Privacy Statement

August 2024

This statement applies to all websites that we own or operate and to all services and products we provide in online, mobile, and in-person delivery formats.

When we refer to ‘we’ (or ‘our’ or ‘us’), that means SFARP Group Pty Ltd and all its majority-owned subsidiaries, including:

  • Riskfacta
  • Riskfacta Labs
  • Riskfacta Consulting
  • Nuffield Group
  • Nuffield Consultants

When we say ‘personal data’ we mean identifiable information about you, like your name, email, address, telephone number, bank account details, payment information, support queries, community comments and so on. If you can’t be identified (for example, when personal data has been aggregated and anonymised), then this notice doesn’t apply. Check out our terms of use for more information on how we treat your other data.

We may need to update this notice from time to time. Where a change is significant, we’ll make sure we let you know – usually by sending you an email.

You can read the whole notice below, or if you have little time, you can jump to the section you need using the navigation menu.

How we collect your data

When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:

  • When you use our websites, products, and services, we might ask you to provide us with personal data. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites, products and services.
  • We collect some information about you automatically when you use our websites, products and services, like your IP address. We also collect information when you navigate through our websites and services, including the pages you looked at and the links you clicked on.
  • Some of this information is collected using cookies and similar tracking technologies.
  • We collect most of the information we collect directly from you. Sometimes, we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our insurance and risk control partners. We use this information to supplement the personal data we already hold about you, to better inform, personalise, and improve our services, and to validate the personal data you provide.

Where we collect personal data, we’ll only process it:

  • to perform a contract with you, or
  • where we have legitimate interests in processing the personal data and your rights, do not override them, or
  • in accordance with a legal obligation, or
  • where we have your consent.

If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you.

If you’re someone who doesn’t have a relationship with us but believes that a Riskfacta subscriber has entered your personal data into our websites or services, you’ll need to contact that Riskfacta subscriber for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).

How we use your data

We use your personal data to provide you with any services you’ve requested and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:

  • We are providing you with the information you’ve requested from us or information we are required to send to you.
  • Operational matters, such as security updates, technical issues, and changes to service levels.
  • Sales and marketing communications about products and services you may be interested in.
  • Requesting feedback or market research information.
  • Technical support issues or other issues relating to our products and services.
  • By tracking and monitoring your use of our websites, products and services so that we can improve our offerings to you and your user experience.
  • For cyber security and current and emerging aspects of online security.
  • To enable targeted advertising to you online – through our own websites and services or through third-party websites and their platforms.
  • To produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.

Our preferred channel of communication is email, but we may contact you in other ways, including telephone, SMS, mail, and face-to-face.  We shall endeavour to respect your communication preferences when they are shared with us.

You will be able to unsubscribe at the bottom of our messages.

How we can share your data

There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:

  • Other subsidiaries of SFARP Group Pty Ltd
  • Third-party service providers and partners who provide products and services directly related to risk control or risk transfer opportunities for your company.
  • Regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure.
  • An actual or potential buyer (and its agents and advisors) in connection with an actual or proposed purchase, merger or acquisition of any part of our business.
  • other people where we have your consent.

Security

The security of your personal data is a priority for us. We are committed to protecting your personal data and have appropriate technical and organisational measures in place to ensure that happens.

Retention

We only retain personal data if there continues to be a business need for it.  Examples are these could be ongoing or future prospective service provision to you, you as a member of the Riskfacta™ community, or for applicable legal, tax or accounting requirements.

Where we do have a business need to retain your personal information, we will assess it, delete it, or ensure it is anonymised.

Your rights

It’s your personal data, and you have certain rights to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication.

You also have rights to:

  • Know what personal data we hold about you and make sure it’s correct and up to date.
  • Request a copy of your personal data or ask us to restrict the processing of your personal data or delete it.  Object to our continued processing of your personal data.

If you’re not happy with how we are processing your personal data, please let us know by getting in touch as per the home page.

If you are not satisfied with how we manage your enquiry, you may lodge a complaint with the Office of the Victorian Information Commissioner.

How to contact us

If you would like to talk to someone, understand more about the personal data we hold about you, or have a question or feedback for us, please contact us via the home page. Provide your name, phone number, and a brief summary of what you would like to talk to us about.

We will endeavour to get back to you within two business days.