Last updated 7 March 2021
1. Overview
1.1. We respect the privacy of personal information in our care and we adhere to the guidelines set out in this Privacy Policy.
1.2. By using Palace and/or the Website:
(a) you authorise us to collect, use, and disclose your personal information in accordance with this Privacy Policy; and
(b) where you provide us with the personal information of any other person, you warrant that you have the consent of that person to disclose their personal information to us and for us to use and disclose that personal information in the manner contemplated by this Privacy Policy and our Terms and Conditions.
1.3. We reserve the right to make amendments to this Privacy Policy at any time, effective upon the posting or notification of the amendments and we will make every effort to communicate these changes to you via email or notification via the Website.
2. What information do we collect and how do we collect it?
2.1. We may collect personal information directly from you when you:
• register to use Palace;
• use Palace;
• communicate or interact with us, whether via phone, through the Palace Support Center or otherwise; and
• visit the Website.
2.2. We may also collect personal information indirectly from our customers who have consent to disclose that personal information to us for the purposes of providing the Palace services. In these circumstances, our Terms and Conditions will govern the disclosure of such personal information to us.
2.3. Personal information is information about an identifiable individual such as your name, telephone number, and email address.
2.4. We collect anonymous data from every visitor of the Website to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the IP address, the browser type, the browser language, and a timestamp for the request.
2.5. The information we collect also includes records of your communications and interactions with us in relation to Palace.
2.6. We use third-party data hosting providers to host Palace on servers located in Australia. This means that the personal information collected by us will be transferred to Australia, although remaining under our effective control.
3. For what purpose do we use personal information?
We collect your personal information so that we can provide you with Palace and any related services you may request. In doing so, we may use the personal information we have collected for purposes relating to Palace, including:
• to verify your identity, including to maintain the security of your Palace account;
• to administer Palace;
• to notify you of new or changed services relating to Palace;
• to carry out marketing or training relating to Palace;
• to assist with the resolution of technical or other issues relating to Palace;
• to comply with applicable laws; and
• to communicate with you.
4. We can aggregate your non-personally identifiable data
4.1. By using Palace, you agree that we can access, aggregate, and use non-personally identifiable data we have collected from you. This data will in no way identify you or any other individual.
4.2. We may use this aggregated non-personally identifiable data:
• to assist us to better understand how our customers are using Palace;
• to provide our customers with further information regarding the uses and benefits of Palace;
• as a benchmark against your key performance indicators; and
• to otherwise improve Palace and the Website.
5. When we may disclose personal information
5.1. We only disclose your personal information to third parties if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Privacy Policy, including the provision of Palace.
5.2. We will not otherwise disclose your personal information to a third party unless:
• you have consented to that disclosure; or
• we are required to make that disclosure to comply with law or any court order, subpoena or other legal process or investigation.
6. How do we store personal information?
6.1. We take data security seriously. We have in place security safeguards to mitigate the risk that personal information is lost, or subject to unauthorised access, use, modification or disclosure, or other misuse.
6.2. We take measures to destroy or anonymise personal information held by us if we no longer need to use it for any lawful purpose.
7. Social media
We use social buttons provided by services like Twitter, Google+, LinkedIn, and Facebook. Your use of these third-party services is entirely optional. We are not responsible for the privacy policies and/or practices of these third-party services, and you are responsible for reading and understanding those third-party services’ privacy policies.
8. Email communications
We may send you promotional, or other emails, relating to Palace and/or the Website. We may also use technology that alerts us via a confirmation email when you open an email from us. You can modify your email notification preferences (including opting out) by clicking the appropriate link included in the footer of email notifications.
9. Right of access to, and correction of, personal information, and other feedback
If you wish to access or correct any personal information we hold about you or have any feedback or concerns about privacy, please contact us as set out below. In the case of access and correction requests, please provide as much detail as you can about the particular information you seek in order to help us retrieve it. Where we decide not to make a requested correction and you disagree, you may ask us to make a note of your requested correction with the information.
10. Access, Storage & Security Information
Palace uses Microsoft Azure services to access, maintain, and store your data.
The data centers we use supplied by Microsoft Azure…
- Australia East
- Australia Southeast
All backups are secure and we implement the best practices when it comes to the security of your data.
Database Security: All our databases are encrypted and secured behind a robust firewall and all connections are encrypted and password protected. Databases can only be accessed from specific locations and by senior Technicians within our organisation. We host these on Azure SQL Services.
(Further detailed information about Azure SQL Services and Security can be found at https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview)
Storage Security: As with Azure SQL Services, all BLOB Storage (e.g. large files and images) are encrypted and password protected.
(Further detailed information about Azure Storage and Security can be found at https://docs.microsoft.com/en-us/azure/storage/common/storage-security-controls)
All our public-facing sites have the latest cipher encryptions to encrypt all communications to and from our services. These are also siloed from our data so the data is further isolated in that all communication from these servers has encrypted connections to your data.
No third-party has access directly to your data unless you have allowed access via our API Services.
Although we do not directly hold any ISO certifications ourselves, Azure (our data hosting provider) leads the industry in ISO certifications (https://azure.microsoft.com/en-gb/blog/microsoft-azure-leads-the-industry-in-iso-certifications/)
Palace Holdings is also willing to perform Penetration Testing if required at the cost of the client requesting it.
