Our Intention

We are Silversix, the company behind CIOPulse. At Silversix, we are committed to protecting your privacy and security as a Visitor to our websites, a User of CIOPulse, or a Subject associated with the Feedback Data captured by CIOPulse.

We use the information we collect about you and our Customers, and those our Customers choose to collect Feedback Data from and about, for delivering and improving our services.

Silversix respects the privacy and confidentiality of the information we collect and adheres to the Australian Privacy Principles and the EU General Data Protection Regulations (GDPR).

Parties

This Privacy Policy describes how Silversix Pty Ltd (“Silversix”, “we”, “us”) use, store, share and process your information in connection with the services we offer and deliver.

This Privacy Policy applies when you (“Visitor”, “User”, “Subject”) access, visit or use any part of our CIOPulse service at cio-pulse.com (“CIOPulse”) or our company website at silversix.com.au (“company website”) (collectively, our “websites”).

For the purposes of this Privacy Policy:

– A “Visitor” is a person who visits our websites.

– A “Subscriber” is a Visitor who has given explicit permission for us to send them information on an ongoing basis at an agreed frequency, e.g. updates from our blog or information about our products or services.

– A “Customer” is an organisation who is licensed to use CIOPulse.

– A “User” is a person who a Customer has authorised to use of CIOPulse.

– A “Subject” is a person who either: provides feedback (“Feedback Data”) using CIOPulse at the request of a Customer; Or, is a person who the feedback is about (typically an employee or sub-contractor of a Customer).

Please read our Privacy Policy below carefully.

Storage and Security of your Information

All CIOPulse data is stored in a secure (ISO27001 compliant) data centre in Sydney, Australia. In addition, Feedback Data collected by CIOPulse is captured and stored temporarily on secure Amazon Web Sevices (AWS) infrastructure in Virginia, USA before being securely transferred (encrypted via HTTPS) to our Australian data centre. The only Feedback Data temporarily stored in Virgina USA, is the information our Customer chooses to provide in the CIOPulse survey or form URLs, and the information (typically ratings and free-form text) you, as a Subject, enter when you complete the survey or form

We have appropriate technical and organisational measures in place to secure your data against unauthorised use or access.

We will not knowingly share your data with any third party other than our sub-contractors who assist us in delivering information and services to you. To the extent that we do share your information with a sub-contractor, we would only do so if the sub-contractor has privacy and security standards that equal or exceed our own. Our sub-contractors involved in processing your data are compliant with the General Data Protection Regulations (GDPR).

The information we store, and the use we put it to, varies depending on your role when you visit our websites:

Visitors & Subscribers

Visitors to our websites may have cookies stored on their web browser as described below under ‘Cookies’.

When requesting an eBook, scheduling a meeting with us, becoming a Subscriber (e.g. by signing up for our blog), or contacting us with an enquiry, we collect and store the basic contact information you provide, such as name, email address and phone number, so that we can fulfil your request.

Provided you have given your prior and explicit consent, we may from time to time, use your contact details to inform you of other services that we think may interest you.

If you wish to cease receiving such information, you can do so by contacting us or by opting out of email communications by following the instructions in those emails and by clicking unsubscribe.

Your personal information is not used for any other purpose other than that described.

Users

Users may have cookies stored on their web browser when they access CIOPulse as described below under ‘Cookies’.

As a User, CIOPulse will store basic information about you. At a minimum this will be your work email address. CIOPulse may also store your job title and your work mobile phone number. CIOPulse uses your mobile number and email address to deliver the functionality of the service, such as sending you alerts, reports and notification. Your job title is only used to identify you to other Users of CIOPulse.

All personal information about CIOPulse Users is maintained by the administrator(s) of CIOPulse nominated by our Customer.

Your personal information is not used for any other purpose other than that described.

Subjects

Subjects may have cookies stored on their web browser when they use CIOPulse to provide feedback as described below under ‘Cookies’.

When you use CIOPulse to provide feedback you could be disclosing information that make you or others personally identifiable to us and our Customers.

For more information concerning the protection of privacy when providing feedback, you must contact our Customer directly; the entity using CIOPulse to collect feedback from or about you. It is our Customer’s responsibility to ensure that collection and processing of data is done in accordance with the privacy legislation that applies to you, such as GDPR for EU citizens. The purpose for which they collect Personal Data and Feedback Data will be defined by our Customer. The duration for which it is kept is also determined by our Customer.

We are a data processor and do not control the Personal Data or Feedback Data, but rather process it on behalf of our Customer.

How do we use your data?

As a Visitor or Subscriber we use your contact information to provide you with the information you have explicitly requested, e.g. to send you a periodic newsletter of our blog posts or an eBook.

As a User we use your contact information to provide you with access to CIOPulse and to send you updates, reports and SMS messages as part of the CIOPulse service.

If you are a Subject, we store an identifier for you with the Feedback Data you are associated with. Our Customer determines what is used as this identifier, e.g. an email address, a personnel ID, a first name. Our Customer therefore determines whether Subjects are personally identifiable in our Feedback Data.

Our Feedback Data contains free-form text feedback from Subjects who complete CIOPulse surveys or forms. This verbatim feedback may refer to individuals by name which may make them personally identifiable.   We use Feedback Data to provide the CIOPulse service to our Customers, for example to calculate a Net Promoter Score, or produce reports containing survey responses.

From time-to-time we may use your Feedback Data, anonymised and aggregated, for statistical and research purposes, including publishing our findings as articles, whitepapers, blog posts or eBooks. For example, we may use aggregated, anonymised Feedback Data to identify the number one customer service issue within corporate departments.

We will not market to any Users, Subjects or any individuals identifiable within the Feedback Data. We will not sell or share Feedback Data. We will not access your data for non-administrative reasons.

Cookies

A cookie is a small file placed in your web browser that collects information about your web browsing behaviour. Use of cookies allows a website to tailor its configuration to your needs and preferences. Cookies do not access information stored on your computer or any personal information (e.g. name, address, email address or telephone number).

Most web browsers automatically accept cookies but you can choose to reject cookies by opting out when you visit our websites. By consenting and continuing to visit our websites, you agree to the placement of cookies on your device. By opting out, you may be prevented from taking full advantage of our websites or CIOPulse.

Cookies used by our website include:

– Typeform cookies: Typeform is our data collection engine. Typeform cookies enable CIOPulse surveys and forms to work.

– Google Analytics cookies: Used to help us understand where the traffic to our websites has come from.

– Unbounce cookies: Unbounce is the website builder used for our cio-pulse.com product page. We trial (“A-B test”) different versions of our web pages to see which ones are most effective. Unbounce cookies are used to ensure we keep displaying the same version of a page to you rather than changing the content every time you visit.

– Drip cookies: Drip is our email marketing software. Drip cookies are used to display forms on our websites that enable visitors to request eBooks.

– Hotjar cookies: Used to show us where Visitors browse and click on our cio-pulse.com product page so that we can improve the design of our website.

– HubSpot cookies: Hubspot is our CRM. Hubspot cookies are used to keep track of who requests information (such as an eBook) or schedules a meeting with us from our cio-pulse.com product page.

Vimeo cookies – Used to make the video player work on our cio-pulse.com product page.

– CIOPulse cookies: Used to allow you to stay signed in to CIOPulse without needing to keep re-entering your login credentials.

You can see details of the cookies we use on our websites, and to manage your consent for us to install these cookies here:

Cookie Declaration for silversix.com.au.

Cookie Declaration for cio-pulse.com.

Logging Data

When you use our websites, our servers may automatically collect and store information, including information that your browser sends whenever you visit a website. This log data may include, but is not limited to, your Internet Protocol (IP) address, the operating system you are using, the date and time of your accessing our websites, geolocation information, type of device, cookie data, and browser signatures.

We log the IP address of any Visitor to any of our web pages for security purposes, for example to identify unauthorised attempts to access CIOPulse.

Disclosure of your Information

We may from time to time need to disclose certain information, which may include your Personal Data and Feedback Data, to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.

If we are compelled or information is requested under an Australian law or a court or tribunal order, we are obligated and would ensure all compliance with this request (Australian Privacy Principle 6). In the event you receive such an order, we would do all that was possible to assist you to comply with this request on presentation of such an order or requirement.

Also, Silversix may use your Personal Data and Feedback Data to protect the rights, property or safety of Silversix, its Customers or third parties.

If there is a change of control in one of our businesses (whether by merger, sale, or otherwise), or a sale or transfer of its assets, Customer information, which may include your Personal Data and Feedback Data, could be disclosed to a potential purchaser under an agreement to maintain confidentiality, or could be sold or transferred as part of that transaction.

Finally, we would only disclose your information in good faith and where required by any of the above circumstances.

Third Parties

Silversix does not and will not sell or deal in personal or Customer information. We will never disclose your Personal Data or Feedback Data to a third party except the necessary information required by providers to provide the services you have purchased, or to protect the rights, property or safety of Silversix, its Customers or third parties or if required by law.

Security

We have controls in place to ensure we maintain the security of our systems and integrity of the storage of our Customer information, including performing regular and unscheduled checks on our system. As our business relies substantially on the collection, analysis and storage of Customer information, data security is a primary requirement. We make all best efforts to ensure we are not exposed to hacking or other access by external sources.

These are normal obligations in the ordinary course of our business and we take any breaches seriously. In the event of any breach, we would immediately notify all Subscribers and Customers of any potential or actual issues that may have resulted from any breach in our systems and would take immediate action to remedy the cause of the breach.

Our Information Security Policy is available upon request.

Transition of Data upon Expiry or Termination of Service

At any time, Customers may request a CSV extract of their Feedback Data.

On expiry or termination of any contract we will also provide Customers with a CSV extract of all their Feedback Data, upon written request.

We automatically delete the feedback and User data of former Customers in a secure manner, and in accordance with the data protection and privacy laws within 3 months of contract expiry or termination, or sooner upon written request.

Links

Our websites may contain links to other websites. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Silversix is not responsible for the privacy practices of such other websites. We encourage our Users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personally identifiable information.

EU Citizens

Visitors & Subscribers

Our responsibilities are as a “controller” under the GDPR

If you are a resident of the European Economic Area (“EEA”) you have certain rights and protections under the GDPR regarding the processing of your Personal Data. We are a controller under the GDPR as we collect, use and store your Personal Data to enable us to provide you with our services and information about them.

We rely on the following lawful means of processing your Personal Data;

1. Where you have given us valid consent to use your Personal Data, we will rely on that consent, and only use the Personal Data for the specific purpose for which you have given consent. For example, when you consent to receiving our regular newsletters, we will only email you for this purpose.

2. We may also process your Personal Data where it is to further our legitimate interests where they are overridden by your rights or interests. This could include usage statistics, analytics and internal analysis so we can improve our services.

Your rights

If you are an EEA resident, you have various rights including:

  • Right to be informed;
  • Right of access;
  • Right to rectification;
  • Right to object;
  • Right to restriction of processing;
  • Right to erasure or to be forgotten;
  • Right to data portability;
  • Right not to be Subject to automated processing.

If you would like to access or rectify your Personal Data you can do so by contacting us. In some circumstances, you also have a right to object to or ask that we restrict certain processing activities or delete your Personal Data. If you would like to limit or request deletion of your Personal Data or to exercise other rights, you can do so by contacting us and we will action your request as soon as reasonably possible.

Withdrawing your consent

You can withdraw your consent to our collection or processing of your Personal Data. You can do so by contacting us or by opting out of email newsletter communications by following the instructions in those emails and by clicking unsubscribe.

If you withdraw your consent to the use of your Personal Data, you may not have access to our services, and we might not be able to provide you with our services at any time in the future.

In some circumstances where we have a legal basis to do so we may continue to process your information after you have withdrawn consent, for example if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our services secure.

Our compliance

All Personal Data stored on our platform is treated as confidential. It is stored securely and is accessed by authorised personnel only. Our collection is limited in relation to what is necessary, for the purpose for which the Personal Data is processed, and kept only for so long as is necessary for the purpose for which the Personal Data was collected. We implement and maintain appropriate technical, security and organisational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.

Your acknowledgement

By providing us with your Personal Data, you consent to us disclosing it to third parties who reside inside or outside the EU to our service providers or as otherwise outlined in this Privacy Policy. We will ensure that those third parties comply with the GDPR.

Your Personal Data will not be disclosed to any third party except for providing the services you requested or as otherwise required by law.

Subjects

If you are an EU citizen completing a CIOPulse survey or form (“providing feedback”), you could be disclosing information (“Feedback Data”) that make you or others personally identifiable to us and our Customers.

For more information concerning the protection of privacy when providing feedback, you must contact our Customer directly meaning the entity who has contracted with us and is using CIOPulse to collect feedback from you. It is our Customer’s responsibility to ensure that collection and processing of data is done in accordance with the GDPR. The purpose for which they collect the Personal Data and Feedback Data will be defined by our Customer. The duration for which it is kept is also determined by our Customer. We are a data processor and do not control the Personal Data or Feedback Data, but rather process it on behalf of the Customer.

We will not process your Personal Data or Feedback Data for other purposes or by other means than that instructed by or explicitly approved by our Customers.

Customers

Our responsibilities are as a “processor” under the GDPR

We are a processor for our Customers who collect Personal Data and Feedback Data. Our obligations as a processor under the GDPR include but are not limited to:

  • Not to use a sub-processor without the prior written authorisation of our Customer;
  • To co-operate with supervisory authorities;
  • To ensure the security of processing;
  • To notify any personal data breaches to our Customers.

If you are an EU Customer you must indicate to us why you are collecting Personal Data and Feedback Data, what you will do with it, the duration it needs to be held, and whether it should be deleted or returned.We will only process the Personal Data and Feedback Data in accordance with documented instructions from you.

We guarantee that we have appropriate technical and organisational measures in place to ensure a level of security appropriate to the risk, and to ensure compliance with the GDPR. We also have organisational policies in place including an Information Security Policy (available on request). Furthermore, all employees of ours authorised to processes the Personal and Feedback Data have expressly committed themselves to duty of confidentiality.

We will assist you to satisfy your responsibilities under the GDPR in particular in relation to security obligations and data breach notifications. We will make available to you all information necessary to demonstrate compliance with the obligations under the GDPR. In particular, we will:

– only use third parties for processing if you have granted your prior written consent;

– cooperate with the relevant supervisory authority in the event of an enquiry;

– notify you of any transfers to a third country and ensure they provide adequate protections in accordance with the GDPR;

– also notify you if in our opinion an instruction of yours infringes the GDPR.

Our sole obligation to you where a User or subject wishes to exercise their rights, is to notify you that a right has been exercised. We will not deal with or respond to requests, but will assist you where you require assistance to comply with your obligations. We will if necessary retain a copy with the data blocked or obfuscated.

Changes in Privacy Policy

As we plan to ensure this Privacy Policy remains current, this policy is Subject to change. We will notify you of any material changes to our Privacy Policy in one of the following ways:

– Visitors: You may view our current Privacy Policy by following the link on our websites.

– Subscribers: We will send you an email notifying you of the changes and asking for your consent to remain a Subscriber.

– Customers: We will email your nominated contact of the changes and ask for consent on behalf of your organisation.

– Users and Subjects: It is our Customer’s responsibility to ensure we have the consent of their Users and Subjects. We do not control the Personal Data of Users and Subjects, but process it on behalf of the Customer.

If you have any questions or concerns at any time about our Privacy Policy or the use of your Personal Information, please contact us at enquiry@silversix.com.au.