At Proteus Predict Pty Ltd, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website ProteusPredict.com.au and use our cloud-based software services hosted on Azure.

1. Organisation & Contact Details

• Legal Entity Name: Proteus Predict Pty Ltd

• Registered Business Address: 2/11 Hunter Street, Waterloo, NSW 2017, Australia

• ABN: 27 644 928 405

• Privacy Officer Contact: Gareth O’Keefe, Managing Director

  • Email: gareth@proteuspredict.com.au

  • Phone: 0422 180 705

2. Applicable Jurisdictions

• Geographical Scope: Proteus Predict operates solely within Australia and is currently targeting Australian businesses. For any international clients a bespoke privacy policy is available. 

• International Data Transfers: We do not process data outside of Australia. If this changes, we will ensure compliance with data protection regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), including necessary safeguards (e.g., Standard Contractual Clauses).

3. Data You Collect

3.1 Public-facing Marketing Data

• Website Analytics: We use Google Analytics and SemRush to collect information about the use of our website for the purpose of improving its functionality and user experience.

• Advertising Pixels: We use advertising pixels from Meta (Facebook), LinkedIn, and Google Ads on our landing page for targeted marketing purposes.

• Newsletter Sign-ups: We collect email addresses via Mailchimp to send newsletters and promotional content. You can opt out of these communications at any time by unsubscribing from the emails.

3.2 Platform / Product Data

When you use Proteus Predict software, we can collect the following data:

• Incident & Claim Data:

  • Date of Injury

  • Injury Status (Open/Closed)

  • Current Capacity

  • Primary and Secondary Nature of Injury

  • Primary and Secondary Bodily Location

  • Primary and Secondary Mechanism

  • Site Locations

  • Manager Names (if provided by the client)

  • Operational Metrics: e.g., units of stock, hours worked, costs incurred, and claim rates

• Please Note: We do not request any personal identifying information such as names or IDs. Data uploaded by users will be de-identified when possible. 

3.3 Trial Data

• Incident Data Collected during Free Trials:

  • The same data types as listed above.

  • Retention: All free-trial data is deleted within 5 days of receipt.

3.4 Cookies

We use the following types of cookies on our website:

• Strictly Necessary Cookies: These cookies are essential for the operation of the website and cannot be switched off in our systems.

• Performance Cookies: These cookies collect information about how visitors use our website, helping us improve its performance (e.g., Google Analytics).

• Marketing Cookies: These cookies are used for targeted advertising (e.g., Meta, LinkedIn).

You can manage your cookie preferences via your browser settings.

4. Legal Bases & Consent

• Legal Bases for Processing: We rely on the following legal bases to process your data:

  • Contract Necessity: We process data to fulfill our contractual obligations, including providing our software and services.

  • Consent: We rely on consent for processing data for marketing communications and cookies. You can withdraw your consent at any time by opting out of emails or managing your cookie preferences.

• Opt-In for Marketing & Cookies: We request explicit consent via opt-in boxes for both marketing communications and cookies. You will be asked to consent to receiving marketing emails and cookies upon your first visit to our website.

• Industry-Specific Compliance: As we do not target regulated industries like critical infrastructure or finance, industry-specific compliance obligations like APRA CPS 234 do not apply. If this changes, we will update our policy accordingly.

5. Data Storage & Security

• Hosting Provider: Our software is hosted on Microsoft Azure, located in Australia (AU-East region).

• Encryption:

  • In-Transit Encryption: We use TLS 1.2 or higher to protect data during transmission.

  • At-Rest Encryption: We use AES-256 encryption to protect stored data.

• Access Controls:

  • We implement Multi-Factor Authentication (MFA) for all users with access to sensitive data.

  • We apply least-privilege access principles to limit access to data to only those who require it.

  • Audit logging is enabled to monitor all access and actions taken on your data.

5.4 Third-Party Sub-processors

• Duo 2FA: For two-factor authentication.

• MapBox: For location-based services.

6. Retention & Deletion

• Client Data: We retain client data for the duration of the contract. Once the contract ends, data is immediately purged.

• Free Trial Data: All data collected during free trials will be deleted within 5 days of collection.

• Backup Retention: We retain backups for 30 days and securely delete them after that period.

7. Third-Party Access

• External Developers: External developers may have access to live production data when required for bug fixes or system updates. All developers sign NDAs and Data Processing Agreements (DPAs) to ensure data protection.

• Other Third Parties: We do not share data with other third parties, such as legal advisors or accountants, unless required by law.

8. International Transfers

We do not replicate or back up data outside of Australia. If we expand our operations in the future, we will ensure compliance with applicable data protection regulations for international data transfers.

9. User Rights & Requests

You have the right to:

• Access your data and request a copy.

• Correct any inaccuracies in your data.

• Erasure: Request that we delete your data, subject to applicable legal obligations.

• Object to processing for marketing or profiling purposes.

• Data Portability: Request that your data be transferred to another provider.

We will respond to requests in line with best practices, typically within 30 days.

10. Data Breach Response

In the event of a data breach, we have a response plan in place. We will notify affected users as soon as practicable, in accordance with the Notifiable Data Breaches (NDB) scheme in Australia. We will use email as the primary communication channel, and where required, will notify relevant regulators.

11. Children’s Data

Our services are not intended for individuals under the age of 15, and we do not knowingly collect personal data from children.

12. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we update the policy, we will notify users via version history posted on our website.