Version 1.0 – Updated 10 November 2021
This document describes Smartbill’s privacy and information security policy in compliance with the following regulations and certifications:
Australian privacy law: Australian Commonwealth Privacy Act 1988 (Act 119 of 1988). https://www.legislation.gov.au/Details/C2014C00076
European Union data protection law: General Data Protection Regulation (EU) 2016/679 [“GDPR”] https://eur-lex.europa.eu/eli/reg/2016/679/oj
International standard for information security: International Standards Organisation ISO/IEC 27001 Information Security Management standard. https://www.iso.org/isoiec-27001-information-security.html
Thank you for using the services of Smartbill Pty Ltd or visiting our website. Your privacy and your organisation’s information security are taken seriously by Smartbill. This policy is designed to provide an overview of the information we collect when you and/or your organisation visits one of our websites or uses our services, what we do with that information, and what we do to protect it.
Smartbill will never sell or otherwise disclose information provided by your organisation as part of your organisation’s engagement with Smartbill. We will only ever us it for the purposes identified in Smartbill’s contract with your organisation, and in accordance with Information Security standards.
Smartbill will never sell or otherwise disclose your Personal Information for profit.
We will always protect your Personal Information carefully. We will only ever use it for the specific purposes listed in this policy.
Definitions
“We,” “us,” “our,” and “Smartbill,” refers to Smartbill Pty. Limited, a company based in the state of New South Wales and registered in Australia. We provide services to help organisations manage their telecommunications expenditure.
“Customer” refers to the person or entity that is registered with us to use our Services.
“User” refers to employees of a Customer who through a contract with Smartbill utilise our services in the course of their employment.
“You,” refers either to a Customer, User or to some other person who visits any of our Websites, or to Your Organisation.
“Your information” refers either to Personal Information or to information provided by your organisation or its nominees to Smartbill in the course of your organisation’s engagement with Smartbill.
“Your organisation” refers to any business, enterprise, non-profit entity or governmental agency which uses the services of Smartbill.
“Personal Information” refers to any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, first and last name, email address, telephone number, occupation, company name or other demographic information.
Application
This Privacy Policy does not apply to Customers who have a specific Master Services Agreement (MSA) with us, unless otherwise explicitly stated within the MSA. Unless otherwise stated within their MSA, Customers who have an MSA with us have their privacy conditions detailed solely and exclusively within the MSA.
Updates to the Policy
We may change this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the top of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website.
We encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Privacy Policy. Our electronically or otherwise properly stored copies of this Privacy Policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this Privacy Policy which were in effect on each respective date you visited the Website.
If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter, please contact us by postal mail or email at:
Information you voluntarily provide to us
When you sign up for and use the Services, consult with our customer service team, send us an email, or communicate with us in any way, you are voluntarily giving us information that we collect. That information may include your name or the names of your Users, email address, IP address, phone numbers, as well as details including telecommunications usage information, telecommunications account and financial information, location, purchase history, and other corporate and demographic information. By giving us this information, you consent to this information being collected, used, disclosed, transferred and stored by us, as described in this Privacy Policy. By giving us this information, you only consent to this information being disclosed for the purposes described in this policy.
Information we collect automatically
When you use the Services or browse one of our Websites, we may collect information about your visit to our Websites, your usage of the Services, and your web browsing. That information may include telecommunications usage, billing or pricing information and other information contained in or derivable from your telecommunications billing and usage records, your IP address, your operating system, your browser ID, your browsing activity, your communication metadata and other information about how you interacted with our Websites or other websites. We may collect this information as a part of log files, as part of standard telecommunications records, as well as through the use of cookies or other tracking technologies. Our use of cookies and other tracking technologies is discussed more below.
Information from your use of the Service
We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, web browser used, geographical location, communication counterparty number and geographical location, session duration, and actions you have taken within the application. This type of information helps us to improve our Services for both you and for all of our Customers.
Cookies and tracking
We may use various technologies to collect and store information when you use our Services, and this may include using cookies and similar tracking technologies on our Website, such as pixels and web beacons, to analyse trends, administer the website, track Customer or Users’ movements around the website, and gather demographic information about our Customer and User base as a whole. Customers and Users can control the use of cookies at the individual browser level.
Use and Disclosure of Personal Information
We may use and disclose Personal Information only for the following purposes:
Third Party Websites
Links to third-party websites. Our Websites may from time to time include links to other websites, whose privacy practices may be different from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Website you visit.
GDPR
GDPR (General Data Protection Regulation) imposes strict controls on how all organisations collect and process personal data within the European Union and/or personal data of EU citizens.
The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:
What has Smartbill done to comply with GDPR?
We are constantly improving the technical and organisational security measures we have in place to protect your data and ensure we are fully compliant with GDPR. The work we are doing will also assist with your own compliance obligations regarding any customer data held within Smartbill or platforms delivered by Smartbill.
Under the terms of GDPR, Smartbill will only collect, store and process personal data required to perform the Services provided by Smartbill (e.g. contact details, IP addresses, and information contained in or derived from telecommunications bills and usage records). We will not collect, store or process data that is labelled as sensitive under GDPR including but not limited to data that reveals racial, caste or ethnic origins, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, data concerning health or sexual orientation.
Smartbill will handle personal data in the following contexts:
Personal data is held in the following systems:
Here are some of the ways we are ensuring that we are fully GDPR compliant.
Awareness & accountability
We have a company-wide commitment to ensuring complete compliance with GDPR. Our progress is communicated throughout all departments each quarter, so that everyone working at Smartbill understands what needs to be done and by when.
Audit
We are undertaking an extensive audit to clearly document what data we hold, where we hold it, where that data comes from and where it potentially goes. This enables us to keep track of all data and allows us to make the right decisions to ensure that your data is always protected.
Policies
We have updated our Privacy and Cookie Policies along with our Terms of Service so that you can see exactly how, why, where and for how long we may be processing and holding your data. You can contact us on info@smartbill.com.au at any point in time if you have questions or would like to lodge a complaint.
Basis and consent
By signing up to Smartbill, you are entering into an agreement which gives us a legitimate basis to process your data, in line with GDPR requirements. In order for you to benefit fully from the Services provided by Smartbill, we will need to process some of your data.
Your rights
For EU citizens, under GDPR you have the right to see a full copy of any data we hold about you, and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).
This is also true for the data you hold about your customers within our Services – you need to be able to adhere to GDPR requirements too, and we are willing to support you with this. We will continue to keep you updated with our progress on this via the website, newsletters or social media.
Legal jurisdiction
Smartbill is incorporated under the laws of Australia, so we ultimately answer to the Office of the Australian Information Commissioner (OAIC) regarding Data Privacy and Protection.
Our internal Security Incident Response Policy and Procedures include notification requirements, both with the OAIC and publicly with you, our customers.
Data protection
Information Security is a priority in everything we do at Smartbill. We are constantly evaluating potential threats to understand if there is any risk to your data. As potential threats are constantly evolving, we use a number of technical and organisational measures – which are also continually adapting – to stay ahead of potential threats. The nature of our security measures is classified and vary according to circumstance, and reflect the criticality of the information we protect.
Smartbill’s operation is certified as compliant with ISO/IEC 27001, the international standard for Information Security Management.
Notice of Breach of Security
If a security breach causes an unauthorized intrusion into our system that materially affects you then Smartbill will notify you as soon as possible and later report the action we took in response.
Safeguarding Your Information
We take reasonable and appropriate measures to protect all information in our care from loss, misuse and unauthorized access, disclosure, alteration and destruction, in compliance with ISO/IEC 27001 and taking into account the risks involved in the processing and the nature of the information.
Any information you share with us will be encrypted when stored and will be encrypted as or when it travels between our servers.
Some Smartbill services require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party.
Smartbill is a business based in Australia and is governed by the laws of the State of New South Wales and the Commonwealth of Australia.
We are subject to the operation of the Australian Privacy Act and for some data we are also subject to the operation of GDPR. Here are the specific points you should be aware of:
If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act and/or GDPR, to correct that information upon your request.
If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.
Accuracy and Retention of Data
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. We will retain your information for as long as your account is active or as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
Access
We will give an individual access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request to access, correct, amend or delete information we hold about them by contacting us:
Unless it is prohibited by law, we will remove any Personal Information about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Information.
Copyright © 2021 Smartbill Pty Ltd. Smartbill® is a registered trademark of Smartbill Pty Ltd. All rights reserved. smartbill.com.au
Telecom cost certainty and savings.
Smartbill® is a registered trademark of Smartbill Pty Ltd. Copyright © 2021 Smartbill Pty Ltd. All rights reserved.
Feel free to contact us using the details below or to submit the form.
"*" indicates required fields
Enter your details so we can keep you in the loop! You can unsubscribe at any moment via the link in the footer of each newsletter.
"*" indicates required fields