Version dated 20/02/2018
By using Whispli, you, as a User, accept and agree to:
(b) the Data Processing Addendum; and
(a) providing the system and services that Whispli offers; and
(b) the normal day-to-day operations of our business.
2. Whispli basics
(a) Whispli is an online reporting and case management solution for employees and other stakeholders.
(b) Any Whispli User must register an account in Whispli to use Whispli. The registration requirements vary depending on whether the User is a Client, an Informant or a Managed Service Partner.
(c) Whispli Users can be:
(i) Clients: a person or an entity can subscribe to Whispli, either directly or through a Managed Service Partner and otherwise in accordance with this Agreement, to make the platform available to its Case Managers (or its related entities’ Case Managers) and to Informants;
(ii) Case Managers: Case Managers can access Whispli to configure the platform, communicate securely with Informants, manage reports, cases, surveys, run analytics or any other use as they see fit (subject to this Agreement and the technical features made available by us);
(iii) Informants: Informants can access the platform to communicate securely with a Client that has granted them access to use their Whispli platform to report potential misconduct, respond to a survey, obtain approval for work related expenses or any other use as they see fit (subject to this Agreement and the technical features made available by us); or
(iv) Managed Service Partners: an entity may be granted access to a Client account for the purpose of triaging incoming Reports, analysing Reports, interacting with Informants, or any other activities as agreed between the Client and the Managed Service Partner and may issue invoices and receives payment for Whispli and related services on our behalf.
(d) Each category of Whispli User is not mutually exclusive (for example, a Case Manager may also be an Informant).
(e) Fees are only payable by Clients and Managed Service Partners, not by Informants.
3.3 We handle Personal Information in our own right and also for and on behalf of our Clients and Whispli Users.
3.4 If, at any time, a Whispli User provides Personal Information or other information about another person, the Case Manager or Informant warrants that:
(a) they have obtained that other person's consent to provide such information for the purpose specified; or
(b) they have reasons to suspect that other person has or will engage in an unlawful activity or misconduct of a serious nature, and they will be using Whispli and any related services provided by us as part of taking appropriate action in relation to the matter.
3.5 In certain circumstances, Whispli Clients, such as a school or a recreational activities provider, may obtain parents’ or guardians’ consent for approved Whispli Users under the age of 18 years. To the extent permitted by Law, those Whispli Clients are responsible for obtaining such consent prior to any Whispli User under the age of 18 years being able to use Whispli and any related services provided by us, and for the handling, use and retention of any Personal Information collected in those circumstances.
4. The information we collect
4.1 In the course of business, it is necessary for us to collect information about individuals. The type of information we may collect includes:
(a) Personal Information. We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other identifiable information that allows us to identify who the individual is;
(b) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
(c) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
(d) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and
(e) Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities.
4.3 We may also collect information about an individual that is not Personal Information, such as certain information regarding their computer, network and browser.
5. How we collect information
Most information will be collected in association with an individual’s use of Whispli, an enquiry about Whispli or generally dealing with us. However, we may also receive Personal Information from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected by us as follows:
(a) Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;
(b) Accounts/Memberships. When an individual submits their details to open an account and/or become a Client with us;
(c) Reporting Information. When an individual submits information containing Personal Information to be communicated or managed using our system.
(d) Supply. When an individual supplies us with goods or services;
(e) Contact. When an individual contacts us in any way;
(f) Access. When an individual accesses Whispli or our website physically, we may require them to provide us with details for us to permit them such access. When an individual accesses Whispli or our website through the internet we may collect information using cookies or analytical services; and/or
(g) Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
5.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.
5.3 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a Client) we will either delete/destroy the information, or inform the individual that we hold such information, to the extent permitted and required under the applicable Data Protection Laws.
6. How we use information we collect
6.1 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
(a) the provision of goods and services between an individual and us;
(b) verifying an individual’s identity;
(c) communicating with an individual about:
(i) their relationship with us;
(ii) our goods and services;
(iii) our own marketing and promotions to customers and prospects;
(iv) competitions, surveys and questionnaires;
(d) investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
(e) as required or permitted by any applicable Law (including the Data Protection Laws).
6.2 We will not use an individual’s Personal Information other than for the purpose for which it was collected, or otherwise with the individual’s consent. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
7. Information we share
(a) to a Managed Service Partner to ensure its authorised personnel can access a Client account to perform the tasks agreed between the Client and the Managed Service Partner.
(b) to a Client so that it can appropriately manage its Whispli account, including the profile of existing, new or past Case Managers.
(c) to a Third-Party payment processor to securely perform online capture and processing of credit/debit card transactions;
(d) to other Third-Party providers (such as our Web Application Firewall provider, or our Cloud computing platform provider) to communicate with an individual and to store contact details about an individual;
(e) to a Governmental Agency or a Supervising Authority where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a Governmental Agency or a Supervising Authority should be made aware of, or when required to do so by law (including any Data Protection Laws); or
(f) to a prospective transferee as part of a sale of some or all of our business and assets to any Third Party or as part of any business restructuring or reorganisation,
however, we will inform the individual accordingly (to the extent that we are permitted to do so under the relevant applicable law) and we will take all reasonable steps to ensure that their Personal Information continue to be protected.
8.1 Opt in / out - An individual may opt to not have us collect their Personal Information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
(a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
(b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
8.3 Anonymity – An Informant may be granted by the Client the option to remain anonymous when using the Whispli platform. Depending on the configuration and use case, an Informant may have the choice to remain anonymous to the Client, or anonymous to the Managed Service Partner and the Client, or anonymous to the Managed Service Partner, the Client and Whispli.
9. Information security
9.1 We will take all reasonable precautions and appropriate technical and organisational measures to protect an individual’s Personal Information against accidental or unlawful destruction or accidental loss, alternation, unauthorised disclosure or access. This includes appropriately securing our physical facilities and electronic networks.
9.2 Whispli uses SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
9.3 Whispli is certified ISO 27001:2013 (Information Security Management System).
9.5 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
9.6 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
10. How to access and/or update Personal Information
10.1 Users of Whispli can update their Personal Information from within their Whispli account or profile.
10.2 Subject to the Data Protection Laws, an individual has the right to request from us the Personal Information that we have about them, and we must provide them with such information within 28 days of receiving their written request.
10.3 If an individual cannot update its own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.
10.4 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
10.5 We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.
11. Complaints and disputes
11.1 If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.
11.2 If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed, and in any event, we will comply with the relevant breach notification procedures under any applicable Data Protection Laws.
The Privacy and Data Protection Officer
Fraudsec Pty Ltd
Level 29, 20 Bond Street, Sydney, NSW, 2000 Australiacontact@whispli.com
Please contact the Privacy and Data Protection Officer by email in the first instance.