This Privacy Policy describes how Leapfrog Publishers Pty Ltd (ABN 70 091 393 627) (we, our, us) manages personal information about individuals whose data is collected and processed by:

• us;
• the SwiftDigital platform accessible to logged in end users at [https://suite.swiftdigital.com.au]; and
• the public facing website available to users who are not logged into the website at [https://swiftdigital.com.au/]

We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (each, an APP).

We may review our Privacy Policy periodically and reserve the right to change the Privacy Policy at any time at our discretion by posting such changes on the Website or Platform. Changes will be effected immediately when posted on the Website or Platform and your continued access and/or or use of the Website and/or Platform thereafter will constitute your acceptance of those changes. Our policy is to be open and transparent about our privacy practices.

Swift Digital is a marketing automation platform that includes the following functionality:

• Email marketing automation tools;
• Internal communications/newsletter tools;
• Online event management;
• Landing page builder;
• Online survey automation tools;
• SMS marketing tools; and
• Marketing engagement scoring.

1. Consents

1.1 SwifDigital customers (Customers) are required to comply with all applicable privacy laws.

1.2 We rely on our Customers to obtain all relevant privacy consents and authorisations from any person required by law, in order for the personal information that is provided to us about such persons (data subjects) and entered into SwiftDigital to be collected, disclosed and otherwise processed by us.

1.3 We also rely on Customers to ensure that all personal information about data subjects entered into SwiftDigital by or on behalf of our Customers that is held by us is accurate, up to date, complete, relevant and not misleading.

1.4 We encourage each of our Customers to ensure that data subjects are familiar with their privacy policies so that data subjects understand how they will collect, use and otherwise process personal information about them, via our Platform or otherwise.

2. The types of personal information that we collect and hold about data subjects

2.1 We collect and hold the following types of personal information:

(a) Content provided to us and/or entered into SwiftDigital about data subjects: All information, including personal information, that is provided to us or entered into SwiftDigital (either by Customers, their end users or otherwise) is stored in systems managed by us. The types of personal information collected or held by us may include names and contact details, as well as any other personal information provided to us or entered into SwiftDigital by, about or on behalf of, a data subject.

(b) Information about past, current and prospective Customers: We collect contact details of our Customers’ personnel, such as names, contact information and billing information, including credit card details. Credit card details are not held by us, but are held by payment gateway providers that we use. Other than the last 4 digits of a credit card, all such credit card information is not accessible to us. For Customer personnel who are data subjects, we also collect the information about them referred to in paragraph (a) that is provided to us or entered into SwiftDigital.

(c) Information required for the support, maintenance and security of SwiftDigital: In order to support and maintain SwiftDigital, we collect and process end user information including IP addresses, email and physical addresses, telephone numbers, user access logs, usernames, passwords, and information included by Customers in technical support tickets and error messages.

3. How we collect personal information

3.1 Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances.

3.2 We collect information about potential Customers from public and private databases and when they otherwise voluntarily disclose it to us or authorise us to collect it, in order for us to market, sell and operate SwiftDigital.

3.3 After a prospective Customer enters into a contract with us for the supply of access to SwiftDigital, we collect personal information about their data subjects in one or more of the following ways:

(a) when end users enter personal information into SwiftDigital that we host;

(b) when a Customer provides personal information to us (for example, as part of the onboarding process for new Customers);

(c) when it is provided to us by third parties on behalf of a Customer or pursuant to an agreement with a Customer for it to be entered into and/or processed by SwiftDigital;

(d) when it is transmitted to SwiftDigital via an API or integration in accordance with an agreement that we enter into with a Customer or via a third party application; and

(e) when it is voluntarily disclosed to us (such as via telephone, e-mail and online forms).

4. How we use personal information

4.1 How we use personal information about data subjects is set out in the following table:

5. How we hold and secure personal information

5.1 We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities.

5.2 We take reasonable steps to protect personal information that we hold using such security safeguards as are reasonable in the circumstances to protect against loss, unauthorised access, modification and disclosure and other misuse, and we implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.

5.3 We:

(a) only use reputable cloud hosting providers to host personal information;

(b) implement passwords and access control procedures, anti-virus, firewall and security controls for email and other applicable computer software and systems;

(c) maintain files, in both hardcopy and electronic form, at our offices and other access-controlled premises;

(d) operate online records managements systems on secure networks;

(e) regularly perform security testing;

(f) maintain physical security measures in our buildings and offices such as visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);

(g) require our employees, agents and contractors to comply with the privacy and confidentiality provisions in their employment and subcontractor agreements that we enter into with them;

(h) use SSL encryption on SwiftDigital;

(i) have data backup archiving and disaster recovery processes in place;

(j) if appropriate in the circumstances taking into account the state of the art, the costs of implementation and the nature, scope, content and purpose of the processing, we will encrypt personal information; and

(k) with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed

6. Disclosure of personal information

6.1 We will disclose personal information to our employees, officers, advisors, suppliers, agents and/or related entities who assist us in the performance of our services. We ensure that they are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations which apply to personal information that we provide to them.

6.2 We only disclose personal information that we collect to third parties as follows:

(a) where required under a contract with a Customer, we will transmit data subject personal information to third party applications on behalf of the Customer;

(b) in order to host databases that are integrated into SwiftDigital, we engage reputable hosting providers who host those databases on our behalf;

(c) when performing contracts we may outsource certain obligations to third party contractors in accordance with our contractual rights (such as hosting and professional services). Professional services carried out by them may require access to data subject personal information;

(d) when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;

(e) where a person provides written consent to the disclosure of personal information about them;

(f) where it is brought to our attention that specific personal information needs to be disclosed to protect the safety or vital interests of any person;

(g) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;

(h) for the enforcement of a law imposing a pecuniary penalty;

(i) for the protection of public revenue;

(j) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or

(k) where required by law.

7. Third party products and websites

7.1 The Website and Platform may include links to third party websites or applications and integrations with third party products and services. Our linking to those websites or applications does not mean that we endorse or recommend them. We do not warrant or represent that any third party complies with applicable data protection laws. Customers and data subjects should consider the privacy policies of any relevant third party prior to sending personal information to them.

8. Interacting with us without disclosing personal information

8.1 If you do not provide us with your personal information, you can only have limited interaction with us. For example, you can browse our Website without providing us with personal information, such as the pages that generally describe SwiftDigital that we make available, and our Contact Us page. However, when you submit a form on our Website or become a Customer, we need to collect personal information from you in order to identify who you are, so that we can operate SwiftDigital, and for the other purposes described in this Privacy Policy.

8.2 You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about SwiftDigital but not if you wish to actually use SwiftDigital or any part thereof. It is not practical for us to provide you with access and/or use of SwiftDigital or any part thereof if you refuse to provide us with personal information.

9. Offshore disclosure

9.1 We may transfer personal information to our contractors and service providers who assist us with the operation of SwiftDigital, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will take reasonable steps to ensure that such recipients do not breach the APPs in relation to personal information or other relevant State and Territory laws (as applicable). At present we transfer your personal information to our interstate contractors and service providers within Australia. We do not currently use offshore contractors or service providers.

10. How to access and correct personal information held by us

10.1 Past, current and prospective Customers and their personnel who wish to access and correct the personal information held by us about them should contact us.

10.2 Prior to contacting us or submitting a request for access to correct any personal information held about them, current Customers and their personnel can update the personal information about them by logging into their account on SwiftDigital, where such functionality is available. However, we encourage you to contact us in any event and we would be happy to assist you.

10.3 If you are the recipient of marketing communications that have been sent via SwiftDigital from a Customer, then prior to contacting us or submitting a request for access to and/or correction of any personal information held about you, you should at first instance contact the applicable Customer.

10.4 All other data subjects who wish to access and correct the personal information held by us about them should contact us.

10.5 It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information provided to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person’s vital interests).

10.6 We hold personal End User Data in accordance with our Terms of Use. A customer may request a copy of their End User Data during the term of their contract with us for access to SwiftDigital and at any time during the subsequent 3 month period following termination of the contract. After the expiry of that period, we will delete the End User Data unless we are required to archive it or provide it to the Customer in accordance with our Terms of Use.

10.7 We may also retain personal information about a Customer’s Personnel for the term of our contracts with the Customer and for a period of 5 years thereafter for tax purposes.

10.8 As an alternative to deleting personal information, we may elect to de-identify it where permissible by law. We will de-identify certain types of personal information for the purpose of improving SwiftDigital and for provision to third parties for marketing and research purposes.

10.9 Where you require personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter, unless applicable law requires us to retain the personal information, in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.

10.10 We will handle all requests for access to personal information in accordance with our statutory obligations. You can request to receive a copy of your personal information by emailing support@swiftdigital.com.au. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request. We will endeavour to provide a response to any request for access to personal information within 72 hours from the time a request is made.

11. Our contact details

11.1 Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:

Contact: Privacy Representative
Email: support@swiftdigital.com.au

10.2 We endeavour to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.

10.3 If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:

Telephone:               1300 363 992
Email:                         enquiries@oaic.gov.au
Address:                    GPO Box 5218, Sydney NSW 2001

Data security is one of our highest priorities. The Swift Digital server network is hosted in a highly secure data centre in Sydney. The server infrastructure is subject to constant monitoring and maintenance to ensure maximum uptime and reliability. The Swift Digital software platform is robust and secure, with regular penetration testing conducted to ensure it is invulnerable. All data is held under the Australian Privacy Principles. All clients are required to strictly comply with the Spam Act 2003. The use of rental or purchased email lists is prohibited. Swift Digital does not rent or sell email lists.

Data security is a priority

All data collected and stored in your Swift Digital account is done so in accordance with the Australian Privacy Principles. Your data is stored in Australia and is subject to Australian Law.

No client data is ever exposed to third parties except under order of the law, therefore risk should be part of your decision on using non-Australian companies for your internet marketing. For more information please go to Australia Privacy Act.

Your data is your property

All data in your Swift Digital account is owned by you and Swift Digital treats all your data as private. We do not sell your data, and we do not use the information you collect for our own purposes except in a limited set of circumstances (e.g. if we are compelled to for legal reasons, or if you’ve made this information public).

In order for you to send publications via email, you may upload lists of email addresses to the Swift Digital mail house, in which case Swift Digital acts as a mere custodian of that data. We don’t sell these email addresses and we use them only as directed by you and in accordance with this policy. The same goes for any email addresses collected by you through surveys or subscription forms.

We keep your data secure in an Australian data centre.

Software Penetration Testing

70% of all security breaches are due to vulnerabilities within the web application layer. We conduct penetration testing on our software on a regular basis. We hire independent certified companies to perform security penetration testing from login to data storage within our software and the servers that host it.

Our staff are fully trained on self-auditing and software security.

We do not buy or sell lists

The Spam Act 2003 was introduced to protect Australians from Spam. Compliance means ensuring you communicate with people who have given you permission either by expressly signing up to receive your communications or by doing business with you. Only permission marketing is permitted when using Swift Digital’s services.