Privacy Policy

Last updated: Feb 25, 2024

ASSETNOTE PTY LTD ACN 627 932 254 (us, we, our) recognises the importance of your (you, your) privacy and is committed to protecting any personal information and data we hold about you and safeguarding your privacy.

Our Privacy Policy has been developed in accordance with the Privacy Act 1988 (Cth) and General Data Protection Regulation (EU) 2016/679 (Privacy Laws).  It details how we manage the collection, storage, use and dissemination of your personal information and data either through use of our services or via our website, how you can seek access to and correction of your personal information and data, your rights under the Privacy Laws and, if necessary, how you can make a complaint relating to our handling of your personal information and data.  

Collecting personal information and data

The nature of the personal information and data we collect and hold, and where it comes from, will vary according to the circumstances in which we are dealing with you. Personal information and data comes from you personally, your agents, documentation, correspondence (including facsimile, telephone, email, via application or website (*.assetnote.io and *.assetnotecloud.com)) and from third parties.

Personal information and data may include:

  1. your name, date of birth, residential and business addresses, telephone numbers, email and other electronic addresses, occupation, details about your family;
  2. information about your clients, customers, business associates and your potential clients, customers and business associates, and their employees;
  3. your suppliers and their employees;
  4. information about people who access your website or services;
  5. billing information including credit card number, cardholder name and card expiration date;
  6. usernames and passwords;
  7. IP addresses, information identifying your devices and websites;
  8. other information collected in the conduct of our business.

We usually collect your personal information and data directly from you, however, we may collect personal information and data from you in other ways and for other purposes including when:

  1. you subscribe to receive our services;
  2. you register an account with us;
  3. you interact, engage with or participate in the services we provide;
  4. you give us permission to collect location data (if applicable);
  5. you sign up for promotional or marketing materials;
  6. you communicate with us directly or through social media;
  7. when you share content or provide us with information;
  8. when you ask us to customise any of our services or products.

Sometimes we may need to collect personal information and/or data about you from third parties for the purposes described below. The circumstances in which we may need to do this include where we need information and data from a third party to assist us to provide the services.  We will advise you if this is necessary.

We may create deidentified or anonymous data from personal information and data by excluding data components that makes the data personally identifiable to you, through obfuscation, or through other means. Our use of anonymised and deidentified data is not subject to this Privacy Policy.

When you visit or log in to our website, cookies  and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address.  We (or service providers on our behalf) may then send communications and marketing to these email or home addresses.  You may opt out of receiving this advertising by visiting https://app.retention.com/optout

Holding personal information and data

We may hold your personal information and data in physical form or in electronic form on our systems or the systems of our service providers.

Our systems and procedures are designed to prevent your personal information and data from being accessed by unauthorised personnel, lost or misused.   If you reasonably believe that there has been unauthorised use or disclosure of your personal information and data, please contact our Privacy Officer (details below).

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose of those purposes. We may retain your personal information and data for longer where we are legally obliged to retain such personal information and data.

If we no longer need your personal information and data we will, take reasonable steps to destroy or securely delete your personal information and data in accordance with our document retention policy, unless we are required under the Privacy Laws or a court or tribunal order to retain it.

Where appropriate or required, we will require our service providers that hold and process such information and data on our behalf to follow appropriate standards of security and confidentiality.

Purposes of collection, use and disclosure of personal information and data

We will only collect, use and disclose your personal information and data as reasonably necessary for our business purposes and as permitted by the Privacy Laws and the law.

These purposes may include:

  1. registration and management of your account with us;
  2. communicating with you;
  3. providing goods or services to you;
  4. improving and developing our goods and services;
  5. managing our services including processing receipts, payments and invoices;
  6. evaluating and monitoring credit worthiness;
  7. responding to inquiries about applications, accounts or other products, services or arrangements;
  8. marketing our goods and services;
  9. for legitimate interests (communication with you regarding our services, respond to your requests, promotional messages, surveys, compliance, improvement and development, enforcement of our terms);
  10. meeting legal and regulatory requirements; and
  11. enforcing our rights, including undertaking debt collection activities and legal proceedings.

The legal grounds for processing your personal information and data is, where applicable:

  1. our legitimate interests in the proper administration of our website, business and services, such as properly providing you with our services you engage us for;
  2. where you give consent to us to process your personal information and data. You may withdraw your consent at any time by contacting our Privacy Officer;
  3. under contract, where you contract with us for our services which requires us to process your personal information and data; and/or
  4. the legal protection and assertion of our legal rights, your legal rights or the legal rights of others.

Disclosures of personal information and data to third parties

In order to deliver the services, we may disclose your personal information and data to other organisations but only in relation to providing our services to you or as required by law.  We take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the protection of your personal information and data.

We obtain services from other external service providers, some of which may be located outside of your country, and your information and/or data may be provided to them for this purpose.   We may also need to disclose your personal information and data to third parties for the purposes of providing services to you.  

We disclose your personal information and/or data to:

  1. our related entities, affiliates or partners;
  2. suppliers, service providers and subcontractors (e.g., to provide, improve and personalise the services we provide);
  3. regulatory bodies in your country and other countries;
  4. legal, financial and other advisors;
  5. debt collectors;
  6. organisations wishing to acquire an interest in any part of our business from time to time; and
  7. other information providers.

We may also disclose your personal information and/or data in order:

  1. for us to comply with a legal obligation;
  2. to protect your vital interests or the vital interests of another personal; and/or
  3. to establish, exercise or defend a legal claim.

Some of these recipients may be located outside of your country. It is not reasonably practicable to list all of the countries to which your information and data may be transmitted from time to time.

We will not adopt, use or disclose a government related identifier unless permitted by the Privacy Laws.

We take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the protection of your personal information and data.

We may (if permitted by law) disclose your credit information with third parties including credit reporting bodies, our related entities, other credit providers, organisations that perform debt collection activities on our behalf.  Credit reporting bodies may include the information we provide to them in reports provided to other credit providers to assist them to assess your creditworthiness.

International transfers of your personal information and data

Transfers of your personal information and data to countries outside of the European Economic Area will be protected by appropriate safeguards, namely, the use of the Model Contractual Clauses as approved by the European Commission.

Accessing your personal information and data and credit information

You are entitled under the Privacy Laws to access personal information and data and credit information we hold about you by contacting our Privacy Officer (details below).

Should you require access to your personal information and data or credit information, please request access and be specific about the information you require.

We will need to validate the identity of anyone making an access request, to ensure that we do not provide your information and data to anyone who does not have the right to access that information and data.

Gaining access to your personal information and data and credit information is subject to some exceptions allowed by law. Factors affecting a right to access include where:

  1. we reasonably believe that access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
  2. access would have an unreasonable impact on the privacy of others;
  3. the request for access is frivolous or vexatious;
  4. the information relates to a commercially sensitive decision-making process;
  5. access would be unlawful;
  6. denying access is required or authorised by or under a law or a court/tribunal order;
  7. access would prejudice enforcement activities or the taking of appropriate action in relation to unlawful activity or serious misconduct;
  8. the information relates to existing or anticipated legal proceedings between you and us and would not be accessible by the process of discovery; or
  9. the information would prejudice negotiations with you.

There is no charge for making an access request.  Your request will be dealt with in a timely manner.

Correcting your information

We take all reasonable precautions to ensure that the personal information and data and credit information we collect, use and disclose is accurate, complete, up-to-date and relevant.

If you believe that this is not the case in relation to any personal information and data and credit information we hold about you, you have the right under the Privacy Laws to request that we correct that information. Please contact the Privacy Officer in this instance.

If we do not agree with a request to correct information and data we hold in relation to you we will give you notice in writing as to our reasons and the mechanisms available to you to complain about our decision.

You may also request us to associate a statement with that information and data to the effect that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading so that it is apparent to users of the information and data.

When contacting us, you have the option to either not identify yourself or to use a pseudonym. However, this will not apply if it is impracticable for us to communicate with you that way or if we are required or authorised under law (or a court or tribunal order) to only deal with individuals who have identified themselves.

We will attempt to resolve your correction requests in a timely manner. If we need more time to resolve your request, we will notify you in writing as to the delay and seek your agreement to a longer period.

There is no cost involved for you to make a correction request or for the correction of your information.

Your rights

Under the Privacy Laws, you have the certain rights in relation to your personal information and data. Subject to exceptions in the Privacy Laws, you have the following rights:

  1. right of access: you have the right to know whether or not we are processing your personal information and data;
  2. right to rectification: you have the right to require us to rectify inaccuracies in your personal information and data;
  3. right to erasure: you have the right to obtain from us the erasure of your personal information and data;
  4. right to restriction of processing: you have the right to restrict us from processing your personal information and data, subject to law;
  5. right to data portability: you have the right to receive your personal information and data given to us in a structured, commonly used and machine-readable format and have the right to transmit the information to another service provider;
  6. right to object: you have the right to object to processing of your personal information and data, subject to law.
  7. right to lodge a complaint with a supervisory authority: you have the right make a complaint with a supervisory authority should you feel we are processing your personal information and/or data illegally;
  8. right to withdraw consent: you have the right to withdraw your consent to us processing your personal information and/or data.

Site

When you visit (*.assetnote.io or *.assetnotecloud.com) the server may attach a “cookie” to your computer's memory.  A “cookie” assists us to store information on how visitors to the Site use it and the pages that may be of most interest.  This information may be used to provide users of your computer with information that we think may interest them.  

If you choose, you should be able to configure your device so that it disables “cookies” or does not accept them.

The Site may link directly to websites operated by third parties (Linked Sites).  You acknowledge that Linked Sites are not operated by us.  We encourage you to always read the applicable privacy policy of any Linked Site.  We are not responsible for the content or practices of the Linked Sites or their privacy policies regarding the collection, storage, use and dissemination of your personal information and data.

Direct marketing  

We may use personal information and data about you for the primary purpose of providing you with our services. We may also use it for other purposes for which you might reasonably expect us to use that information and data.  This includes marketing our business and sending you information about new developments, products, services and special offers by post, telephone or any form of electronic communication. You authorise us to use any email address or other contact information you provide to us at any time for this purpose.

You agree and acknowledge that even if you opt out of receiving marketing material, we will still send you essential information that we are required to send you relating to the services we provide.

Complaints and disputes

If you have reason to believe that we have not complied with our obligations under the Privacy Laws in relation to your personal information and data, please contact our Privacy Officer.

You will receive an acknowledgment of your complaint as soon as practicable and in any case within seven (7) days after we receive it.

We will investigate all complaints and aim to resolve them within Thirty (30) days. If we cannot resolve your complaint within this period we will notify you as to the reasons why, specify a date when we expect a resolution and seek your agreement to extend this thirty (30) day period (if you do not agree, we may then not be able to resolve your complaint).

If we find a complaint justified, we will resolve it. If necessary, we will change policies and procedures to maintain our high standards of performance, service and client care.

If you are not happy with the way your privacy-related complaint is being handled, you can also contact the Privacy Officer using the contact details below.

Consent

We may ask for your consent to process your personal information and data for undertaking certain of activities.

Consent may be provided in the form of a tick box, providing us with personal information and data through our services, creating an account with us or in another manner.

By your use of the Site and our services, you consent to the collection, storage, use and dissemination of your personal information and data in accordance with this Privacy Policy and as otherwise permitted under the Privacy Laws.

You may at any time withdraw your consent however this may impact our ability to provide the services to you.

Variation

We may vary the terms of this Privacy Policy at any time.  You should check this Privacy Policy regularly so that you are aware of any variations made to this Privacy Policy.  You will be deemed to have consented to such variations by your continued use of the Site or our services following such changes being made.

Contact

If you wish to find out more information, or raise any specific or general concerns, about our Privacy Policy and privacy practices, the contact details are as follows:  privacy@assetnote.io

Address:
Level 10, 12 Creek Street, Brisbane QLD, 4000

Contact:
contact@assetnote.io

Press Inquiries:
press@assetnote.io
Platform Features
Continuous Asset Discovery
Deep Asset Enrichment
Assetnote Exposure Engine
Expert Security Research
Collaborative Workflows
Customization
Use Cases
Continuous Asset Discovery and Inventory
Real-Time Exposure Monitoring
Attack Surface Reduction
Mergers & Acquisitions
Bug Bounty Readiness
© 2023 Assetnote. All rights reserved.
Privacy Policy