Personal data Source
- Data captured in web browser
- Yodlee Data feeds
- Direct Bank data Feeds
- Owner/Employee Data entry
- Advisor Data entry
- 3rd party apps and systems
Data Subjects
- Public
- Customers
- Customers of customers
- Partners
- Prospects
- Ex Customers and Partners
- Suppliers
- Accountants
- Employees
- Regulatory Authorities
- Banks
- Payment Providers
- Add-on Partners
- Bank account details
- Credit card identifiers (Credit Cards are NOT stored)
Personal Data
- Contacts details
- Tax File Numbers
- Super Details
- Leave
- HR Information
- Medical Certificates
- Devices used profiles
- App usage location
- Resumes
- Employment Details
- Transaction History
- Image of Subject (Profile)
Purpose of Processing
- Billing Customers
- Payroll for Staff
- Managing Partners
- Security Checks
- Contact management
- Sales and Marketing
- System notices & email
- Employment Details
- Transaction History
- Profile Image of Subject
- Legal Matters
Lawful Processing
- Contract
- Consent
- Opt-ins
- Legal obligations
- Public Interest
Data Security
- Authentication
- Secure connection Management
- External Interface protection
- Co-mingled data protection
- Data governance
- Operations Security
- Supplier security
- Developer environment security
- Office security
- Data destruction security
- User security monitoring
- Audit trails
- Secure admin environments
Data Retention
- Analytics data – 26 Months
- Customer cancellation – 1 month file is deactivated.
- Customer cancellation – 3 months file is deletable.
- Email lists – 1 year of user inactivity.
- Backup records – 1 month.
- Billing required – Can be pseudo anonymised.
Data Recipients
- Australian Tax Office, Inland Revenue (NZ), HMRC (UK)
- Court requests and subpoena’s
- ASIC/ACCC requests
- Processor – Google
- Processor – Apple
- Saasu Processor – Rackspace and Amazon
- Sub-processor – Australia Post, Couriers, Printers etc.