Last updated:
17
May
2024

Privacy Policy

Table of contents

    Strateji by Atlas Platforms Pty. Ltd.
    Effective Date: May 1, 2024

    Atlas Platforms Pty. Ltd. ("Atlas Platforms," "we," "us," or "our") provides the Strateji platform. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, share, and protect information in relation to our Strateji platform, website, and any software provided on or in connection with Atlas Platforms services (collectively, the "Service"), and your choices about the collection and use of your information.

    1. Information We Collect

    We collect the following types of information:

    Information You Provide Us Directly

    • Account Information: Your name, email address, password, professional title, and organization details when you register for a Strateji account.
    • Profile Information: Information you provide for your user profile (e.g., first and last name, picture, phone number). This information allows us to help you or others be "found" on Strateji.
    • Communications: Information you provide directly to us. For instance, when you contact us for support or communicate with us via social media.

    Information We Collect Automatically

    • Log and Usage Data: Information related to your use of the Service, such as server logs, activity on the Service, and data related to the device and network you use to access the Service.
    • Cookies and Similar Technologies: We may use cookies and other similar technologies (like web beacons and pixels) to recognize you and/or your device(s). You can control cookies through your browser settings and other tools.
    • Device Information: We may collect information about the device you use to access the Service, including the hardware model, operating system and version, software, preferred language, unique device identifier, IP address, and mobile network information.

    Information We Collect from Other Sources

    • Third-Party Services: If you link, connect, or login to your Strateji account with a third-party service (e.g., Google, Facebook), the third party service may send us information such as your registration and profile information from that service.

    2. How We Use Information

    We use the information we collect to:

    • Provide, maintain, and improve the Strateji platform; develop new features and services.
    • Understand and analyze how you use our platform and what products and services may be relevant to you.
    • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the platform, and for marketing and promotional purposes.
    • Process your transactions and send you related information, including purchase confirmations and invoices.
    • Enhance the security and safety of our Service, including by investigating suspicious activity or violations of our terms or policies.
    • Personalize your experience by providing content, recommendations, and features that match your interests and preferences.

    3. Sharing of Your Information

    We will not rent or sell your information to third parties outside Atlas Platforms and the Strateji platform without your consent, except as noted below:

    • Service Providers: We may share your information with third-party service providers who perform services on our behalf, including marketing, analytics, customer service, security, and fraud prevention.
    • Legal Requirements: We may disclose your information if we are required to do so by law or if we believe that it is reasonably necessary to comply with a legal process or to protect the rights, property, or safety of Atlas Platforms, our customers, or the public.
    • Affiliates: We may share some or all of your information with our subsidiaries, joint ventures, or other companies under common control with Atlas Platforms, in which case we will require them to honor this Privacy Policy.

    4. Your Rights and Choices

    You have several rights and choices regarding your data:

    • Access and Updates: You can review and change your personal information by logging into the Service and visiting your account profile page.
    • Opt-Out of Communications: You can opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations.
    • Cookies: You can set your browser to not accept cookies, but this may limit your ability to use the Service.
    • Deletion: You can request that we delete your personal information by sending an email to connect@strateji.co.

    5. Data Retention

    We retain your personal information for as long as necessary to provide the Service and for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. If you request, we will delete or anonymize your personal information so that it no longer identifies you, unless we are legally allowed or required to maintain certain personal information.

    6. Data Security

    We use reasonable and appropriate measures to protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include computer safeguards and secured files and buildings. We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy.

    7. International Data Transfers

    Your information, including personal information, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

    If you are located outside Australia and choose to provide information to us, please note that we transfer the data, including personal information, to Australia and process it there, or at another more convenient location of our choosing. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

    Atlas Platforms will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

    8. Changes to This Privacy Policy

    Atlas Platforms may modify or update this Privacy Policy from time to time, so please review it periodically. We may provide you with additional forms of notice of modifications or updates as appropriate under the circumstances. Your continued use of the Strateji platform or the Service after any modification to this Privacy Policy will constitute your acceptance of such modification.

    9. Data Breach Policy

    Purpose

    This section describes how we will respond to a data breach in adherence to the Privacy Act 1988. We believe that clear roles, responsibilities, and procedures are the foundation of a comprehensive privacy program.

    This policy outlines the steps that we will take to contain, assess, notify, and review any data breaches that might occur and how we address Notifiable Data Breaches if they occur. All employees, officers, representatives, or advisers are required to understand and act in accordance with this policy.

    Data Breach Definition

    A data breach occurs when personal information or intellectual property held by us is subject to unauthorized access, disclosure, modification, or is lost. Data breaches can occur in various ways, including:

    • Unauthorized Third-party security breaches (e.g., Hackers)
    • Unauthorized access, disclosure, or modification by Employees and users
    • Data breaches of Third-party services used by us that affect user data
    • Accidental loss, unauthorized access, or theft of classified material data or equipment on which such data is stored, such as company Laptops and USBs.
    • Accidental disclosure of user data or intellectual property, such as via email to an incorrect address.
    • Unauthorized data collection by third parties posing as us, e.g., Phishing Scam
    • Failed or successful attempts to gain unauthorized access to our information or information systems
    • Unauthorized data collection by third parties through Malware infections on our cloud databases, or hardware equipment.

    What to Do if a Data Breach is Suspected?

    All employees who are aware of, informed of, or suspect a data breach must inform our IT team immediately. The IT team must then assess the suspected breach to determine whether or not a breach has occurred. If a data breach has, in fact, occurred, then the IT team will manage the breach according to the steps outlined in the Data Breach Management Plan.

    Data Breach Response Plan

    In accordance with OAIC recommendations, the following steps will be taken in response to a verified Data Breach:

    • Contain the Breach: Ensure that the breach itself is stopped. This can include:
      • The suspension of compromised accounts;
      • Removal of malware, where identified;
      • Temporary platform downtime if necessary;
      • Recovering any lost data, if possible;
      • Repairing unauthorized modification of data, if possible;
      • Restoring access to the platform when able.
    • Assess the Risks: Consider the type of information involved, establish the cause and the extent of the breach, assess the risk of harm to affected persons, and the risk of other harms such as reputational damage.
    • Notify Management and Affected Individuals: Management must be notified of breaches as they occur, whether or not the breach is an eligible breach under the Notifiable Data Breach Scheme. Data Breaches that are not eligible need not be reported and may be addressed internally.
    • Prevent Future Breaches: Strengthen security infrastructures and/or policies to prevent similar breaches in the future.

    Notifiable Data Breach Scheme

    Under the Notifiable Data Breach Scheme, we are obliged to report data breaches that satisfy the following criteria:

    • There is unauthorized access to or unauthorized disclosure of personal information, or a loss of personal information, that we hold;
    • That the unauthorized access, disclosure, or loss of personal information is likely to result in serious harm to one or more individuals;
    • We have not been able to prevent the likely risk of serious harm with remedial action.

    Where we suspect that an eligible breach has occurred, we must carry out a reasonable and expeditious assessment of the breach. Where possible, the assessment must be completed within 30 days. If unable to complete the assessment within 30 days, a written document must address the reasons for the delay and confirm that the assessment was reasonable and expeditious.

    Where an Eligible Breach has occurred, we must inform affected users AND the Privacy Commissioner. Disclosure of eligible breaches to users can be done by notifying all users, affected users, or by publishing a notification on our website. Disclosure to the Privacy Commissioner may be done by online form.

    Disciplinary Consequences

    We reserve the right to monitor Employees’ use, access, and modification of the company’s data, and initiate an investigation if an employee conducts an action that is in breach of this policy. If an employee’s action or omission causes a disruption of integrity to the data system or leads to a breach, the employee may face severe disciplinary action up to and including termination.

    10. Contact Us

    If you have any questions about this Privacy Policy, please contact us at:

    Email: connect@strateji.co

    Mail: PO Box 493 Byron Bay 2481