Privacy Policy — RiskSight

Introduction

This document sets out the privacy policy of RiskSight Pty Ltd ABN 43 687 933 893, trading as RiskSight, based in Adelaide, South Australia (referred to in this privacy policy as RiskSight, we, us or our).

RiskSight provides a software-as-a-service platform that assists organisations to identify, manage, analyse and report on workplace risks, hazards, incidents, controls, risk registers, bowtie analyses, checklists, templates and related operational risk-management information. In this privacy policy, we refer to our software-as-a-service platform as the 'Platform'.

We take our privacy obligations seriously and have created this privacy policy to explain how we collect, store, use and disclose personal information in connection with our website, Platform, services and related business activities.

By providing personal information to us, or by using our website or Platform, you consent to us handling personal information in accordance with this privacy policy.

We may change this privacy policy from time to time by posting an updated copy on our website and we encourage you to check our website regularly to ensure that you are aware of our most current privacy policy.

Types of personal information we collect

The personal information we collect may include the following:

account and user information, such as your name, email address, organisation name, job title, role, account status, login details and contact details (Account Information);
organisation and subscription information, such as organisation details, administrator and billing contact details, plan or trial information, subscription status or billing arrangements (Subscription Information);
Platform and technical information, such as information about how you access and use our website and Platform, including log-in activity, audit logs, device information, browser type, IP address, cookie data and other usage or diagnostic information (Technical Platform Information);
risk, safety and operational information, such as risk registers, risk assessments, incident and hazard reports, bowtie analyses, checklists, templates and other operational risk-management information entered into or generated through the Platform (Operational Information);
information about individuals identified in workplace risk, safety or incident records, such as workers, witnesses, reporting persons, injured persons and other individuals referred to in information entered into or generated through the Platform (Incident Record Information);
AI input and output information, such as prompts, queries, generated suggestions, gap analyses, suggested consequences, template or checklist content, summaries and other content processed or generated by AI-enabled or automated features (AI Information);
sensitive information as set out below; and
any other personal information provided to us, uploaded to the Platform, or otherwise required by us to provide, support, secure, test, improve or administer our website, Platform, services and related business activities.

How we collect personal information

How we collect information from you

We may collect personal information directly from you, from our customers, from authorised users of the Platform, or from third parties, including where you:

contact us through our website;
use, create or manage an account on the Platform, including when you upload, generate or otherwise provide information through the Platform; lodge, assign, investigate or manage any risk, hazard, incident, checklist, template, assessment, report or other workflow within the Platform; or use any AI-enabled or automated features within the Platform;
request support, report an issue, provide feedback, respond to surveys or participate in any beta testing, pilot or trial;
submit any of our online sign up forms, including a request for a demo;
communicate with us via email, telephone, SMS, social media platforms or otherwise;
interact with our website, social applications, services, content and advertising; and
otherwise receive goods or services from us.

How we collect information from third parties

Where possible, we collect your personal information directly from you. However, there may be occasions when we collect personal information (including sensitive information) about you from someone else. For example, we may receive personal information about you from your employer, the organisation that has authorised you to use the Platform, one of our customers, or another authorised user of the Platform, where that information is uploaded, recorded or generated through the Platform.

How you provide information for someone else

If you are providing personal and/or sensitive information on behalf of someone else, you must have the consent of that person to provide their personal and/or sensitive information to us to be collected, used, and disclosed in accordance with this privacy policy. This includes where you are an employer, customer, administrator, manager or other authorised user of the Platform who uploads, records or otherwise provides personal and/or sensitive information about another individual through the Platform. We reserve the right to request evidence of this consent.

How we collect information from cookies

We may also collect personal information from you when you use or access our website or our social media pages. This may be done through use of web analytics tools, 'cookies' or other similar tracking technologies that allow us to track and analyse your website usage. Cookies are small files that store information on your computer, mobile phone or other device and allow the creator of the cookie to identify when you visit different websites. If you do not wish information to be stored as a cookie, you can disable cookies in your web browser.

Use of your personal information

Primary purposes

We collect and use personal information for the following purposes:

to provide, operate, maintain and administer our website, Platform, services and related business activities, including to create, manage and support accounts, organisations, users, roles, permissions, plans, trials, subscriptions, billing arrangements and Platform access; provide customer support, respond to enquiries, investigate issues, troubleshoot errors and otherwise communicate with you about the Platform or our services; and provide and support AI-enabled, automated or analytics-based features within the Platform;
for record keeping and administrative purposes;
to provide information about you to our contractors, employees, consultants, agents or other third parties for the purpose of providing our website, Platform, services or information to you;
to improve and optimise our website, Platform, service offering and customer experience;
to comply with our legal obligations, resolve disputes or enforce our agreements with third parties;
to send you marketing and promotional messages and other information that may be of interest to you and for the purpose of direct marketing (in accordance with the Spam Act). In this regard, we may use email, SMS, social media or mail to send you direct marketing communications. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link);
to send you administrative messages, reminders, notices, updates, security alerts, and other information requested by you; and
to consider an application of employment from you.

Secondary purposes

We may also use your personal information for:

secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use;
such purposes where we reasonably believe that use of your personal information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent;
any other purpose for which we receive consent from you; or
any other purpose which is permitted or required under applicable privacy laws.

How we disclose your personal information

We respect your privacy, and we will take reasonable steps to keep your personal information confidential and protected. We may disclose your personal information to:

our professional advisors such as lawyers, accountants and auditors;
our related entities;
our customers, including the organisation using the Platform, and its authorised users (such as administrators, managers or other users with relevant access permissions), where reasonably necessary to provide, administer, support, secure or improve the Platform or our services;
third party contractors and service providers who assist us to provide and manage our website, Platform and services, such as cloud-service providers, IT service providers, software providers, analytics providers, payment processors, marketing providers and debt collection agencies; and
any third parties you have consented personal information to be disclosed to.

We take care to work with such third parties who we believe maintain an acceptable standard of data security and require them not to use your personal information for any purpose except for those activities we have asked them to perform on our behalf.

We will not otherwise disclose your personal information unless:

you have consented to us disclosing your personal information for particular circumstances;
disclosure is needed in an emergency or in connection with investigating suspected unlawful activity or serious misconduct;
we are required to disclose under a subpoena, court order or other mandatory reporting requirements;
we reasonably believe that disclosure of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent;
it is reasonably necessary for the establishment, exercise or defence of a legal claim; or
it is otherwise authorised or required by law.

Automated decision-making

The Platform may include AI-enabled, automated or analytics-based features that assist customers and authorised users to analyse, summarise, categorise and report on information entered into or generated through the Platform. These features may assist with gap analysis, identifying similar risks, suggesting potential consequences, generating checklist or template content, and preparing summaries or reporting narratives.

These features are intended to support human review and decision-making by our customers and authorised users. Unless otherwise expressly stated by us, they are not intended to make final decisions about individuals, including any employment, disciplinary, workplace health and safety, insurance or legal decisions.

We do not use customer risk, safety or operational information entered into the Platform to train general-purpose AI models, unless otherwise notified to you or agreed with the relevant customer. If you have concerns about an AI-enabled or automated output, you can contact us at hello@risksight.com.au.

Storage of your personal information

All personal information we collect is stored on servers located in Australia and, for the most part, we do not disclose or transfer personal information overseas.

However, the cloud service providers we engage to provide us Australian-based servers may operate overseas disaster recovery sites or have personnel overseas who may access the personal information we hold to assist us in managing our servers.

We may also use Google Analytics to track web traffic information. Google operates Google Analytics and may store information across multiple countries.

When you communicate with us through a social media service such as Facebook or LinkedIn, the social media provider and its partners may collect and hold your personal information overseas.

Sensitive information

Collection of sensitive information

We may collect sensitive information about you during the course of providing our website, Platform, services and related business activities. We will only collect sensitive information where you consent to the collection, where the information is provided to us by our customers or authorised users through the Platform, or where the collection is otherwise permitted or required under applicable privacy laws.

Types of sensitive information we collect

The sensitive information we collect may include the following:

health information, injury information, medical information, disability information or other information about a person's physical or mental health, where that information is included in a workplace risk, safety, hazard, incident, assessment, report or other operational risk-management records;
information about workplace incidents, hazards, injuries, near misses, investigations or related matters, including sensitive information about any workers, employees, contractors, witnesses, reporting persons, injured persons or other individuals identified in information uploaded, recorded or generated through the Platform;
any other sensitive information provided to us, uploaded to the Platform, or otherwise collected by us in connection with our website, Platform, services and related business activities.

How we use your sensitive information

Your sensitive information will only be used for the purpose of:

providing, operating and administering our website, Platform, services and related business activities;
enabling the users and authorised users of our Platform to record, manage, investigate, assess, analyse, report on and respond to workplace risks, hazards, incidents, injuries, controls, assessments, checklists, templates and related operational risk-management activities;
complying with our legal obligations, resolving disputes or enforcing our agreements with you;
sending you messages, reminders, notices, updates, security alerts, and other information requested by you; or
any other purpose which is permitted or required under applicable privacy laws.

How we disclose your sensitive information

Your sensitive information will only be disclosed to third parties for the purpose of:

providing, operating and administering our website, Platform, services and related business activities;
disclosing information to the users and authorised users of our Platform to record, manage, investigate, assess, analyse, report on and respond to workplace risks, hazards, incidents, injuries, controls, assessments, checklists, templates and related operational risk-management activities; or
any other purpose which is permitted or required under applicable privacy laws.

How you can withdraw consent

If you wish to withdraw your consent to our collection, use or disclosure of your sensitive information, please contact us using the contact details set out below. We will deal with all such requests within a reasonable timeframe.

Marketing

We may at times send you marketing communications which will be done in accordance with the Spam Act 2003 (Cth) (Spam Act).

If we do, we may use email, SMS, social media, phone or mail to send you direct marketing communications.

Where consent is needed, we will ask you for your consent before sending you marketing communications, except where you:

have explicitly opted-in to receiving email marketing from us in the past; or
were given the option to opt-out of email marketing when you initially signed up for one of our platforms and you did not do so.

You can, at any time, opt out of receiving marketing materials from us by using the opt-out facility provided (e.g., an unsubscribe link on emails we send you) or by contacting us via the details provided at the end of this privacy policy. We will implement such a request as soon as possible, however, cannot guarantee that such a response will be immediate.

De-identified information

Where we de-identify or aggregate information so that it no longer identifies an individual, we may use that information for analytics, testing, research, product improvement and development of the Platform, including the Platform's AI-enabled features.

Security

We take reasonable steps to ensure your personal information is secure and protected from misuse or unauthorised access. Our information technology systems are password protected, and we use a range of administrative and technical measures to protect these systems. However, we cannot guarantee the security of your personal information.

Links

Our website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.

Requesting access or correcting your personal information

If you wish to request access to the personal information we hold about you, please contact us using the contact details set out below including your name and contact details. We may need to verify your identity before providing you with your personal information. In some cases, we may be unable to provide you with access to all your personal information and where this occurs, we will explain why. We will deal with all requests for access to personal information within a reasonable timeframe.

If you think that any personal information we hold about you is inaccurate, please contact us using the contact details set out below and we will take reasonable steps to ensure that it is corrected.

Complaints

If you wish to complain about how we handle your personal information held by us, please contact us using the details set out below including your name and contact details. We will investigate your complaint promptly and respond to you within a reasonable timeframe.

Contact us

For further information about our privacy policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

RiskSight Pty Ltd
ABN 43 687 933 893
Email: hello@risksight.com.au
Adelaide, South Australia

You can also contact the Office of the Australian Information Commissioner at oaic.gov.au or call 1300 363 992.