Privacy Policy

Version 1.0 – Updated 10 November 2021

This document describes Smartbill’s privacy and information security policy in compliance with the following regulations and certifications:

Australian privacy law:   Australian Commonwealth Privacy Act 1988 (Act 119 of 1988).

European Union data protection law:  General Data Protection Regulation (EU) 2016/679 [“GDPR”]           

International standard for information security: International Standards Organisation ISO/IEC 27001 Information Security Management standard.

Thank you for using the services of Smartbill Pty Ltd or visiting our website. Your privacy and your organisation’s information security are taken seriously by Smartbill. This policy is designed to provide an overview of the information we collect when you and/or your organisation visits one of our websites or uses our services, what we do with that information, and what we do to protect it.

Smartbill will never sell or otherwise disclose information provided by your organisation as part of your organisation’s engagement with Smartbill. We will only ever us it for the purposes identified in Smartbill’s contract with your organisation, and in accordance with Information Security standards.

Smartbill will never sell or otherwise disclose your Personal Information for profit.

We will always protect your Personal Information carefully. We will only ever use it for the specific purposes listed in this policy.


“We,” “us,” “our,” and “Smartbill,” refers to Smartbill Pty. Limited, a company based in the state of New South Wales and registered in Australia. We provide services to help organisations manage their telecommunications expenditure.

“Customer” refers to the person or entity that is registered with us to use our Services.

“User” refers to employees of a Customer who through a contract with Smartbill utilise our services in the course of their employment.

“You,” refers either to a Customer, User or to some other person who visits any of our Websites, or to Your Organisation.

“Your information” refers either to Personal Information or to information provided by your organisation or its nominees to Smartbill in the course of your organisation’s engagement with Smartbill.

“Your organisation” refers to any business, enterprise, non-profit entity or governmental agency which uses the services of Smartbill.

“Personal Information” refers to any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, first and last name, email address, telephone number, occupation, company name or other demographic information.


This Privacy Policy does not apply to Customers who have a specific Master Services Agreement (MSA) with us, unless otherwise explicitly stated within the MSA. Unless otherwise stated within their MSA, Customers who have an MSA with us have their privacy conditions detailed solely and exclusively within the MSA.

Updates to the Policy

We may change this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the top of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website.

We encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Privacy Policy. Our electronically or otherwise properly stored copies of this Privacy Policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this Privacy Policy which were in effect on each respective date you visited the Website.

If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter, please contact us by postal mail or email at:



Information you voluntarily provide to us

When you sign up for and use the Services, consult with our customer service team, send us an email, or communicate with us in any way, you are voluntarily giving us information that we collect. That information may include your name or the names of your Users, email address, IP address, phone numbers, as well as details including telecommunications usage information, telecommunications account and financial information, location, purchase history, and other corporate and demographic information. By giving us this information, you consent to this information being collected, used, disclosed, transferred and stored by us, as described in this Privacy Policy. By giving us this information, you only consent to this information being disclosed for the purposes described in this policy.

Information we collect automatically

When you use the Services or browse one of our Websites, we may collect information about your visit to our Websites, your usage of the Services, and your web browsing. That information may include telecommunications usage, billing or pricing information and other information contained in or derivable from your telecommunications billing and usage records, your IP address, your operating system, your browser ID, your browsing activity, your communication metadata and other information about how you interacted with our Websites or other websites. We may collect this information as a part of log files, as part of standard telecommunications records, as well as through the use of cookies or other tracking technologies. Our use of cookies and other tracking technologies is discussed more below.

Information from your use of the Service

We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, web browser used, geographical location, communication counterparty number and geographical location, session duration, and actions you have taken within the application. This type of information helps us to improve our Services for both you and for all of our Customers.

Cookies and tracking

We may use various technologies to collect and store information when you use our Services, and this may include using cookies and similar tracking technologies on our Website, such as pixels and web beacons, to analyse trends, administer the website, track Customer or Users’ movements around the website, and gather demographic information about our Customer and User base as a whole. Customers and Users can control the use of cookies at the individual browser level.

Use and Disclosure of Personal Information

We may use and disclose Personal Information only for the following purposes:

  1. To promote use of our services to you and others. For example, if we collect your Personal Information when you visit our Website and do not sign up for any of the Services, we may send you an email inviting you to sign up. If you use any of our Services and we think you might benefit from using another Service we offer, we may send you an email about that. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send. In addition, we may use information we collect in order to advertise our Services to you or suggest additional features of our Services that you might consider using. In addition, we may use your Personal Information to advertise our Services to potential or other Customers like you.
  2. To send you informational and promotional content in accordance with your marketing preferences. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
  3. To bill and collect money owed to us by our Customers. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.
  4. To send you System Alert messages. For example, we may inform you of temporary or permanent changes to our Services, such as planned outages, new features, version updates, releases, abuse warnings, and changes to our Privacy Policy.
  5. To communicate with our Customers about their account and provide customer support.
  6. To provide, support, and improve the Services we offer. This includes, for example, aggregating information from your use of the Services or visit to our Websites and sharing this aggregated information in anonymised form with third parties to improve our Services.
  7. To enforce compliance with our End User Licence Agreements and applicable law.
  8. To protect the rights and safety of our Customers and third parties, as well as our own.
  9. To meet legal requirements.
  10. To prosecute and defend a court, arbitration, or similar legal proceeding.
  11. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Third Party Websites

Links to third-party websites. Our Websites may from time to time include links to other websites, whose privacy practices may be different from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Website you visit.


GDPR (General Data Protection Regulation) imposes strict controls on how all organisations collect and process personal data within the European Union and/or personal data of EU citizens.

The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:

  • processed lawfully, fairly and transparently
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary for processing
  • accurate and kept up to date
  • retained only for as long as necessary
  • processed in an appropriate manner to maintain security

 What has Smartbill done to comply with GDPR?

We are constantly improving the technical and organisational security measures we have in place to protect your data and ensure we are fully compliant with GDPR. The work we are doing will also assist with your own compliance obligations regarding any customer data held within Smartbill or platforms delivered by Smartbill.

Under the terms of GDPR, Smartbill will only collect, store and process personal data required to perform the Services provided by Smartbill (e.g. contact details, IP addresses, and information contained in or derived from telecommunications bills and usage records). We will not collect, store or process data that is labelled as sensitive under GDPR including but not limited to data that reveals racial, caste or ethnic origins, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, data concerning health or sexual orientation.

Smartbill will handle personal data in the following contexts:

  • For the analysis of telecommunications expense management bills and related data, for the compilation of dashboard and reports for your organisation.

Personal data is held in the following systems:

  • Smartbill InfoSec-compliant analysis repository
  • Smartbill unique online portal for your organisation

Here are some of the ways we are ensuring that we are fully GDPR compliant.

Awareness & accountability

We have a company-wide commitment to ensuring complete compliance with GDPR. Our progress is communicated throughout all departments each quarter, so that everyone working at Smartbill understands what needs to be done and by when.


We are undertaking an extensive audit to clearly document what data we hold, where we hold it, where that data comes from and where it potentially goes. This enables us to keep track of all data and allows us to make the right decisions to ensure that your data is always protected.


We have updated our Privacy and Cookie Policies along with our Terms of Service so that you can see exactly how, why, where and for how long we may be processing and holding your data. You can contact us on at any point in time if you have questions or would like to lodge a complaint.

Basis and consent

By signing up to Smartbill, you are entering into an agreement which gives us a legitimate basis to process your data, in line with GDPR requirements. In order for you to benefit fully from the Services provided by Smartbill, we will need to process some of your data.

Your rights

For EU citizens, under GDPR you have the right to see a full copy of any data we hold about you, and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).

This is also true for the data you hold about your customers within our Services – you need to be able to adhere to GDPR requirements too, and we are willing to support you with this. We will continue to keep you updated with our progress on this via the website, newsletters or social media.

Legal jurisdiction

Smartbill is incorporated under the laws of Australia, so we ultimately answer to the Office of the Australian Information Commissioner (OAIC) regarding Data Privacy and Protection.    

Our internal Security Incident Response Policy and Procedures include notification requirements, both with the OAIC and publicly with you, our customers.



Data protection

Information Security is a priority in everything we do at Smartbill. We are constantly evaluating potential threats to understand if there is any risk to your data. As potential threats are constantly evolving, we use a number of technical and organisational measures – which are also continually adapting – to stay ahead of potential threats. The nature of our security measures is classified and vary according to circumstance, and reflect the criticality of the information we protect.

Smartbill’s operation is certified as compliant with ISO/IEC 27001, the international standard for Information Security Management.

Notice of Breach of Security

If a security breach causes an unauthorized intrusion into our system that materially affects you then Smartbill will notify you as soon as possible and later report the action we took in response.

Safeguarding Your Information

We take reasonable and appropriate measures to protect all information in our care from loss, misuse and unauthorized access, disclosure, alteration and destruction, in compliance with ISO/IEC 27001 and taking into account the risks involved in the processing and the nature of the information.

Any information you share with us will be encrypted when stored and will be encrypted as or when it travels between our servers.

Some Smartbill services require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party.



Smartbill is a business based in Australia and is governed by the laws of the State of New South Wales and the Commonwealth of Australia.

We are subject to the operation of the Australian  Privacy Act and for some data we are also subject to the operation of GDPR. Here are the specific points you should be aware of:

  1. Where we say we assume an obligation about Personal Information, we are also requiring our subcontractors to undertake a similar obligation, where relevant.
  2. We will not use or disclose Personal Information for the purpose of our direct marketing to you unless: you have consented to receive direct marketing; you would reasonably expect us to use your personal details for the marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism or by contacting us directly. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts, and other information related to your account.
  3. Our servers are primarily located in Australia. In addition, we or our subcontractors, may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of off-shore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information outside of Australia, with GDPR for the transfer of storage of personal information of EU citizens, and with ISO/IEC 27001 information security standards.

If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act and/or GDPR, to correct that information upon your request.

If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.

Accuracy and Retention of Data

We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. We will retain your information for as long as your account is active or as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.


We will give an individual access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request to access, correct, amend or delete information we hold about them by contacting us:

Unless it is prohibited by law, we will remove any Personal Information about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Information.

Copyright © 2021 Smartbill Pty Ltd. Smartbill® is a registered trademark of Smartbill Pty Ltd. All rights reserved.

Get in touch

Feel free to contact us using the details below or to submit the form. 

Newsletter subscription

Enter your details so we can keep you in the loop! You can unsubscribe at any moment via the link in the footer of each newsletter.