Updated – 5 February 2020
Thank you for using the services of Norwood Systems or visiting one of our websites. Your privacy is taken seriously by Norwood Systems. This policy is designed to provide an overview of the information we collect when you visit one of our websites or use our services, what we do with that information, and what we do to protect it.
Norwood Systems will never sell or otherwise disclose your Personal Information for profit.
We will always protect your Personal Information carefully. We will only ever use it for the specific purposes listed in this policy.
“We,” “us,” “our,” and “Norwood Systems,” refers to Norwood Systems Pty. Limited, a company based in Western Australia and listed on the Australian Stock Exchange (ASX:NOR). We create and market applications and services to help our customers manage their communications and cybersecurity.
“Customer” refers to the person or entity that is registered with us to use our Services.
“User” refers to employees of a Customer who through a contract with Norwood Systems utilise our services in the course of their employment.
“You,” refers either to a Customer, User or to some other person who visits any of our Websites.
“Personal Information” refers to any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, first and last name, email address, telephone number, occupation, company name or other demographic information.
We offer Services through:
- Our websites https://www.norwoodsystems.com, https://www.worldphone.io, and https://www.norwood.systems,
- Our apps World Voicemail, World Message, World Phone, World Secure and World Wi-Fi, and
- Our cloud-based services platform Corona (https://corona.norwoodsystems.com).
Updates to the Policy
If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter, please contact us by postal mail or email at:
📬 Norwood Systems Pty Ltd, 4 Leura St, Nedlands, WA 6009, Australia
Information you voluntarily provide to us
Information we collect automatically
Information from your use of the Service
We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, web browser used, geographical location, communication counterparty number and geographical location, session duration, and actions you have taken within the application. This type of information helps us to improve our Services for both you and for all of our Customers.
Cookies and tracking
Information from the use of our Mobile Apps
When you use our mobile apps, we may collect certain information in addition to information described elsewhere in this Policy. For example, we may collect information about the type of device and operating system you use, and your use of the Services. We may ask you if you want to receive push notifications about activity in your account. If you have opted in to these notifications and no longer want to receive them, you may turn them off through your operating system. We may use mobile analytics software to better understand how people use our application. We may collect information about how often you use the application and other performance data.
Use and Disclosure of Personal Information
We may use and disclose Personal Information only for the following purposes:
- To promote use of our services to you and others. For example, if we collect your Personal Information when you visit our Website and do not sign up for any of the Services, we may send you an email inviting you to sign up. If you use any of our Services and we think you might benefit from using another Service we offer, we may send you an email about that. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send. In addition, we may use information we collect in order to advertise our Services to you or suggest additional features of our Services that you might consider using. In addition, we may use your Personal Information to advertise our Services to potential or other Customers like you.
- To send you informational and promotional content in accordance with your marketing preferences. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
- To bill and collect money owed to us by our Customers. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.
- To communicate with our Customers about their account and provide customer support.
- To provide, support, and improve the Services we offer. This includes, for example, aggregating information from your use of the Services or visit to our Websites and sharing this aggregated information in anonymised form with third parties to improve our Services.
- To enforce compliance with our End User Licence Agreements and applicable law.
- To protect the rights and safety of our Customers and third parties, as well as our own.
- To meet legal requirements.
- To prosecute and defend a court, arbitration, or similar legal proceeding.
- To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Third Party Websites
Notice of Breach of Security
If a security breach causes an unauthorized intrusion into our system that materially affects you then Norwood Systems will notify you as soon as possible and later report the action we took in response.
Safeguarding Your Information
We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
Any Personal Information you share with us will be encrypted when stored and will be encrypted as or when it travels between our servers.
We undergo an annual security assessment using a vendor that is a member of CREST Australia (the Council of Registered Ethical Security Testers). The testing is designed to conduct vulnerability assessments of network, host, web-based services and applications, and perform an examination of security controls by conducting penetration testing activities.
Our credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. If you have any questions about the security of your Personal Information, you may contact us at firstname.lastname@example.org.
Some Norwood Systems services require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party.
Norwood Systems is a business based in Australia and is governed by the laws of the State of Western Australia and the Commonwealth of Australia.
We are subject to the operation of the Privacy Act 1988 (“Australian Privacy Act”). Here are the specific points you should be aware of:
- Where we say we assume an obligation about Personal Information, we are also requiring our subcontractors to undertake a similar obligation, where relevant.
- We will not use or disclose Personal Information for the purpose of our direct marketing to you unless: you have consented to receive direct marketing; you would reasonably expect us to use your personal details for the marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism or by contacting us directly. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts, and other information related to your account.
- Our servers are primarily located in Australia. In addition, we or our subcontractors, may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of off-shore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information outside of Australia.
If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request.
If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.
Accuracy and Retention of Data
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. We will retain your information for as long as your account is active or as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
We will give an individual access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request to access, correct, amend or delete information we hold about them by contacting us:
Unless it is prohibited by law, we will remove any Personal Information about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Information.