At CertCrowd, we know that our customers care about how their information is used and shared, and we take your privacy seriously.
This Policy explains what information CertCrowd collects about you, why we collect it, and how we manage the information provided via our products and services. We provide information on the options regarding our use of your personal information and describe how you can access, update and remove this data.
When we refer to CertCrowd, “we” or “us” in this Policy, we are referring to CertCrowd and its associated entities, together with, as applicable, the CertCrowd Services. This policy applies across all websites that we own and operate and all services that we provide, including https://certcrowd.com/ and app.certcrowd.com. For the purpose of this document, we’ll refer to them simply as our ‘Services’.
Information you provide
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
We collect personal information when you register for an account, create or modify your profile, or otherwise use, access, or interact with our services. Personal information we collect may include:
- Contact information such as name and email address
You may enter this information yourself, or alternatively, your personal information may be entered by an account administrator on your behalf (usually someone from your organisation).
We also collect the following personal information from the owner of the CertCrowd account:
- Contact information such as name and email address
CertCrowd primary activity is to provide services facilitating compliance and risk management. To provide this functionality, CertCrowd allows you to import the following information into the services:
- Company information
- Employee names, email addresses and job titles
- Information regarding Compliance obligations and status
- Incident and Hazard Information
- Information regarding how risks are managed and risk ratings
This information can be entered manually or imported directly from third party services where you have provided us permission to do so.
Information we collect from your usage of CertCrowd Services
As with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Services.
This information includes browser type, internet protocol (IP) address, language preference, URL of referring site, operating system, and the date and time of each interaction. Some URLs you access may contain your email address as necessary to perform the requested operations, and therefore your email address would be stored in the log file.
Usage data & analytics
We collect usage data automatically as you interact with our services. This data is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible.
Cookies & other tracking technologies
Cookies are small data files that a website stores on a visitor’s computer. CertCrowd may use both session Cookies (which expire once the web browser is closed) and persistent Cookies (which stay on the computer or devices until they are deleted) to help us identify and authenticate visitors, track usage, and store preferences. You can configure your browser to stop accepting cookies or to prompt you before accepting a cookie from websites you visit; however, this may impact your use and enjoyment of CertCrowd Services.
Information we collect from other sources
How we use the information we collect
We don’t disclose your information to entities outside the CertCrowd group except as described in this policy.
We will not sell or rent your information.
We do not share your information with third parties for their marketing purposes (including direct marketing) without your consent.
The information we collect is used for a variety of purposes including to:
- Provide, operate, maintain, improve, and promote our services;
- Enable you to access and use our services, including uploading information, downloading reports, and sharing access with other users;
- Process payments and send you related communications, including invoices;
- Send you notices, product updates, security alerts, support and administrative messages;
- Provide customer support;
- Monitor and analyse trends, usage, and activities in connection with the Service, and for marketing or advertising purposes;
- Understand user demographics and behaviour for the purpose of product development;
- Investigate and prevent unauthorised access to the Service, and other illegal activities;
- Comply with our legal obligations, resolve disputes and enforce our agreements.
Other uses of your information are outlined below.
Access by other users
Please be aware that, depending on their role, other users within your business may have access to certain information. For example, a user with the ‘Administrator’ role for your business’s account can:
- Change your access and control the information that is made available to you.
- Delete your information
We may display personal testimonials of satisfied customers within our Services. With your consent, we may post your testimonial along with your name. If you wish to update or withdraw your testimonial, you can contact us using the contact information below.
Third Party Service Providers
We may share your information with third party service providers who provide services to us to help with our business activities. These companies are authorised to use your personal information only as necessary to provide these services to us. These services include payment processing, customer service, sending marketing communications, research and analysis, hosting, backup, cloud computing infrastructure.
CertCrowd takes steps to ensure that information is treated confidentially by third party service providers. If you would like more information on the services we use, please contact us using the contact information below.
Information Sharing with Public Authorities or Law Enforcement
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law or other circumstances, such as:
- to comply with a subpoena or other legal process;
- when we believe that disclosure is necessary to protect our rights;
- when we believe there has been a breach of our Terms of Service;
- to protect your safety or the safety of others;
- to investigate fraud, or
- in response to a lawful government request.
AdWords Remarketing is a remarketing service provided by Google. It connects the website visitor activity on https://certcrowd.com/with the Google Adwords advertising network. AdWords remarketing may display relevant ads on sites across the Internet, tailored to you based on what parts of the CertCrowd website you have viewed, by placing a cookie on your machine. Third-party vendors, including Google, use these cookies to serve the ads. You can opt out of that process at http://www.google.com/settings/ads
Aggregation of Analytic Information
We may use the personal information we collect about you and other users of our services to produce aggregated and anonymised analytics and reports, which we may publish or share with others.
You have certain rights relating to personal information that we hold about you. You have rights to:
- know what personal information we hold about you, and to ask us to correct or update it if you believe it’s incorrect or not current.
- request a copy of the personal information we hold about you.
- users in some jurisdictions may have additional rights, such as the right to request we cease using personal information or delete it.
You can enquire about or exercise these rights by sending an email to email@example.com
The length of time we retain personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
You can ask us not to send you marketing communications at any time. Simply follow the unsubscribe instructions contained in the marketing communication, or send your request to firstname.lastname@example.org
Even after you opt out from receiving marketing communications from us, you may continue to receive messages with important information regarding your use of the Services. For example, this may include notification of changes to our terms of Service, password reset emails, support notifications etc.
Our data store and data infrastructure provider is located in Australia. Personal information from users in other jurisdictions will be transferred to, and stored and processed in, that location. We have taken steps to satisfy ourselves that our provider will manage and secure our data in a way that is consistent with applicable regulatory requirements and international best practice.
We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business. You will be notified via email and/or a prominent notice of any change in ownership or related uses or disclosures of your personal information, as well as any choices you may have regarding your personal information in those circumstances.
When we do make changes, the date of the most recent update will be reflected in the ‘Last Updated’ date at the top of the Policy. For substantial changes, we will notify you by sending an email to the email address you have registered with or by providing a notification in-app or on the site prior to implementing any material changes regarding our privacy practices or this Policy.
1C 60 Enterprise Place,
Tingalpa, QLD 4173 An appropriate person within our organisation will consider any requests or complaints promptly, and respond to you in writing.