This policy applies to the WattleDB website at wattledb.com.au, the WattleDB console and platform, and any related services, communications and events (together, the “Services”). By using the Services or providing us with your personal information, you acknowledge the practices described in this policy.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not, as defined in the Privacy Act.
This policy concerns personal information that we collect as the entity responsible for it. It is different from the customer data that you, as a WattleDB customer, store in databases you provision on our platform. Where you upload personal information about your own end users into your WattleDB databases, you are the entity responsible for that information and we handle it on your behalf as a service provider under our Terms of Service and Data Processing Addendum.
The kinds of personal information we collect depend on how you interact with us:
We generally do not collect sensitive information (as defined in the Privacy Act, e.g. health, racial or ethnic origin, or biometric information) about you. If you choose to store sensitive information within your own databases, you do so under the arrangements described in section 1.
We collect personal information directly from you when you join our waitlist, create an account, subscribe to a plan, contact us, or otherwise use the Services. We also collect technical information automatically through your use of the Services. Where it is reasonable and practicable, we collect personal information directly from you rather than from third parties.
We collect, hold and use your personal information for the following purposes:
Where we collect personal information for a particular purpose, we will not use or disclose it for an unrelated purpose unless you would reasonably expect us to, you have consented, or we are otherwise permitted or required to do so by law.
WattleDB is built to minimise tracking. Our marketing website does not set advertising or third-party tracking cookies, and we do not use third-party analytics services such as Google Analytics. Website visitor statistics are counted server-side and in aggregate, without setting cookies. We derive an approximate country from your IP address using an offline lookup performed on our own servers, after which the IP address is discarded and never stored. We also record aggregate, non-identifying signals such as the referring website's domain and time spent on a page (via a cookieless measurement that stores no identifiers). All of this stays on Australian infrastructure, in keeping with our sovereignty and data-minimisation commitments.
The WattleDB console uses strictly necessary cookies (or equivalent local storage) required to keep you securely signed in and to operate core functionality. These are essential to provide the Service you have requested.
We do not sell your personal information. We disclose personal information only as reasonably necessary to provide the Services, and only to recipients who are bound by appropriate confidentiality and security obligations. These may include:
In the unlikely event of a business sale, merger or restructure, personal information may be disclosed to a prospective purchaser, subject to appropriate confidentiality protections.
Data sovereignty is central to WattleDB. Customer databases, backups and the personal information described in this policy are hosted on Australian-owned infrastructure located in Australia (primary hosting in Sydney, with backup in Melbourne). We do not, in the ordinary course of operating the Services, transfer or store your personal information or customer data outside Australia, and we do not use United States–owned cloud providers for hosting.
If any limited disclosure of personal information to an overseas recipient becomes necessary (for example, a support tool used by our team), we will take reasonable steps in accordance with APP 8 to ensure the recipient handles the information consistently with the APPs, and we will update this policy to identify the relevant country where practicable.
We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure (APP 11). These steps include encryption of data in transit and at rest, hashed storage of passwords, access controls and least-privilege administration, network and application security controls, activity logging, and regular backups.
No method of transmission or storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security, and you are responsible for keeping your account credentials confidential.
We retain personal information only for as long as necessary to fulfil the purposes described in this policy, to provide the Services, and to meet our legal, accounting and reporting obligations (for example, tax and financial records are generally retained for at least five years). When personal information is no longer required and we are not required by law to retain it, we take reasonable steps to destroy it or de-identify it. Customer data stored on the platform is retained and deleted in accordance with your instructions and our Terms of Service.
You have the right to request access to the personal information we hold about you and to ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading (APPs 12 and 13). You can access and update much of your account information directly in the console. To make a formal access or correction request, contact us using the details in section 16.
We will respond within a reasonable period (and, for access requests, generally within 30 days). We do not usually charge for making a request, though a reasonable cost may apply to providing access in some circumstances. If we decline a request, we will tell you why in writing and how you can complain.
We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. If we become aware of an eligible data breach that is likely to result in serious harm to affected individuals, we will notify those individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in accordance with our legal obligations. Where you are a customer and the breach affects data you control, we will also notify you promptly so you can meet your own obligations.
We may send you marketing communications about WattleDB where you have consented or where it is otherwise permitted by law. Every commercial electronic message we send will identify us and include a functional unsubscribe facility, consistent with the Spam Act 2003 (Cth). You can opt out at any time by using the unsubscribe link or by contacting us. We will action opt-out requests promptly. Service, security and billing communications are not marketing and will continue while you hold an account.
If you have a concern about how we have handled your personal information, please contact our Privacy Officer first using the details in section 16, and we will endeavour to resolve it. We aim to acknowledge complaints within 5 business days and to provide a substantive response within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
The Services are intended for businesses and developers and are not directed at children. We do not knowingly collect personal information from individuals under 16 years of age. If you believe a child has provided us with personal information, please contact us and we will take reasonable steps to delete it.
We may update this policy from time to time to reflect changes in our practices or the law. The current version is always available at wattledb.com.au/privacy.html, and we will note the effective date at the top. Where changes are material, we will take reasonable steps to notify you, for example by email or an in-console notice. Your continued use of the Services after an update takes effect constitutes acceptance of the updated policy.
For any privacy question, request or complaint, please contact our Privacy Officer:
Privacy Officer — RR Sols Pty Ltd (trading as WattleDB)
ABN 56 672 722 486
Email: privacy@wattledb.com.au
Post: Bardia NSW 2565, Australia