Nimbus Digital Solutions Ltd – UK Company Number 6567207 (Nimbus, we or us) is committed to maintaining the security and privacy of the personal information we process, whether through our website or through our interactions with clients, investors or industry partners. We are committed to protecting your personal information and complying with our obligations under the relevant data protection laws, including the Australian Privacy Act 1988 (Cth) (Privacy Act) and Australian Privacy Principles (if you are located in Australia), and the EU General Data Protection Regulation (Regulation (EU) 2016/679) (if you are located in the European Union) (GDPR). If you are located in another jurisdiction, additional local requirements will comply.
We collect and hold various types of personal information when you enter into a services contract with us or otherwise interact with our website, including:
- your name and company name;
- contact data, including your contact details such as your billing and delivery address, email address and telephone number;
- usage data, including information about how you use our website and services;
- technical data, including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website;
- marketing and communications data, including your preferences in receiving marketing from us and your communication preferences; and
- information necessary for or incidental to the provision of our services.
Use and disclosure of personal information
We may hold, use and disclose your personal information for the following purposes:
- to communicate with you about your use of the services or any changes to the services;
- facilitating interactions with you in the course of operating our business;
- to administer our website, including troubleshooting, data analysis, testing, system maintenance, support, and reporting and hosting of data;
- processing basic supplier contact information, including invoices and purchase orders to fulfil our accounting requirements;
- responding to your enquiries and information requests, including on our website or via social media;
- where we are required to do so by law; or
- for any other purposes for which you have consented from time to time.
If you make a payment on our website, you agree that your payment will be either debited through the Bulk Electronic Clearing System from your nominated bank account or processed via Ezidebit Pty Ltd, if you make a payment via credit card. We cannot be held liable for any issues arising from the processing of personal information by these third parties.
Nimbus may also disclose your personal information to authorised regulatory bodies or otherwise if required to do so by law.
Security of Personal Information
We take the security of personal information extremely seriously and we follow strict security procedures to prioritise the security of your personal information whilst it is in our possession. We use industry leaders to manage our cloud-based infrastructure services, with high levels of physical security on our systems. Some of the core controls we have implemented for our cloud solutions include:
- multi-Factor Authentication (MFA) on all Internet cloud-based systems;
- encryption of data at rest and in transit;
- technical assessments of our systems for vulnerabilities and configuration weaknesses;
- controlled access to only approved individuals;
- security awareness training for all our employees; and
- policies and procedures on secure operations and configuration of systems.
Whilst we use our best endeavours to protect personal information within our control, we cannot guarantee the security of information transmitted via the internet. As such, transmission of personal information via the internet is at your own risk and we cannot be held responsible for the security of such information.
In order to provide our services to you, we may need to disclose your personal information to our related entities located overseas, or otherwise to third parties located overseas for the purpose of processing and storing your personal information overseas. If we are ever required to do so, we will ensure that the overseas recipients comply with the Australian Privacy Principles, including with respect to the collection, use, storage and destruction of any personal information.
If your personal information is governed by the GDPR, you may have additional rights as set out below:
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Objection to processing your personal information. You may object to us processing your Personal information even if we are relying on a legitimate grounds (or those of a third party), where there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Requesting restrictions on processing or deletion of your personal information. You may ask us to suspend the processing of your personal information:
- if you want us to establish the information’s accuracy;
- where our use of the information is unlawful but you do not want us to erase it;
- where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
Requesting the transfer of your personal information to you or to a third party. If you request us to transfer your personal information to a third party, we will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Where a request to transfer information is made, we may first need to make enquiries to identify the authenticity of your request.
Withdrawing consent. You may withdraw your consent to us processing your personal information at any time where we are relying on your consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
We will only send you direct marketing communications and information via mail, email or our social media platforms about our services with your consent, including to inform you of other products or services available from Nimbus. If you do not provide your consent to receive direct marketing communications, you may opt-out of receiving marketing communications from us by contacting us at the details below or by using opt-out facilities provided in our communications. We do not provide your personal information to other organisations for the purposes of their direct marketing and will not sell, rent or lease our customer lists to third parties.
Using our Website and cookies
To improve your experience on our website, we may use ‘cookies’ which are small data files that are sent by our website and stored on your device. These are used by us or third parties for a variety of purposes including to operate and personalise the website. Cookies may be used for recording preferences, conducting internal analytics, conducting research to improve our offering, assisting with marketing and delivering certain website functionality. You may refuse to accept cookies by selecting the appropriate setting on your internet browser. However, please note that if you do this, you may not be able to use the full functionality of our website.
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Where we anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, we may use this information indefinitely without further notice to you.
Your rights in relation to your personal information
Under the Privacy Act and Australian Privacy Principles, you have a number of rights that are focussed on placing you in control of how your personal information is processed.
Where requested, we will provide you with a copy of the personal information that we hold which relates to you, provided that the request is made in accordance with the Australian Privacy Principles. We will also update any inaccurate information about you if you inform us that the information is inaccurate, out of date, incomplete, irrelevant or misleading.
There are no charges for requesting access to or the correction of your personal information; however, if the volume of information we hold is excessively large, we reserve our rights to charge you any reasonable administration fees (including fees for photocopying) associated with your request. You can contact our privacy officer regarding access to or correction of your information by any of the following methods:
We will respond to those requests within 30 days in accordance with our obligations under the Privacy Act. If we refuse a request to access or correct personal information, where reasonable we will provide you with our reasons for doing so and information about your ability to complain about such refusal.
In order to protect the confidentiality of your personal information, details of your information will only ever be passed on to you where we are satisfied that the information relates to you. Accordingly, we may request documentation from you which confirms your identity before passing on any personal information which relates to you.
Changes to our policy
From time to time, things change, and we are always striving to continuously improve our business operations and services we deliver.
When any significant changes to the way we protect your privacy are made, we will make this clear on our website or by other means of communication such as email, so that you are able to review the changes and make an informed decision as to whether you want to exercise any of your rights in relation to the processing of your personal information.