SWAN Systems Privacy Policy
1. PURPOSE OF OUR POLICY
1.1 Indicina Pty Ltd ABN 13 612 726 333 (we, us or our) has adopted this Privacy Policy to ensure that we have standards in place to protect the Personal Information that we collect about individuals that is necessary and incidental to providing the system and services that we offer.
1.2 This Privacy Policy follows the standards of the Australian Privacy Principles set by the Australian Government for the handling of Personal Information under the Privacy Act 1988 (Cth) (Privacy Act) and where applicable the standards set out in the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
1.3 By publishing this Privacy Policy we aim to make it easy for our customers and the public to understand what Personal Information we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their Personal Information in our possession.
2. WHO AND WHAT THIS POLICY APPLIES TO
2.1 Our Privacy Policy deals with how we handle “personal information” as it is defined in the Privacy Act (Personal Information).
2.2 We handle Personal Information in our own right and for and on behalf of our customers and users.
2.3 Our Privacy Policy does not apply to information we collect about businesses or companies, however it does apply to information about the people in those businesses or companies which we store.
2.4 The Privacy Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
2.5 If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.
2.6 Our website and services are unavailable to children (persons under the age of 18 years).
3.1 The SWAN Systems app uses essential cookies to ensure the proper functioning of our platform and to enhance user experience. We also use analytics tools such as FullStory to understand user behaviour and improve our service.
3.2 Essential Cookies: These cookies are necessary for the app to function and cannot be disabled. They handle tasks such as user authentication, session management, and security.
3.3 Analytics Cookies: We use FullStory to analyse usage patterns, troubleshoot issues, and improve the user experience. If you wish to opt out of FullStory analytics, you can do so by visiting FullStory's Opt-Out Page.
4. THE INFORMATION WE COLLECT AND THE REASON FOR COLLECTION
4.1 We collect Personal Information because of a contractual agreement to provide our service. The type of information we collect includes name, location, time zone, country, email and contact number to ensure that only authorised users have access our service;
4.2 Statistical Information. We may collect information about an individual’s online preference, habits, movements, trends and decisions for troubleshooting purposes and to help us improve our service design and user experience;
4.3 Usage Information. We collect information related to pages that an individual visits our service, IP address, network, browser and operating system to assist in troubleshooting and monitoring traffic patterns;
4.4 We may collect other Personal Information about an individual, which we will maintain in accordance with this Privacy Policy.
5. HOW INFORMATION IS COLLECTED
5.1 Information is collected in association with an individual’s use of the service we provide. Information is likely to be collected as follows:
5.1.1 When an individual's company has a contractual agreement for SWAN Systems to provide a service and the individual has been nominated by the company to be a user;
5.1.2 When an individual uses our service. Their usage and statistical information is collected by server and internal logging services and third-party statistical services.
6. RETENTION OF PERSONAL INFORMATION
6.1 We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including to comply with our legal, regulatory, contractual, and business obligations.
6.2 The retention periods for different types of personal information within the SWAN Systems app are as follows:
| Type of Personal Information | Retention Period | Purpose of Retention |
| Account Information (e.g., name, email, contact details) | Retained for the duration of your account and following that, can be deleted upon request | For business records and compliance with legal obligations |
| Usage Data (e.g., session activity, IP address) | Retained for up to 24 months | For analytics, troubleshooting, and improving our services |
6.3 When personal information is no longer required, we securely delete or anonymize it in accordance with applicable laws and best practices.
7. OUR USE OF SUBPROCESSORS
7.1 To deliver our services, we work with carefully selected third-party service providers, known as subprocessors, that may process personal data on our behalf. These subprocessors assist us in providing infrastructure, analytics, and customer support services. Our current subprocessors are as follows:
| Subprocessor | Purpose | Location |
| Azure (Microsoft) | Cloud hosting and infrastructure | Global |
| AWS (Amazon Web Services) | Cloud hosting and infrastructure | Global |
| Google Cloud Platform | Cloud hosting and analytics | Global |
| Auth0 (Okta) | User authentication and identity management | Global |
| FullStory | Analytics and session replay for product improvement, identifying bottlenecks, and user pain-points | United States |
| Delighted (Qualtrics) | Customer feedback and satisfaction surveys | Global |
7.2 We ensure that all subprocessors we engage comply with applicable data protection laws, including the General Data Protection Regulation (GDPR). We have signed Data Processing Agreements (DPAs) (where applicable) with each of these subprocessors to safeguard personal data and ensure compliance with GDPR, CCPA, and other relevant regulations.
8. INTERNATIONAL DATA TRANSFERS
8.1 SWAN Systems may transfer personal data outside of the European Economic Area (EEA), United Kingdom, or Switzerland. To protect your personal information, we implement appropriate safeguards in line with applicable regulations.
8.2 These safeguards include the use of Standard Contractual Clauses (SCCs) approved by the European Commission to ensure that your data is afforded the same level of protection as within the EEA.
8.3 When transferring personal data to subprocessors outside the EEA, we rely on SCCs as the transfer mechanism:
| Subprocessor | Country | Transfer Mechanism |
| Azure (Microsoft) | Global | SCCs |
| AWS (Amazon Web Services) | Global | SCCs |
| Google Cloud Platform | Global | SCCs |
| Auth0 (Okta) | Global | SCCs |
| FullStory | United States | SCCs |
| Delighted (Qualtrics) | Global | SCCs |
8.4 Personal data collected through SWAN Systems is stored on secure servers provided by our cloud servers managed by our subprocessors listed above. If you would like more information about the safeguards we have in place, or a copy of the relevant SCCs, please contact us at privacyofficer@swansystem.com.
9. WHEN PERSONAL INFORMATION IS USED & DISCLOSED
9.1 In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected other than with the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
9.2 We will retain Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
9.3 If it is necessary for us to disclose an individual’s Personal Information to third parties in a manner compliant with the Australian Privacy Principles during our business, we will inform the individual that we intend to do so, or have done so, as soon as practical.
9.4 We will not disclose or sell an individual’s Personal Information (as defined under the CCPA, the GDPR or the Privacy Act) to unrelated third parties under any circumstances.
9.4.1 GDPR: All personal data processed through our SaaS product is collected and used solely to provide the service in accordance with Article 6(1)(b) of the GDPR (performance of a contract).
9.4.2 CCPA: We do not sell personal information as defined under the California Consumer Privacy Act (CCPA). Any data shared with third parties is strictly for the purpose of providing our SaaS service and falls under the definition of 'service providers' under CCPA.
9.5 Information is used to enable us to operate our business. This may include:
9.5.1 The provision of goods and services between an individual and the company they represent and us;
9.5.2 Verifying an individual’s identity;
9.5.3 Communicating with an individual about their relationship with us;
9.5.4 Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
9.5.5 As required or permitted by any law (including the Privacy Act).
9.6 There are some circumstances in which we must disclose an individual’s information:
9.6.1 Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
9.6.2 As required by any law (including the Privacy Act); and/or
9.6.3 In order to sell our business (in that we may need to transfer Personal Information to a new owner), or in the case of a merger or acquisition, users will be provided with options to opt out or have their data deleted, however users will then no longer be able to access the SWAN Systems app.
9.7 We will not disclose an individual’s Personal Information to any entity outside of Australia that is in a jurisdiction that does not have a similar regime to the Australian Privacy Principles or an implemented and enforceable privacy policy similar to this Privacy Policy. We will take reasonable steps to ensure that any disclosure to an entity outside of Australia will not be made until that entity has agreed in writing with us to safeguard Personal Information as we do.
9.8 We utilize third-party IT service providers in certain sections of SWAN Systems. Personal Information is provided to these third party entities to the extent required for them to successfully provide their services to us.
10. THE SAFETY & SECURITY OF PERSONAL INFORMATION
10.1 We may appoint a Privacy Officer to oversee the management of this Privacy Policy and compliance with the Australian Privacy Principles, the GDPR, and other applicable data protection laws including the Privacy Act. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.
10.2 We take the security of personal data seriously and implement a range of technical and organizational measures to protect the personal information processed through the SWAN Systems platform. These measures are designed to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR
10.3 Access Controls: Access to personal data is restricted to authorized personnel only, using role-based access controls and multi-factor authentication where applicable.
10.4 SWAN Systems uses SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
10.5 We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
10.6 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
10.7 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
10.8 We conduct regular security assessments to address potential vulnerabilities and ensure our systems are resilient against unauthorized access.
11. HOW TO ACCESS, UPDATE OR DELETE YOUR INFORMATION
11.1 Users of SWAN Systems can update their Personal Information from within their SWAN Systems account or profile.
11.2 Subject to the Australian Privacy Principles, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information within 28 days of receiving their written request.
11.3 If an individual cannot update their own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.
11.4 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
11.5 We may charge an individual a reasonable fee for external costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.
11.6 The individual may request the deletion of their Personal Information from SWAN by writing to the contact details below.
11.7 The individual may request to restrict or object to processing their Personal Information by writing to the contact details below. In the event this is requested, the individual acknowledges that:
11.7.1 Their SWAN Systems account will be suspended as our service relies on processing their Personal Information;
11.7.2 We are not able to provide alternative access to the app.
11.8 The individual may withdraw their consent for SWAN Systems to use their Personal Information by writing to the contact details below. The individual acknowledges that:
11.8.1 Their SWAN Systems account will be suspended as our service relies on processing their Personal Information;
11.8.2 We are not able to provide alternative access to the app.
12. Your Data Protection Rights (GDPR and CCPA)
12.1 Under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), individuals have specific rights regarding their personal data. These rights include:
12.1.1 Right to Access – You have the right to request a copy of the personal data we hold about you.
12.1.2 Right to Rectification – You can ask us to correct any inaccurate or incomplete information.
12.1.3 Right to Erasure (Right to be Forgotten) – You can request that we delete your personal data, where applicable.
12.1.4 Right to Restrict Processing – You can request that we limit the processing of your personal data under certain conditions.
12.1.5 Right to Data Portability – You can request that we transfer your personal data to another service provider.
12.1.6 Right to Object – You can object to the processing of your personal data, especially for direct marketing purposes.
12.1.7 Right to Withdraw Consent – Where we rely on your consent to process your data, you have the right to withdraw it at any time.
If you wish to exercise any of these rights, please contact us at privacyofficer@swansystem.com.
For more information on your rights under GDPR, please visit the European Data Protection Board website at https://edpb.europa.eu.
13. COMPLAINTS AND DISPUTES
13.1 If an individual has a complaint about our handling of their Personal Information, they have the right to complain. They can raise their complaint by writing to the contact details below. If the individual is not satisfied with our response, where applicable, they can raise their complaint with the supervisory authority that governs their state. In Europe, this information can be found here - https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
13.2 If we have a dispute regarding an individual’s Personal Information, we both must first attempt to resolve the issue directly between us.
13.3 If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
14. CONTACTING INDIVIDUALS
14.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
15. CONTACTING US
15.1 All correspondence with regards to privacy should be addressed to:
The Privacy Officer
Indicina Pty Ltd
55 Cheriton St,
PERTH WA 6000
Australia
You may contact the Privacy Officer by email in the first instance.
16. ADDITIONS TO THIS POLICY
16.1 If we make any changes to this Privacy Policy, we will notify users and provide a link to the updated policy when they next login to SWAN. Users can review any amendments by visiting the link.
16.2 We may do things in addition to what is stated in this Privacy Policy to comply with the Australian Privacy Principles, and nothing in this Privacy Policy shall deem us to have not complied with the Australian Privacy Principles.