Privacy Policy

1.0. Introduction

This Privacy Policy (Policy) governs the use of Personal Information collected by Prevasio Pty Ltd (Company) in the process of scanning and analysing cloud assets, such as docker images.

2.0. Recitals

Company may, in the process of registering a Partner/Reseller, Storage Provider, Purchaser or User, collect Personal Information from such entities intending to directly use Prevasio or deploy Prevasio on third-party IT infrastructure.

This Policy is drafted in accordance with international frameworks, such as the OECD Guidelines, as relevant to the foundation for the development of national Privacy Laws in Australia, as well as other nations.

This Policy is governed, executed, and resolved in accordance with relevant laws of Commonwealth of Australia and State of New South Wales therein.

Company may amend this Policy at its discretion at any time based on legal compliance requirements. Any change will be effective from the date the revised Policy is posted electronically on the Company corporate website (Website).

3.0. Definitions

Australian Privacy Principles (APPs) means the amended Privacy Act 1988 (Cth.) that includes a set of harmonised privacy principles that regulate the handling of Personal Information by Australian and Norfolk Island Government agencies and private sector organisations as defined in Schedule 1 of Privacy Act 1998 (Cth.).

OECD Guidelines mean the 2013 OECD (Organisation for Economic Cooperation and Development) Privacy Guidelines, in particular, the Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (2013); [C(80)58/Final, as amended on 11 July 2013 by C(2013)79].

Personal Information is as defined in s 6 of Privacy Act 1988 (Cth.), which cites “means information or an opinion about an identified individual, or an individual who is reasonably identifiable: a) whether the information or opinion is true or not; and b) whether the information or opinion is recorded in a material form or not.

Relevant legislation means all relevant precedents, codes, statutes, transition legislation, Commonwealth, State and Territory Acts and international convention treaties where relevant in determining privacy rights.

4.0. Policy Statement

Electronic acceptance of Company Terms of Agreement to use Prevasio is an automatic acknowledgement of acceptance to this Policy.

Acceptance to this Policy by the authorized representative binds the accepting entity’s directors, officers, employees, contractors, agents, consultants and successors towards complying with this Policy requirement.

5.0. Collection of data

  • 5.1. Collection of data from users

    Company collects the data entities (including but not limited to, Resellers, Storage Providers, Purchasers et al.) voluntarily furnish during the registration process for using and/or deploying Prevasio in accordance with APPs. Data that is generated while creating the said entity account, e.g. login username, hashed password information and last login date and time to the Prevasio console are also collected.

  • 5.2. Collection of other types of data

    Company may automatically collect information on the deploying entity’s IT infrastructure specifications through the Prevasio deployment orchestrator or any of its sub component once that entity deploys Prevasio (e.g. IP address, gateway configurations et al.). The purpose of this collection, in accordance with APPs, is to determine conformance to minimum IT infrastructure requirements for functional deployment of Prevasio.

6.0. Use of collected data

In accordance with the APPs, data collected by Company is handled internally within the organization by in-house staffs that have a need to know basis of accessing such data. Data, if accessed, is purely for Prevasio product design enhancement and future business partner identification purposes.

Collected data is not sold to third-party entities.

With respect to recent amendments to the Privacy Act 1988 (Cth.), the scope of ‘trading in personal information’ does not apply to Company as the company does not collect user information for selling to third parties for profit. Company does not, and shall not, advertise or market to users, as well as share their details to third parties for marketing and advertising.

7.0. Disclosure of collected data

Company will not disclose collected data to any third-party legal entity unless explicitly ordered by a competent Australian legal authority through the issuance of subpoenas, court orders et al.

Users using or deploying Prevasio has the right to request information it has supplied to Company, in which case, based on the APPs, Company shall provide the information to the entity within a reasonable time frame.

8.0. Governance of collected data

Collected data is governed in accordance with industry-standard best practices. Company has implemented information security management systems and frameworks within its organization along the lines of being compliant to ISO 27001 : 2013, which is used in governing collected data.

Company manages all collected data securely and ensures continuous adoption of technology to enhance security and encryption of collected data.

Company retains the collected data until the user’s account is terminated, unless required to enforce the Company Terms of Agreement, resolve disputes or comply with legal obligations.

Company shall retain collected data to the maximum extent required by governing legislation unless explicitly advised by the user, in which case Company shall hand back to the user all its relevant collected data at costs borne by the user.

Company shall not send collected data outside Australian borders without explicitly obtaining consent from users.

9.0. Reporting of collected data

Company does not publicly report data collected from users. Reporting is restricted only to users with only that information they have provided. Company may report collected data to law enforcement agencies or legal institutions upon explicit judicial orders.

10.0. Compliance obligations

Company is compliant to the APPs cited in the amended Privacy Act 1988 (Cth.) that set the minimum standards for handling personal information.

11.0. Technology policies governing Privacy

  • 11.1. Cookie Policy

    Company’s Website is currently controlled for third-party cookie presence and uses cookies to a limited extent to enhance user experience. Company’s Website does not expose user devices to uncontrolled cookies.

    Company uses third-party analytics software tools for use in the source code of the Company corporate website to understand website traffic and website usage based on the policy that such services do not identify individual users or associate individual IP addresses in accordance with the legal theory of the Telecommunications (Interception and Access) Act 1979 (Cth.). By using this website, the user consents to the processing of data about itself in accordance with the legal theory of the aforementioned legislation.

    Company uses Google Analytics and the user consents to the processing of data about itself by Google in the manner described in Google's Privacy Policy and for the purposes set out above. The user can opt out of Google Analytics at any time if the cookie is disabled; JavaScript disabled, or use the opt-out service provided by Google.

  • 11.2. Third-party advertising policy

    Company does not endorse third-party vendors on advertising on the Company Website. Company’s policy in this aspect prohibits unsolicited referral programs, sponsored links, or advertisements on the Company Website.

  • 11.3. Internet marketing policy

    Company does not engage in unsolicited spamming through email marketing. Designing the Company Website in compliance to the Spam Act 2003 (Cth.) ensures that third-party entities cannot use the Company Website to send spam and/or undertake phishing and spoofing.

  • 11.4. Social media policy

    Company has a robust social media use and monitoring policy. Currently Company has limited presence social media platforms, including but not limited to, Facebook, Twitter and LinkedIn. Company limits access of third-party external cookies found in social media sites to the Company Website.

  • 11.5. Privacy issues escalation

    If you have any complaints about our privacy practices, please feel free to send in details of your complaints to

    We take complaints very seriously and will respond shortly after receiving written notice of your complaint.