Our Privacy Policy

Granted, this is probably the most boring page on our website, but it's also one of the most important. Read about how we will manage and protect your privacy.

Last Updated: 26 March 2022

Our Commitment

Although Openly is not automatically bound by the Australian Privacy Act (Privacy Act) due the annual turnover exemption, we have voluntarily opted-in to be bound by the Privacy Act to demonstrate our commitment to securing your personal information.

Confirmation of our opt-in can be found on the Office of the Australian Information Commissioner's privacy opt-in register.

Opting-in to be bound by the Privacy Act is a significant step in protecting your personal information, because the Privacy Act imposes specific obligations upon Openly that would otherwise not be required.

This privacy policy outlines how we will collect, store and disclose your personal information.

To ensure our privacy policy is easy to understand, we have taken care to write it in easy to understand language. If you would like to review our specific legal obligations, you can refer to the Privacy Act. The Australian Privacy Principles are found within the Act. Be warned though, it’s not a fun read!

Why we collect personal information

We collect, hold, use and disclose personal information to carry out our business functions. These functions may include:

  • providing privacy news and privacy advice to individuals
  • consulting with organisations, for example, on privacy matters
  • responding to access to information requests
  • handling privacy complaints
  • offering our SaaS product suite
  • communicating with the public, organisations and the media
  • assessing suitable candidates for career opportunities within Openly

When we collect personal information

We always limit the collection of personal information (where possible) to ensure we only collect what we need to carry out a business function.

We may collect personal information about you when you:

  • register to use products within the Openly Apps suite
  • subscribe to receive marketing communications like emails
  • submit a testimonial, review or feedback
  • register to attend an event or webinar that we're hosting
  • submit an enquiry to us
  • visit our offices
  • are added as a primary account contact in Openly Vendor Monitor
  • apply for a job vacancy at Openly
  • contact us on social media
  • ask for access to information that Openly holds about you
  • make a complaint
  • become an investor in Openly

What personal information we collect

We collect personal information to operate our business. In most cases we will give you the opportunity to contact us anonymously. You will see a collection notice and a link to this privacy policy when we collect personal information from you so that you can choose whether you want to consent to us collecting that information or not. We collect personal information in the following ways:

Openly Apps user:

When you register for an Openly Apps product, we collect your personal information. This personal information includes: full name, email address, phone number (sometimes) and payment information. Registered users will receive emails relating to their account, privacy news, product updates and other news relating to Openly. Registered users can opt-out at any time.

Marketing:

Marketing communications are only available to users who opt-in. We will never send unsolicited marketing communications. An email address is required to opt-in to receiving marketing communications via email. Without this, we are unable to opt you in. You may choose to provide other personal information at the time of opt-in, including your real name and phone number, however this is optional.

Testimonials, reviews or feedback:

You may wish to send us a testimonial, review or feedback. If this includes your personal information, we may collect and store it. We will never share any personal information that you share with us for testimonials with third-parties.

Events or webinars:

When you attend an event or webinar that we are hosting, we may collect personal information about you. This may include your name, email address and phone number.

Enquiries:

To submit an enquiry, we may need your real name, email address and phone number. In some cases we might be able to handle your request anonymously, so it’s best to check with us before submitting an enquiry.

Visiting our offices:

When you visit our offices, we may require you to sign in to the building using your name, email address, phone number and photo. This information is stored by Stone & Chalk, but is made available to Openly.

Primary account contact:

Openly Vendor Monitor allows users to add a primary account contact. Any user can add any primary account contact. If you are added by an Openly Vendor Monitor user, we may store your name, email address and phone number. We will never share or sell this personal information, and we will never use it for marketing or advertising.

Applying for a job:

To submit a complaint or access request to us relating to our handling of your privacy, we may need your real name, email address and phone number. In some cases we might be able to handle your request anonymously, so it’s best to check with us before submitting a complaint.

Social media:

When we communicate with you via social media, we make every effort to avoid collecting your personal information. If you raise a query, make a request or complaint or otherwise make contact with us via social media, we may use your name and any other supplied information to process your request.

Privacy complaints and access requests:

To submit a complaint or access request to us relating to our handling of your privacy, we may need your real name, email address and phone number. In some cases we might be able to handle your request anonymously, so it’s best to check with us before submitting a complaint.

Investors:

When you invest in Openly, we are required to collect personal information about you. This includes your name, email address, phone number, postal address, residential address, date of birth and government identifiers (like ABN if investing through a trust). We cannot work with investors anonymously due to legal obligations.

Sensitive personal information

We will never ask you to provide sensitive personal information. Never.

Website analytics

We use Plausible for our website analytics. You may be wondering why we haven't included website analytics in our reasons for personal information collection.

By using Plausible Analytics, all the site measurement is carried out absolutely anonymously. We measure only the most essential data points and nothing else.

We don’t use cookies, we don’t generate any persistent identifiers, we don't employ fingerprinting and we don’t collect or store any personal or identifiable data. All of the data that we do collect is aggregated data only and it contains no personal information about you.

Don't believe us? We share our analytics data publicly. You can see a live version of what analytics information we collect for openly.com.au here.

Overseas and third party recipients

Openly works with third-parties to provide specific functions or features that help us to run our services. These providers will have access to relevant personal information (both in an identifiable and anonymous manner) in order to provide their relevant functions.

It is important to note that some of these third-parties are located outside of Australia.

A list of these third-parties can be provided upon request.

Advertising

We treat advertising and marketing differently. Marketing and promotional activities such as emails are opt-in only and can be easily opted-out of at any time.

We conduct advertising to boost awareness of our services and products, however we will never use any personal information you have shared with us for advertising. We will never upload your personal information to social media services to create custom audiences, and we will never seek to specifically target you.

In some cases, we may use advertising that targets your interests or behaviours, however this information is collected by the provider of the service (for example Facebook, Twitter or news websites), and we never get direct access to any of this personal information.

Anonymity

We always try to make it possible for you to interact with us anonymously. For example, if you contact us with a general query or information request, we will not ask you for personal information unless it is required to properly complete your request.

Opt-out choices

We take special care to make it easy for you to opt-out of Openly services at any time. You always maintain the right to withdraw your consent (opt-out) from any services. In some cases, this may result in service limitations but we will always let you know if this is the case before we action your request.

Openly Apps user opt-out choices:

It can be difficult to remove your personal information and keep your account operational, however we will do our best to assist you. You can request that we remove the information from your account by contacting us via email.

Marketing opt-out choices:

You can request that we stop contacting you with marketing or promotional emails by following the opt-out instructions located in the e-mails we send, or by contacting us via email.

Testimonial, reviews or feedback opt-out choices:

If you have supplied a testimonial that we have made publicly available, you can request that we remove the testimonial from our website or social media accounts by contacting us via email.

Events or webinars opt-out choices:

You can request that we remove personal information that we collected through an event or webinar by contacting us via email.

Enquiries opt-out choices:

If you have submitted an enquiry that contains personal information, you can revoke our access to your personal information by contacting us via email. Please note that if you opt-out of supplying personal information relating to a enquiry, we may not be able to respond.

Visiting our offices opt-out choices:

If you have concerns about the personal information we collect in person, you can discuss this with us by contacting us via email.

Primary account contact opt-out choices:

We understand that you may not want us to hold personal information about you when you aren't a direct customer of ours. If we hold personal information about you (within an Openly Apps account), you can request that we remove the information by contacting us via email.

Applying for a job opt-out choices:

When you apply for a job, we need certain personal information to process your application. You can revoke our access to your personal information by contacting us via email. Please note that if you opt-out of supplying personal information relating to a job application, we may not be able to consider your application.

Social media opt-out choices:

If you share any personal information across Openly social media channels, you can request that we remove the information from these channels by contacting us via email. Please note that this may not stop this information being indexed by search engines, but we will do our best to assist you in full removal.

Privacy complaints and access requests opt-out choices:

If you have submitted a privacy complaint that contains personal information, you can revoke our access to your personal information by contacting us via email. Please note that if you opt-out of supplying personal information relating to a privacy complaint, we may have to withdraw your complaint.

Investor opt-out choices:

We cannot allow investors to opt-out of personal information collection and use due to legal obligations.

Retaining your personal information

We keep your personal data for as long as necessary for the purposes set out in the section titled 'Why we collect personal information' above. We will retain your personal information for as long as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention and other business administrative purposes); generally, where we no longer have a legitimate business purpose to retain it, we will anonymise or delete such personal data within 30 days.

We may maintain your personal information longer where required for tax or accounting purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need to retain, though we will generally not keep personal data for longer than seven years following the last date of communication with you.

When you opt-out of a service, if your personal information is no longer required, we will ensure it is disposed of securely.

Security of personal information

Openly has implemented critical physical, organisational and technical measures to protect against unauthorised or unlawful access to the personal information we collect and store. We also take steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by Openly significantly reduces the likelihood of a data breach.

Here are some examples of the security controls we have in place:

  • Secure office premises;
  • Locked filing cabinets and a secure shredding practice for paper records;
  • The use of encryption, such as secure portals for document transfers and tokenization for payment card information;
  • The use of firewalls and anti-virus software to prevent unauthorised access;
  • The implementation of password vaults to ensure password complexity and reduce duplication by employees;
  • Robust authentication processes, including complex passwords for access to electronic records;
  • Limited access to personal information by employees who need the information to perform their work-related duties;
  • The use of data centres with effective physical and logical data security controls;
  • Extensive training for employees around best practice security and privacy measures; and
  • Specific policies for employees that detail important security and privacy protection measures.

In addition, we recommend that you do your part in protecting yourself from unauthorised access to your personal information. For example, ensure your account login credentials are not shared with anyone, ensure you only use secured networks, be wary of unexpected phone calls, emails or text messages that may be phishing for your personal information, and always think twice before providing payment information (like credit card details) on other websites.

Let us know right away if your contact information changes or you find any errors in your account statements or invoices. If you have reason to believe that the security of your account has been compromised, you must immediately notify Openly of the problem in order for us to resolve the issue in a timely manner.

When Openly has links to a third-party website that is not operated or controlled by us, we are not responsible for the privacy or security practices of those websites, and these third-party websites are not covered within this privacy policy. We will always let you know if a link is going to take you off of our website, and recommend that you take the time to familiarise yourself with the policies listed in that website before you supply any personal information.

Cookies

Openly uses cookies to ensure the security of our systems, and to provide our services.

As a general rule, Openly refrains from using any third-party cookies across our website, however if they are necessary to correctly operate the website, provide security, or offer a service, we will always let you know before the page loads.

Data about children

Openly products and services are not directed toward children and we do not encourage children to provide us with any personal information. We do not knowingly collect any personal information from children under the age of 13. We encourage parents and legal guardians to monitor their children's internet usage and to help enforce our privacy policy by instructing their children never to provide personal information through our services. If you have reason to believe that a child under the age of 13, without a parent or guardian's consent has provided personal information to us through the Services, please contacting us via email, and we will delete that information immediately.

Your privacy rights

You can ask us about the information we hold about you by contacting us via email. We will provide you with this information to you within 10 business days.

You also have a right to edit the information we hold about you if the information we hold about you is incomplete, inaccurate or no longer true by contacting us via email. We will provide you with this information to you within 10 business days.

If you are concerned about the data we hold about you, you can request that we erase that data. Please refer to the section about “retaining your personal information” for more information about how to request this and whether we can action your request.

Making a complaint

We accept privacy complaints via our secure privacy complaint webform. We aim to resolve all privacy complaints within 30 days, however we will always strive to resolve complaints sooner.

If you are dissatisfied with the outcome of a privacy complaint you submitted to Openly, and you’ve considered your options within our dispute resolution policy, you can contact the Office of the Australian Information Commissioner (OAIC). OAIC provides instructions on how you can lodge a complaint here.

Review of this policy

We are passionate about privacy and so review this policy twice yearly at a minimum. If you have any recommendations, please let us know by contacting us via email. We don’t want to clog up your inbox, so we won’t let you know about any minor changes (such as resolving spelling errors or formatting), but we will let you know if something important pops up which may impact your privacy rights.

You can also keep an eye on us in Openly Vendor Monitor.

Contacting us about privacy

Any privacy related enquires, concerns or complaints can be directed to our privacy team at: