Data Security & Privacy

The Hello Co. works with a range of highly security-sensitive clients in the insurance, telco and health sectors. This experience means we know how to overcome the challenges in protecting your data. 

Confidentiality
The Hello Co. ensures all data is handled confidentially by using secure transition methods with no unauthenticated access to your data, therefore fully meeting the needs of our clients and satisfying all local laws and regulations. There is a Security Management Process in place, and we are continuously improving our security measures and procedures. 

Awareness
Our security awareness program means all employees as well as management are fully aware of our security-related responsibilities. In addition, The Hello Co. has solutions in place which proactively manage our data security requirements as well as plans deal with disruptions within a business continuity and disaster recovery program.  

External Vulnerability Management
We use  external network vulnerability scanners which proactively checks our external systems for vulnerabilities which include web-layer security problems (such as SQL injection and cross-site scripting), and infrastructure.   

Internal Vulnerability Management
We use  internal network vulnerability scanners which proactively checks our internal systems for vulnerabilities which includes missing patches and encryption weaknesses such as Heartbleed, SSL/TLS weaknesses, and VPN encryption weaknesses. 

Cloud Vulnerability Management
We use  cloud vulnerability scanners which proactively checks for cyber security weaknesses in our digital infrastructure on an hourly basis. 

Application Security Management
We use  application vulnerability scanners which focus on finding weaknesses in web applications, bespoke applications and websites. These scanners continuously poll applications for weaknesses ensuring our systems are robust and secure.

Automated Penetration Testing
We use  automated penetration testing which polls our systems 24/7 looking for security  weaknesses as well as emerging threat scans which can detect newly discovered  vulnerabilities as soon as they are disclosed.  

ISO 27001 Data Centres
The Hello Co. services run in ISO 27001 certified data centres. All communication with The Hello Co. servers is  protected with 256-bit SSL encryption. Access to your content is protected with our roles-based permission system. The Hello Co. does not store credit card  information.

Effective as of 1^st July 2022
‍
We are concerned about privacy and endeavor to collect only as much data as is required to make your experience on the website as efficient as possible. The website has security measures in place to help protect against the loss, misuse and alteration of the data under our control. When you submit sensitive information via the website, your information is protected both online and off-line by use of Secure Socket Layer (SSL)technology. We follow accepted industry standards to protect the personal information submitted to us, both during transmission and after we receive it. While no methods are completely secure and we cannot guarantee absolute security, we strive to use commercially accepted methods to protect your personal information. 

Governing Law and Jurisdiction
The Hello Co. website is controlled by The Hello Co. from its offices in Melbourne, Victoria, Australia. All matters relating to your access to or use of any The Hello Co. website shall be governed by Australian federal law. Any legal action or proceeding relating to your access to or use of any The Hello Co. website shall be instituted in a state or federal court. You and The Hello Co. agree to submit to the jurisdiction of, and agree that venue is proper in, these courts.

Effective as of 1^st July 2022
‍
We recommend that you read this Privacy Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link below to jump to that section 

Introduction
This policy describes the types of information The Hello Co. (the “Company,” “we,” “our,” or “us”) may collect from you or that you may provide when you visit the website https://www.thehelloco.com.au (“Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. This policy does not apply to information collected by us offline or through any other means, including on any other website operated by the Company or a third party or through any application or content (including advertising) that may link to or be accessible from the Website. The Company is committed to protecting your privacy. We provide this policy to explain the type of information we collect and to inform you of the specific practices and guidelines that protect the security and confidentiality of your personal data. Please read this policy carefully. If any term in this policy is unacceptable to you, please do not use the Website or provide any personal data.

We collect several types of information from and about users of our website, which may include information defined as personal data under the General Data Protection Regulation (“personal data”). For example, we may collect information such as your name, e-mail address, telephone number, country, job function, company/organization name, annual revenue, industry, current customer status, file uploads by you, product interests, and information related to inquiries and requests. We may also collect bank account information and bank account and routing information. We also collect information about your internet connection and the equipment you use to access our website. As you navigate through the Website, we may automatically collect information such as your usage details, IP addresses, and information collected through cookies.

The information we collect on or throughout Website may include information that you provide by filling in forms on our website. This includes information provided when you sign up for newsletters, blog subscriptions and other types of information material; when we process and respond to your inquiries related to products and customer service; and when you provide feedback on our website. The personal data that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal data as well as records and copies of your correspondence with us (including email addresses).

As with many other websites, as you navigate through and interact with our website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including details of your visits to our website, including resources that you access, download and use on our website, traffic data, location data, logs, language, date and time of access, frequency, and other communication data. We may also collect Information about your computer and internet connection, including your IP address, operating system, host domain, and browser type. We also collect details of referring websites (URL). The information we collect automatically is statistical data that helps us improve our website and deliver a better and more personalized service, including by enabling us to determine web site traffic patterns, count web visits and determine traffic sources so we can measure and improve the performance of our site.

Google Analytics uses cookies, which are text files placed on your computer, to help the Website analyze how users use the Website. The information generated by the cookie about your use of the Website will be transmitted to and stored by Google on servers in the United States. Google will use this information on behalf of us as the operator of this Website for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services relating to Website activity and internet usage to us. The IP address, that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this Website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: (click here: https://tools.google.com/dlpage/gaoptout?hl=de).

On our website, we use website elements from the social networks Facebook, Twitter, LinkedIn and YouTube. Suppliers of the plug-ins are the companies Facebook Inc., Twitter Inc., LinkedIn Corporation and YouTube LLC (“Providers”). Web page elements are e.g., buttons (so-called “social plug-ins”) or integrated content from the providers.  

The operator of Facebook is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). Website elements of Facebook are recognizable by the Facebook logo. 

The operator of Twitter is Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). Website elements of Twitter are recognizable by the Twitter logo. 

The operator of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Website elements of LinkedIn are recognizable by the LinkedIn logo. 

The operator of YouTube is YouTube, LLC,901 Cherry Ave., San Bruno, CA 94066, USA, a company belonging to Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. Website elements of YouTube are recognizable by the YouTube logo. 

Your browser establishes a direct connection to the server of the respective Provider when you visit a page from our website that contains such a website element. The content of the website element is transmitted by the respective Provider directly to your browser and integrated into the website. By integrating the website elements, the Providers gain knowledge that your browser has accessed the corresponding page of our website, and even if you do not have a profile with the respective Provider or are not logged in at the time. This information (including your IP address) is transmitted by your browser directly to a server of the respective Provider in the USA and stored there. If you are logged into one of the services, the respective Provider can directly assign the visit to our website to your profile with this Provider. We have no influence on the parameters of the data that the Providers lift out with the help of the website elements. For details on the purpose and extent of the data collection and the further processing and use of the data by the Providers as well as your related rights and setting options for protecting your privacy, please refer to the privacy policy of the provider:

Facebook: https://www.facebook.com/about/privacy
Twitter: https://twitter.com/en/privacy
LinkedIn: http://www.linkedin.com/legal/privacy-policy
YouTube: https://policies.google.com/privacy?hl=en 

You will need to log out of each Provider’s services if you want to prevent Providers from directly associating the data collected through our website with your profile in that service. Finally, there is the possibility of completely preventing the loading of the website elements with browser add-ons.

We currently contract with several online partners to help manage and optimize our Internet business and communications. We use the services of a marketing company to help us measure the effectiveness of our advertising and how visitors use our website. To do this, we use Web beacons and cookies provided by the marketing company. A “web beacon,” is also called a web bug or a pixel tag or a clear GIF. Used in combination with cookies, a web beacon is an often-transparent graphic image, usually no larger than 1pixel x 1 pixel, that is placed on a website or in an e-mail that is used to monitor the behavior of the user visiting the website or sending the e-mail. By supplementing our records, this information helps us learn things about, for example, what pages are most attractive to our visitors and which of our services most interest our customers. Although the marketing company logs the information coming from our website on our behalf, we control how that data may and may not be used.

Our website uses single-session (temporary)and multi-session (persistent) cookies. Temporary cookies last only as long as your web browser is open and are used for technical purposes such as enabling better navigation on our website. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods and are used for purposes including tracking the number of unique visitors to our site and information such as the number of views a page gets, how much time a user spends on a page, and other pertinent web statistics. Cookies, by themselves, will not be used by the Company to disclose your individual identity. This information identifies your browser, but not you, to our servers when you visit the Website. If you want to disable the use of cookies or remove them at any time from your computer, you can disable or delete them using your browser (consult your browser’s “Help” menu to learn how to delete cookies); however, you must enable cookies to access certain information on our website.

Below please find information about how we process information collected about you (including personal data) as well as the corresponding legal basis.

We may process your information where the processing is:
- Necessary for entering into or the performance of a contract with you
- Necessary to process your job application
- Necessary for us to comply with a legal obligation
- Necessary for the purposes of the legitimate interests pursued by a third party or us
- To allow you to participate in interactive features of our service (when you choose to do so)
- To keep our website safe and secure
- To provide you with technical support and to improve our website and services
- To provide you with information that you have requested and respond to your inquiries.
- To notify you about changes to our service or our website
- If you are an existing customer, to communicate (including by email and SMS) with you

If you do not want us to use your data in this way, simply do not opt-in when we ask for your consent on the relevant forms where we collect your data or unsubscribe.

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. Subject to applicable law and regulations, we may disclose personal data that we collect, or you provide as described in this policy.

To any member of our group, which means our affiliates and subsidiaries for the purposes of:  
- Carrying out our obligations arising from any contracts entered into between you and us
- To provide you with the information, products, and services that you request from us
- Processing your job application
- Providing you with information that you have requested and responding to your inquiries.  
- If you are an existing customer, communicating (including by email and SMS) with you
- For any other purpose disclosed by us when you provide information or with your consent when required by applicable law

If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements, including for billing and collection purposes; or to protect the rights, property, or safety of the Company, our customers, or others. This may include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

As a stakeholder of a The Hello Co, or you have a contractual relationship with The Hello Co., your personal data is stored in a centralized database information system and/or other systems that are hosted on a secure server located in Australia.

We and/or our third-party service providers will process, view and maintain your personal data in Australia. We have entered into appropriate terms of service with our third-party service providers which restrict access to personal data while stored in Australia. We use commercially reasonable organizational, technical and administrative procedures to protect against unauthorized or unlawful access, processing, disclosure, alteration, destruction or accidental loss of your personal data. We collect, process and maintain your personal data in accordance with the practices described in this Privacy Notice, applicable The Hello Co. policies and applicable local legal and regulatory requirements.

We limit access to and use of your personal data to authorized persons. We will retain your personal data as long as needed to fulfill the purposes as described in this Privacy Notice and in accordance with The Hello Co. records retention policies and local laws and regulations. When your personal data is no longer needed, we will securely destroy it. Please note that in certain circumstances, we may be required to hold your data for a longer period, for example, if we are processing an ongoing claim or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your data.

We strive to provide you with choices regarding the personal data you provide to us. We have created mechanisms to provide you with the following control over your information:
‍Cookie settings: You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent.     If you disable or refuse cookies, please note that some parts of this website may then be inaccessible or not function properly.
‍Do Not Track: We do not currently respond to ‘do not track’ signals as we do not track customers across third party websites.
‍Promotional Offers from the Company: If you do not wish to have your contact information used by the Company to promote our own products or services, you can check certain boxes on the forms we use to collect your data.

You can also always exercise your right to ask us not to process your personal data for marketing purposes by sending us your request to hello@thehelloco.com.au. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. Please note that this does not apply to information provided to the Company as a result of a product purchase, warranty registration, product service experience, or other transactions

We remind you that you may at any time exercise certain rights you may have under applicable law and regulation. We rely on you to provide accurate, complete and current personal data to us. The following table sets out your rights which you have to address any concerns or queries with us about the processing of your personal data. Please note that these rights are not absolute and are subject to certain exemptions under applicable data protection law. 

Right of Access: You are entitled to ascertain what type of personal data The Hello Co. holds about you and what we do with that information. You are also entitled to receive a copy of this information. 

Right to Rectification: You have a right to have any inaccurate personal data which we hold about you updated or corrected. 

Right to Restrict Use: You have a right to stop The Hello Co. from using your personal data in certain cases, including if you believe that the personal data we hold is inaccurate, or our use of your information is unlawful. If you validly exercise this right, we will store your personal information and will not carry out any other processing until the issue is resolved. 

Right to Object: Where we rely on legitimate interest to use your personal data, you have a right to object to this use. We will desist from processing your personal data unless we can demonstrate an overriding legitimate ground for the continued processing of your personal data.

Right to Erasure: In certain circumstances, you may also have your personal data deleted, for example if you exercise your right to object (see above) and The Hello Co. does not have any overriding reason to process your personal data or if The Hello Co. no longer requires your personal data for the purposes set out in this notice. 

Right to Data Portability: If we are processing your personal data in order to perform your contract of services or if we are relying on consent to process your personal data, you may request us to provide you with your personal data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your personal data directly to another controller where this is technically feasible. 

Right to Object to Automated You have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. The Hello Co. will not subject you to a decision based solely on automated processing, including profiling. Any requests related to the above rights may be made by sending an email to: hello@thehelloco.com.au

Our website may contain links or references to other websites outside of our control. Please be aware that this policy does not apply to these websites. The Company encourages you to read the privacy statements and terms and conditions of linked or referenced websites you enter. These third-party websites may send their own cookies and other tracking devices to you, log your IP address, and otherwise collect data or solicit personal data. 

‍THE COMPANY DOES NOT CONTROL AND IS NOT RESPONSIBLE FOR WHAT THIRD PARTIES DO IN CONNECTION WITH THEIR WEBSITES, OR HOW THEY HANDLE YOUR PERSONAL DATA. PLEASE EXERCISE CAUTION AND CONSULT THE PRIVACY POLICIES POSTED ON EACH THIRD-PARTY WEBSITE FOR FURTHER INFORMATION.

Our website is not intended for children under 16 years of age, and the Company does not knowingly collect or use any personal data from children under the age of 16. No one under the age of 16 may provide any information to or on the Website. If we learn we have collected or received personal data from a child under the age of 16, we will delete that information. If you believe we might have any information from or about a child under the age of 16, please contact us at hello@thehelloco.com.au

We will process your personal data for the following purposes and on the following lawful bases: 

‍Legal Basis: Entering into or Performance of a Contract
‍It is necessary to process your personal data in order to enter into and perform our obligations under our recruitment and application process and the fulfillment of a contractual relationship with us. We therefore rely on this legal basis to collect and otherwise use your personal data to enable us to perform our part of our contract with you and our obligations to third parties, and to ensure that you are properly fulfilling your obligations to us.  

IMPORTANT: If you do not wish to provide us with your personal data for these above purposes, we will not be able to offer our recruitment and application process and the fulfillment of a contractual relationship with us. 

Purposes:
- to carry out obligations under services contracts and in connection with other working relationships or arrangements
- for communications including surveys, evaluation, feedback, instructions, security and training
- to manage and operate our company, its functions and activities
- determining contractual payment
- managing the contract termination process
- to access and use The Hello Co.’s global technology network, if applicable to the services
- for other general purposes including to ensure the smooth and efficient running of the onboarding process
- to manage contractual performance of services 

‍Legal Basis: Legitimate Interests
‍We process your personal data on the basis that the processing is necessary for the legitimate interests of The Hello Co., including those related to performance of contractual or legal obligations, and does not unduly affect your interests or fundamental rights and freedoms. It is necessary for the purposes of the legitimate interests of The Hello Co. to process your personal data.  

IMPORTANT: Before we process your personal data to pursue our legitimate interests for these purposes, we determine if such processing is necessary, and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms. 

Purposes:
- to meet customer obligations regarding skills, expertise and background of our personnel who perform work for their benefit
- to maintain a global database of personnel to efficiently manage and administer the recruitment process
- to prevent fraud or criminal activity
- to prevent misuse of our services as well as the security of our technology systems, architecture and networks
- to provide for a centralized approach to the provision of technology services to our employees, suppliers and contractors
- to enable employees, customers, suppliers and contractors to interact with one another

‍Legal Basis: Compliance with a Legal Obligation
‍It is necessary to process your personal data to comply with our legal and regulatory obligations. 

Purpose:
- to comply with our legal and regulatory obligations, such as tax reporting 

‍Legal Basis: Assessment of Work Capacity
‍It is necessary for us to collect and process your personal data (including special categories of personal data) to assess your services capacity. 

Purpose:
- to assess your capacity to perform services for the benefit of clients

‍Legal Basis: Defend, Establish or be a Party to Legal Claims
It might be necessary to process your personal data in order for us to establish, investigate, exercise or defend a legal claim to which you are a party. 

Purpose:
- to file legal proceedings
- to investigate, establish, exercise or defend a legal claim
- to settle legal claims

By disclosing your personal data as part of our recruitment and application process and the fulfillment of a contractual relationship with The Hello Co., you acknowledge that your personal data may be shared among The Hello Co. Group Companies and outside The Hello Co. Group Companies with third parties, including the customer who is the beneficiary of the services you may perform (as described below):

The Hello Co. Group Company
Authorized The Hello Co. companies and subsidiary companies including Management, Operations and Finance personnel 

Third Party Service Providers
Financial Institutions, Network Providers, Service Provider Systems providing recruiting, reference checks, interview     scheduling, application tracking, onboarding, payment and other services
‍
‍Other Recipients
Agents of The Hello Co. External Advisors (e.g., lawyers, bankers, owners, accountants and auditors and financial institutions and service providers as necessary to protect The Hello Co. legitimate and legal interests). Regulatory Authorities and Law Enforcement Agencies (where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to     protect the rights or property of The Hello Co.) Customers of The Hello Co. (to facilitate the provision of services to customers) Prospective customers of The Hello Co. (to facilitate entering into a potential relationship with a prospective customer) 

Please note that we will not disclose your data to any third party for the purposes of any direct marketing of products or services without your permission or providing you with an opportunity to opt out of receiving the direct marketing.

We reserve the right to change this policy at any time. Any changes we make will be posted on this page. If we make material changes to how we treat your personal data, we will notify you through a notice on the Website home page. The date this policy was last revised is identified at the top of the page. You are responsible periodically monitoring and reviewing any updates to this policy. Your continued use of our website after such amendments will be deemed your acknowledgement of these changes to this policy.

Data Controller Contact Information
If you have any queries or would like to contact us in relation to any of the above, please send your enquiry to:

The Hello Co.
Attention: CEO
Level 18, 727 Collins Street,
Melbourne VIC Australia 3008
Phone: 1300 38 58 28
Email: hello@thehelloco.com.au‍