Privacy Policy

1.0. Introduction

This Privacy Policy (Policy) governs the use of Personal Information collected by Prevasio Pty Ltd (Company) in the process of scanning and analysing cloud assets, such as docker images.

2.0. Recitals

Company may, in the process of registering a Partner/Reseller, Storage Provider, Purchaser or User, collect Personal Information from such entities intending to directly use Prevasio or deploy Prevasio on third-party IT infrastructure.

This Policy is drafted in accordance with international frameworks, such as the OECD Guidelines, as relevant to the foundation for the development of national Privacy Laws in Australia, as well as other nations.

This Policy is governed, executed, and resolved in accordance with relevant laws of Commonwealth of Australia and State of New South Wales therein.

Company may amend this Policy at its discretion at any time based on legal compliance requirements. Any change will be effective from the date the revised Policy is posted electronically on the Company corporate website https://www.prevasio.io (Website).

3.0. Definitions

Australian Privacy Principles (APPs) means the amended Privacy Act 1988 (Cth.) that includes a set of harmonised privacy principles that regulate the handling of Personal Information by Australian and Norfolk Island Government agencies and private sector organisations as defined in Schedule 1 of Privacy Act 1998 (Cth.).

OECD Guidelines mean the 2013 OECD (Organisation for Economic Cooperation and Development) Privacy Guidelines, in particular, the Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (2013); [C(80)58/Final, as amended on 11 July 2013 by C(2013)79].

Personal Information is as defined in s 6 of Privacy Act 1988 (Cth.), which cites “means information or an opinion about an identified individual, or an individual who is reasonably identifiable: a) whether the information or opinion is true or not; and b) whether the information or opinion is recorded in a material form or not.

Relevant legislation means all relevant precedents, codes, statutes, transition legislation, Commonwealth, State and Territory Acts and international convention treaties where relevant in determining privacy rights.

4.0. Policy Statement

Electronic acceptance of Company Terms of Agreement to use Prevasio is an automatic acknowledgement of acceptance to this Policy.

Acceptance to this Policy by the authorized representative binds the accepting entity’s directors, officers, employees, contractors, agents, consultants and successors towards complying with this Policy requirement.

5.0. Collection of data

6.0. Use of collected data

In accordance with the APPs, data collected by Company is handled internally within the organization by in-house staffs that have a need to know basis of accessing such data. Data, if accessed, is purely for Prevasio product design enhancement and future business partner identification purposes.

Collected data is not sold to third-party entities.

With respect to recent amendments to the Privacy Act 1988 (Cth.), the scope of ‘trading in personal information’ does not apply to Company as the company does not collect user information for selling to third parties for profit. Company does not, and shall not, advertise or market to users, as well as share their details to third parties for marketing and advertising.

7.0. Disclosure of collected data

Company will not disclose collected data to any third-party legal entity unless explicitly ordered by a competent Australian legal authority through the issuance of subpoenas, court orders et al.

Users using or deploying Prevasio has the right to request information it has supplied to Company, in which case, based on the APPs, Company shall provide the information to the entity within a reasonable time frame.

8.0. Governance of collected data

Collected data is governed in accordance with industry-standard best practices. Company has implemented information security management systems and frameworks within its organization along the lines of being compliant to ISO 27001 : 2013, which is used in governing collected data.

Company manages all collected data securely and ensures continuous adoption of technology to enhance security and encryption of collected data.

Company retains the collected data until the user’s account is terminated, unless required to enforce the Company Terms of Agreement, resolve disputes or comply with legal obligations.

Company shall retain collected data to the maximum extent required by governing legislation unless explicitly advised by the user, in which case Company shall hand back to the user all its relevant collected data at costs borne by the user.

Company shall not send collected data outside Australian borders without explicitly obtaining consent from users.

9.0. Reporting of collected data

Company does not publicly report data collected from users. Reporting is restricted only to users with only that information they have provided. Company may report collected data to law enforcement agencies or legal institutions upon explicit judicial orders.

10.0. Compliance obligations

Company is compliant to the APPs cited in the amended Privacy Act 1988 (Cth.) that set the minimum standards for handling personal information.

11.0. Technology policies governing Privacy