Privacy Policy

1. About Us

FirstWave is a publicly listed, global technology company formed in 2004 and headquartered in Sydney, Australia.
FirstWave’s CyberCision platform provides best-in-class cybersecurity technologies, enabling FirstWave’s telco, MSP, government and enterprise partners to protect themselves and their customers from cyber-attacks, with an expertise in email and firewall cloud security. FirstWave also provides various cloud-based services, including the provision of cloud security gateways, and cloud analytics.
In January 2022, FirstWave acquired Opmantek, a leading provider of enterprise-grade network management, automation and IT audit software – the Network Management Information System (NMIS) suite. Developed in a Commercial Open Source Software model, it helps IT teams audit IT environments, detects faults, prevents failures and helps manage capacity.
The combination of CyberCision, Network Management Information System (NMIS), and Open-AudIT products enable FirstWave to provide a comprehensive end-to-end solution for network discovery, management and cybersecurity for our telco and service provider partners globally.
As a part of these services and software, information is provided by customers and end users, including personal information delivered as a part of email and web traffic scanning and analysis. The vast majority of this information passes through the FirstWave platform and is not held or recorded by FirstWave for any material length of time. At times however, customers or end users may request that FirstWave retains certain information, including archives and reports, which could include personal information of those customers’ or end users’ employees.

2. About this Privacy Policy

FirstWave is committed to the protection of ‘Personal Information’ (PI) provided to us. When you share PI with us, we treat it with care and take our responsibility to protect it seriously and in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act) and the EU General Information Protection Regulation (GDPR)
This policy clearly describes our privacy practices and how we collect, use, process, and manage your Personal Information in relation to our business activities and the use of our software, services and websites.
This Policy applies to personal information that FirstWave collects, uses, holds, discloses and stores in the course of providing the FirstWave Services, and otherwise in the course of its business.

 

3. Terminology

In this Policy:
personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true, and whether recorded in a material form or not.
FirstWave Services mean the services performed by FirstWave, including those described in section 2.
Personal/Sensitive information means (without limitation) information about an individual’s race, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preference, criminal record, or health, genetic or biometric information.
subsidiaries has the meaning given to that term in the Corporations Act 2001 (Cth).
“we” “us” “our” and “FirstWave” are reference to FirstWave Cloud Technology Limited (ACN 144 733 595) its subsidiaries and acquisitions from time to time.
“you” and “your” means a natural person whose personal information we have knowingly collected.

4. How we collect personal information

4.1 We collect personal information in a number of ways, including when you interact with us electronically, hardcopy or in person, when you access our services or website and when we provide our products and services

  1. in conducting the FirstWave services:
    1. in the course of our customers’ (and end users’) email and web browsing activity traffic passing through the FirstWave platform (but only to the extent that this information is subsequently held for one of the below purposes);
    2. providing data security, protection, network monitoring and management to enterprises;
    3. where our customers or end users ask us to monitor data flows, where possible, secure data and systems, store or archive emails and web browsing activities that include personal information; and
    4. where our customers or end users ask us to, or use the FirstWave platform to, generate reports based on the information that passes through the FirstWave platform, which may include an end user employer asking us to provide these services in relation to its employees’ work email and web browsing activities.
  2. where you, as a customer or end user, interact directly with our employees and such other persons acting for us or on our behalf, whether by telephone, email or some other form of communication;
  3. where you provide information directly to us during a recruitment process (as a potential staff member), including filling out hard copy forms, through emails and by face to face communication;
  4. where you provide feedback to us;
  5. from publicly available sources of information; and
  6.  we may also receive Personal Information from third parties. If we do, we will protect your Personal Information in accordance with this Privacy Statement

4.2 If you do not wish for your personal information to be collected in a way anticipated by our Privacy Policy, we will use reasonable endeavours to accommodate your request. The customer or end user administrator has access to settings and a reporting front-end which may be used to adjust the scope of personal information collected or used. However, we note that, due to the nature of the services that we provide, it may not be possible or practicable to remove or de-identify personal information that is collected, stored or provided by our customers or end users.

4.3 If we do comply with your request, or if we have inaccurate or incorrect information, we may not have sufficient information to, or otherwise may be hindered:

  1. in the performance of the FirstWave Services for which we have been engaged, including security services, email and web traffic scanning and analysis, spam, virus and other threat detection and analysis, firewall services and other services;
  2. in our ability to keep you informed of company updates and services information;
  3. in our ability to properly conduct our operations;
  4. in considering your application for employment with us; and
  5. in our ability to respond to your inquiry or request.

 

5. What personal information we collect

5.1 “Personal Information” is information that can reasonably identify an individual. We receive PI you provide to us through our business activities or our Website, provided to us directly or indirectly through your use of our products and services or any associated social media platforms from which you permit us to collect your Personal Information. The personal information that we may collect or hold will depend on the context in which we collect it, and may include:

  1. Names and contact information;
  2. home or work postal addresses;
  3. telephone or mobile phone numbers;
  4. payment information, in relation to payment for our services;
  5. internet protocol (IP) addresses;
  6. web browser cookies;
  7. email meta data, contents or addresses, and any other personal information you or a person ostensibly authorised by you (which may include an employer, where your employer is a customer or end user of FirstWave) submits to us, as well any other information that we consider is necessary to perform our functions and activities.

5.2 Where personal information is provided by a customer or end user of ours (e.g. information relating to a customer’s employee or representative, or of the customer’s end user), we rely on the customer and end users to ensure that the individuals whose information is being provided have been informed about our role in collecting their personal information and, where necessary, informed about this Policy.

5.3 The performance of the FirstWave Services may from time to time involve the temporary collection of personal information from data being analysed by our services (such as when included in emails or web traffic that passes through the FirstWave platform).

5.4 We may ask you to provide Personal Information such as your name, phone number, address and email address to enable us to provide you with support services, mailings, sales and marketing actions, process your product or service order, provide updates and to meet our contractual obligations.

5.5 We may collect additional data at other times, including but not limited to, when you provide feedback, when you provide data about your personal or business affairs, change your content or email preference, respond to surveys and promotions, provide financial or credit card data, or communicate with our customer support.

 

6. How we use your Personal Information – Purpose of collection, use and disclosure

6.1 We collect, use and disclose Personal Information and you consent to us using your PI for the primary purpose of conducting our business and providing the FirstWave Software, Products and Services, which includes:

  1. providing cloud-based email security, security audits, web security services, URL filtering, malware and virus scanning;
  2. providing network management and monitoring software and services;
  3. preparing reports based on the content provided as a part of the services described above;
  4. where requested, archiving and storing the content and reports described above;
  5. providing forensic and diagnostic data discovery services in connection with the above services;
  6. performing installation, integration, development and other professional services;
  7. delivering service and company update notices to our customers and, where necessary, end users to inform them about our services;
  8. responding to an inquiry or request received from an employer or individual;
  9. researching and assessing our services to identify possible improvements;
  10. fulfilling obligations to, and cooperating with, government authorities, partners, resellers, customers and end users;
  11. administering our business activities;
  12. manage, research and develop our products and services including through data analytics;
  13. provide you with information about our products and services;
  14. communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail;
  15. investigate any complaints;
  16. process transactions involving our business and through our Website where you have purchased our products or services.
  17. in the case of potential employees, assessing a person’s application for employment with us;
  18. resolving disputes and queries, and any other matters that may reasonably be expected in connection with the above matters, where we have obtained consent for other collection activities, or are otherwise required to do so by law; and
  19. to protect the copyright, trademarks, legal rights, property or safety

6.2 Disclosure of your Personal Information and Third Parties with access to it

We will only share your Personal Information where you have given us your consent, we do so on the basis that your data is treated with confidence, and only used for the limited purpose, and in manner described in this Privacy Policy.
In conducting our operations, we may share personal information with, or receive personal information from, third parties such as our service providers and contractors (and our customers where they are providing partner or reseller services) where necessary for them to provide their services. Unless you have agreed otherwise, these parties are not allowed to use your personal information for any other purpose except to assist in conducting our business, and we take reasonable steps to ensure that third parties are subject to confidentiality requirements. In particular, we may disclose your personal information to:

  1. third party technology services providers – our third-party service providers may be located outside of Australia, or outside of the EU;
  2. third party security software providers; and
  3. partners or resellers where they are our direct customer, as well as where you otherwise provide your consent, whether express or implied, or we are otherwise required to share that information by law.

6.3 If you choose to withhold your Personal Information, it may not be possible for us to provide you with our products and services or for you to access certain parts of our website, call centre or support line and for us to respond to your query.

 

7. Website, Third Party Web Tools and Cookies

7.1 When you access our website or customer portal (also provided to end users) from a computer, mobile phone, or other device, we may make a record of your visit and logs for statistical and business purposes and we may collect information including: the user’s server address, the user’s domain name, IP address, the date and time of visit, the pages accessed and documents downloaded, the previous site visited, the operating system used and the type of browser used. We may also track some of the actions you take on our website or customer portal such as when you provide information or content to us.

7.2 The information collected is mostly anonymous traffic data aside from the approximate location (IP address) and may include browser type, device information, and language. The information collection is in aggregate form so that it cannot identify any individual user and provides an overview of how people use our Website. It is not used for any additional purpose.

7.3 We may use “cookies” (small pieces of data we store for an extended period of time on your computer, mobile phone, or other device) to make our website easier to use. We also use them to know when you are interacting on the FirstWave website. You can remove or block cookies using the settings in your browser, but in some cases that may impact your ability to use some areas on our website.

7.4 If you access FirstWave’s website or customer portal from outside Australia, you accept responsibility for ensuring or confirming compliance with all laws in that jurisdiction that apply to you as a result of that access or any consequent transactions or dealings with us, the website or other users.

7.5 Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party and we are not responsible for the privacy policies or the content of any third party.

7.6 We use technologies and third-party services that use Google Analytics, pixels, tags and web beacons (code snippets) on our Website to improve user experience, the supply of our products and services and to analyse how our Website is used.

7.7 Our Website may from time to time have links to other websites not owned or controlled by us. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. FirstWave is not responsible for the privacy practices of other such websites.

7.8 We take care to ensure that any personal information you give us on the internet through one of our websites is protected and secure. We use cookies to protect and ensure the security of information that you give to us on our web sites. You should keep any passwords or access codes that you have confidential. They are used to control your access to our products and services and are important in helping us to maintain the security of your personal information and the integrity of our internet services.

 

8. How we Store and Secure your Personal Information

8.1 Where we hold your personal information, we take reasonable steps to ensure that the information is secure and may only be accessed by authorised persons.

8.2 Where we store personal information electronically, we endeavour to secure that information, using both physical and technical means, in accordance with industry practice, including the use of secure servers with password protection and strict access controls. We endeavour to review and update our security procedures from time to time, in order to renew and improve those procedures.

8.3 In limited situations, where a customer or end user has requested our assistance, FirstWave technical staff may have access to customer or end user data, which may include personal information, for troubleshooting and technical assistance, but only to the extent necessary for the completion of those services and subject to applicable confidentiality and privacy restrictions.

8.4 Although we take all reasonable measures to ensure the security of personal information stored on the FirstWave platform, we are not responsible for third party circumvention of security measures on the FirstWave platform, whether at any of our premises or those of our service providers. Please note that third party recipients of personal information, including our customer and end users that provide the information, may have their own privacy policies and we are not responsible for their actions, including their handling of personal information.

8.5 We cannot control the actions of other users with whom you share your information. Further, we cannot guarantee that only authorised persons will access your personal information. Please notify us immediately if you believe there has been any unauthorised access to your information.

8.6 We may be asked to archive or store information, including personal information, as part of the services we provide for our customer and end users. If any personal information that we hold is no longer required for the purpose for which it was collected and no applicable law requires us to retain that information, we will take reasonable steps to de-identify or destroy the information in accordance with applicable law. The FirstWave platform may be used to automatically remove data after a retention period has ended.

8.7 The transmission and exchange of data is carried out at your own risk. We cannot guarantee the security of any data that you transmit to us or receive from us over the Internet. Although we take measures to safeguard against unauthorised disclosures of data, we cannot assure you that Personal Information that we transmit to you or you transmit to us will not be disclosed in a manner that is inconsistent with this Privacy Statement.

 

9. Access To and Correction of Personal Information

9.1 We will use reasonable steps to ensure the personal information we hold is complete, up to date and accurate, so far as it is practicable for us to do so.

9.2 You may request access to the personal information we hold about you by contacting our Privacy Officer. We may, at our discretion, provide you with access to your personal information and we reserve the right to charge you an inexcessive fee for giving access.

9.3 Subject to paragraph 9.4, if personal information we hold about you is incorrect, we will, on your request to correct it or where we are satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading, take such steps as are reasonable in the circumstances to ensure that the information is corrected. However, we note that, due to the nature of the services that we provide, it may not be possible or practicable to correct or provide access personal information that is stored or provided by our customers and end users.If you request us to correct personal information that we hold about you and we refuse to do so, we will, to the extent reasonable, provide you a written response as to our reasons. We reserve this right, in certain circumstances set out in the Privacy Act 1988 (Cth).

 

10. General Data Protection Regulation (GDPR)

  1. If you are an individual residing in the European Union (EU), we collect and process Personal Information about you in accordance with the GDPR. We process your Personal Information as a Processor and to the extent that we are a Controller as defined in the GDPR.
  2. If you are an individual residing in the European Union (EU), we collect and process Personal Information about you in accordance with the GDPR. We process your Personal Information as a Processor and to the extent that we are a Controller as defined in the GDPR.
  3. We do not knowingly collect or process any Personal Information from you that is considered “Sensitive Personal Information” under the GDPR.
  4. We do not knowingly collect or process Personal Information of persons 13 years or younger. If you are under the age of 16, we request that you obtain and provide parental consent as required by the GDPR.

The Personal Information Rights of Individuals Residing in the EU

  1. If you are an individual residing in the EU, you have certain rights as to how your Personal Information is being controlled and used.
  2. We comply with your rights under the GDPR (subject to the grounds set out in the GDPR) that permit you:
    1. to be informed as to how your Personal Information is being used;
    2. to access your Personal Information and to know specifically what information is held about you and how it is processed, where and for what purpose (we will provide you a copy of your Personal Information in electronic format free of charge if requested);
    3. to rectify your Personal Information if it is inaccurate or incomplete;
    4. to erase your Personal Information (also known as ‘the right to be forgotten’) if you wish to delete or remove your Personal Information;
    5. to restrict processing of your Personal Information;
    6. to retain and reuse your Personal Information for your own purposes (Personal Information portability);
    7. to object to your Personal Information being used; and
    8. to object against automated decision making and profiling.
  3. You can contact us any time to exercise your rights under the GDPR including as to:
    1. request access to Personal Information that we hold about you;
    2. to correct any Personal Information that we hold about you;
    3. delete Personal Information that we hold about you; or
    4. opt out of emails, marketing, and any other push notifications that you receive from us.

We may ask you to verify your identity before acting on any of your requests.

If you have any questions about FirstWave’s collection and storage of data, please contact us.

 

11. International Data Transfers – Overseas Disclosure

FirstWave data, which may include PI, is stored with our infrastructure services provider, in various locations throughout the world. At times, data may be located at a customer or end user’s premises, or with their service provider, as part of a private cloud solution.

  1. We may store, process and transfer your data, including your Personal Information in countries other than the country you live in. Data transfer may occur in and between countries outside of Australia which may include but are not limited to the United States and Europe.
  2. Where we disclose Personal Information to a third party in another country, we put safeguards in place to protect your Personal Information and we will endeavour to obtain consent from you where necessary under the relevant Privacy regulations.
  3. You may not have the same rights to protect your data in these countries as you do in Australia. Where your data has been transferred to a country abroad, it will be treated in accordance with the purposes described in this Privacy Statement.
  4. For individuals in the European Economic Area (EEA), there may be circumstances where your data will be stored and processed in Australia which provides an adequate level of data protection. If your personal data is transferred from the EEA to a country or international organisation outside of Australia, we will ensure that we have approved transfer mechanisms in place to protect your Personal Information adequately (for example, by entering into the European Commission’s Standard Contractual Clauses for data protection for data that is transferred internationally or ensuring the entity is Privacy Shield certified for data transfer to third parties based in the United States).

 

12. Questions and Complaints

12.1 If you have a question about how we handle personal information, or wish to lodge a complaint about our management of personal information, you may contact our Privacy Officer:

Attention: Privacy Officer – privacy@firstwave.com.au

For EU data subjects:
Attention: Data Protection Officer dpo@firstwave.com

12.2 The Privacy Officer will co-ordinate the investigation of any complaint and any potential resolution of a complaint. We will aim to resolve all complaints as soon as practicable for us to do so.

 

Note:
We may change this Privacy Policy at any time. If we make changes to this Privacy Policy we will notify you by publication on our Website. The revised version of the Privacy Policy will be effective at the time we post it.

Version 1.3 – June 2023
Would you like to make a Privacy Request?