Privacy Center

Introduction

References to “you” and “your” means you as the user of our service and “we”, “our” and “us” refers to UNIFY Solutions and related parties.

“Personal Information” includes any information that can be used to personally identify you either directly or indirectly, for example: identifiers such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity. If the information we collect personally identifies you, or you are reasonably identifiable from it, then the information is considered personal information.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

“EEA” refers to both European Union Member States and European Economic Area as defined under GDPR.

“Privacy Laws” refers to Australian Privacy Act 1988, New Zealand Privacy Act 2020, and GDPR. See References for details.

We are committed to preserving the privacy of all visitors to unifysolutions.net and related domains (including sub-domains), as well as visitors, customers, users and other persons of our products and services, and to protecting any Personal Information that you may provide to us or has been provided to us.

We believe it is important for you to know how we treat Personal Information about you that we may receive and how we carry out data processing practices through the use of the Internet and any other electronic communications networks. Please read the following privacy policy to understand how we use and protect the Personal Information that you provide to us or how we may use and protect it in the future.

By making an inquiry on this Site, by enrolling for one of our training modules, or by providing any Personal Information to us, you consent to the collection, use and transfer of your Personal Information under the terms of this policy.

Contact Details

UNIFY Solutions Pty Ltd
Attention: Data Protection Officer (DPO)
Email: privacy@unifysolutions.net

Changes to this Policy

We reserve the right to revise or supplement this Privacy Policy from time to time. You should bookmark and periodically review this page to ensure that you are familiar with the most current version of this Privacy Policy and so you are aware of what Personal Information we collect, how we use it and under what circumstances we disclose it.

General

Information We Collect

Generally, we collect information from:

• you;
• our website and by other electronic communication channels;
• another party with which you have a relationship with - i.e. our client;
• other third parties;
• publicly available sources of information;
• when we are required to do so by law; and
• our own records.

The Personal Information we collect may include:

• your salutation, name, address, landline, mobile and fax numbers and e-mail address;
• computer or network information;
• details about your interactions with us including authentications with applications through our services;
• company and business name, job title, business sector and contact details;
• details of the ways in which you are prepared to receive information from us and/or selected third parties; and
• data collected to send information about our products and services.

Disclosure

We may disclose your Personal Information to our employees, for the operation of our service or our business, and for the specific purpose of fulfilling requests by you, and to provide services to you, and where we are permitted to under Privacy Laws. Where we utilize third parties to undertake services, we may provide those third parties with some of your information if it is required to fulfill those services and only to the extent required to fulfill those services.

If we enter into a joint venture with or are sold to or merged with another entity, your Personal Information may be disclosed to our new business partners or owners.

Unless required to do so by law and permitted under Privacy Laws, we will not otherwise share, sell or distribute any of the Personal Information you provide to us without your consent.

International Transfer of Data

UNIFY Solutions utilizes sub-processors and data centers that facilitate the transfer of Personal Information outside the EEA.

Unless otherwise stated below, we utilize Appropriate Safeguards (GDPR Article 46) as our basis for transfer of data.

Website Visitors

Information We Collect

Like most website operators, unifysolutions.net collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. unifysolutions.net’s purpose in collecting non-personally-identifying information is to better understand how unifysolutions.net’s visitors use its website. From time to time, unifysolutions.net may release non-personally-identifying information in the aggregate, for example, by publishing a report on trends in the usage of its website.

unifysolutions.net also collects potentially personally-identifying information like Internet Protocol (IP) addresses in addition to those listed above. unifysolutions.net does not use such information to identify its visitors, however, and does not disclose such information, other than under the same circumstances that it uses and discloses personally-identifying information, as described below.

Certain visitors to unifysolutions.net’s websites choose to interact with unifysolutions.net in ways that require unifysolutions.net to gather personally-identifying information. The amount and type of information that unifysolutions.net gathers depends on the nature of the interaction. For example, we ask visitors who use our forums to provide a username and email address. In each case, unifysolutions.net collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with unifysolutions.net. unifysolutions.net does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

We may:

• require the selection of a user ID and password for the use of some of our products or services such as where you register to gain access to our web tools and products;
• offer you the opportunity to receive email updates and announcements concerning our products, services and activities;
• Personal Information you have provided to us may be used to facilitate those communications;
• collect information about you from e-mails, letters, telephone calls or from any other communication you have sent or may send to us;
• collect additional Personal Information automatically about your visit to our Site (e.g. our web server logs your IP address when you view a page on our Site).

Use of Cookies

A “cookie” is a small text file that is placed on a device when it is browsing a website to enable the host of the website to store information about use of the website by that device. We use cookies and similar technologies for the following key purposes:

• Allow you to enter certain site member services without having to log in each time you visit;
• Ensure interactions with our Site are from legitimate users and not bots;
• Track traffic patterns to our site;
• To produce data on web traffic and customer web activity through our website, if required for audit purposes.

Whether you choose to accept the use of cookies on unifysolutions.net is entirely up to you, you may decline by ignoring the “Accept Cookies” link. You may later opt-out of the use of cookies by clearing them from your browser.

Information Processing

We may collect statistics about the behavior of visitors to its websites. For instance, unifysolutions.net may reveal how many downloads a particular version got, or say which plugins are most popular based on checks from web services used by unifysolutions.net installations to check for new versions of unifysolutions.net and plugins.

We may use the Personal Information you provide or which we collect via this Site for the purposes of:

• providing any products, training or other services;
• enabling you to register to gain access to our web tools, products, services and training;
• responding to your inquiries or to process your requests in relation to your products, services and/or training modules;
• providing and personalizing our products, services or training modules generally;
• account management and administering records of payments received via our payment gateway;
• promotion of our products, services and training modules, including carrying out market research campaigns;
• maintaining information as a reference tool or general resource;
• making the Site easier for you to use and providing you with access to all parts of the Site;
• helping you to quickly find products, services, training modules and information on the Site;
• where necessary and required by law, crime prevention and prosecution of offenders;
• to contact you for your views on our products, services and training modules;
• to notify you about important changes or developments to our website or our products, services and training modules;
• to contact you by post, telephone, or by e-mail to let you know about other products, services and training modules which we - offer and which may be of interest to you or which are offered jointly with or on behalf of others; and
• any other purpose ancillary to these purposes or which arise out of requests made by you.

We may also use and disclose information:

• in aggregate (so that no individuals are identified) for marketing and strategic development purposes; and
• to use and analyze the information we collect so that we can administer, support, improve and develop our business.

The legal basis for information processing is Consent (GDPR Article 6 (1)(a)).

Retention Period

For the collection and processing related to information provided by you, for the purpose of being published to a public forum (for example community forum or comments on articles), there is no defined retention period. This information is kept for the purposes of archiving in the public interest. Please see Your Rights below if, for example, you wish to have something removed.

For the collection and processing of website analytical information and information used to register you to the Site, the retention period is 26 months. This retention period is reset on new activity (i.e. a new visit to unifysolutions.net).

For the collection and processing of other activities, see Other Customer Information.

Disclaimer

Given that the Internet is a global environment, using the Internet to collect and process Personal Information necessarily involves the transmission of data on an international basis. Therefore by browsing this Site and communicating electronically with us, you acknowledge and agree to our processing of Personal Information in this way.

Whereas we employ reasonable measures to protect against viruses and other harmful components, the nature of the internet is such that it is impossible to ensure that your access to the Site will be uninterrupted or error-free, or that this Site, its servers or emails which may be sent by us are free of viruses or other harmful components.

EEA-Based UNIFYAdvantage Customers

Information We Collect

UNIFY Solutions (acting as the Processor) only collects information on behalf of the Controller, as per our contractual obligations. To see the details of what is collected, please refer to the Controller.

Information Processing

UNIFY Solutions (acting as the Processor) does not determine the purposes of processing data using services provided by the Processor, this is determined by the Controller.

We process Customer Information for the sole purpose of providing the requested services to our customer, the Controller. The Processor will not use Customer Information or information derived from it for any other purposes.

The legal basis for information processing is Consent (GDPR Article 6 (1)(a)).

International Transfer of Data

For these customers we prefer to not make use of a Third Country where possible. Where certain services have not been made available in the EAA, we utilize Adequacy (GDPR Article 45) as our basis for transfer of data.

Non-EEA-Based UNIFYAdvantage Customers

Information We Collect

UNIFY Solutions (acting as the Processor) only collects information on behalf of the Controller, as per our contractual obligations. To see the details of what is collected, please refer to the Controller.

For the provisioning of identity and trust framework services such as Azure Active Directory B2C IEF, we collect information about you on behalf of the Controller including:

• name;
• contact information;
• computer or network information;
• interactions with us;
• authentications with applications through the service.

Information Processing

UNIFY Solutions (acting as the Processor) does not determine the purposes of processing data using services provided by the Processor, this is determined by the Controller.

We process Customer Information for the sole purpose of providing the requested services to our customer, the Controller. The Processor will not use Customer Information or information derived from it for any other purposes.

For the provisioning of identity and trust framework services such as Azure Active Directory B2C IEF, we collect your Personal Information in order to:

• perform our business activities;
• effectively provide you with the services you have requested from us;
• communicate with you and process your requests;
• verify your identity and contact details;
• personalize and customize your experience;
• provide you with secure access to the services supplied;
• provide audit information for security assessments by or for the Controller;
• make informed decisions on data retention periods.

For supplying support to our customers, we collect your Personal Information in order to:

• identify you in our ITSM such that we can support your solution.

If you choose not to enter personal information we will be unable to provide certain information or the services you have requested.

The legal basis for information processing is Consent (GDPR Article 6 (1)(a)).

Retention Period

For the collection and processing activities, the retention period is 2 years. This retention period is reset on new activity (i.e. an authentication attempt).

Other Customer Information

Information We Collect

As part of operating our business and performing tasks associated with our business operations, UNIFY Solutions may collect Personal Data in the following systems or locations:

• Emails;
• Customer Relationship Manager (CRM);
• Logs (logging, monitoring and auditing);
• Backups.

Information Processing

We may use the Personal Information you provide or which we collect via this Site for the purposes of:

• providing any products, training or other services;
• enabling you to register to gain access to our web tools, products, services and training;
• responding to your inquiries or to process your requests or support in relation to your products, services and/or training modules;
• providing and personalizing our products, services or training modules generally;
• account management and administering records of payments received via our payment gateway;
• promotion of our products, services and training modules, including carrying out market research campaigns;
• maintaining information as a reference tool or general resource;
• where necessary, crime prevention and prosecution of offenders;
• to contact you for your views on our products, services and training modules;
• to notify you about important changes or developments to our website or our products, services and training modules;
• to contact you by post, telephone, or by e-mail to let you know about other products, services and training modules which we - offer and which may be of interest to you or which are offered jointly with or on behalf of others; and
• any other purpose ancillary to these purposes or which arise out of requests made by you.

We may also use and disclose information:

• in aggregate (so that no individuals are identified) for marketing and strategic development purposes; and
• to use and analyze the information we collect so that we can administer, support, improve and develop our business.

As there is no other way to achieve these outcomes other than by performing these processing activities, and there is no impact to individual’s interests, rights and freedoms, the legal basis for information processing is Legitimate Interests (GDPR Article 6 (1)(f)).

Retention Period

For the collection and processing relating to authenticating to our system, the retention period is 2 years. This retention period is reset on new activity (i.e. an authentication attempt).

For other activities, the retention period is 7 years.

Third Party Access to Information

UNIFY Solutions and its affiliates use third party sub-processors to assist us in the provisioning of our services and other business activities. UNIFY Solutions, where possible, utilizes sub-processors that possess ISO/IEC 27001 certification or equivalent and are GDPR compliant. These third party sub-processors include:

For reCAPTCHA-protected interactions on our websites, UNIFY Solutions determines the purpose of processing (bot and abuse prevention), and Google processes reCAPTCHA request data as our processor. End users are not required to accept Google’s consumer Privacy Policy or consumer Terms of Use as a condition of using our website.

How we Protect Your Personal Information

As an ISO 27001-certified organization, we implement a comprehensive set of security measures to protect your personal information. Our approach includes:

• Information Security Governance - We maintain a formal Information Security Management System (ISMS) that is certified to ISO/IEC 27001, ensuring continuous risk management and compliance.
• Access Control and Least Privilege - We restrict access to personal information based on job roles and the principle of least privilege, ensuring that only authorized personnel can access sensitive data.
• Encryption and Secure Storage - Personal information is encrypted both in transit and at rest, using industry-standard encryption protocols to safeguard against unauthorized access.
• Secure Systems and Infrastructure - Our IT systems are hardened, regularly updated, and monitored for vulnerabilities to prevent cyber threats and maintain data integrity.
• Regular Security Audits and Testing - We conduct periodic security audits, penetration testing, and risk assessments to identify and mitigate potential threats to personal data.
• Incident Detection and Response - We have a structured incident response plan in place to swiftly detect, contain, and respond to security incidents, minimizing any impact on personal information.
• Employee Awareness and Training - All staff receive regular cybersecurity training to ensure they understand their responsibilities in safeguarding personal information.
• Third-Party Risk Management - We enforce security requirements for any third-party providers that handle personal information on our behalf.

These measures help us maintain the confidentiality, integrity, and availability of personal data while ensuring compliance with relevant privacy regulations.

For more information on how we secure your personal information please visit our Trust Center

Children

UNIFY products, services and websites are not intended for children. We do not knowingly collect information from children. Do not use our products, services and websites or provide us any information unless you are capable of consent in your territory or country.

Your Rights

• Right to be informed: we must tell you what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
• Right of access: you have the right to request a copy of the information that we hold on you.
• Right of rectification: you have the right to correct data that is inaccurate or incomplete.
• Right to be forgotten: in certain circumstances, you can ask for the data that we hold on you to be erased from our records.
• Right of portability: you can request that we transfer any data that we hold on you to another company.
• Right to restrict processing: you can request that we limit the way we use personal data.
• Right to object: you have the right to challenge certain types of processing, such as direct marketing.
• Right related to automated decision making including profiling: you are free to request a review of automated processing if you believe the rules aren’t being followed.

You are free to exercise your rights by creating a Subject Access Request (SAR) Service Request at service.unifysolutions.net, or by alternatively emailing privacy@unifysolutions.net.

We must take reasonable steps to ensure that the request is valid and to verify your identity. We recommend submitting a Service Request to expedite this process.

Following the verification of your identity, we endeavour to respond to the above requests within one calendar month, and no longer than three calendar months for higher volume or more complex requests.

Data Breach Reporting

UNIFY Solutions is obligated to report Data Breach’s that are likely to result in serious harm to an individual. Serious harm could take the form of serious physical, psychological, emotional, financial, or reputational harm. We will take all possible steps to ensure that these risks do not materialise, in which case reporting may no longer be required.

Reporting schedule:

Information Security Weakness Reporting

UNIFY Solutions is obligated to report meaningful Information Security weaknesses that cannot be remediated in a timely manner.

Reporting schedule:

PGP Key

Emails to privacy@unifysolutions.net or security@unifysolutions.net can optionally be encrypted using our PGP Public Key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZ5F09hYJKwYBBAHaRw8BAQdAEe1etoGKZ53dEFoheFrGIn7/HcHZ4G8ruqSd
NSj/A220D1VOSUZZIFNvbHV0aW9uc4iZBBMWCgBBFiEE05aMhM7Rz0pPp7szdYZs
w0417kEFAmeRdPYCGwMFCQWjyCoFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQdYZsw0417kHoIQEAlPHBsCQJxVUJbMFeYjiqYe3G1p31LVmVZ0EORzQWff8A
/jLtSQ6M4GD99bQEZCteL2Wc63wJ9RFvbTHvAdKJVEQAuDgEZ5F09hIKKwYBBAGX
VQEFAQEHQAuxAfgs14VYlOXOIh/3xGUaaz4QUr7n9U7I65+BRQ9cAwEIB4h+BBgW
CgAmFiEE05aMhM7Rz0pPp7szdYZsw0417kEFAmeRdPYCGwwFCQWjyCoACgkQdYZs
w0417kFttgEAzAe9PnmgYTrGoE3AyBYl94XflZxbVHXQR9X9QFfWYW0A/0/pPbtd
QHetnYWhgeozd2UIypLOfEu9TBKwd+EhQtIO
=m0Ru

-----END PGP PUBLIC KEY BLOCK-----

References

• Australian Privacy Act 1988
• New Zealand Privacy Act 2020
• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR)
• Australian Notifiable Data Breaches (NDB) scheme
• New Zealand Notifiable Privacy Breach
• OpenPGP