Who we are
Open Box Technology Pty Ltd (“us”, ‘we”, “our”) owns and operates the https://www.adminosaur.com website as well as the Adminosaur software (the “Service”) available through the website. The Open Box Technology Pty Ltd website can be found here, and we can be contacted by the firstname.lastname@example.org email address or by visiting the Contact Us page, where you can also find more information on the business details.
What personal data we collect and why we collect it
The types of personal information we may collect and/or process about you include:
- Your personal details, including name, email address, birthday and mobile
- Your connection with immediate relatives
- Allergy information
- Your attendance at certain events
- Other information on behalf of another organisation, where we do not store the gathered information
- Credit Card details for the processing of bills associated with the service
- Your browser session and approximate geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour
- Information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider
We may collect, hold, use and disclose personal information for the following purposes:
- To contact and communicate with you
- To provide the Adminosaur service available through the website
- For analytics, market research and business development, including to operate and improve our Site, associated applications and associated social media platforms
- For advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you
- To comply with our legal obligations and resolve any disputes that we may have
We may disclose personal information to:
- Third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators
- Our employees, contractors and/or related entities
- Our existing or potential agents or business partners
- Anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred
- Credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
- Courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights
- Third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia
- Third parties to collect and process data, such as Google Analytics. This may include parties that store data outside of Australia (including in the United States)
- By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia and acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.
For further information, see below.
We use third-party provider Ninja Forms to collect data on our contact form. This information is stored on our website, and is also emailed to relevant parties in our organisation. This data is only used to respond to any inquiry you may have. Data is not passed on to Ninja Forms.
When you log in, we will also set up several cookies to save your login information, track your location on the website and/or your screen display choices.
For the corporate https://www.adminosaur.com website, login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
For the Adminosaur service, login cookies last for two weeks, and a CSRF token (Cross-Site Request Forgery), ensuring security on your browsing session) will be present for every page you are on. The CSRF token only lasts for as long as you are on a particular page, and navigating away from the service will remove the token from your browser. The login token will be removed if you log out of your account.
Embedded content from other websites
Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use a third party application, Google Analytics, to analyse the traffic and usage data on the website and service. Please see the privacy policies of each for further information.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
How we treat personal information that is also sensitive information
Personal Information associated with the Adminosaur service can be separated into two types: User Information and Individual Information.
Information associated with a ‘Church’ (or organisation) account is also gathered. This information is limited to the information absolutely necessary for the use of the Adminosaur service by the church/organisation. This information is the name and billing information of the church.
Billing information is sent directly to Stripe (see information below) for processing and storage. No billing information is stored or processed by us, though we do request some of this information from stripe so that we can email you about the state of your account.
Individual information is information gathered from individuals who do not have a login to the Adminosaur service. This information is controlled by the church or organisation using the Adminosaur service. Adminosaur staff do not access or interact with this data directly, unless requested to by an administrator of a church account. Not all the information gathered through the Adminosaur service is stored by us, most is sent directly and solely to the church gathering the information (see below).
The Adminosaur service may collect and store some medical information, such as allergies, as well as First Name, Last Name, relationship to others in the service, email address and phone number, from individuals. The service also allows a church/organisation to collect other data through the use of forms, but this data is not stored by the Adminosaur service.
Who we share your data with
How long we retain your data
For users that register on our website (if any), we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time. Website administrators can also see and edit that information. This information is kept for as long as the user is registered on the website.
Church information is kept unless specifically requested to be deleted. This allows the church to re-activate their account with their information intact if they wish. However, any individual information associated with a church is deleted when the church account is archived or otherwise made inactive. Individual information removed by the church is permanently deleted from the service.
What rights you have over your data
If you have an account on this site, you can request to receive a file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
If you are an individual with data on the Adminosaur service, it is best to contact the church or organisation with which you are associated, as they will be able to give you more information about what information is kept. We can assist in finding out what church or organisation holds your information, and can provide a file of the personal information the Adminosaur service may have on you. We can also erase any personal data we hold on you, although this does not delete the data held by the church or organisation which supplied the data.
Where we send your data
Any data associated with the Adminosaur service is stored and processed on the Amazon Web Services platform. Please see above for more information.
Our contact information
You can contact us by emailing email@example.com.
How we protect your data
We restrict access to the website, and the information stored on the website, to only those required to access the website. These staff members have secure authentication methods, and are also trained and aware of data protection best practices.
We restrict access to the Adminosaur service development environments to only those staff members required to access it for development purposes. These staff members have secure authentication methods in place, along with Amazon access management. The staff members are trained and aware of data protection. We do not access the data unless requested to do so by an administrator of the church or organisation using the service.
All passwords stored are salted and hashed so that no one can discovered your actual password, even with access to the database.
The data resides in a secure database on the Amazon Web Services platform.
What data breach procedures we have in place
In the event of a data breach, we will inform all relevant parties and remove access to information as appropriate.
What third parties we receive data from
We may receive information from Elvanto. Please see above sections for more information.
We may also receive information directly from the church or organisation using the Adminosaur service.
What automated decision making and/or profiling we do with user data
Industry regulatory disclosure requirements
Your rights and controlling your personal information
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Complaints: If you believe that we have breached the Australian Privacy Principles and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint.
Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Storage and security
We are committed to ensuring that the personal information we collect is secure.
For any questions or notices, please contact our Privacy Officer at:
Open Box Technology Pty Ltd ABN 61 617 742 506
Last update: 8th July 2018