FirstWave is committed to the protection of your personal information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act). This policy sets out how we collect, use, manage and store personal information.
In this Policy:
personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true, and whether recorded in a material form or not. FirstWave Services mean the services performed by FirstWave, including those described in section 2.
Sensitive information means (without limitation) information about an individual’s race, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual
preference, criminal record, or health, genetic or biometric information. Subsidiaries has the meaning given to that term in the Corporations Act 2001 (Cth). “we” “us” “our” and “FirstWave” are reference to FirstWave Cloud Technology Limited (ACN 144 733 595) and its subsidiaries from time to time.
“you” and “your” means a natural person whose personal information we have knowingly collected.
2. Application of this Policy
2.1 FirstWave is a security and network monitoring technology company that provides various cloud-based services, including the provision of cloud security gateways, cloud analytics and cloud-based firewall services.
2.2 As a part of those services, information is provided by customers and end users of the FirstWave platform to FirstWave, including personal information delivered as a part of email
and web traffic scanning and analysis. The vast majority of this information passes through the FirstWave platform and is not held or recorded by FirstWave for any material length of time. At times however, customers or end users may request that FirstWave retains certain information, including archives and reports, which could include personal information of those customers’ or end users’ employees.
2.3 This Policy applies to personal information that FirstWave collects, uses, holds, discloses and stores in the course of providing the FirstWave Services, and otherwise in the course
of its business.
3. How we collect personal information
3.1 We collect personal information in a number of ways, including:
(a) in conducting the FirstWave services:
(i) in the course of our customers’ (and end users’) email and web browsing activity traffic passing through the FirstWave platform (but only to the extent
that this information is subsequently held for one of the below purposes);
(ii) providing data security and protection to enterprises;
(iii) where our customers or end users ask us to monitor data flows, where possible, secure data and systems, store or archive emails and web browsing
activities that include personal information; and
(iv) where our customers or end users ask us to, or use the FirstWave platform to, generate reports based on the information that passes through the FirstWave
platform, which may include an end user employer asking us to provide these services in relation to its employees’ work email and web browsing activities.
(b) where you, as a customer or end user, interact directly with our employees and such other persons acting for us or on our behalf, whether by telephone, email or some
other form of communication;
(c) where you provide information directly to us during a recruitment process (as a potential staff member), including filling out hard copy forms, through emails and by
face to face communication;
(d) where you provide feedback to us; and
(e) from publicly available sources of information.
customer or end user administrator has access to settings and a reporting front-end which may be used to adjust the scope of personal information collected or used. However, we note
that, due to the nature of the services that we provide, it may not be possible or practicable to remove or de-identify personal information that is collected, stored or provided by our
customers or end users.
3.3 If we do comply with your request, or if we have inaccurate or incorrect information, we may not have sufficient information to, or otherwise may be hindered:
(a) in the performance of the FirstWave Services for which we have been engaged, including security services, email and web traffic scanning and analysis, spam, virus
and other threat detection and analysis, firewall services and other services;
(b) in our ability to keep you informed of company updates and services information;
(c) in our ability to properly conduct our operations;
(d) in considering your application for employment with us; and (e) in our ability to respond to your inquiry or request.
4. What personal information we collect
4.1 The personal information that we may collect or hold will depend on the context in which we
collect it, and may include:
(a) names and contact information;
(b) home or work postal addresses;
(c) telephone or mobile phone numbers;
(d) payment information, in relation to payment for our services;
(e) internet protocol (IP) addresses;
(f) web browser cookies;
(g) email meta data, contents or addresses, and any other personal information you or a person ostensibly authorised by you (which may include an employer, where your employer is a customer or end user of FirstWave) submits to us, as well any other information that we consider is necessary to perform our functions and activities.
4.2 Where personal information is provided by a customer or end user of ours (e.g. information relating to a customer’s employee or representative, or of the customer’s end user), we rely on the customer and end users to ensure that the individuals whose information is being provided
have been informed about our role in collecting their personal information and, where necessary, informed about this Policy.
4.3 The performance of the FirstWave Services may from time to time involve the temporary collection of personal information from data being analysed by our services (such as when
included in emails or web traffic that passes through the FirstWave platform).
5. Purpose of collection, use and disclosure
5.1 We collect, use and disclose personal information for the primary purpose of conducting our business and providing the FirstWave Services described at section 2, which includes:
(a) providing cloud-based email security, security audits, web security services, URL filtering, malware and virus scanning;
(b) preparing reports based on the content provided as a part of the services described above;
(c) where requested, archiving and storing the content and reports described above;
(d) providing forensic and diagnostic data discovery services in connection with the above services;
(e) performing installation, integration, development and other professional services;
(f) delivering service and company update notices to our customers and, where necessary, end users to inform them about our services;
(g) responding to an inquiry or request received from an employer or individual;
(h) researching and assessing our services to identify possible improvements;
(i) fulfilling obligations to, and cooperating with, government authorities, partners, resellers, customers and end users;
(j) in the case of potential employees, assessing a person’s application for employment with us; and
(k) resolving disputes and queries, and any other matters that may reasonably be expected in connection with the above matters, where we have obtained consent for other collection activities, or are otherwise required to do so by law.
5.2 In conducting our operations, we may share personal information with, or receive personal information from, third parties such as our service providers and contractors (and our
customers where they are providing partner or reseller services) where necessary for them to provide their services. Unless you have agreed otherwise, these parties are not allowed to use
your personal information for any other purpose except to assist in conducting our business, and we take reasonable steps to ensure that third parties are subject to confidentiality
requirements. In particular, we may disclose your personal information to:
(a) third party technology services providers;
(b) third party security software providers; and
(c) partners or resellers where they are our direct customer,
as well as where you otherwise provide your consent, whether express or implied, or we are
otherwise required to share that information by law.
6. Overseas disclosure
FirstWave data is stored with our infrastructure services provider, in various locations globally. At times, data may be located at a customer or end user’s premises, or with their service provider, as part of a private cloud solution.
6.1 We do not disclose your personal information overseas. However, in the event that a customer or end user has asked that personal information is disclosed overseas, or there is otherwise a requirement to do so, we will endeavour to obtain consent from you where necessary under the Privacy Act.
7.1 When you access our website or customer portal (also provided to end users) from a computer, mobile phone, or other device, we may make a record of your visit and logs for statistical and business purposes and we may collect information including: the user’s server address, the user’s domain name, IP address, the date and time of visit, the pages accessed
and documents downloaded, the previous site visited, the operating system used and the type of browser used. We may also track some of the actions you take on our website or customer
portal such as when you provide information or content to us.
7.2 We may use “cookies” (small pieces of data we store for an extended period of time on your computer, mobile phone, or other device) to make our website easier to use. We also use
them to know when you are interacting on the FirstWave website. You can remove or block cookies using the settings in your browser, but in some cases that may impact your ability to
use some areas on our website.
7.3 If you access FirstWave’s website or customer portal from outside Australia, you accept responsibility for ensuring or confirming compliance with all laws in that jurisdiction that apply to you as a result of that access or any consequent transactions or dealings with us, the website or other users.
7.4 Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party and we are
not responsible for the privacy policies or the content of any third party.
8. Storage and security of personal information
8.1 Where we hold your personal information, we take reasonable steps to ensure that the information is secure and may only be accessed by authorised persons.
8.2 Where we store personal information electronically, we endeavour to secure that information, using both physical and technical means, in accordance with industry practice, including the use of secure servers with password protection and strict access controls. We endeavour to review and update our security procedures from time to time, in order to renew and improve those procedures.
8.3 In limited situations, where a customer or end user has requested our assistance, FirstWave technical staff may have access to customer or end user data, which may include personal
information, for troubleshooting and technical assistance, but only to the extent necessary for the completion of those services and subject to applicable confidentiality and privacy
8.4 Although we take all reasonable measures to ensure the security of personal information stored on the FirstWave platform, we are not responsible for third party circumvention of
security measures on the FirstWave platform, whether at any of our premises or those of our service providers. Please note that third party recipients of personal information, including our customer and end users that provide the information, may have their own privacy policies and we are not responsible for their actions, including their handling of personal information.
8.5 We cannot control the actions of other users with whom you share your information. Further, we cannot guarantee that only authorised persons will access your personal information. Please notify us immediately if you believe there has been any unauthorised access to your information.
8.6 We may be asked to archive or store information, including personal information, as part of the services we provide for our customer and end users. If any personal information that we hold is no longer required for the purpose for which it was collected and no applicable law requires us to retain that information, we will take reasonable steps to de-identify or destroy the information in accordance with applicable law. The FirstWave platform may be used to automatically remove data after a retention period has ended.
9. Access and correction
9.1 We will use reasonable steps to ensure the personal information we hold is complete, up to date and accurate, so far as it is practicable for us to do so.
9.2 You may request access to the personal information we hold about you by contacting our Privacy Officer. We may, at our discretion, provide you with access to your personal
information and we reserve the right to charge you an inexcessive fee for giving access.
9.3 Subject to paragraph 9.4, if personal information we hold about you is incorrect, we will, on your request to correct it or where we are satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading, take such steps as are reasonable in the circumstances to ensure that the information is corrected. However, we note that, due to the
nature of the services that we provide, it may not be possible or practicable to correct or provide access personal information that is stored or provided by our customers and end
9.4 If you request us to correct personal information that we hold about you and we refuse to do so, we will, to the extent reasonable, provide you a written response as to our reasons. Direct marketing FirstWave does not use personal information for the purpose of direct marketing.
10. Questions and complaints
10.1 If you have a question about how we handle personal information, or wish to lodge a complaint about our management of personal information, you may contact our Privacy
Attention: Privacy Officer
10.2 The Privacy Officer will co-ordinate the investigation of any complaint and any potential resolution of a complaint. We will aim to resolve all complaints as soon as practicable for us to do so.
11. Changes to this Policy
effective at the time we post it.