N2S may, in the process of registering a Reseller, Storage Provider, Purchaser or User, collect Personal Information from such entities intending to directly use CFS or deploy CFS on third-party IT infrastructure.
This Policy is drafted in accordance with international frameworks, such as the OECD Guidelines, as relevant to the foundation for the development of national privacy laws in Australia, as well as other nations.
This Policy is governed, executed, and resolved in accordance with relevant laws of Commonwealth of Australia and State of Victoria therein.
N2S may amend this Policy at its discretion at any time based on legal compliance requirements. Any change will be effective from the date the revised Policy is posted electronically on the N2S corporate website https://www.network2share.com (Website).
Australian Privacy Principles (APPs) means the amended Privacy Act 1988 (Cth.) that includes a set of harmonised privacy principles that regulate the handling of personal information by Australian and Norfolk Island Government agencies and private sector organisations as defined in Schedule 1 of Privacy Act 1998 (Cth.).
OECD Guidelines mean the 2013 OECD (Organisation for Economic Cooperation and Development) Privacy Guidelines, in particular, the Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data (2013); [C(80)58/Final, as amended on 11 July 2013 by C(2013)79].
Personal Information is as defined in s 6 of Privacy Act 1988 (Cth.), which cites “means information or an opinion about an identified individual, or an individual who is reasonably identifiable: a) whether the information or opinion is true or not; and b) whether the information or opinion is recorded in a material form or not.
Relevant legislation means all relevant precedents, codes, statutes, transition legislation, Commonwealth, State and Territory Acts and international convention treaties where relevant in determining privacy rights.
N2S collects the data entities (including but not limited to, Resellers, Storage Providers, Purchasers et al.) voluntarily furnish during the registration process for using and/or deploying CFS in accordance with APPs. Data that is generated while creating the said entity account, e.g. login username, hashed password information and last login date and time to the CFS console are also collected.
N2S may automatically collect information on the deploying entity’s IT infrastructure specifications through the CFS software suite once that entity deploys CFS (e.g. IP address, gateway configurations et al.). The purpose of this collection, in accordance with APPs, is to determine conformance to minimum IT infrastructure requirements for functional deployment of CFS.
In accordance with the APPs, data collected by N2S is handled internally within the organization by in-house staffs that have a need to know basis of accessing such data. Data, if accessed, is purely for CFS product design enhancement and future business partner identification purposes.
Collected data is not sold to third-party entities.
With respect to recent amendments to the Privacy Act 1988 (Cth.), the scope of ‘trading in personal information’ does not apply to N2S as the company does not collect user information for selling to third parties for profit. N2S does not, and shall not, advertise or market to the users, as well as share their details to third parties for marketing and advertising.
N2S will not disclose collected data to any third-party legal entity unless explicitly ordered by a competent Australian legal authority through the issuance of subpoenas, court orders et al.
Users using or deploying CFS have the right to request information it has supplied to N2S, in which case, based on the APPs, N2S shall provide the information to the entity within a reasonable time frame.
Collected data is governed in accordance with industry-standard best practices. N2S has implemented information security management systems and frameworks within its organization along the lines of being compliant to ISO 27001:2013, which is used in governing collected data.
N2S manages all collected data securely and ensures continuous adoption of technology to enhance security and encryption of collected data.
N2S retains the collected data until the user’s account is terminated, unless required to enforce the N2S Terms of Agreement, resolve disputes or comply with legal obligations.
N2S shall retain collected data to the maximum extent required by governing legislation unless explicitly advised by the user, in which case N2S shall hand back to the user all its relevant collected data at costs borne by the user.
N2S shall not send collected data outside Australian borders without explicitly obtaining consent from users.
N2S does not publicly report data collected from users. Reporting is restricted only to users with only that information they have provided. N2S may report collected data to law enforcement agencies or legal institutions upon explicit judicial orders.
N2S is compliant to the APPs cited in the amended Privacy Act 1988 (Cth.) that set the minimum standards for handling personal information.
N2S uses third-party analytics software tools for use in the source code of the N2S’ corporate website to understand website traffic and website usage based on the policy that such services do not identify individual users or associate individual IP addresses in accordance with the legal theory of the Telecommunications (Interception and Access) Act 1979 (Cth.). By using this website, the user consents to the processing of data about itself in accordance with the legal theory of the aforementioned legislation.
N2S does not endorse third-party vendors on advertising on the N2S Website. N2S’ policy in this aspect prohibits unsolicited referral programs, sponsored links, or advertisements on the N2S Website.
N2S does not engage in unsolicited spamming through email marketing. Designing the N2S Website in compliance to the Spam Act 2003 (Cth.) ensures that third-party entities cannot use the N2S Website to send spam and/or undertake phishing and spoofing.
N2S has a robust social media use and monitoring policy. Currently N2S has limited presence social media platforms, including but not limited to, Facebook, Twitter and LinkedIn. N2S limits access of third-party external cookies found in social media sites to the N2S Website.
Last updated: 10 November 2015.