Privacy Policy

This Privacy Policy describes how Cimplico Australia Pty Ltd (ABN 96 634 479 315) (we, us or our) collect, hold, disclose and otherwise use your personal information (you, your) if you visit or use our website, use our platform and other services, engage with us on social media, send us a job application, if you call, email, visit or otherwise interact with us, or if your personal information is included in data uploaded by our subscribers.  

Please read this Privacy Policy carefully. If you have any questions or if you do not understand anything explained in it, please contact us. 

If you provide to us or use our service to share with a third party any personal information relating to others, please only do so with their consent.  

1. What personal information do we collect and hold? 

“Personal information” generally means information about you that identifies you.

It does not include any information that does not relate to you, is pseudonymised or anonymised, and cannot be linked back to you. Ultimately, the assessment of what constitutes your personal information will depend on the circumstances of your interaction with us and our use of the information. 

For ease of reference, we have grouped information into types described in paragraph 9.

2. Data minimisation  

We take reasonable steps to only collect personal information that is reasonably necessary for our lawful functions and activities and that is pseudonymised or anonymised, where possible. For example, for the operation of our website, display advertising, product development, and our security processes, pseudonymised information will suffice, without the need for your personal information.  

We encourage you to use a pseudonym or to remain anonymous, unless this is impractical in the circumstances. For example, it will be necessary for us to know your identity if you use our platform or other services, make a complaint, subscribe for marketing, or exercise your data rights. Without your personal information in those circumstances, we will be unable to provide our services or respond to you. 

3. Why and how we collect, hold, disclose or otherwise use your personal information? 

We list below some (but not all) of the purposes, functions and activities why we collect, hold, disclose and otherwise use your personal information. Other purposes, functions and activities may become obvious or expected by you when we collect your personal information. 

Purpose	Personal information	How collected and held?	Consequences if not collected
To provide our online services, content and features. For example, when you visit our website, your browser will provide information to enable us to display our content in a compatible manner.	device and browser details	Automated collection and use by your device and our systems.	Disabling these automated processes may result in a reduced service.
To provide technical support, assist with your enquiries and for complaints handling. For example, we collect your personal information so that we can respond to you if you request support, make an enquiry or contact us about a complaint.	user account information   details of your enquiry   general details	Receipt of your communication and storage on our systems.	Unable to respond without relevant information.
Creating your user account. For example, if you wish to create a user account, we will ask for certain mandatory and optional information and we may verify your contact details, for example, by sending an activation link by email.	user account information	You input your information for storage and use on our systems.	Unable to create an account without receiving and verifying your information.
To provide our platform and services to our subscribers and their users, including professionals and corporates in the finance, accounting and tax sectors and others.      Our subscribers and users use our platform and other services to import and interrogate financial and other data. We hold such “subscriber data” (as described in paragraph 9) on behalf of our subscribers to provide our services to them. As we do not use such subscriber data for any other purpose, our terms and conditions stipulate that our subscribers are responsible for complying with your data privacy rights and other aspects of such subscriber data, and we rely on them in this regard.	subscriber data	Uploaded by users on behalf of each subscriber.	Unable to provide our service as expected by you without your information.
To receive and publish your reviews and testimonials of our platform and services. We may seek information to verify you as our user before publishing your views.	user account information   usage and engagement information	Receipt of your product review for storage and use on our systems.	Not willing to publish a review without confirming that the reviewer is genuine.
To send you service communications about the availability of our platform and services, security messages such as password reset instructions, changes in our terms, surveys, etc.	user account information   general details  usage and engagement information	Receipt of your communication and storage on our systems.	Unable to send service communications without your information.
Respond to your job application. For example, upon receipt, we will consider your application based on its content, public data, your references and other information, using appropriate software tools.	job application information  public data	You send your application for storage and use on our systems.	Unable to consider your application without your information.
To call you or send you interest-based marketing communications (by email, text and other means) to promote us and third-party organisations and relevant products and services based on your past and predicted future activity, if you subscribed for our marketing, enquired about our platform or services or created a user account with us, unless you opt out of our marketing. We will maintain opt-out records. We may create your marketing profile based on information known, observed and inferred and share it with our marketing partners and platforms to enhance our audience lists, personalise content and deliver targeted marketing communications.	user account information   general details  preferences and interests  usage and engagement information	Automated collection and enhancement through cookies, pixels and similar technologies, predictive analytics, and storage in our customer management system and marketing platforms.	Unable to call you or send you relevant marketing without your information.
Display online advertising about our services, webinars, events and other content on web properties that you use, for similar purposes and by similar means as described above.	pseudonymised information including preferences, usage and engagement information	As above.	Unable to display relevant online advertisements without technical usage information.
To personalise content and features for service delivery. For example, based on your user activity on our platform, we may guide you to your most recent work projects when you log in.	preferences and interests  usage and engagement information	As above.	Unable to personalise without your information.
To produce reports about customer trends, market trends, inefficiencies, cost-saving opportunities and other data-driven research based on aggregated financial and other data.	all reasonably necessary pseudonymised or anonymised information	Aggregating data and producing research records.	Unable to analyse trends without your pseudonymised or anonymised information.
To design, develop and improve our services by analysing user traffic, market trends and other aggregated data.	all reasonably necessary pseudonymised or anonymised information	As above.	Unable to develop services without your information.
To ensure proper administration of our organisation, which may include keeping appropriate records, planning, accounting, troubleshooting, measuring marketing performance, resource allocation, enforcing our terms, debt collection and similar functions and activities.	all reasonably necessary information	As above.	Unable perform certain administrative tasks without your information.
To engage our third-party service providers who may use your personal information on our behalf for the fulfilment of essential service functions which we cannot fulfil ourselves, such as analytics, cloud storage, payment processing, communications, security, web hosting, and others, as well as our advisors such as lawyers, accountants, insurers and others. Some of these providers will use your personal information for their own compliance and other internal purposes.	all reasonably necessary information	Disclosing and using information with our third-party providers who use it on our behalf or for their own purposes.	Unable to provide our services without engaging third parties which may necessitate your personal information to provide services to us.
To ensure the security of our systems and online services. For example, we may monitor our networks and usage data for suspicious activities, test and audit our systems, ensure compliance with our terms and deploy appropriate security measures.	security information	Automated collection and use by our systems.	Unable to safeguard personal information without data-driven security processes.
To disclose information to our affiliated companies to receive intra-group services for efficient allocation of our group’s resources and for collaborations between our group companies.	all reasonably necessary information	Received from or disclosed to our group companies.	Unable to share resources and collaborate without receipt or disclosure.
To disclose information to another organisation for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation or similar event relating to our organisation.	all reasonably necessary information	Received from or disclosed to another entity to pursue related purposes.	Unable to act in the best interest of our shareholders without receipt or disclosure of personal information.
To assist law enforcement and other public authorities in detecting, preventing and investigating crime or breach of the law in accordance with good practice and the law.	all reasonably necessary information	Received from and disclosed to law enforcement and public authorities.	Unable to assist public authorities without receiving or disclosing your personal information.
To collect, use, hold, or disclose personal information as is required for compliance with the law, exercising legal rights and defending legal claims.	all reasonably necessary information	Collected from you, third party sources, or by automated means, for use on our systems	Unable to comply with the law, exercise right or defend legal claim without the use and disclosure of your personal information.

We will update this Privacy Policy to include any new purposes from time to time and we will obtain your prior consent for such new purposes where we are required to do so at law. We may not require your prior consent if the secondary purpose is related to our primary purpose and reasonably anticipated by you or otherwise authorised or required by law (for example, if a so called ‘permitted general situation’ arises). 

4. Cookies, pixels and similar technologies 

We may use cookies, pixels and similar technologies as described above. A cookie is a small text file that the website may place on your device to read and store information about your online activity. Pixels or tags are tiny graphics files that are downloaded when you interact with our online services and alert us about your activities, such as email opened, or content viewed. Tracking URLs are custom generated links that help us understand which page you come to us from and later go to. Local storage session storage and similar technologies are used to more efficiently manage the storage of information that allows you to access our online services on your device. Digital fingerprint is used to recognise your device based on your device and browser data without relying on cookies.   

We may use temporary session trackers or persistent trackers which remain on your device even after you close your browser. Some help speed up your future use of our website or app or help display content in a compatible manner. Others are used to display relevant advertisements to you, develop your marketing profile or measure ad and marketing performance. Some of our trackers deployed by third parties include Google Analytics, Intercom Analytics, Sentry and others.  

You may refuse to use trackers by selecting the appropriate settings on your browser. Please be aware that if you opt-out of certain trackers, some or all of the functionality of our online services may be reduced or unavailable.  

If you clear cookies in the browser on your device, the next time you visit our online services, cookies and similar technologies will be deployed again. However, you can prevent this by permanently blocking them in your browser.  

5. Cross-border disclosure of personal information 

Generally, we do not disclose your personal information to overseas recipients and your personal information will stay in Australia, except where:

• we engage third party service providers to use and hold your personal information on our behalf. Such engagement may not constitute a “disclosure” because we retain control over how your personal information is used, but your information may be held abroad, for example, in the US;  

• where you engage with third party services, such as plug ins (e.g. Instagram like button), on our web properties, you may be consenting to sharing your personal information with third parties (e.g. Meta in the US);  

• where we engage third parties outside Australia to provide services to us, such as consultancy, which may include a disclosure of your personal information to them; and 

• in other circumstances.   

As required by law, before any disclosure to an overseas recipient we endeavour to satisfy ourselves that your information will be protected in a way that, overall, is at least substantially similar to the way it is protected under Australian law. For example, we may enter into an appropriate cross-border data transfer agreements with our recipients.  

6. How do we store and protect your personal information? 

We will take such steps as are reasonable in the circumstances to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

We will store personal information in computer systems and databases operated by either us or our external service providers. We require our users to enable multi-factor authentication to access their user accounts.  

We carry out regular information security risk assessments which inform our security policy. Our staff will have limited access privileges to ensure your personal information is accessed on a “need to know” basis. Our staff are required to comply with our information security policies, attend training and participate in regular audits.   

We also seek to ensure our third-party service providers do the same. We only appoint service providers under appropriate contract who provide sufficient guarantees about data security in accordance with applicable law.  

However, while we take reasonable steps to maintain secure internet connections, the transmission of information on the internet is never completely secure.  

7. How long will we keep your personal information? 

We will take such steps as are reasonable in the circumstances to destroy, anonymise or pseudonymise your personal information if no longer needed for our purposes, unless its continued retention is otherwise required by law. 

For example, your user account information may be retained for 7 years after account closure. The details of your enquiry may be retained for the duration of your account but no longer than 7 years after receipt of the enquiry. Subscriber data will be retained for 60 days after the end of a subscription or deleted ealier as instructed by our user. 

8. Your data privacy rights   

Subject to certain exemptions and verification of your identity, as appropriate, you have the following data privacy rights in respect of your personal information:  

• Right to information provided by us in this Privacy Policy. 

• Right to access your personal information held by us. You may access your personal information in your user account or by contacting us.  

• Right to correction of your personal information held by us. We will take reasonable steps in the circumstances to ensure your personal information is accurate, up-to-date, complete, relevant and not misleading in the context of each relevant purpose. 

• Right to opt out from marketing by using the unsubscribe facility in our communications or by contacting us. 

We will respond within a reasonable time, typically, within one month, following your request. If we need more time, we will let you know why and when you can expect our response.  

We may refuse requests on certain grounds, for example, if they are unreasonably repetitive, disproportionately demanding, impracticable or otherwise exempt. If we refuse your request, we will explain our lawful reason for doing so.  

Generally, we will handle your requests free of charge. However, in some circumstances, we may recover from you our reasonable costs of supplying you with access to your personal information in accordance with the law. 

9. Types of personal information

We use the following types of information which may constitute your personal information depending on the circumstances of your interaction with us and our use of the information.

Types of information	Description
details of your enquiry	Enquiry, complaint or other communication from you.
device and browser information	Device ID, IP address, online identifiers, operating system, browser type, language, time zone setting, location, date and time of access and other information automatically provided by your device.
general details	Your name, date of birth, address, email, telephone number and similar information.
job application information	Application information, employment history, references from your previous employer, referees and other third parties.
preferences and interests	Information about the circumstances of your business and your preferences and interests known, observed or inferred from various sources including form public data, from our advertising and analytics partners, generated by predictive algorithms or information collected through cookies and other forms of online tracking technologies.
public data	Publicly available information about you.
security information	Security logs, activity, behavioural patterns, usage and engagement information, device and browser information and similar information recorded or generated by security systems.
subscriber data	Personal information imported by our subscribers for use by their users in our platform and services.
usage and engagement information	Downloads, log data, scrolling, clicks, mouse-overs, active time spent, clickstream data with URLs visited previously, methods used to browse away, email open rates, content click rates, view rates, ‘likes’ on social media platforms, survey, feedback and product review information, and similar engagement information, typically collected through cookies and other forms of online tracking technologies by us and third parties.
user account information	Username, password, subscriber name, profile information, details of your identity verification and documents, user account choices and preferences, marketing opt-out and similar information provided by you.

 

10. Third party services 

Third party applications, features, plugins, integrations and other services accessed from our website and other online properties may collect and use your personal information. Please familiarise yourself with the relevant privacy policies before using them, as we are not responsible for third party services. 

11. Queries and complaints 

For any enquiry or complaint, please contact us by email to administrator@cimplico.com. 

We will endeavour to respond to any queries about data privacy within 14 days of receipt. If we receive a complaint from you about how we have handled your personal information, we will determine what (if any) action we should take to resolve the complaint and endeavour to respond to your complaint within 30 days of receipt.

If we cannot resolve a complaint related to your personal information or you are dissatisfied with the outcome or handling of your complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC) directly.  See www.oaic.gov.au for further information. 

12. Changes to our Privacy Policy 

If we make any changes to our Privacy Policy, you will be able to see them on this page. You should regularly check for updates, as indicated by the “Last updated” date at the bottom.   

If you do not agree with the changes, please do not continue using our online and offline services. Of course, if any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law. 

 

Last updated: 12 September 2024