Privacy Policy

Introduction

This policy has been written with reference to the Australian Privacy Principles (“APPs”), which was introduced to replace all existing principles as well as introduce some significant changes. The “APP 1”, as part of these principles, now list matters that must be specifically addressed in a company’s privacy policy. The objective of the “APP 1” is to ensure that entities manage personal information in an open and transparent way.

Definition: Personal Information (“PI”) is defined under the new amendments to the Privacy Act as “personal information or an opinion about an identified individual, or an individual who is reasonably identifiable (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not”.

Purpose

This privacy policy sets out how Satori Group uses, discloses and protects any personal information that client provides or that Satori Group collect from client or employees. Satori Group is committed to ensure that personal information is protected. If client do not wish to provide personal information to Satori Group then they do not have to do so; however, it may affect the use of Satori Group’s Solutions.

Collection of personal information

Satori Group stores personal information such as:

  • name;
  • contact information, including email address, telephone, mobile;
  • demographic information such as address, postcode; and
  • next of kin details, including name, telephone, mobile, email.

Use of personal information

Client: Satori Group collects a range of transactional and master data sets from clients. This includes employee master file that contains personal information. Satori Group analyses these data sets to identify anomalies and control breakdowns. This helps client to ensure that there is data integrity within their system and protects the business from unnecessary risks, costly mistakes and fraud. Clients provide such information as a data extract (file) when Satori Group is hosting the environment. These extracts get transferred to Satori’s hosted environment via a secured file transfer protocol (sFTP).  For Satori non-hosted environment, clients give Satori Group direct access to the ERP system’s database or also provide data extracts.

Once the information is analysed, the source files (data extracts) and analysed information (results) is stored on a client dedicated server (hosted or non-hosted). Clients can only access the result sets that contains personal information using a browser that uses a secured Hypertext Transfer Protocol (Https).

Employee: Satori Group collects employee personal information to disburse salary and reimbursements and to fulfil the requirements of applicable legislation and regulations around taxation, superannuation, health and safety, work rights, etc.

Storage and Security

Satori Group is committed to ensure that the information client and employee provide are secured. Suitable physical, electronic and managerial procedures to safeguard and secure the information have been put in place. This protects data from misuse, interference, loss and unauthorised access, modification and disclosure. Some of these security measures include, firewall ACL/rules, server monitoring, data encryption and password protection.

Disclosure of Personal Information

Satori Group signs a non-disclosure agreement with clients. To uphold this agreement, Satori does not share any data with third parties, both within Australia or overseas, unless otherwise directed by the client. Further, if there is a valid court order, Satori Group will be obligated to disclose personal information. Client will be notified about the disclosure of data including personal information unless otherwise instructed or directed by the court. 

Complaints

If Satori Group have breached the Australian and New Zealand Privacy laws, complaint about that breach should be sent to SatoriAlerts@satorigroup.com.au with the details of the breach. Satori Group will promptly investigate the complaint and respond in writing, setting out the outcome of the investigation, what steps would be taken to remedy the breach and any other action that will be taken to deal with the complaint.