Norwood Systems’ Privacy Policy

Updated – 5 February 2020

 

Thank you for using the services of Norwood Systems or visiting one of our websites. Your privacy is taken seriously by Norwood Systems. This policy is designed to provide an overview of the information we collect when you visit one of our websites or use our services, what we do with that information, and what we do to protect it.

Norwood Systems will never sell or otherwise disclose your Personal Information for profit.

We will always protect your Personal Information carefully. We will only ever use it for the specific purposes listed in this policy.

 

Definitions

“We,” “us,” “our,” and “Norwood Systems,” refers to Norwood Systems Pty. Limited, a company based in Western Australia and listed on the Australian Stock Exchange (ASX:NOR). We create and market applications and services to help our customers manage their communications and cybersecurity.

“Customer” refers to the person or entity that is registered with us to use our Services.

“User” refers to employees of a Customer who through a contract with Norwood Systems utilise our services in the course of their employment.

“You,” refers either to a Customer, User or to some other person who visits any of our Websites.

“Personal Information” refers to any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, first and last name, email address, telephone number, occupation, company name or other demographic information.

 

Application

This Privacy Policy does not apply to Customers who have a specific Master Services Agreement (MSA) with us, unless otherwise explicitly stated within the MSA. Unless otherwise stated within their MSA, Customers who have an MSA with us have their privacy conditions detailed solely and exclusively within the MSA.

 

Our Properties

We offer Services through:

  1. Our websites https://www.norwoodsystems.com, https://www.worldphone.io, and https://www.norwood.systems,
  2. Our apps World Voicemail, World Message, World Phone, World Secure and World Wi-Fi, and
  3. Our cloud-based services platform Corona (https://corona.norwoodsystems.com).

This Privacy Policy applies to these specific websites, as well as any other sites or mobile applications owned or operated by us (each a “Website” and together the “Websites”). The “Websites” include the Websites themselves, and any web pages, applications, blogs, social networks, social network “tabs,” or other online, mobile, or wireless offerings that post a link to this Privacy Policy, whether accessed via computer, mobile device, or other technology, manner or means. While providing the Services, and as described in more detail below, we may collect Personal Information about a Website visitor, Customer or User.

 

Updates to the Policy

We may change this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the top of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website.

We encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Privacy Policy. Our electronically or otherwise properly stored copies of this Privacy Policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this Privacy Policy which were in effect on each respective date you visited the Website.

If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter, please contact us by postal mail or email at:

📬     Norwood Systems Pty Ltd, 4 Leura St, Nedlands, WA 6009, Australia

📩      support@norwoodsystems.com

 

 

YOUR INFORMATION

Information you voluntarily provide to us

When you sign up for and use the Services, consult with our customer service team, send us an email, or communicate with us in any way, you are voluntarily giving us information that we collect. That information may include your name or the names of your Users, email address, IP address, phone numbers, as well as details including location, purchase history, and other demographic information. By giving us this information, you consent to this information being collected, used, disclosed, transferred to Australia and stored by us, as described in this Privacy Policy. By giving us this information, you only consent to this information being disclosed for the purposes described in this policy.

 

Information we collect automatically

When you use the Services or browse one of our Websites, we may collect information about your visit to our Websites, your usage of the Services, and your web browsing. That information may include your IP address, your operating system, your browser ID, your browsing activity, your communication metadata and other information about how you interacted with our Websites or other websites. We may collect this information as a part of log files, as part of standard telecommunications records, as well as through the use of cookies or other tracking technologies. Our use of cookies and other tracking technologies is discussed more below.

 

Information from your use of the Service

We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, web browser used, geographical location, communication counterparty number and geographical location, session duration, and actions you have taken within the application. This type of information helps us to improve our Services for both you and for all of our Customers.

 

Cookies and tracking

We may use various technologies to collect and store information when you use our Services, and this may include using cookies and similar tracking technologies on our Website, such as pixels and web beacons, to analyse trends, administer the website, track Customer or Users’ movements around the website, and gather demographic information about our Customer and User base as a whole. Customers and Users can control the use of cookies at the individual browser level.

 

Information from the use of our Mobile Apps

When you use our mobile apps, we may collect certain information in addition to information described elsewhere in this Policy. For example, we may collect information about the type of device and operating system you use, and your use of the Services. We may ask you if you want to receive push notifications about activity in your account. If you have opted in to these notifications and no longer want to receive them, you may turn them off through your operating system. We may use mobile analytics software to better understand how people use our application. We may collect information about how often you use the application and other performance data.

 

Use and Disclosure of Personal Information

We may use and disclose Personal Information only for the following purposes:

  1. To promote use of our services to you and others. For example, if we collect your Personal Information when you visit our Website and do not sign up for any of the Services, we may send you an email inviting you to sign up. If you use any of our Services and we think you might benefit from using another Service we offer, we may send you an email about that. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send. In addition, we may use information we collect in order to advertise our Services to you or suggest additional features of our Services that you might consider using. In addition, we may use your Personal Information to advertise our Services to potential or other Customers like you.
  2. To send you informational and promotional content in accordance with your marketing preferences. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
  3. To bill and collect money owed to us by our Customers. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.
  4. To send you System Alert messages. For example, we may inform you of temporary or permanent changes to our Services, such as planned outages, new features, version updates, releases, abuse warnings, and changes to our Privacy Policy.
  5. To communicate with our Customers about their account and provide customer support.
  6. To provide, support, and improve the Services we offer. This includes, for example, aggregating information from your use of the Services or visit to our Websites and sharing this aggregated information in anonymised form with third parties to improve our Services.
  7. To enforce compliance with our End User Licence Agreements and applicable law.
  8. To protect the rights and safety of our Customers and third parties, as well as our own.
  9. To meet legal requirements.
  10. To prosecute and defend a court, arbitration, or similar legal proceeding.
  11. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

Third Party Websites

Links to third-party websites. Our Websites and mobile apps may from time to time include links to other websites, whose privacy practices may be different from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Website you visit.

 

 

SECURITY

Notice of Breach of Security

If a security breach causes an unauthorized intrusion into our system that materially affects you then Norwood Systems will notify you as soon as possible and later report the action we took in response.

 

Safeguarding Your Information

We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.

Any Personal Information you share with us will be encrypted when stored and will be encrypted as or when it travels between our servers.

We undergo an annual security assessment using a vendor that is a member of CREST Australia (the Council of Registered Ethical Security Testers). The testing is designed to conduct vulnerability assessments of network, host, web-based services and applications, and perform an examination of security controls by conducting penetration testing activities.

Our credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor  has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. If you have any questions about the security of your Personal Information, you may contact us at support@norwoodsystems.com.

Some Norwood Systems services require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party.

 

COMPLIANCE

 

Norwood Systems is a business based in Australia and is governed by the laws of the State of Western Australia and the Commonwealth of Australia.

We are subject to the operation of the Privacy Act 1988 (“Australian Privacy Act”). Here are the specific points you should be aware of:

  1. Where we say we assume an obligation about Personal Information, we are also requiring our subcontractors to undertake a similar obligation, where relevant.
  2. We will not use or disclose Personal Information for the purpose of our direct marketing to you unless: you have consented to receive direct marketing; you would reasonably expect us to use your personal details for the marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism or by contacting us directly. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts, and other information related to your account.
  3. Our servers are primarily located in Australia. In addition, we or our subcontractors, may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of off-shore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information outside of Australia.

If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request.

If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.

 

Accuracy and Retention of Data

We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. We will retain your information for as long as your account is active or as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.

 

Access

We will give an individual access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request to access, correct, amend or delete information we hold about them by contacting us:

support@norwoodsystems.com

Unless it is prohibited by law, we will remove any Personal Information about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Information.