WHISPLI PRIVACY POLICY

 

Version dated 20/02/2018

By using Whispli, you, as a User, accept and agree to:

(a) the General Terms of Use;

(b) the Data Processing Addendum; and

(c) this Privacy Policy.

1. Purpose of this Privacy Policy

1.1 Fraudsec Pty Ltd ACN 605 003 825 trading as Whispli (we, us or our) has adopted this Privacy Policy to ensure that we have standards in place to protect the information that we collect through our Whispli product (Whispli), related services provided by us and through the Whispli website (www.whispli.com), as is necessary and incidental to:

(a) providing the system and services that Whispli offers; and

(b) the normal day-to-day operations of our business.

1.2 This Privacy Policy is adopted in accordance with the data protection and privacy laws current as of the date of this version in Australia and in the European Union (Data Protection Laws).

2. Whispli basics

(a) Whispli is an online reporting and case management solution for employees and other stakeholders.

(b) Any Whispli User must register an account in Whispli to use Whispli.  The registration requirements vary depending on whether the User is a Client, an Informant or a Managed Service Partner.

(c) Whispli Users can be:

(i) Clients: a person or an entity can subscribe to Whispli, either directly or through a Managed Service Partner and otherwise in accordance with this Agreement, to make the platform available to its Case Managers (or its related entities’ Case Managers) and to Informants;

(ii) Case Managers: Case Managers can access Whispli to configure the platform, communicate securely with Informants, manage reports, cases, surveys, run analytics or any other use as they see fit (subject to this Agreement and the technical features made available by us);

(iii) Informants: Informants can access the platform to communicate securely with a Client that has granted them access to use their Whispli platform to report potential misconduct, respond to a survey, obtain approval for work related expenses or any other use as they see fit (subject to this Agreement and the technical features made available by us); or

(iv) Managed Service Partners: an entity may be granted access to a Client account for the purpose of triaging incoming Reports, analysing Reports, interacting with Informants, or any other activities as agreed between the Client and the Managed Service Partner and may issue invoices and receives payment for Whispli and related services on our behalf.

(d) Each category of Whispli User is not mutually exclusive (for example, a Case Manager may also be an Informant).

(e) Fees are only payable by Clients and Managed Service Partners, not by Informants.

3. Who and what this Privacy Policy applies to

3.1 Our Privacy Policy deals with how we handle Personal Information (which, for the purpose of this Privacy Policy, includes “Personal Data” as defined in the European Union Data Protection Laws and “Personal Information” as defined in the Australian Data Protection Laws) and other information about individuals that we may collect as part of our business.

3.2 Our Privacy Policy does not apply to information we collect about businesses or companies, however it does apply to certain information collected through Whispli from individuals authorised or deemed to be authorised by our Clients (such as Case Managers or Informants) to use Whispli in accordance with Whispli’s General Terms of Use (Whispli Users).

3.3 We handle Personal Information in our own right and also for and on behalf of our Clients and Whispli Users.

3.4 If, at any time, a Whispli User provides Personal Information or other information about another person, the Case Manager or Informant warrants that:

(a) they have obtained that other person's consent to provide such information for the purpose specified; or

(b) they have reasons to suspect that other person has or will engage in an unlawful activity or misconduct of a serious nature, and they will be using Whispli and any related services provided by us as part of taking appropriate action in relation to the matter.

3.5 In certain circumstances, Whispli Clients, such as a school or a recreational activities provider, may obtain parents’ or guardians’ consent for approved Whispli Users under the age of 18 years.  To the extent permitted by Law, those Whispli Clients are responsible for obtaining such consent prior to any Whispli User under the age of 18 years being able to use Whispli and any related services provided by us, and for the handling, use and retention of any Personal Information collected in those circumstances.  

4. The information we collect

4.1 In the course of business, it is necessary for us to collect information about individuals.  The type of information we may collect includes:

(a) Personal Information.  We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other identifiable information that allows us to identify who the individual is;

(b) Contact Information.  We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;

(c) Financial Information.  We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;

(d) Statistical Information.  We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and

(e) Information an individual sends us.  We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities.

4.2 We may collect other Personal Information about an individual or a Whispli User, which we will maintain in accordance with this Privacy Policy or otherwise with their express consent.

4.3 We may also collect information about an individual that is not Personal Information, such as certain information regarding their computer, network and browser.  

5. How we collect information

Most information will be collected in association with an individual’s use of Whispli, an enquiry about Whispli or generally dealing with us.  However, we may also receive Personal Information from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners.  In particular, information is likely to be collected by us as follows:

(a) Registrations/Subscriptions.  When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;

(b) Accounts/Memberships. When an individual submits their details to open an account and/or become a Client with us;

(c) Reporting Information. When an individual submits information containing Personal Information to be communicated or managed using our system.

(d) Supply.  When an individual supplies us with goods or services;

(e) Contact.  When an individual contacts us in any way;

(f) Access.  When an individual accesses Whispli or our website physically, we may require them to provide us with details for us to permit them such access.  When an individual accesses Whispli or our website through the internet we may collect information using cookies or analytical services; and/or

(g) Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.

5.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.

5.3 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a Client) we will either delete/destroy the information, or inform the individual that we hold such information, to the extent permitted and required under the applicable Data Protection Laws.

6. How we use information we collect

6.1 Information is used to enable us to operate our business, especially as it relates to an individual.  This may include:

(a) the provision of goods and services between an individual and us;

(b) verifying an individual’s identity;

(c) communicating with an individual about:

(i) their relationship with us;

(ii) our goods and services;

(iii) our own marketing and promotions to customers and prospects;

(iv) competitions, surveys and questionnaires;

(d) investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or

(e) as required or permitted by any applicable Law (including the Data Protection Laws).

6.2 We will not use an individual’s Personal Information other than for the purpose for which it was collected, or otherwise with the individual’s consent.  The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.

6.3 We will retain Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

7. Information we share

It may be necessary for us to disclose an individual’s Personal Information to Third Parties in a manner compliant with the Data Protection Laws, the General Terms of Use and the Data Processing Addendum, including:

(a) to a Managed Service Partner to ensure its authorised personnel can access a Client account to perform the tasks agreed between the Client and the Managed Service Partner.

(b) to a Client so that it can appropriately manage its Whispli account, including the profile of existing, new or past Case Managers.

(c) to a Third-Party payment processor to securely perform online capture and processing of credit/debit card transactions;

(d) to other Third-Party providers (such as our Web Application Firewall provider, or our Cloud computing platform provider) to communicate with an individual and to store contact details about an individual;

(e) to a Governmental Agency or a Supervising Authority where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a Governmental Agency or a Supervising Authority should be made aware of, or when required to do so by law (including any Data Protection Laws); or

(f) to a prospective transferee as part of a sale of some or all of our business and assets to any Third Party or as part of any business restructuring or reorganisation,

however, we will inform the individual accordingly (to the extent that we are permitted to do so under the relevant applicable law) and we will take all reasonable steps to ensure that their Personal Information continue to be protected.

7.2 We will not disclose an individual’s Personal Information to any entity that is in a jurisdiction that does not have a similar regime to the EU Data Protection Laws or the Australian Data Protection Laws, or an implemented and enforceable privacy policy that complies with the European Union Data Protection Laws or the Australian Data Protection Laws. We will take reasonable steps to ensure that any disclosure to an entity in such jurisdictions will not be made until that entity has agreed in writing with us to safeguard Personal Information as we do.

8. Choices

8.1 Opt in / out - An individual may opt to not have us collect their Personal Information.  This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us.  They will be aware of this when:

(a) Opt In.  Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or

(b) Opt Out.  Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.

8.2 Hosting and processing location - We agree with our Clients on the most appropriate location to host and process their Whispli Personal Information (through our Data Processing Addendum).  Under a standard and proper use of Whispli, no information is transferred between geographical regions and all Personal Information is stored in a specific data center as agreed with the Client.  Whispli Clients may not choose that location however, and our Clients must advise their Whispli Users of the location through their own privacy policy.

8.3 Anonymity – An Informant may be granted by the Client the option to remain anonymous when using the Whispli platform. Depending on the configuration and use case, an Informant may have the choice to remain anonymous to the Client, or anonymous to the Managed Service Partner and the Client, or anonymous to the Managed Service Partner, the Client and Whispli.

9. Information security

9.1 We will take all reasonable precautions and appropriate technical and organisational measures to protect an individual’s Personal Information against accidental or unlawful destruction or accidental loss, alternation, unauthorised disclosure or access. This includes appropriately securing our physical facilities and electronic networks.

9.2 Whispli uses SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed.  Each individual that provides information to us via the internet or by post does so at their own risk.  We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.

9.3 Whispli is certified ISO 27001:2013 (Information Security Management System).

9.4 We are not responsible for the privacy or security practices of any Third Party (including Third Parties to whom we are permitted to disclose an individual’s Personal Information to in accordance with this Privacy Policy, our General Terms of Use, our Data Processing Addendum or any applicable Laws).  The collection and use of an individual’s information by such Third Parties may be subject to separate privacy and security policies.

9.5 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.

9.6 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.

10. How to access and/or update Personal Information

10.1 Users of Whispli can update their Personal Information from within their Whispli account or profile.

10.2 Subject to the Data Protection Laws, an individual has the right to request from us the Personal Information that we have about them, and we must provide them with such information within 28 days of receiving their written request.

10.3 If an individual cannot update its own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.

10.4 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.

10.5 We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.

11. Complaints and disputes

11.1 If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.

11.2 If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed, and in any event, we will comply with the relevant breach notification procedures under any applicable Data Protection Laws.

12. Contact

We have appointed a Privacy and Data Protection Officer to oversee the management of this Privacy Policy and compliance with the Data Protection Laws.  The appointed officer may be reached at:

The Privacy and Data Protection Officer

Fraudsec Pty Ltd

Level 29, 20 Bond Street, Sydney, NSW, 2000 Australia

contact@whispli.com

Please contact the Privacy and Data Protection Officer by email in the first instance.

13. Changes to this Privacy Policy

13.1 We may need to amend this Privacy Policy from time to time and will notify our Clients if we do so.  The latest version of this Privacy Policy will be available at https://whispli.com/privacy-policy/ and we encourage you check that page regularly.

13.2 In order to comply with our obligations under the Data Protection Laws, we may do other things in addition to what is stated in this Privacy Policy, nothing in this Privacy Policy shall deem us to be in breach of any Data Protection Laws.