Our Privacy Policy

Granted, this is probably the most boring page on our website, but it's also the most important. We last updated this privacy policy on 14 April 2021.

Our Commitment

Although Openly is not automatically bound by the Australian Privacy Act (Privacy Act) due the annual turnover exemption, we have voluntarily opted-in to be bound by the Privacy Act to demonstrate our commitment to securing your personal information.

Confirmation of our opt-in can be found on the Office of the Australian Information Commissioner's privacy opt-in register.

Opting-in to be bound by the Privacy Act is a significant step in protecting your personal information, because the Privacy Act imposes specific obligations upon Openly that would otherwise not be required.

This privacy policy outlines the personal information handling practices of Openly.

To ensure our privacy policy is easy to understand, we have taken care to write it in easy to understand language. If you would like to review our specific legal obligations, you can refer to the Privacy Act. The Australian Privacy Principles are found within the Act. Be warned though, it’s not a fun read!

Why we collect personal information

We collect, hold, use and disclose personal information to carry out our business functions. These functions may include:

  • providing privacy news and privacy advice to individuals
  • providing data breach alerts and guidance
  • consulting with organisations, for example, on privacy matters
  • maintaining registers, such as the Openly Privacy Register
  • responding to access to information requests
  • handling privacy complaints
  • offering Openly For Business services
  • communicating with the public, organisations and the media
  • assessing suitable candidates for career opportunities within Openly

When we collect personal information

We always limit the collection of personal information to ensure we only collect what we need to carry out a business function.

We will only ever collect personal information about you when you give it to us directly. Openly will never collect personal information about you.

We may collect personal information about you when you:

  • contact us to ask for information or advice, but only if it is required to properly process your request
  • make a complaint about an Openly Certified entity, but only if it is required to properly investigate your complaint
  • subscribe to receive marketing communications like emails
  • subscribe to receive data breach alerts
  • ask for access to information that Openly holds about you
  • apply for a job vacancy at Openly
  • apply to become an Openly Certified entity
  • join Openly For Business

What personal information we collect

We collect personal information to operate our business, however this is always opt-in and in most cases we will give you the opportunity to contact us anonymously. You will see a collection notice or a link to this privacy policy when we collect personal information from you so that you can choose whether you want to consent to us collecting that information or not. We collect personal information in the following ways:


Marketing communications are only available to users who opt-in. We will never send unsolicited marketing communications. An email address is required to opt-in to receiving marketing communications via email. Without this, we are unable to create your account. You may choose to provide other personal information at the time of account creation, including your real name and phone number, however this is optional.

Data breach alerts:

An email address is required to opt-in to receiving data breach alerts via email. Without this, we are unable to create your account. You may choose to provide other personal information at the time of account creation, including your real name and phone number, however this is optional.


You may wish to send us a testimonial. If the testimonial includes your personal information, we may collect and store it. We will never share any personal information that you share with us for testimonials with third-parties.

Privacy complaints:

To submit a complaint to us relating to our handling of your privacy, we may need your real name, email address and phone number. In some cases we might be able to handle your request anonymously, so it’s best to check with us before submitting a complaint.

Complaint about an Openly Certified entity:

In most cases, you can submit a complaint about an Openly Certified Entity to us without providing any personal information, however we may require personal information about you if your complaint is specific to you, and you would like us to advise you of the outcome of your complaint.

Social media:

When we communicate with you via social media, we make every effort to avoid collecting your personal information. If you raise a query, make a request or complaint or otherwise make contact with us via social media, we may use your name and any other supplied information to process your request.

Openly Privacy Certification applicant:

When an entity wishes to apply for Openly Privacy Certification, we collect personal information about the applicant. The personal information collected about the applicant includes: first name, last name, email address, phone number and primary business address. We also collect information about the entity, however this is not classed as personal information.

Openly For Business user:

When you join Openly For Business, we collect your personal information. This personal information includes: full name, email address, phone number (sometimes) and payment information. Registered users will receive emails relating to Openly For Business, privacy news, product updates and other news relating to Openly. Registered users can opt-out at any time.

Openly Prism and Openly Prism Chat

The services of Openly Prism and Openly Prism Chat require the collection of usage data to operate correctly. We only gather usage data when you interact with Openly Prism and Openly Prism Chat for research purposes. By usage data, we mean: the pages visited, the queries made to our services, and the questions asked to Openly Prism Chat. This data is collected for research and machine learning models only. We do not log your full IP address (such as when we collect usage data. Instead we anonymise it to remove the end digits with zeros (for example This data is stored within our machine learning servers based in Australia. We will never use this information for marketing or promotional purposes. We will never link, or attempt to link, your questions back to you.

Sensitive personal information

We will never ask you to provide sensitive personal information. Never.

Website analytics

We use Plausible for our website analytics. You may be wondering why we haven't included website analytics in our reasons for personal information collection.

By using Plausible Analytics, all the site measurement is carried out absolutely anonymously. We measure only the most essential data points and nothing else.

We don’t use cookies, we don’t generate any persistent identifiers and we don’t collect or store any personal or identifiable data. All of the data that we do collect is aggregated data only and it contains no personal information.

You can see a live version of what analytics information we collect for openly.com.au here.

Overseas and third party recipients

Openly works with third-parties to provide specific functions or features that help us to run our services. These providers will have access to relevant personal information (both in an identifiable and anonymous manner) in order to provide their relevant functions.

It is important to note that some of these third-parties are located outside of Australia.

The use of information is limited to the specific purposes we've detailed below:

*Last updated on 15 March 2021.


We treat advertising and marketing differently. Marketing and promotional activities such as emails are opt-in only and can be easily opted-out of at any time.

We conduct advertising to boost awareness of our services and products, however we will never use any personal information you have shared with us for advertising. We will never upload your personal information to social media services to create custom audiences, and we will never seek to specifically target you.

In some cases, we may use advertising that targets your interests or behaviours, however this information is collected by the provider of the service (for example Facebook, Twitter or news websites), and we never get direct access to any of this personal information.


We always try to make it possible for you to interact with us anonymously. For example, if you contact us with a general query or information request, we will not ask you for personal information unless it is required to properly complete your request.

Opt-out choices

We take special care to make it easy for you to opt-out of Openly services at any time. You always maintain the right to withdraw your consent (opt-out) from any services. In some cases, this may result in service limitations but we will always let you know if this is the case before we action your request.

Marketing opt-out choices:

You can request that we stop contacting you with marketing or promotional emails by following the opt-out instructions located in the e-mails we send, or by contacting us via email.

Data breach alerts opt-out choices:

If you wish to stop receiving data breach alerts, by contacting us via email.

Testimonial opt-out choices:

If you have supplied a testimonial that we have made publicly available, you can request that we remove the testimonial from our website or social media accounts by contacting us via email.

Privacy complaint opt-out choices:

If you have submitted a privacy complaint that contains personal information, you can revoke our access to your personal information by contacting us via email. Please note that if you opt-out of supplying personal information relating to a privacy complaint, we may have to withdraw your complaint.

Complaint about Openly Certified Entities opt-out choices:

If you have submitted a privacy complaint that contains personal information, you can revoke our access to your personal information by contacting us via email. Please note that if you opt-out of supplying personal information relating to a privacy complaint, we may have to withdraw your complaint.

Social media opt-out choices:

If you share any personal information across Openly social media channels, you can request that we remove the information from these channels by contacting us via email. Please note that this may not stop this information being indexed by search engines, but we will do our best to assist you in full removal.

Openly certification:

If you have provided personal information to obtain Openly Certification, we need to keep it to continue offering our services. If you wish to opt-out of providing this personal information, we may have to cancel your certification. We can discuss your options if you wish to opt-out by contacting us contacting us via email.

Retaining your personal information

We keep your personal data for as long as necessary for the purposes set out in the section titled 'Why we collect personal information' above. We will retain your personal information for as long as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention and other business administrative purposes); generally, where we no longer have a legitimate business purpose to retain it, we will anonymise or delete such personal data within 180 days.

We may maintain your personal information longer where required for tax or accounting purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need to retain, though we will generally not keep personal data for longer than seven years following the last date of communication with you.

When you opt-out of a service, if your personal information is no longer required, we will ensure it is disposed of securly.

Security of personal information

Openly has implemented critical physical, organisational and technical measures to protect against unauthorised or unlawful access to the personal information we collect and store. We also take steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by Openly significantly reduces the likelihood of a data breach.

Here are some examples of the security controls we have in place:

  • Secure office premises;
  • Locked filing cabinets and a secure shredding practice for paper records;
  • The use of encryption, such as secure portals for document transfers and tokenization for payment card information;
  • The use of firewalls and anti-virus software to prevent unauthorised access;
  • The implementation of password vaults to ensure password complexity and reduce duplication by employees;
  • Robust authentication processes, including complex passwords for access to electronic records;
  • Limited access to personal information by employees who need the information to perform their work-related duties;
  • The use of data centers with effective physical and logical data security controls;
  • Extensive training for employees around best practice security and privacy measures; and
  • Specific policies for employess that detail improtant security and privacy protection measures.

In addition, we recommend that you do your part in protecting yourself from unauthorised access to your personal information. For example, ensure your account login credentials are not shared with anyone, ensure you only use secured networks, be wary of unexpected phone calls, emails or text messages that may be phising for your personal information, and always think twice before providing payment information (like credit card details) on other websites.

Let us know right away if your contact information changes or you find any errors in your account statements or invoices. If you have reason to believe that the security of your account has been compromised, you must immediately notify Openly of the problem in order for us to resolve the issue in a timely manner.

When Openly has links to a third-party website that is not operated or controlled by us, we are not responsible for the privacy or security practices of those websites, and these third-party websites are not covered within this privacy policy. We will always let you know if a link is going to take you off of our website, and reccommend that you take the time to familiarise yourself with the policies listed in that website before you supply any personal information.


Openly uses cookies to ensure the security of our systems, and to provide our services.

As a general rule, Openly refrains from using any third-party cookies across our website, however if they are necessary to correctly operate the website, provide security, or offer a service, we will always let you know before the page loads.

Data about children

Openly products and services are not directed toward children and we do not encourage children to provide us with any personal information. We do not knowingly collect any personal information from children under the age of 13. We encourage parents and legal guardians to monitor their children's internet usage and to help enforce our privacy policy by instructing their children never to provide personal information through our services. If you have reason to believe that a child under the age of 13, without a parent or guardian's consent has provided personal information to us through the Services, please contacting us via email, and we will delete that information immediatley.

Your privacy rights

You can ask us about the information we hold about you by contacting us via email. We will provide you with this information to you within 10 business days.

You also have a right to edit the information we hold about you if the information we hold about you is incomplete, inaccurate or no longer true by contacting us via email. We will provide you with this information to you within 10 business days.

If you are concerned about the data we hold about you, you can request that we erase that data. Please refer to the section about “retaining your personal information” for more information about how to request this and whether we can action your request.

Making a complaint

We accept privacy complaints via our secure privacy complaint webform. We aim to resolve all privacy complaints within 30 days, however we will always strive to resolve complaints sooner.

If you are dissatisfied with the outcome of a privacy complaint you submitted to Openly, and you’ve considered your options within our dispute resolution policy, you can contact the Office of the Australian Information Commissioner (OAIC). OAIC provides instructions on how you can lodge a complaint here.

Review of this policy

We are passionate about privacy and so review this policy twice yearly at a minimum. If you have any recommendations, please let us know by contacting us via email. We don’t want to clog up your inbox, so we won’t let you know about any minor changes (such as resolving spelling errors or formatting), but we will let you know if something important pops up which may impact your privacy rights.

Contacting us about privacy

Any privacy related enquires, concerns or complaints can be directed to our Designated Privacy Contact at: