who we share your personal information with
CyberMetrix uses external parties (i.e. vendors) to provide services and functions on our behalf. In order for vendors to provide these services, we may share personal information that relates to the services being provided. We ensure that vendors only process personal information for the purpose it was provided to them, and not for any other purpose.
Our primary vendors that provide services on our behalf include:
- Amazon Web Services (AWS) – provides public cloud and IaaS related services, refer to the AWS Privacy Notice.
We also have contracts with other domain specialists, subject matter experts, management consultants and information technology professionals to assist in providing our services. There may be limited instances where we share your information with these external parties for the purpose of providing services on our behalf.
We do not sell or share personal information with any advertisers, sponsors, content providers, media outlets, law enforcement or other person or entity, unless:
- We have your express permission, or
- There is a lawful ability or requirement for us to do so.
If you contact us with a general question, we may interact with you anonymously or through the use of pseudonym.
However, due to the nature of our business, we are unable to provide our cyber security maturity assessment platform anonymously, as we require factual information in order to register customer accounts and provide our cyber security maturity assessment services.
How we manage personal information
At CyberMetrix, we securely manage and dispose of personal information that we collect and process, as outlined below:
We store personal information that we collect using public cloud services that are secured using best practice authentication techniques to protect your data from unauthorised access, modification or disclosure. CyberMetrix stores data, including personal information, with Google and Amazon Web Services. The information is stored in the jurisdiction in which we collected it from (for example, where personal information is collected from within the US, the data is stored on servers located int the US) when it is possible to do so.
We also use vendors to store specific types of personal information (such as analytics and accounting information) on our behalf. The personal information stored by vendors relates directly to their functions and services, and is stored in accordance with our contract with these providers.
CyberMetrix have implemented a range of data security practices and controls, including (but not limited to):
- Use of access controls, including multi-factor authentication,
- Security awareness training,
- Encryption of personal information during transit and at rest where possible,
- Personal information is stored and backed up in secure offsite locations,
- Back-ups of data is regularly tested for full operational recovery,
- Use of anti-virus on all company workstations and laptops, and
- Installation of firewalls where our network connects to the public internet.
Protection of personal information from unauthorised access, disclosure, alteration or loss is a priority for us. Any concerns about the security of personal information collected or processed by CyberMetrix should be reported to us at using our contact details below.
We keep your personal information for different periods, depending on the purpose that it was collected for. Where we no longer require personal information for the purpose it was collected, we will securely destroy that data.
Accessing and correcting your personal information
CyberMetrix supports your right to:
- Access personal information we hold about you, or
- Correct your personal information, where you think that it is inaccurate, incomplete or out of date.
If you would like to access personal information we hold about you, we are happy to tell you what it is. We will not, however, tell someone else what personal information we hold about you (unless you permit us or there is a lawful ability or requirement for us to do so).
If you think the personal information we hold about you is incorrect, out of date or misleading, we are happy to correct it.
Questions and concerns?
Via the Contact Form on the footer of our website.
GPO Box 1515
Brisbane, QLD 4001
If you have made a privacy compliant and are not happy with how we responded to your concern, you are able to contact the Office of the Australian Information Commissioner (OAIC). The OAIC’s process is available here.
This policy was last revised on .