Privacy Policy

Information we collect

Xpedite will collect information about the subscription holder in order to manage the subscription process and renewals. We will also collect information on the usage of an application that utilises Xpedite for the purpose of usage billing and usage statistics.

All of the information we collect for a subscription will be visible to the subscription holder.

Information sharing

• No information is provided to any other organisation unless we are legally bound to do so, as may be required by an authorised government agency
• The information we collect is for managing billing and subscriptions. We will not send you any unsolicited communication
• All staff and contractors of Xpedite Software agree to operate according to this privacy policy
• All care is taken to ensure information is protected using standard security practices and policies. In addition we employ a multi-faceted security strategy that protects your information at many different levels.

What we hold on you

If you have any question as to the information we hold on yourself, you can request this by phone. You will be required to authenticate yourself by answering security questions. Please refer to the 'Contact' page to submit your request.

Complaints

If you have any questions or complaints about our privacy policy or how this is administered within Xpedite, please send your request via our 'Contact' page.

If you are not satisfied with our response you can address your concerns to the ACSC (https://www.acsc.gov.au/)

Data Breach Response Plan

Introduction

A data breach occurs when there is an unauthorised access to, or disclosure of, personal information held by Xpedite Software, or information is obtained via unauthorised access.

The consequences of a data breach can result in serious harm to any of the individuals to whom the information relates, and may leave Xpedite Software in breach of its obligations under the Privacy Act.

Xpedite Software is responsible for ensuring that all reasonable steps are taken to protect personal information in accordance with the Australian Privacy Protection Principles. This includes protecting personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.

The Notifiable Data Breaches (NDB) scheme in the Privacy Act requires Xpedite Software to notify any people impacted by a data breach, where that data breach may result in serious harm. As such Xpedite Software will make reasonable efforts to contact those peeople affected with information about the breach, details about the information that may have been compromised, and how they might be impacted.

Our process

Our first priority is to contain the breach, to stop the loss of any additional information.

Our second priority is to assess how much information has been lost and measure the seriousness of that loss. As part of this second step we will create a list of people impacted by the breach.

Thirdly we will weigh our responsibility to notify individuals and organisations (reporting obligations under state, federal or other obligations) of the breach, along with any notification sent to the Office of the Australian Information Commissioner (OAIC).

Lastly our security team will assess how the breach happened and whether there are additional security measures to be implemented, or updates to our operational procedures required. These will be implemented in a timely manner.