IIS Partners Privacy Policy
This privacy policy was last updated in May 2024.
What this policy covers
This Privacy Policy tells you how IIS Partners (Information Integrity Solutions Pty Ltd (IIS)) handles personal information. It includes our website www.iispartners.com.
Personal information is any information or opinion about you in which you are identified, or from which you are reasonably identifiable.
The Privacy Act applies to IIS
IIS has a deep commitment to privacy. Even though many small businesses are exempt from complying with the Privacy Act 1988 (Cth), we formally opted in September 2006 to be covered by the Privacy Act in all of our activities. We also seek to exceed the requirements of other law that protects personal information such as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
Why we collect personal information
We don’t collect much personal information, but when we do, we use it to provide services to you and to help us to carry out our business.
How we collect your personal information
The main ways we collect your personal information are:
When you give it directly to us, for example when you contact us via the website, send us email, register to our training events, subscribe to receive IIS communications or exchange business cards with us
In the course of discharging any commercial arrangements between IIS and you or your organisation
Indirectly in the course of normal business, for example, when a third party gives us information about you, or we seek information about you from a third party. We might do this if we are finding people to invite to an event or to offer a service.
Personal information that we collect or hold
We don’t hold much personal information and we do not collect sensitive information (including health information). We collect and hold the following kinds of personal information:
Information relevant to your business interactions with us such as your name and position, email address, phone number, business postal and street address, and information about our interactions
Information to register and provide our privacy and cyber security training events such as your name, email address, phone number, role and organisation, dietary requirements and details of how you heard about us
The fact that you receive our newsletter and information about your interactions with the newsletter such as the fact that you opened the newsletter and that you clicked the link inside it.
How we use or share personal information
We only use or share personal information to:
Provide the agreed service to a client
Send email newsletters to people we have been in contact with and who have not opted out of receiving it
Register and provide our privacy and cyber security training events
Put an organisation hosting privacy related meetings in touch with people we know might be interested
We don’t use or share your personal information for any other purpose without your permission, unless the law requires it.
Sub-contactors
If we share personal information with a subcontractor to help us with our work, we make them sign a confidentiality agreement and enter into a contractual agreement to keep the information secure. We check from time to time that they have complied with their agreement.
Our internal functions and activities
We handle personal information in the following primary ways as part of our internal functions and activities.
Work tools – Microsoft 365
We use Microsoft 365 to conduct our work, which includes handling documents and correspondence that contain personal information. We only use the following products and services: Exchange, OneDrive, SharePoint, Teams, Planner and Office.
We have set up reasonable security safeguards including multi-factor authentication (MFA), role-based access controls, and promptly applying patches to applications and devices.
Our Microsoft 365 data is stored in Australia.
Microsoft’s Trust Center has further information.
Data hosting – Tresorit
We use Tresorit, an encrypted file sync and sharing service based in Switzerland, to host our data which includes personal information. The information is encrypted both in transit and on the service provider’s servers.
We have set up reasonable security safeguards including MFA and role-based access controls. Only IIS personnel have access to it.
Our Tresorit data is stored in Ireland.
Tresorit’s security page has further information.
Marketing emails and newsletter
We use Mailchimp, an organisation based in the USA, to manage our email newsletter campaigns. When you subscribe to receive communications from us, Mailchimp collects your email and the IP address and location from which you opted in.
You may opt out of our communications and also ask us to delete your subscriber profile from the mailing list.
Mailchimp logs both individualised and aggregate information on how many subscribers open a message or click the links inside. We use this information to evaluate and improve the effectiveness of our communications.
Mailchimp's full privacy policy has further information.
Training registration and participation
We use Humanitix to provide online booking registration and payment services. When you register for training with us, Humanitix collects your name, email address, phone number, role and organisation, dietary requirements, details of how you heard about us and your payment details.
Humanitix data is stored in Australia.
Refer to the Humanitix Privacy and Cooke Policy and their Privacy and data security support page for further information.
IIS website – analytic, session and cookie tools
The IIS website uses Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses cookies and JavaScript to collect website traffic data. The following information is transmitted to and stored on Google's servers for analysis:
The time the current visit occurred
Whether the visitor has been to the site before
What site referred the visitor to the web page
The visitor's IP address.
IIS uses the statistics provided by Google Analytics to evaluate the effectiveness of our website and improve its functionality. We do not install any other cookies, local shared objects or other web bugs to research the habits of individual visitors.
You can opt out of Google Analytics by visiting here.
Your right of access to personal information we hold about you
You may ask us for access to personal information we hold about you. Please tell us whether you would like access to all or just a particular part of your personal information. We will respond to you within a reasonable time, which generally will be within five working days.
In line with our commitment to protect your privacy, we may ask you to verify your request.
You may ask us to delete personal information we hold about you and your organisation and we will take reasonable steps to do so.
Accuracy of personal information
We take reasonable steps to ensure that the personal information we hold is accurate, up-to-date and complete. This includes:
Recording information in a consistent format
Confirming the accuracy of information we collect from a third party
Periodically checking and updating our contact lists.
If you think that personal information we hold about you is inaccurate, please contact us at inquiries@iispartners.com and we will correct any identified inaccuracies or let you know why we cannot do so.
Complaints and inquiries
If you have a complaint about the way we have treated your personal information, please contact us and we will respond as soon as possible to resolve the issue. We also welcome any questions and comments you may have about our privacy practices.
Email: inquiries@iispartners.com
Telephone: +61 2 8303 2438
Write to: Information Integrity Solutions Pty Ltd, PO Box 978, Strawberry Hills NSW 2012 Australia
If you are not satisfied with our response you can complain to the Office of the Australian Information Commissioner.
Email: enquiries@oaic.gov.au
Telephone: 1300 363 992 (from overseas +61 2 9284 9749)