Version 1.0 – Updated 10 November 2021
This document describes Smartbill’s privacy and information security policy in compliance with the following regulations and certifications:
Australian privacy law: Australian Commonwealth Privacy Act 1988 (Act 119 of 1988). https://www.legislation.gov.au/Details/C2014C00076
European Union data protection law: General Data Protection Regulation (EU) 2016/679 [“GDPR”] https://eur-lex.europa.eu/eli/reg/2016/679/oj
International standard for information security: International Standards Organisation ISO/IEC 27001 Information Security Management standard. https://www.iso.org/isoiec-27001-information-security.html
Thank you for using the services of Smartbill Pty Ltd or visiting our website. Your privacy and your organisation’s information security are taken seriously by Smartbill. This policy is designed to provide an overview of the information we collect when you and/or your organisation visits one of our websites or uses our services, what we do with that information, and what we do to protect it.
Smartbill will never sell or otherwise disclose information provided by your organisation as part of your organisation’s engagement with Smartbill. We will only ever us it for the purposes identified in Smartbill’s contract with your organisation, and in accordance with Information Security standards.
Smartbill will never sell or otherwise disclose your Personal Information for profit.
We will always protect your Personal Information carefully. We will only ever use it for the specific purposes listed in this policy.
“We,” “us,” “our,” and “Smartbill,” refers to Smartbill Pty. Limited, a company based in the state of New South Wales and registered in Australia. We provide services to help organisations manage their telecommunications expenditure.
“Customer” refers to the person or entity that is registered with us to use our Services.
“User” refers to employees of a Customer who through a contract with Smartbill utilise our services in the course of their employment.
“You,” refers either to a Customer, User or to some other person who visits any of our Websites, or to Your Organisation.
“Your information” refers either to Personal Information or to information provided by your organisation or its nominees to Smartbill in the course of your organisation’s engagement with Smartbill.
“Your organisation” refers to any business, enterprise, non-profit entity or governmental agency which uses the services of Smartbill.
“Personal Information” refers to any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, first and last name, email address, telephone number, occupation, company name or other demographic information.
Updates to the Policy
If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter, please contact us by postal mail or email at:
Information you voluntarily provide to us
Information we collect automatically
Information from your use of the Service
We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, web browser used, geographical location, communication counterparty number and geographical location, session duration, and actions you have taken within the application. This type of information helps us to improve our Services for both you and for all of our Customers.
Cookies and tracking
Use and Disclosure of Personal Information
We may use and disclose Personal Information only for the following purposes:
Third Party Websites
GDPR (General Data Protection Regulation) imposes strict controls on how all organisations collect and process personal data within the European Union and/or personal data of EU citizens.
The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:
What has Smartbill done to comply with GDPR?
We are constantly improving the technical and organisational security measures we have in place to protect your data and ensure we are fully compliant with GDPR. The work we are doing will also assist with your own compliance obligations regarding any customer data held within Smartbill or platforms delivered by Smartbill.
Under the terms of GDPR, Smartbill will only collect, store and process personal data required to perform the Services provided by Smartbill (e.g. contact details, IP addresses, and information contained in or derived from telecommunications bills and usage records). We will not collect, store or process data that is labelled as sensitive under GDPR including but not limited to data that reveals racial, caste or ethnic origins, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, data concerning health or sexual orientation.
Smartbill will handle personal data in the following contexts:
Personal data is held in the following systems:
Here are some of the ways we are ensuring that we are fully GDPR compliant.
Awareness & accountability
We have a company-wide commitment to ensuring complete compliance with GDPR. Our progress is communicated throughout all departments each quarter, so that everyone working at Smartbill understands what needs to be done and by when.
We are undertaking an extensive audit to clearly document what data we hold, where we hold it, where that data comes from and where it potentially goes. This enables us to keep track of all data and allows us to make the right decisions to ensure that your data is always protected.
We have updated our Privacy and Cookie Policies along with our Terms of Service so that you can see exactly how, why, where and for how long we may be processing and holding your data. You can contact us on firstname.lastname@example.org at any point in time if you have questions or would like to lodge a complaint.
Basis and consent
By signing up to Smartbill, you are entering into an agreement which gives us a legitimate basis to process your data, in line with GDPR requirements. In order for you to benefit fully from the Services provided by Smartbill, we will need to process some of your data.
For EU citizens, under GDPR you have the right to see a full copy of any data we hold about you, and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).
This is also true for the data you hold about your customers within our Services – you need to be able to adhere to GDPR requirements too, and we are willing to support you with this. We will continue to keep you updated with our progress on this via the website, newsletters or social media.
Smartbill is incorporated under the laws of Australia, so we ultimately answer to the Office of the Australian Information Commissioner (OAIC) regarding Data Privacy and Protection.
Our internal Security Incident Response Policy and Procedures include notification requirements, both with the OAIC and publicly with you, our customers.
Information Security is a priority in everything we do at Smartbill. We are constantly evaluating potential threats to understand if there is any risk to your data. As potential threats are constantly evolving, we use a number of technical and organisational measures – which are also continually adapting – to stay ahead of potential threats. The nature of our security measures is classified and vary according to circumstance, and reflect the criticality of the information we protect.
Smartbill’s operation is certified as compliant with ISO/IEC 27001, the international standard for Information Security Management.
Notice of Breach of Security
If a security breach causes an unauthorized intrusion into our system that materially affects you then Smartbill will notify you as soon as possible and later report the action we took in response.
Safeguarding Your Information
We take reasonable and appropriate measures to protect all information in our care from loss, misuse and unauthorized access, disclosure, alteration and destruction, in compliance with ISO/IEC 27001 and taking into account the risks involved in the processing and the nature of the information.
Any information you share with us will be encrypted when stored and will be encrypted as or when it travels between our servers.
Some Smartbill services require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party.
Smartbill is a business based in Australia and is governed by the laws of the State of New South Wales and the Commonwealth of Australia.
We are subject to the operation of the Australian Privacy Act and for some data we are also subject to the operation of GDPR. Here are the specific points you should be aware of:
If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act and/or GDPR, to correct that information upon your request.
If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.
Accuracy and Retention of Data
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. We will retain your information for as long as your account is active or as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
We will give an individual access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request to access, correct, amend or delete information we hold about them by contacting us:
Unless it is prohibited by law, we will remove any Personal Information about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Information.
Copyright © 2021 Smartbill Pty Ltd. Smartbill® is a registered trademark of Smartbill Pty Ltd. All rights reserved. smartbill.com.au
Feel free to contact us using the details below or to submit the form.
Enter your details so we can keep you in the loop! You can unsubscribe at any moment via the link in the footer of each newsletter.