Vortilla Holdings Pty Ltd is committed to providing quality services to you, and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. We have adopted the National Privacy Principles (NPPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Federal Privacy Commissioner at www.privacy.gov.au. We comply with the Regulation No. 679/2016, the General Data Protection Regulation, also known as GDPR. This document includes necessary specifications.

Personal Data Controller
Kayla Russell c/o Level 1, 1044a Dandenong Rd, Carnegie, VIC 3163 Australia. We have appointed a data protection officer who may be reached via privacy@opcentral.com.au.

What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers. This Personal Information is obtained in many ways including; interviews, correspondence, by telephone, by email, via our website, from your website, from media and publications, from other publicly available sources, from cookies and from third parties. We don’t guarantee website links or policy of authorised third parties. We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing. When we collect Personal Information, we may, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Personal Data we process
We process only Personal Data User provides us by using our service:

• Name and e-mail. These are used to identify you in the system. Additionally, e-mail is used for notification of system events.
• Password in hashed form
• Used to authenticate user if configured.
• Billing information
• In case you purchase service from us, we collect additional billing information necessary for issuing an invoice.

Purpose and legal basis of processing Personal Data
Your Personal Data will be used for the purposes of the Service:

• for providing our services on the Service, to contact you in matters regarding our services (also by means of emails and messaging) and to ensure the technical functionality of our services fulfilment of contractual or pre-contractual obligations (Article 6 (1) b. GDPR).
• to analyze your use of our services and improve our services (Article 6 (1) b. and f. GDPR).
• with your express consent or instruction to carry out our business activities or send you newsletters (Article 6 (1) a. GDPR).

Access to the Personal Data
The use of Personal Data is limited to providing or improving user-facing features that are prominent in the requesting application’s user interface. All other uses of the data are prohibited except in the following circumstances:

• As necessary to improve front-facing user function.
• As necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets – with notice to users.

Additionally worth noting is that we do not allow humans to read the data, unless;

• We have first obtained the user’s affirmative agreement for specific messages;
• It is necessary for security purposes (such as investigating a bug or abuse);
• It is necessary to comply with applicable law; or as part of a merger, acquisition, or sale of assets – with notice to users
• Limited for our internal operations and the data (including derivations) has been aggregated and anonymized.

The Personal Data retention
The Personal Data is stored in the Service until User deletes their account in the service. Access log information might be collected for longer period for the purpose of establishing, exercising or defence of legal claims.

Your rights
User provides Personal Data voluntarily. Without this we are not able to provide our services. We want you to always be in control of your Personal Data. To this end, you have certain rights that allow for it. Under certain conditions, you may:

• Gain access to all your Personal Data that we use or processing, and even get a copy of all of it (Article 15 GDPR)
• Correct the Personal Data that we are processing if you think that there are mistakes
• Order us to delete your Personal Data
• Restrict the Personal Data processing
• Object to processing
• Receive your Personal Data in a commonly used and machine-readable format or to transmit this Personal Data to a different provider.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information. Sensitive information will be used by us only:

• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent; or where required or authorised by law.

Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Disclosure of Personal Information
Your Personal Information may be disclosed in several circumstances including the following:

• Third parties where you consent to the use or disclosure; and
• Where required or authorised by law.

Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

Access to your Personal Information
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing. Vortilla Holdings Pty Ltd will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information. To protect your Personal Information, we may require identification from you before releasing the requested information.

Maintaining the Quality of your Personal Information
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Policy Updates
This policy may change from time to time and is available on our website.

Privacy Policy Complaints and Enquiries
If you have any queries or complaints about our Privacy Policy please contact us at: Vortilla Holdings Pty Ltd. Level 1, 1044a Dandenong Rd, Carnegie, VIC 3163 Australia.

‍

‍Note: This policy applies to all data that is provided to us by any means, including via manual entry into the system, and as collected via your voluntarily choice to utilise our integration with third party systems such as but not limited to Google Gsuite and Microsoft Office 365.