Privacy Policy

Who we are

Open Box Technology Pty Ltd (“us”, ‘we”, “our”) owns and operates the https://www.adminosaur.com website as well as the Adminosaur software (the “Service”) available through the website. The Open Box Technology Pty Ltd website can be found here, and we can be contacted by the info@openboxtechnology.com email address or by visiting the Contact Us page, where you can also find more information on the business details.

This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us, offline or online, including through our website (https://www.adminosaur.com) and application (any subdomain of https://*.adminosaur.com).

This Privacy Policy refers to users that may include, but not be limited to, people or organisations that: use the corporate https://www.adminosaur.com website, with or without a login; are users of the Adminosaur service available through the website; have personal information collected and/or stored and/or processed by the service.

What personal data we collect and why we collect it

The types of personal information we may collect and/or process about you include:

  • Your personal details, including name, email address, birthday and mobile
  • Your connection with immediate relatives
  • Allergy information
  • Your attendance at certain events
  • Other information on behalf of another organisation, where we do not store the gathered information
  • Credit Card details for the processing of bills associated with the service
  • Your browser session and approximate geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour
  • Information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider

We may collect, hold, use and disclose personal information for the following purposes:

  • To contact and communicate with you
  • To provide the Adminosaur service available through the website
  • For analytics, market research and business development, including to operate and improve our Site, associated applications and associated social media platforms
  • For advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you
  • To comply with our legal obligations and resolve any disputes that we may have

We may disclose personal information to:

  • Third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators
  • Our employees, contractors and/or related entities
  • Our existing or potential agents or business partners
  • Anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred
  • Credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
  • Courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights
  • Third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia
  • Third parties to collect and process data, such as Google Analytics. This may include parties that store data outside of Australia (including in the United States)
  • By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia and acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.

For further information, see below.

Contact forms

We use third-party provider Ninja Forms to collect data on our contact form. This information is stored on our website, and is also emailed to relevant parties in our organisation. This data is only used to respond to any inquiry you may have. Data is not passed on to Ninja Forms.

Cookies

When you log in, we will also set up several cookies to save your login information, track your location on the website and/or your screen display choices.

For the corporate https://www.adminosaur.com website, login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Links to other websites, including social media, may also save cookies in your browser. We do not use or have any visibility of these cookies. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with those links, including tracing your interaction with the links if you have an account and are logged in to that website.

For the Adminosaur service, login cookies last for two weeks, and a CSRF token (Cross-Site Request Forgery), ensuring security on your browsing session) will be present for every page you are on. The CSRF token only lasts for as long as you are on a particular page, and navigating away from the service will remove the token from your browser. The login token will be removed if you log out of your account.

 

Embedded content from other websites

Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use a third party application, Google Analytics, to analyse the traffic and usage data on the website and service. Please see the privacy policies of each for further information.

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

By using this website, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

How we treat personal information that is also sensitive information

Personal Information associated with the Adminosaur service can be separated into two types: User Information and Individual Information.

User Information

User information is gathered to allow users to access and use the Adminosaur service. The information gathered is limited to the information absolutely necessary to allow access to the service. This information is the First Name and Last Name of the user, their email address, and IP address which they used to agree to the privacy policy. Adminosaur staff do not access or interact with this data directly, unless requested to by an administrator of a church account.

Information associated with a ‘Church’ (or organisation) account is also gathered. This information is limited to the information absolutely necessary for the use of the Adminosaur service by the church/organisation. This information is the name and billing information of the church.
Billing information is sent directly to Stripe (see information below) for processing and storage. No billing information is stored or processed by us, though we do request some of this information from stripe so that we can email you about the state of your account.

Individual Information

Individual information is information gathered from individuals who do not have a login to the Adminosaur service. This information is controlled by the church or organisation using the Adminosaur service. Adminosaur staff do not access or interact with this data directly, unless requested to by an administrator of a church account. Not all the information gathered through the Adminosaur service is stored by us, most is sent directly and solely to the church gathering the information (see below).

The Adminosaur service may collect and store some medical information, such as allergies, as well as First Name, Last Name, relationship to others in the service, email address and phone number, from individuals. The service also allows a church/organisation to collect other data through the use of forms, but this data is not stored by the Adminosaur service.

If you are concerned with the use of the information gathered and stored, please contact the church or organisation that collected the information, as they will be able to address your concerns, give you more information about the data they collect, or delete any information you do not wish them to have. That churches privacy policy is linked on any page where individuals can input data that is not already part of the churches existing database.

Who we share your data with

The Adminosaur service is hosted by Amazon Web Services. The information is stored and processed in their Sydney Data Centre. Please see the Amazon AWS Privacy Policy for more information.

The Adminosaur service may integrate with a third-party database service called Elvanto. This integration is dependant on the church or organisation using the service. Please see the Elvanto Privacy Policy for more information.

The Adminosaur service uses Stripe to process all billing details, including credit card information. Please see the Stripe Privacy Policy for more information.

How long we retain your data

For users that register on our website (if any), we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time. Website administrators can also see and edit that information. This information is kept for as long as the user is registered on the website.

Church information is kept unless specifically requested to be deleted. This allows the church to re-activate their account with their information intact if they wish. However, any individual information associated with a church is deleted when the church account is archived or otherwise made inactive. Individual information removed by the church is permanently deleted from the service.

What rights you have over your data

If you have an account on this site, you can request to receive a file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

If you are an individual with data on the Adminosaur service, it is best to contact the church or organisation with which you are associated, as they will be able to give you more information about what information is kept. We can assist in finding out what church or organisation holds your information, and can provide a file of the personal information the Adminosaur service may have on you. We can also erase any personal data we hold on you, although this does not delete the data held by the church or organisation which supplied the data.

Where we send your data

Any data associated with the Corporate Adminosaur website is saved on our web host, Net Virtue, and you can see their privacy policy here.

Any data associated with the Adminosaur service is stored and processed on the Amazon Web Services platform. Please see above for more information.

Our contact information

You can contact us by emailing info@openboxtechnology.com.

Additional information

How we protect your data

We restrict access to the website, and the information stored on the website, to only those required to access the website. These staff members have secure authentication methods, and are also trained and aware of data protection best practices.

We restrict access to the Adminosaur service development environments to only those staff members required to access it for development purposes. These staff members have secure authentication methods in place, along with Amazon access management. The staff members are trained and aware of data protection. We do not access the data unless requested to do so by an administrator of the church or organisation using the service.
All passwords stored are salted and hashed so that no one can discovered your actual password, even with access to the database.
The data resides in a secure database on the Amazon Web Services platform.

What data breach procedures we have in place

In the event of a data breach, we will inform all relevant parties and remove access to information as appropriate.

What third parties we receive data from

We may receive information from Elvanto. Please see above sections for more information.
We may also receive information directly from the church or organisation using the Adminosaur service.

What automated decision making and/or profiling we do with user data

N/A

Industry regulatory disclosure requirements

N/A

Your rights and controlling your personal information

Choice and consent: Please read this Privacy Policy carefully. By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of this Site or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Complaints: If you believe that we have breached the Australian Privacy Principles and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint.
Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Storage and security
We are committed to ensuring that the personal information we collect is secure.
We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

 

For any questions or notices, please contact our Privacy Officer at:
Open Box Technology Pty Ltd ABN 61 617 742 506
Email: info@openboxtechnology.com
Last update: 8th July 2018
Version 1