PRIVACY POLICY

DATA PRIVACY AND PROTECTION

Last updated: 14th of January 2025

 

Moots Technology Pty Ltd (“Moots Technology”, “Moots Tech”, “Moots”, “we”, “us”, or “our”) is committed to protecting your personal information in accordance with:

  • Australian Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) and the Notifiable Data Breaches (NDB) scheme.

  • The EU General Data Protection Regulation (GDPR) (EU) 2016/679.

This Privacy Policy explains how we collect, store, process, and protect your data when you interact with us, including when using our website and services.

 

1 Who We Are and How to Contact Us

Data Controller:

Moots Technology Pty Ltd, 169 Fullarton Rd, Dulwich SA 5065, Australia

Contact: Contact Us

EU Representative (per GDPR Article 27):

run-e Software & Consulting GmbH & Co KG, Pariser Bogen 7, 44269 Dortmund, Germany

Contact: Contact Us

We are not required to appoint a Data Protection Officer under GDPR Art. 37, but you can contact our Privacy Officer using the details above.

2 Personal data we collect

We may collect identity details such as your name, job title, company and role. We may collect contact details such as your business email address, telephone number and postal address. We may collect technical data such as Internet Protocol addresses, browser information and website activity logs. We may collect contractual and billing data such as purchase orders, invoices and payment confirmations. We may collect any information you choose to share with us when you send a message or attach a document. We do not knowingly collect personal data from children under sixteen years of age.

3 How we collect and hold data

We receive data directly from you when you complete a form, send an email or speak with us. We collect certain data automatically through cookies and similar technologies as explained in section 11. We may obtain limited data from trusted third-party service providers where this is necessary to deliver our services.

All personal data is stored securely in Australia by default. We use Australian regions of reputable cloud providers such as Amazon Web Services and Microsoft Azure and we apply encryption, access controls and regular security audits.

4 Purposes for which we use your data

We use personal data to answer enquiries, to supply and improve our products and services, to manage customer relationships, to issue invoices and to comply with our legal obligations.

We may also use contact details for direct marketing that is relevant to your interests. You can opt out at any time.

5 Legal basis for processing under the GDPR

We rely on your consent when you subscribe to marketing. We rely on contractual necessity when we provide a product or service you request. We rely on legal obligation when we retain records for taxation or corporate reporting. We rely on legitimate interests when we secure our website, prevent fraud or analyse service performance, and such interests are not overridden by your rights.

6 Cross-border data transfers

Our standard practice is to process and store personal data within Australia.

Certain industry standard Software as a Service platforms that we employ for tasks such as project management, customer support or email distribution may process limited data in other jurisdictions including the European Union and the United States.

Before we engage any overseas provider we confirm that it holds recognised certifications such as ISO 27001 or SOC 2 and that it is contractually bound by Standard Contractual Clauses or equivalent safeguards. Moots Technology remains accountable for the protection of your data in accordance with Australian Privacy Principle 8 and Article 46 of the GDPR.

7 Information security and data protection

We encrypt personal data in transit and at rest. We apply role based access control and the principle of least privilege. We conduct routine vulnerability scanning and independent audits. We train all staff in cyber security and privacy obligations.

We maintain an incident response plan. If a breach is likely to cause serious harm we will complete an assessment within thirty days and notify the Office of the Australian Information Commissioner and affected individuals as soon as practicable. For residents of the European Union we will notify the relevant supervisory authority within seventy-two hours of becoming aware of a notifiable breach.

8 Your privacy rights

Australian individuals have the right to request access to personal information we hold about them and to request correction if it is inaccurate or out of date.

Residents of the European Economic Area and the United Kingdom also have the rights to erasure, to restrict processing, to object to processing, to data portability and to withdraw consent at any time.

You may exercise these rights by contacting the Privacy Officer or our European representative. We will respond within thirty days.

9 Data retention

We keep customer and billing records for periods required by law, usually from seven to ten years. We keep support correspondence for up to three years after the final interaction unless you ask us to delete it sooner and we are permitted to do so. We keep anonymised analytics logs for up to twelve months. When retention periods expire we destroy or anonymise the data securely.

10 Complaints process

If you believe we have mishandled your personal data you should contact us. We will investigate and reply within thirty days. If you are dissatisfied with our response you may complain to the Office of the Australian Information Commissioner.

European residents may also contact their local Data Protection Authority.

11 Cookies and tracking technologies

Our website places only those cookies that are strictly necessary for it to operate, such as session identifiers and security tokens. We do not deploy analytics, advertising or other non-functional cookies in jurisdictions where prior consent is required. In those regions the non-functional cookies are disabled by default, so a consent banner is unnecessary.

Detailed information about the cookies we use, their purpose and their default status is available in our Cookie Policy.

12 Policy updates

We review this Privacy Policy at least once each year and whenever there is a significant change in law or in our operations. The current version is always published on our website.

COOKIE POLICY

1 What are cookies

Cookies are small text files that a website stores on your device so that information can be remembered between pages or visits.

2 Cookies we use

The moots session cookie maintains your login or the progress of a form that you are completing and it expires when you close your browser. The csrf token cookie protects you against cross site request forgery and it expires two hours after it is set. An optional analytics id cookie helps us understand overall visitor behaviour and it expires thirteen months after it is set. This analytics cookie is disabled by default in any jurisdiction that requires prior consent. A marketing subscribe cookie records whether you have joined our mailing list and it expires six months after it is set. This marketing cookie is also disabled by default where consent is required.

3 Why we do not use a cookie banner

In regions where the law requires consent for non-essential cookies we disable the analytics and marketing cookies by default. No personal data is stored until you actively enable optional cookies in your account settings, so a banner requesting consent is unnecessary.

4 Managing cookies

Most browsers allow you to delete or block cookies altogether. If you disable the necessary cookies described above the site may not function correctly.

5 Further information

Questions about this Cookie Policy can be sent to our Privacy Officer.