Privacy Policy
Cogito Group is committed to protecting the privacy and confidentiality of your information.
About this policy
Cogito Group complies with the requirements of the Privacy Act 1988. The act incorporates both:
- The Australian Privacy Principles (APPs); and
- The Australian Government Agencies Privacy Code
All Cogito products and services are also subject to the Trusted Digital Identity Framework about the information it manages when you use the SercureSME system. You can find out more information about privacy rights and responsibilities= at the website of the Office of the Australian Information Commissioner.
The privacy policy deals with:
- Our collection, storage, access to, use and disclosure of personal information;
- Your rights to access and correct information we hold about you; and
- How you can make a complaint if you feel your privacy has been interfered with.
This privacy policy is available at no cost. If you need access to this policy in an alternative format, contact our Privacy Officer. We review this privacy policy from time to time to keep it up to date. Check this policy periodically for changes.
How is Privacy Managed?
Cogito Group is bound by the following privacy principle’s which regulate the way we handle your personal and sensitive information:
- The Privacy Act 1988 (Privacy Act) which includes 13 Australian Privacy Principles
- The Privacy Act 2020 which includes 13 New Zealand Privacy Principles
- The United Kingdom’s Data Protection Act 2018, which is the UK’s implementation of the General Data Protection Regulation
Personal Information
Definition of Personal Information
‘Personal information’ is to mean any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
How is Personal Information Collected?
We collect personal information, in accordance with APP 3 – collection of solicited personal information:
- Directly from you;
- Indirectly from you; and
- From third parties
We will only collect sensitive information with your consent.
We collect, hold, use and disclose personal information for the purposes for which it was collected, related purposes, and other purposes including:
- Providing the services that our clients have requested.
- Maintaining, managing and developing our relationship with clients and potential client.
- Service development, security and risk management.
- Marketing our services, administering, and operating purposes.
- Organisation of events.
- Assessing and considering applications from prospective employees, contractors, and service providers.
- Developing and managing relationships with our employees, contractors, and service providers.
Directly from you
We will collect personal information directly from you when you use Cogito products and services to:
- Register for Cogito products
- Increase the identity strength associated with your Cogito account; and
- Update your personal information.
If you do not consent to provide or share your personal information, you will not be able to create a Cogito account.
If you will not or cannot verify your identity by creating a Cogito account, alternative options will be available from the agency or service you are attempting to access.
Indirectly from you
We will record information about your device and system interactions when you use the SecureSME service to:
- Manage your SecureSME account;
- Monitor application use and system performance; and
- Investigate and verify the operation of the SecureSME system.
From third parties
We collect your personal information from federal and state government authorities to verify and validate the identity documents you provide to register your SecureSME account or increase your identity strength level.
For example, we will verify:
- Australian Passport or travel documents with the Department of Foreign Affairs and Trade;
- Driver’s licences with the state or territory roads and traffic authority that issued the document; and
- Medicare cards with Services Australia.
Unidentified information
We may de-identify your personal information, to compile reports and analyse statistical data related to using the SecureSME system. We will use this data to understand use across the community and to enhance the SecureSME service, but no individual will be reasonably identifiable.
How we hold personal information
We protect your personal information in our systems against loss, unauthorised access, use modification or disclosure and other misuse.
We use a range of physical and technological controls to ensure that only staff who need to access your personal information perform the task.
We apply industry-best security methods to protect the personal information we hold, including:
- Information technology and physical security audits;
- Penetration testing;
- Industry best practice risk management; and
- System security technologies.
To protect the confidentiality of your personal information, the personal information used to create, verify, authenticate, and manage your account is stored separately from other records cogito group holds about you, such as your tax records.
Your personal information will be stored securely in Australia.
We will retain records of information associated with your account while your registration remains active.
The personal information we receive about you will, in almost all cases, be treated as a Commonwealth record. We are bound by the Archives
How you can access or correct personal information held about you
You can access and update certain information we hold about you through your SecureSME account or by asking us.
We will take reasonable steps to correct personal information that we hold about you when you ask us to. We want to ensure the information we hold is accurate, up to date, complete, relevant and not misleading.
If you are unable to access personal information about yourself via SecureSME or from us, you can lodge a request for those documents under Australian Privacy Principle (APP) 12 or the Freedom of Information Act 1982 (FOI Act).
We will respond to a request within 30 days.
If we refuse your request to correct or amend your information, we will give you a written notice that sets out the reasons for the refusal, unless it is unreasonable to do so.
We will advise you how to complain about a refusal.
We will not charge you for making an amendment request or for correcting personal information about you.
I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Complaints
If you would like more information about the way we manage personal information, would like to request access to or correction of personal information that we hold about you, or wish to make a complaint, please contact our Privacy Officer at:
- Post – Attention “Privacy Officer” PO Box 4294, Kingston ACT 2604; or
- Telephone – 1800 COGITO (264486)
We will respond to complaints within a reasonable period of time (usually 30 days). If you disagree with our decision, you may refer your complaint to:
Australia
The Office of the Australian Information Commissioner by visiting www.oaic.gov.au, calling 1300 363 992 or by emailing .
New Zealand
The Office of the Privacy Commissioner by visiting https://privacy.org.nz/your-rights/making-a-complaint/, calling 0800 803 909 or by emailing .
United Kingdom
Information Commissioner’s Office (ICO) by visiting https://ico.org.uk/make-a-complaint/, calling 0303 123 1113 or by emailing
Direct Marketing
If you are a client or have otherwise expressed interest and provided us with your contact details, we may send emails to you with information about Cyber Security developments (such as publications, alerts and newsletters) and marketing our services (such as seminar invitations).
We may use an “email management system” to automate the management and dispatch of these emails. The system operates by inserting tracking codes in the emails that we send to you. The tracking code allows us to collect personal information about you, such as whether you received and opened an email, and whether you clicked through to any links to our website. The personal information that the email management system collects and holds about you is used by us to:
- Ensure that you only receive correspondence that you have informed us that you wish to receive.
- Insert your personal information into our communications with you.
- Determine whether the information that we send to you is suitable for your interests, information needs and profile.
- Ensure that the email address that you have provided us is still operational.
- Determine whether emails that we send to you are received by you.
- Update a request that you make to us to unsubscribe from a publication that we send to you.
- Review the effectiveness and relevance of our emails to you by collecting other statistical information.
If you do not wish for us to send you such emails, please let us know by contacting our Privacy Officer at the details below. You can also unsubscribe from our email notifications by clicking on the ‘Unsubscribe’ button at the bottom of our email notifications and following the prompts or by emailing us by clicking the ‘Contact Us’ button.
