This document is the Privacy Policy, and is incorporated into the Terms of Use by virtue of that document. This Privacy Policy describes the way that DocEvent Pty Ltd (“Operator”) collects, holds and discloses information about individuals. As this Privacy Policy is intended to be read with the relevant Terms of Service, any terms not herein defined shall have their respective meaning as defined in the relevant Terms of Service in which they appear.
Please note that this Privacy Policy must be accepted if you decide to use the Service as it forms part of the Agreement between you and the Operator.
This policy is designed to be GDPR and CCPA compliant. A copy of our DPA is provided as a separate document available on our website. For specific questions that you have regarding these policies contact our service team at support@docevent.io for assistance.
The Operator confirms that it takes your privacy seriously and will only provide your personal information to the extent permitted under this policy.
The Operator will vary this Privacy Policy from time to time, and will post any amended or updated policy on the Site. Changes to this Privacy Policy are effective when they are posted on the Site regardless of whether you have actual notice of those changes.
The Operator recognises the importance of protecting the privacy of information collected about visitors and registered users of the Service and, in particular, information that is capable of identifying an individual (all of such information being “personal information”).
Information the Operator Collects
For the purpose of providing the Services, the Operator collects personal information, including:
- Email address and any other information you provide during registration with the Service;
- information about third parties that also utilise the Services or do business with the Operator;
- technical information, including business names and addresses, application information and any data relating to your applications and users that are necessary in providing the Service;
- any information disclosed by persons providing feedback or otherwise communicating with the Operator via any medium;
- information related to payment of fees charged by the Operator for use of the Service, including credit card or bank details;
- the IP Address of the network you are using; and
- any information provided by persons when registering or operating an Account or otherwise using the Service or the Site.
As the Operator does not allow a person under the age of 18 to use the Service, it generally does not collect information relating to minors. Should such information be inadvertently collected by the Operator, the Operator will take measures to remove and/or destroy such information when the Operator becomes aware that such information has been collected.
Please note, if you do not provide the Operator with certain personal information which is required to provide the Service to you, it will affect your ability to use the Service.
Information such as private keys and authentication tokens that must be used by the Service in decrypted format are kept encrypted using a third party service (Amazon AWS KMS). Passwords used purely for verification are never stored in plaintext: account login is handled by a managed authentication service (AWS Cognito), and where the Operator stores service credentials directly they are protected using a salted one-way hash (bcrypt).
The Operator recognises that the Service will allow you to remove or delete information from the Service, however, the Operator does not guarantee that you will always be able to remove all information, nor that any information provided by you can be recalled or altered and will be the absolute property of the Operator.
Removal request
You can make a request to remove all identifiable information by sending an email to support@docevent.io where we can process your removal request in our service and in any third party services we use.
Use and Disclosure of Your Personal Information
The Operator uses your personal information for the purposes for which it was collected and related purposes, including to:
- provide the Service to you, to manage an account for the Service, and to improve the Service;
- provide you with information, if you tell us you want to receive it, about developments, events or other products and services that may interest you;
- facilitate internal business operations, including to fulfil legal and accounting requirements;
- create, improve or edit content on the Site;
- billing related matters;
- assist in any marketing and advertising related to the Operator’s business, including by providing or sharing your personal information with partners or affiliates of the Operator;
- investigate complaints;
- monitor use of the Site;
- provide support;
- on a confidential basis to external service providers so that they can provide financial, administrative, IT or other services in connection with the operation of the Service or any other business of the Operator;
- share with the Operator’s affiliates, agents and representatives for any of such purposes; and
- do any other act reasonably connected to help fulfil the obligations as stated in this Privacy Policy and the Terms of Service.
By providing the Operator with your personal information, you consent to allow the Operator to contact you via any email address and/or mobile telephone number you have provided, and you consent to allowing the Operator to send any notices, including notices required by law, in lieu of communication by postal mail, to you using your email address and/or mobile telephone number. Other notices the Operator will send to you include updates about changes and features of the Service, and important news that will impact your use of the Service. These communications are considered directly related to your use of the Service, and may contain banners, ads or promotional material.
The Operator may also share your personal information or provide it to other third parties not expressly permitted under this Privacy Policy but only with your prior consent.
Except as otherwise described in this Privacy Policy, the Operator will not disclose personal information to any third party unless required to do so by law or if it believes that it is necessary to (a) comply with the law or aid any affiliates to comply with the law, (b) investigate, prevent, or take action regarding suspected or actual illegal activities, (c) enforce the Terms of Service, (d) investigate or resolve complaints involving the Operator giving rise to any civil liabilities, (e) to protect the security or integrity of the Site, (f) to aid any other Government agency in the investigation of matters or for the protection of the rights, property, or personal safety of the Operator, users of the Service or others.
The Operator notes that in the event it wishes to sell its business, including the Service or any part thereof, it will transfer all personal information that it collects to the purchaser of the business as a ‘business asset’. The Operator will also transfer or assign personal information in the course of corporate divestitures, mergers or dissolutions.
Transfer of Personal Information
The Operator uses third party services (subprocessors) in connection with the Service. As of the date of this policy these are:
- Amazon Web Services (AWS) — cloud hosting, storage, encryption and infrastructure;
- Stripe — payment processing;
- Elastic (elastic.co) — search and logging infrastructure;
- Google — analytics and advertising measurement (Google Analytics 4 and Google Ads);
- Microsoft — advertising measurement (Bing / Microsoft Ads); and
- Hotjar — product and usage analytics.
The personal information recorded in these third parties is limited to what each requires for its function — for example, email address and billing information for payment and support, account and usage data hosted on our cloud infrastructure, and online identifiers used for analytics and advertising measurement.
Personal information is never sold to any third party, and is used only for the purposes of hosting, support, authentication, billing, and analytics and advertising measurement.
Non Personal Information (data processing)
The operator does not store any information about data contents of files and messages sent and received. For purposes of customer usability, billing and logging meta-data is recorded and stored about files, this includes, filename, filesize, date and time, and operation type.
Retention period
Personal information is recorded in our systems and third parties until such time that the relationship between the customer and the operator is deemed by the operator to no longer exist. At any point the customer can notify support@docevent.io to request removal of all personal information from our service and any third party providers we use.
Withdrawing consent
The customer has the right to withdraw consent from this policy at any time, by doing so no services by the operator can be further provided.
Protecting Your Personal Information
The Operator takes reasonable steps to protect all information it collects and stores (including your personal information) from misuse, loss, unauthorised access, modification or disclosure.
The Operator takes reasonable steps to hold information securely in electronic or physical form.
We store information in access controlled premises or in electronic databases requiring logins and passwords.
You may request access at any time to personal information the Operator holds about you, though you may be required to pay a fee for access to such information.
The Operator’s servers may automatically log information created by your use of the Service and/or Site. Such information may include your IP address, browser type, the referring domain, pages visited and search items.
The Operator may use a variety of services hosted by third parties to help provide the Service, such as mailing list services, billing services, survey services and server monitoring services. These services may collect information sent by your browser as part of a webpage request, such as cookies or your IP request. However, the Operator has no access to or control over such cookies or the information that these services collect; this Privacy Policy applies solely to information collected by the Operator.
Following termination or deactivation of your Account, the Operator will retain your billing information for a reasonable time for financial audit purposes.
There is always a risk involved in sending information through any channel over the Internet and you send information over the Internet entirely at your own risk. To the extent permitted by law, the Operator will not be responsible for any unauthorised access or use of this information. However, you can take steps to minimise this risk by keeping your Account details secret.
What are your data protection rights?
- The right to access — You have the right to request the Operator for copies of your personal data. We may charge you a small fee for this service.
- The right to rectification — You have the right to request that the Operator correct any information you believe is inaccurate. You also have the right to request the Operator to complete the information you believe is incomplete.
- The right to erasure — You have the right to request that the Operator erase your personal data, under certain conditions.
- The right to restrict processing — You have the right to request that the Operator restrict the processing of your personal data, under certain conditions.
- The right to object processing — You have the right to object to the Operator’s processing of your personal data, under certain conditions.
- The right to data portability — You have the right to request that the Operator transfer the data that we have collected to another organization, or directly to you, under certain conditions.
CCPA Amendments, effective Dec 3, 2019
With respect to the CCPA, the operator shall not (a) Sell Personal Information or (b) retain, use, or disclose any Personal Information for any purpose other than for the specific purpose of providing the services specified, including retaining, using, or disclosing Personal Information for a Commercial Purpose.
The operator shall promptly take such actions and provide such information as Customer may request to help Customer fulfill requests of individuals to exercise their rights under the CCPA and other applicable privacy laws, including, without limitation, requests to access, delete, opt out of the sale of, or receive information about Personal Information pertaining to them. The Operator agrees to cooperate with Customer to further amend the Agreement as may be necessary to address compliance with the CCPA or other applicable privacy laws.
Contacting the Operator
If you have any questions or complaints about this policy or if you wish to request access to your personal information, please email support@docevent.io. We will provide an initial response to your request within 7 days, and will complete your request within one month.