Privacy and Security Policies

Last Updated: 18th November 2013

This document sets out our Privacy and Security Policy (the “Policy”) of The OrionVM Group (Australia) (the “Company”). We may change, modify, or update these policies, in whole or in part, in the Company’s sole discretion at any time without notice by posting updated versions on the OrionVM website located at www.OrionVM.com.au. Any changes, modifications or updates will become effective immediately upon such posting.

Privacy Policy

A. Overview

The OrionVM Group is committed to providing you with the best possible customer service experience. We respect your rights to privacy under the Privacy Act 1988 (Cth).

We understand that privacy is important to you and your clients, and we are committed to respecting your privacy and the privacy of your respective clients when you visit our website located at www.OrionVM.com.au or any other website operated by our Company (collectively referred to as the “Site”) or sign up for and use any of our products or service offerings the a Site or otherwise (the “Services”).

By visiting this Site, and/or by using our Services, you are accepting the practices described in this Policy and expressly consent to our collection, use and disclosure of all information transmitted or otherwise received by us (including all personally identifiable information) in the manner described in this Policy.

This Policy is incorporated into and subject to the terms of our Terms and Conditions. This Policy applies to all Sites operated or controlled by the Company and all Services provided, however it does not apply to any third party site linked to our Site or recommended or referred by our Site or any third party service used in the provision of the Services to you.

B. Data Collection and Personal Information

1. Personal information.

In providing our Services or otherwise interacting with you through your use of the Site, we may collect your personal information. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information is recorded in a material form or not.

2. Personal information the Company collects and holds

Examples of the personal information the Company collects and holds includes information such as the user’s name, email address, account profiles and passwords, IP address, telephone number and/or telephone conversations, live chat messages and/or contents from e-mails, physical addresses, Service selections and orders, and credit card number(s) and other financial information, and anything else a user provides to the Company that can in any manner identify the user individually.

2. Methods of Information Collection, Including Collection of personal information.

Your information, including your personal, may be collected through your direct interactions with our Site, email or written correspondence, telephone calls, or web based forms or from third party providers.

We also may place a “cookie” (a small file) on your hard drive during a web visit to help us identify the number of unique visitors to our Site, learn what our users’ technology preferences are, monitor the functionality of our Site, and otherwise improve our Services. If you do not wish to have cookies placed on your computer you can adjust your web browser settings accordingly. Please be aware that restricting cookies may impede your ability to use our Site or our Services or certain features of our Site or our Services.

Like most Internet services, we use log files on the server side. The data held in log files includes your IP address, browser type, e-mail application, Internet service provider (“ISP”), referring/exit Web pages, computer platform type, date/time stamp, and user activity. The Company uses server log data to analyse trends, administer the Services offered through the Site and otherwise administer the Site. IP addresses, by themselves, are not tied to any personal information.

The software enabling the Site and the Services has associated log and temporary files that are stored on Company controlled servers. These files may store your account information, preference settings, system notifications as well as other data necessary to enable you to participate on the Site and/or use the Services. Your information may also exist within regularly performed server backups.

3. Purpose of collection of personal information

We use your personal information to create your account to:

  1. verify your identity
  2. communicate with you about Services you have purchased
  3. offer you additional products and services
  4. allow use of the Site and applicable Services you have purchased
  5. process service requests
  6. provide access to secure areas of the Site
  7. send invoices for our Services and process payments related thereto, and
  8. to ensure compliance with intellectual property laws.

We also use personal information to the extent necessary to enforce our Site’s Terms and Conditions of Use, monitor adherence to the Terms and Conditions of Use, and to attempt to prevent and/or detect fraud, as well as to allow third parties to carry out technical, logistical or other functions on our behalf as long as those third parties have agreed to use at least the same level of privacy protections described in this Policy.

Additionally, when you purchase a Service, we collect your contact information (such as your address) and financial information (such as your credit/debit card information and information required for appropriate credit-worthiness checks). We use the information you provide only to complete that Service order or to otherwise fulfil the Service. We do not share this information with unaffiliated parties except to the extent necessary to complete that transaction. Some information relating to billing is handled through our Software as a Service (SAAS) partners and may be stored and processed offshore. We ensure that this partner is PCI and DSS compliant. If we have trouble processing an order, we use the information to contact you.

We work to process and maintain accurately the information that you share with us and will use commercially reasonable efforts to allow you the ability to change or modify your user information in order to enhance your ability to use our Site and the Services you have purchased.

4. Hosted Data.

Through its Services, the Company provides technology hosting services used to host a variety of internet-based solutions, including websites and other internet-based communication and applications (including “mobile apps”). As a result, the Company’s hosting services store and transmit information about our customers, their business, as well as information collected by those businesses (the “Hosted Info”). Hosted Info may include personal information and other information that belongs to our customers’ own customers, website visitors, or other users.

With respect to all Hosted Info, the Company is a passive recipient and takes no active part in collecting or storing any Hosted Info. Moreover, except in extraordinary cases, the Company does not purposefully access any Hosted Info. However, the Company and its agents may occasionally access Hosted Info through the delivery of services and support and such access shall be permissible for all purposes.

5. Protection of personal information.

The Company endeavours to only collect as much personal information as required to provide customers with our Service and meet our legal obligations. In addition, we will use commercially reasonable efforts to store personal information in a secure location, use secure servers, firewalls, encrypt passwords, and utilize a minimum of 128-bit Secure Socket Layer (SSL) certificates to protect transactions to and from our Site(s) if sensitive information is transmitted.

Unfortunately, even with these measures, we cannot guarantee the security of your personal information. You should be aware that “perfect” security does not exist on the internet and third parties may unlawfully or improperly intercept or access your personal information. By using our Site and Services, you acknowledge and agree that we make no such guarantees, and that you use our Site and Services at your own risk.

For further details regarding information security, see our Security Policy.

6. Sharing of Information.

As a matter of policy, we will not sell or rent information about you and we will not disclose your personal information in a manner inconsistent with this Policy except as required by law or government regulation. We cooperate with law enforcement inquiries, as well as other third parties, to enforce laws such as those regarding intellectual property rights, fraud and other personal rights. We can (and you authorize us to) disclose any information about you, including your personal information, to law enforcement, other government officials, or any other third party that we, in our sole discretion, believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringement, or other activity that is illegal or may expose us, or you, to criminal or civil liability.

C. Access to Information

Upon request, the Company will grant you reasonable access to your personal information held by the Company. In addition, the Company will take reasonable steps to permit you to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

You may ask us to provide you with details of the personal information we hold about you, and copies of that information. We will respond to your request and attempt to provide you with the data within 30 days of receipt of your request.

If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.

Please direct all request for access and correction to:

OrionVM Privacy Officer: Casey Bewes
Suite 27, 104 Bathurst Street, Sydney, NSW 2000
Email: casey.bewes@orionvm.com
Phone: +61 2 9046 5816

We will not intentionally collect or maintain, and request that you please do not provide, any information regarding any medical or health conditions, your race or ethnic origins, political opinions, your religious or philosophical beliefs, or other such information. Use of our Site and our Services are not designed for or directed to children under the age of 13, and we will not intentionally collect or maintain information about anyone under the age of 13.

D. Enforcement.

The Company will actively monitor its relevant privacy practices to verify adherence to this Policy. Any individual service provider that the Company determines is in violation of this Policy will be subject to disciplinary action up to and including termination of service.

E. Overseas disclosure

We may, in the course of providing products and services to you, disclose personal information to overseas entities. Those overseas entities are likely to be located in the following countries:

  • United States of America

You agree that where personal information is disclosed to the countries above, the Australian Privacy Principles will not apply to that information.

F. Complaints

If you consider a breach of the Australian Privacy Principles or your rights in relation to privacy has occurred, you may direct your query to our Privacy Officer and we will attempt to resolve your complaint.

If you do not consider our response satisfactory, you may contact the Australian Privacy Commissioner at its websitewww.oaic.gov.au or by telephone on 1300 363 992.

For more information…

If you would like more information on privacy at OrionVM, please contact us.

 

Security Policy

OrionVM Security Framework Summary

OrionVM has extensive policies and procedures around:

  • Wired and Wireless Networks and Firewalls/Routers
  • CloudDC/OrionVM IaaS Platform
  • Backups and Redundancy
  • External Removable and Offsite Media
  • Employee Vetting
  • Customer Vetting
  • Username and Passwords
  • Intrusion Detection and Auditing/Analysis
  • Anti-virus, Anti-spam and Email Security

Documentation and details around these procedures are available for viewing by approved audiences at the OrionVM office under supervision at request. Security documents will not be available in any other medium other than physical, under any circumstances, due to exposure to risk.

Physical Security – Office and Data Centre

 

The physical security measures at the OrionVM offices at 27/104 Bathurst St, Sydney 2000, include:

  • Restricted building and elevator access after hours
  • Motion detecting sensors enabled after hours
  • Biometric scanners on all doors
  • CCTV with motion detection

The physical security measures at the OrionVM data centre include:

  • Restricted building and elevator access
  • Motion detecting sensors
  • Biometric scanners
  • CCTV with motion detection
  • Private locked cage with production servers
  • 24x7x356 Staffed Security
  • N+1 or greater cooling & electrical capacity equipment
  • ISO/IEC 27001:2005 Certification

Third Party Access Policy

The following security measures are in place with regards to Third Party access:

  • No third party is allowed free access to the data centre.
  • Any access a third party requires into the data centre will be first requested and approved from OrionVM management, then an OrionVM engineer will escort the third party and monitor all activity while in the data centre.
  • No third party will have biometric access to the office.
  • Any third parties within the office premises will be in the presence of OrionVM staff.