2.2 You should always review the policies of third party products and services to make sure you are comfortable with the ways in which they collect and use your information.
3.1 Add-On: A bundle of code, resources and configuration files that can be used with an Octopus BI product to add new functionality or to change the behavior of that product’s existing features.
3.2 Octopus BI Services:: Octopus BI’s Websites, Hosted Products, and On-Premise Products.
3.3 Content: Any information or data that you upload, submit, post, create, transmit, store or display in an Octopus BI Service.
3.4 Device: means any computer used to access the Octopus BI Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.
3.5 On-Premise Products: Octopus BI software products and mobile applications, including Add-Ons created by Octopus BI, that are installed by customers on an infrastructure of their choice. On-Premise Products do not include Add-Ons created by third parties, even when they are accessed through Octopus BI Services.
3.7 Personally Identifiable Information (PII): Information that may be used to readily identify or contact you as an individual person, such as: name, address, date of birth, email address, relationships or phone number. PII does not include information that has been anonymised such that it does not allow for the identification of specific individuals.
3.9 Websites: Octopus BI’s websites, including but not limited to Octopus BI.com.au, support. Octopus BI.com.au, help.Octopus BI.com.au, payments.Octopus BI.com.au and any related websites, sub-domains and pages.
5 The information provided to us
We collect the following information:
(a) Account and profile information: We collect information about you and your company as you register for an account, create or modify your profile, make purchases through, use, access, or interact with Octopus BI Services (including but not limited to when you upload, download, collaborate on or share Content). Information we collect includes but is not limited to your name, username, address, email address, phone number, profile photo, job title, or credit card details. You may provide this information directly when you enter it in Octopus BI Services.
(c) Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our Hosted Products or Websites. Such Content includes any PII or other sensitive information that you choose to include (passively-collected PII).
(d) Other submissions: We collect other data that you submit to our Websites or as you participate in any interactive features of the Octopus BI Services, participate in a survey, contest, promotion, sweepstakes, activity or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us. For example, information regarding a problem you are experiencing with an Octopus BI product could be submitted to our Support Services or posted in our public forums. Any information, including PII, that you submit to our Websites could be visible to the public unless submitted to a secure area in the Website.
There may be some instances where information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you. We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.
If the information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the service you, or they, are seeking.
6 Information we collect from your use of Octopus BI Services
6.1 Web Logs: As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and Hosted Products. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your Devices, your mobile carrier, and system configuration information. In the case of our SaaS Product, the URLs you accessed (and therefore included in our log files) includes but is not limited to elements of Content (such as search terms, class codes on homepage URLs, unique hash tokens) as necessary for the SaaS Product to perform the requested operations. Occasionally, we connect PII to information gathered in our log files as necessary to improve Octopus BI Services for individual customers.
6.2 Analytics Information from Website and Hosted Products: We collect analytics information when you use our Websites, On-Premise and Hosted Products to help us improve our products and services. In the On-Premise and Hosted Products, this analytics information consists of the feature and function of the Octopus BI Service being used, the domain name, the username and IP address of the individual who is using the feature or function (which will include PII if the PII was incorporated into the username), the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of the Octopus BI Services are being affected.
6.3 For example, in Octopus when you create a homepage we collect information about which template was used, what components were added to the page, the position and the settings used on these components. We also collect information about the types of content and media that is uploaded and embedded into Octopus.
6.5 Analytics Information Derived from Content: Analytics information also consists of data we collect as a result of running queries against Content across our user base for the purposes of generating Usage Data. ‘Usage Data’ is aggregated data about a group or category of services, features or users that does not contain PII. For example, we may query Content to determine the most common features or homepage components are used within the system (e.g. what percentage of all instances use the resource booking system effectively) by searching across the Content, or we may query Content to determine which class pages use the course outline homepage component the most to establish the demographic of which year levels use this functionality the most. This is in order to better understand the composition of our user base. Though we may happen upon sensitive or PII as we compile Usage Data from Content across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Content of any particular customer.
6.6 Analytics Information from On-Premise Products: We collect analytics information when you use our On-Premise Products to help us improve our products and services. Our On-Premise Products contain a feature that sends information about the technical operation of the On-Premise Products on your systems (System Information) to us. System Information includes but is not limited to information about:
(a) the server environment in which the Self Hosted Product is operating, for example hardware specification (CPU type, RAM allocation, disk utilisation), version information on all software installed (OS type and version, PHP version and modules installed, database types and versions) and all software configuration (network configuration, database settings, web server settings); as well as
(b) user client information, for example: browser type and version, native client type and version, and client device specifications (e.g. screen resolution, OS version, device type, etc.). In addition, we collect analytics information from On-Premise Products that is a subset of the analytics information described above for Websites and Hosted Products. You can disable our collection of analytics information from On-Premise Products by submitting a support request via our Help Centre or by blocking collection at the local network level.
7 Information we collect from other sources
8 How we use Information we collect
8.1 General Uses: We use the information we collect about you (including PII to the extent applicable) for a variety of purposes, including to:
(a) provide, operate, maintain, improve, and promote Octopus BI Services;
(b) enable you to access and use Octopus BI Services, including uploading, downloading, collaborating on and sharing Content;
(c) process and complete transactions, and send you related information, including purchase confirmations and invoices;
(d) communicate with you, including responding to your comments, questions, and requests; providing customer service and support; providing you with information about services, features, surveys, newsletters, offers, promotions, contests and events; providing other news or information about us and our select partners; and sending you technical notices, updates, security alerts, and support and administrative messages. Generally, you have the ability to opt out of receiving any promotional communications as described below under ‘Your Choices’;
(e) process and deliver contest or sweepstakes entries and rewards;
(f) monitor and analyse trends, usage, and activities in connection with Octopus BI Services and for marketing or advertising purposes;
(g) investigate and prevent fraudulent transactions, unauthorised access to Octopus BI Services, and other illegal activities;
(h) personalise Octopus BI Services, including by providing content, features, or advertisements that match your interests and preferences;
(i) enable you to communicate, collaborate, and share Content with users you designate; and
(j) for other purposes about which we notify you.
8.2 Notwithstanding the foregoing, we will not use PII appearing in our Analytics Logs or Web Logs for any purpose
8.3 Compiling aggregate analytics information: Because our Hosted Products and On-Premise Products are highly configurable, we make extensive use of analytics information (including log and configuration data) to understand how our products are being configured and used, how they can be improved for the benefit of all of our users, and to develop new products and services. As such we generate Usage Data (as defined above) from the web logs and analytics logs described above, including the Content elements captured in such logs, as well as from the Content stored in the Websites and Hosted Products.
9 Information sharing and disclosure
9.1 We will not share or disclose any of your PII or Content with third parties except as described in this policy. We do not sell your PII or Content.
9.2 When you use Octopus BI Services, Content you provide will be displayed back to you. Certain features of Octopus BI Services allow you to make some of your Content public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you make public.
9.3 Collaboration: As a natural result of using Octopus BI Services, you may create Content and grant permission to other Octopus BI users to access it for the purposes of sharing and collaboration. Some of the collaboration features of Octopus BI Services display your profile information, including PII included in your profile, to users with whom you have shared your Content. Where this information is sensitive, we urge you to use the various security and privacy features of the Octopus BI Services to limit those who can access such information.
9.4 Access by your system administrator: You should be aware that the administrator(s) of your instance of Octopus BI Services may be able to:
(a) access information in and about your Octopus BI Services account;
(b) disclose, restrict, or access information that you have provided or that is made available to you when using your Octopus BI Services account, including your Content; and
(c) control how your Octopus BI Services account may be accessed or deleted.
10 Octopus BI Community
10.1 Our Websites offer publicly accessible community services such as blogs, forums, bug trackers, and wikis. You should be aware that any Content you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account.
10.2 Service Providers, Business Partners and Others: We work with third party service providers to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These third parties may have access to or process your Information as part of providing those services for us.
10.3 Third party applications: You may choose to make use of third party Add-Ons in conjunction with Octopus BI Services. Third party Add-Ons are software written by third parties to which you grant access privileges to your Content (which may include your PII). When access is granted, your Content is shared with the third party. Third party Add-On policies and procedures are not controlled by Octopus BI even though the third Party Add-On may be available through Octopus BI Services. Third parties who have been granted access to your Content through Add-Ons could use this data to contact you and market services to you, and could share your data with other third parties. Under certain circumstance, Octopus BI Services may bundle in third party products.
11 Third Party Cookies and Tracking Technologies
11.2 Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: Protection of Our Rights: We may disclose your Information (including your PII) to a third party if:
(a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request;
(b) to enforce our agreements, policies and terms of service;
(c) to protect the security or integrity of Octopus BI’ products and services;
(d) to protect Octopus BI, our customers or the public from harm or illegal activities; or
(e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
11.3 Business Transfers: We may share or transfer your information (including your PII) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
11.4 Aggregated or Anonymised Data: We may also share aggregated or anonymised information that does not directly identify you with the third parties described above.
12 Information we do not share
We do not share PII about you with third parties for their marketing purposes (including direct marketing purposes) without your permission.
13 Data storage, transfer and security
13.1 Octopus BI hosts data with hosting service providers in numerous countries including the United States and Australia.
13.2 At the date which this policy became effective, our Hosted Products are securely hosted within the Amazon Web Services (AWS) and Microsoft Azure facilities in Sydney, Australia.
13.3 This is a state-of-the-art data center that has been independently accredited as compliant with the Australian Government’s criteria for information security. As you would expect, the physical security of servers and other infrastructure is tightly controlled according to industry best practice. In addition to a strong security focus, this datacenter has also designed to be resilient to failure, featuring multiple separate power supply systems, independent network links and a range of other measures to ensure servers are always available. You can read more about using AWS and Microsoft Azure in the context of Australian Privacy Considerations.
13.4 The servers on which PII is stored are kept in a controlled environment. While we take reasonable efforts to guard your PII, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any passively-collected PII you choose to store in Websites or Hosted Products are maintained at levels of protection to meet specific needs or obligations you may have relating to that information. In most instances, where data is transferred over the Internet as part of a Website or SaaS Product, the data is encrypted using industry standard SSL (HTTPS). We recommend you always check whether or not the Octopus BI Service is secured via SSL before choosing to transfer your data. Where On-Premise Products are used, responsibility of securing access to the data you store in the On-Premise Products rests with you and not Octopus BI. We strongly recommend that administrators of On-Premise Products configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage used to hold data. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Other security safeguards include data encryption, firewalls, and physical access controls to our office and files. Access to information is limited (through user/password credentials and two factor authentication) to those employees of Octopus BI who require it to perform their job functions. If we learn of a security systems breach, then we will notify you electronically so that you can take appropriate protective steps. We will also post a notice through Octopus BI Services if a security breach occurs.
14 Your Choices
You may opt out of receiving promotional communications from Octopus BI by using the unsubscribe link within each email, or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Octopus BI’ Services. You may be able to opt out of receiving personalised advertisements from companies who are members of the Association for data-driven marketing & advertising (ADMA), the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.adma.com.au/consumer-help/do-not-mail-service/, http://www.aboutads.info and http://www.networkadvertising.org/choices/.
15 Accessing and updating your information
You can request access to amend some of the information we keep about you by requesting this from us via email.
16 Compliance with privacy laws and regulations
You agree not to use the Octopus BI Services in a manner that would violate laws protecting an individual’s privacy rights, health or financial data, including the Australian Privacy Act 1988 including the amended Australian Privacy Principles (APPs).
17 EEA DATA PRIVACY
You agree to apply the EU-U.S. Privacy Shield Framework Principles issued by the U.S. Department of Commerce, located at HTTPS://PRIVACYSHIELD.GOV/ (Privacy Shield Principles) to all data that Participating Company transfers to you that originates from the European Economic Area or Switzerland when that information meets the definition of ‘personal data’ in the Privacy Shield Framework (EEA Data). For clarity, you agree to:
(b) notify Participating Company upon your determination that you can no longer apply the Privacy Shield Principles to EEA Data; and
(c) upon such determination, cease use of EEA Data or take other reasonable and appropriate steps to apply the Privacy Shield Principles to EEA Data.
18 Australian Privacy Principles
Octopus BI’ privacy procedures are in line with the Australian Privacy Principles. If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your PII to Australia to us. By providing your PII, you consent to any transfer and processing in accordance with this Policy. There may also be other lawful bases of processing your PII.
19 Access to your Information
You may access the personal information we hold about you, upon making a written request. We will respond to your request within a reasonable period. We may charge you a reasonable fee for processing your request (but not for making the request for access).
We may decline a request for access to personal information in circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.
If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.
If we refuse to correct your personal information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.
20 How to contact us
If you wish to make a complaint about a breach of the Privacy Act, the APPs or a privacy code that applies to us, please contact us using the details below and we will take reasonable steps to investigate the complaint and respond to you.
If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner. To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.
Telephone: 1300 414 200
Mail: Level 2, 11 York St, Sydney NSW 2000
For more information about privacy in general, you can visit the Office of the Information Commissioner’s website at www.oaic.gov.au.