Effective date: 28 June 2018 Last updated: 13 April 2020
This policy applies to Advena's collection, use, and disclosure of the information of the following types of individuals:
When this policy mentions “services”, it refers collectively to any products, web-services, APIs or endpoints that Advena owns, operates and that link to this Policy. These may include:
When this policy mentions (a, the, or otherwise related language) “Service”, it is referring to all of the services, except in the case where it is reasonably conveyed that a particular website, web-service, web-application, API endpoint, or application service endpoint is being referenced. When this policy mentions “websites”, it is referring collectively to www.advena.com.au as well as any other websites Advena owns, operates and that link to this Policy, including those mentioned above.
When this policy mentions “Us”, “We”, or “Our”, it refers to Advena and Advena Corporation (ABN 58 528 074 321) – the controllers of your information under this policy. Advena is the legally authorized entity that controls your information, and does so across the services. Advena and Advena Corporation are registered business (trading) names to the sole-tradership, held by Bradley Hodges.
We may collect information about you when you access a service or Website. This information may include your IP address, approximate geolocation (ascertained from your IP address and accurate only to your city), details about your request, basic information about your device, and information relating to the reputation of your IP address (provided by our security partners).
Advena aggregates information and presents it to authorised members of our Cloud Intelligence and Trust & Safety teams for the purposes of auditing. In the event that Advena identifies malicious or unlawful activity, or receives a lawful request from a law enforcement agency, we may use the collected information to identify you.
This information may also be analysed by artificial intelligence ("AI") to determine risk posed to the services by you, or to train our AI to better identify malicious or unlawful activity. We may keep this information for up to 36 months.
Our services are maintained in physically secure, accredited facilities which are independently audited. To help protect the privacy of data and Personal Information we collect and hold, we maintain physical, technical and administrative safeguards. We monitor and challenge the security of our systems on an ongoing basis.
Personal Information and Customer information is stored securely in Amsterdam, The Netherlands. This information is held on an array of physically and digitally secure facilities, which are accessible only to our internal network of servers (externally-facing requests are not received, nor are they fulfilled). Our Amsterdam data servers hold the following security and compliance certifications:
Our services and websites are then served to you via one of partners' 155+ global anycast data centers. All Personal Information stored in Amsterdam, The Netherlands is securely transmitted to you via modern security protocols and practices. Advena imposes strict internal developmental requirements to ensure data is transported securely at all times, regardless of the destination.
Access to your information by supporting staff members is tightly controlled, and information is not made available to staff members until your identity is reasonably established. By design, our system will not allow access to information by any member of our support team until you have been identified.
Advena's Trust & Safety Team and Cloud Intelligence Team utilise internal tools which permit access to services and website visitor data, customer data, end user data, usage statistics, traffic intelligence data and machine analysis data. This information is made available to authorised, vetted members of our Information Security Division (which includes Cloud Intelligence Team and Trust & Safety Team) for the purposes of security and auditing. Advena restricts access to this data — including the anonymisation of such data where practical, only permitting access where necessary for the execution of the teams' function.
Our Cloud Intelligence Team regularly monitors the abovementioned data to investigate and prevent potential security threats, cyber attacks and other malicious behaviour. Our Trust & Safety Team access the abovementioned data only to investigate abuse reports. Delegation of access is reviewed annually to ensure integrity when permitting access to controlled data.
Advena may — in the case of an unpaid balance — refer a matter to an external collections partner for the purposes of recovery of funds. Where this is the case, collections partners are provided with your full name, date of birth, full address, email address and telephone contact number (for the purposes of identification and contact) as well as information relating to the amount outstanding, the description of where/how the amount was incurred and previous attempt for collections of the funds. We may — at the request of the collections partner, and where approved by Advena — provide further information we determine relevant to the collection of the outstanding balance.
We subscribe to some system functions that allow us to determine whether or not you are actively using our services for features such as notification creation, activity, “last active” status', and for some security functions.
We detect some client-side activities, such as clicks for some services function. We do this to invoke actions such as displaying modals & warnings, creating notifications, and other system actions. In order to conduct A/B testing, we may anonymously collect clicks to determine function use, and as part of our products. Event listeners are carefully issued and are not capable of being used to determine your identity.
We may collect browser and device data, including your IP address, device type, device manufacturer, operating system, internet browser type, screen resolution, operating system version, device manufacturer and model, language, browser fingerprint, timezone, internet service provider, upstream Autonomous Systems Number (ASN), and the version of the services you are using for various reasons, including security. Security data is used to create a threat model and determine the legitimacy and safety of connections; Security data is available to delegated Advena Cloud Intelligence Team members only. This data may be collected when accessing the services or when utilizing a service in which Advena provides services for, such as Customers utilizing Firekit. You may request the destruction of this data via a Freedom of Information Act (FIOA) request.
You may choose to provide us with additional information to help improve and personalize your experience across our services and third-party applications. For example, you may choose to provide a photo of yourself for your account profile picture. If you email us, we may keep your message, email address, and contact information and forward that data to a third-party provider in order to respond to that request. If you connect your account on our services to another service, the other service may send us information that you authorize for use in the services.
We may keep track of how you interact with hyperlinks and links to external content across our services. We do not track referrals, and we may disable the referrer header on your browser to stop both us and third-parties from tracking you. Hyperlinks and non-public communications shared on services may be processed and converted to in-house, secure links. The legitimacy and security of links shared on the services will be verified prior to the link being made available to anyone.
We may also use unique cookie values to ensure that your connection is not intercepted, and regularly check the value of cookies to ensure that third-parties are not manipulating the value of sessions, or the data you are presented with.
Advena does not permit third-party advertising, except on our SaaS products where our customers have the ability to manipulate page templates. Any breach of this will result in the termination of the infringing account. Advena will never display third-party advertisements on any Service or Website owned or operated by Advena.
If Advena needs to verify your identity (for example, in order to recover your account, or for use of our
Information collected for the purposes of verifying your identity or information may be provided to our ceritifed, accredited identity service provider. The provider we are providing this information to, and what information we are providing will be made clear at the time we request the information from you.
We, as the controller of your information, reserve the right to preserve, or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, legal process or government request, to protect the safety of any person; to address fraud, security or technical issues; or to protect our users' rights or property. We do not collect any information with the intention that it will be used to limit or degrade any legal defences or objections. Should We determine that a request for information has been made without sufficient basis, merit or is perceived to be unlawful, We will refuse such request. We must be presented with a reasonable request of information, or a court-issued order to surrender such information before providing it. Where permitted by any relevant order, we'll notify you when a law enforcement agency or government has requested access to your information, however We won't always (for example, in the case of national security, or child exploitation-related requests). Some authentication data and other identifiers are stored in an encrypted form by us, so requests for information are reviewed very carefully before being fulfilled.
Your password is always stored in a non-reversible format. Advena cannot view, decode, or access your plain-text password. Password hashes may be surrended at the request of law enforcement in accordance with the abovementioned, and where the request is valid.
You may request a copy of your information using automated tools that We provide as part of the services. If you wish to have a detailed report with all information we have collected and presently hold about you, you may submit a Freedom of Information Act (FOIA) request to recover this information. We will always comply with FOIA requests where the request is lawful, reasonable and is financially appropriate to comply with. You must validate your identity with a 100-point identity check prior to FOIA requests being considered.
You may also request the destruction of your information via a Freedom of Information Act Request. Upon completion of a 100-point identity check, your account will be deactivated. Your information will be held for 90 days after a FIOA request for removal is approved. 91 days after your FOIA request for removal is approved, all data that we presently hold about you is destroyed.
The 90-day detention period is necessary to ensure that the information is not being removed as part of an attempt to destroy, conceal or tamper with evidence required as part of a civil or criminal investigation. The 90-day data detention period cannot be overridden, and any lawful requests issued (as per § III(a)¶1 during the 90-day suspension period will be fulfilled.
Freedom of Information Act requests should be directed to:
Privacy Officer — AdvenaPO Box 764Morley, WA 6943Australia
Applications you authorize or authenticate with using our services are provided only with information you authorize to be released. As part of our agreement with third-party application operators, We can request to audit their practices and internal policies at any time to ensure that your privacy is being upheld, and that they are not in violation with agreements We establish with them. Sometimes, We have to provide your information to third-parties or vital functions such as billing and security.
We may share or disclose your public information, such as your public profile picture, email address, and first-name on login. You can control the information that is made available publically in your account privacy settings.
If you are a registered user of our services, We provide you with tools and account settings to access, correct, delete, or modify the Personal Information you provided to us and associated with your account. You can download a copy of information that we store about you in your account privacy settings.
You also have the right to request deactivation in your account settings. Following a request to deactivate, your account will become unavailable to the public, and external services using your account. Deactivation can take up to 60 days to remove all information; this is on top of the 90-day detention period described in Section III(b)¶2.
The services are not directed to anyone under the age of eighteen (18), and we request that they do not provide Personal Information through the services. Should we determine that a minor is utilizing services, we may limit, suspend or delete the account in question. Upon deactivation of a minor's account, the information stored that is associated with the account will be subject to general deactivation processes. Deactivation can take up to 60 days to remove all information; this is on top of the 90-day detention period described in Section III(b)¶2.
Should a Parent/Legal Guardian request that information be removed from the services, upon reasonable confirmation of guardianship, we will comply with the request and will order the destruction of the relative information following the 90-day detention period described in Section III(b)¶2.
Parental/Guardian requests are only serviceable if the account owner is below the age of 18. Parental/Guardian requests for persons exceeding the age of 18 will not be serviced, as the account owner is legally capable of executing actions on their own account.
We may issue a notification to your account upon update of this policy via your email address, physical postage/billing address, or through the services. You agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with hard copy disclosures in person. Disclosures and notices in relation to this policy or Personal Information shall be considered to be received by you within 24 hours of the time they are amended and posted.