Privacy Policy

Effective date: 1 June 2026

Version: 1.4

Entity: RSURED Pty Ltd (ABN 64 130 308 397) ("RSURED", "we", "us", "our")

RSURED respects your privacy and is committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, hold, use, disclose, and protect personal information through our website, marketing activities, business operations, and the operation of the RSURED enterprise compliance platform.

This policy applies to:

  • visitors to our website and anyone who contacts us through it;
  • prospective customers, leads, and people who request demos, quotes, or information;
  • customers and authorised representatives of customers;
  • employees, contractors, and end users of our customers who interact with the RSURED platform;
  • job applicants and other third parties whose personal information we receive in the course of business.

If you have questions about this policy, please contact our Privacy Officer at privacy@rsured.com.

1. The kinds of personal information we collect

The types of personal information we collect depend on how you interact with us. They may include the following.

1.1 Information you provide directly

  • Identity and contact information: name, job title, employer, business email address, business phone number, and postal address.
  • Enquiry content: information you provide through a contact form, demo request, support request, email, meeting, or phone call.
  • Marketing preferences: subscription status, communication preferences, and areas of interest.
  • Recruitment information: resume, cover letter, work history, qualifications, references, and other information provided if you apply for a role with us.

1.2 Information collected automatically when you use our website

  • Technical data: IP address, browser type and version, device information, operating system, referring URL, pages visited, and date and time of access.
  • Cookies and similar technologies: information collected through cookies, pixels, tags, or similar technologies. See Section 10 for more information.
  • Analytics information: aggregated information about website usage, page performance, and content engagement.

1.3 Information collected through the RSURED platform

The RSURED platform is used by our customers to manage compliance, safety, risk, training, contractor management, incident management, and related business processes. Our customers are typically organisations operating in industries such as mining, rail, construction, quarrying, ports, resources, government, and other high-risk or highly regulated sectors.

When our customers use the RSURED platform, the platform may hold personal information about their employees, contractors, subcontractors, visitors, trainees, and other individuals. This may include:

  • identity and employment details, such as name, role, site, company, employee ID, contractor details, and contact information;
  • competency, training, licence, induction, certification, and verification of competency records;
  • site access, mobilisation, onboarding, contractor management, and workforce compliance records;
  • incident, injury, hazard, near-miss, inspection, audit, investigation, and corrective-action records;
  • health-related information where relevant to workplace safety, compliance, fitness for duty, injury management, rehabilitation, or return-to-work processes;
  • photographs, signatures, documents, attachments, comments, and evidence submitted into the platform;
  • location information, including GPS data, where submitted by a user or captured as part of a configured customer process;
  • system usage, audit trail, login, workflow, approval, and activity records.

For information held in a customer’s RSURED tenant, our customer generally determines why the information is collected, how it is used, who may access it, and how long it must be retained. RSURED handles that information as a contracted service provider in accordance with our customer agreement, this Privacy Policy, and applicable privacy laws.

If you are an employee, contractor, or end user of one of our customers, that customer’s privacy policy, collection notices, workplace policies, and lawful directions may also apply to how your information is collected and used.

1.4 Sensitive information, including health information

Some information handled through the RSURED platform may be sensitive information under the Privacy Act, including health information. This may include medical clearance information, fitness-for-duty information, injury details, rehabilitation information, return-to-work records, or other information relevant to workplace health and safety, compliance, or legal obligations.

We only collect or handle sensitive information where it is reasonably necessary for our functions or activities and where consent has been obtained, the collection is required or authorised by law, or another exception under applicable privacy law applies.

Where sensitive information is entered into the RSURED platform by or on behalf of a customer, the customer is responsible for ensuring that appropriate notices, consents, legal bases, and workplace processes are in place for that collection and use. RSURED handles that information in accordance with our customer agreement and applicable law.

2. How we collect personal information

We may collect personal information:

  • directly from you when you complete a form, email us, call us, attend a meeting, request a demo, subscribe to communications, or apply for a role;
  • automatically when you visit our website, including through cookies, server logs, analytics tools, and security tools;
  • from our customers when they configure, upload, enter, or integrate information into the RSURED platform;
  • from authorised users of the RSURED platform as part of normal platform workflows;
  • from third-party sources such as publicly available business records, referrers, recruitment partners, professional advisers, and authorised integration providers;
  • from systems integrated with the RSURED platform where authorised by our customer, such as HR, training, workforce management, document management, access control, testing, or business systems.

Where it is reasonable and practicable, we collect personal information directly from the individual concerned.

3. Why we collect, hold, use, and disclose personal information

We collect, hold, use, and disclose personal information for purposes including:

  • responding to enquiries and providing requested information, demos, proposals, or quotes;
  • establishing, managing, supporting, and administering customer accounts, contracts, and billing;
  • delivering, operating, supporting, securing, maintaining, and improving the RSURED platform;
  • providing customer support, technical support, implementation, configuration, training, and professional services;
  • managing website forms, communications, newsletters, and marketing activities;
  • sending marketing communications about RSURED, our products, events, insights, and services where permitted by law;
  • conducting research, analytics, reporting, and product development, including on a de-identified or aggregated basis where appropriate;
  • supporting customer compliance, safety, workforce, risk, training, incident, audit, and operational processes;
  • assisting customers to meet their legal, regulatory, contractual, and workplace obligations;
  • detecting, preventing, investigating, and responding to fraud, misuse, security incidents, unauthorised access, or technical issues;
  • assessing job applicants and managing recruitment processes;
  • meeting our legal, regulatory, insurance, accounting, taxation, and contractual obligations;
  • protecting our rights, property, systems, customers, personnel, and users.

We will not use or disclose personal information for a purpose other than the purpose for which it was collected unless the individual has consented, the use or disclosure is reasonably expected and related to the original purpose, or another exception under applicable privacy law applies.

4. Direct marketing

We may send marketing communications about RSURED, our products, services, events, insights, and content where:

  • you have provided your business contact details to us;
  • you have requested information from us;
  • you have consented to receive communications;
  • we are otherwise permitted to do so under applicable law, including the Spam Act 2003 (Cth).

Every marketing email will include an unsubscribe option. You can also opt out at any time by emailing privacy@rsured.com. We will action opt-out requests promptly and at no cost to you.

Transactional, service, security, account, support, or platform-related communications may still be sent where they are necessary to provide, secure, or administer our services.

5. Disclosure of personal information

We may disclose personal information to:

  • our personnel, contractors, and advisers who need access to perform their roles, subject to confidentiality obligations;
  • our customers, where the information relates to their personnel, contractors, operations, sites, compliance activities, or RSURED tenant;
  • iViis, as the provider of technology licensed and used by RSURED to operate and support the RSURED platform;
  • service providers and subprocessors that support our website, communications, business operations, and platform services;
  • cloud hosting, infrastructure, storage, backup, monitoring, email delivery, analytics, CRM, customer support, accounting, professional advisory, and IT support providers;
  • integration providers authorised by us, you, or our customer, including providers used for HR, training, workforce management, access control, verification, testing, document management, and related operational systems;
  • government, regulatory, law-enforcement, safety, workplace, or legal bodies where required or authorised by law;
  • courts, tribunals, insurers, auditors, professional advisers, or dispute resolution bodies where reasonably necessary;
  • a successor or potential successor in connection with a sale, merger, restructure, financing, or transfer of all or part of our business, subject to appropriate confidentiality protections.

We require service providers that handle personal information on our behalf to apply appropriate privacy, confidentiality, and security protections.

6. Cross-border disclosures

RSURED is an Australian business and our services are primarily provided from Australia. The RSURED platform is operated using technology and infrastructure licensed from iViis, together with third-party service providers used to support hosting, email delivery, security, support, analytics, integrations, and business operations.

Some personal information may be stored, processed, transmitted, or accessed from outside Australia where this is necessary to provide, support, secure, monitor, or improve our website, communications, platform services, or business operations.

Known examples include email delivery services, such as SendGrid/Twilio, which may involve processing or transmission of personal information outside Australia. Other service providers or subprocessors used by RSURED, iViis, or authorised integration partners may also process or access personal information from overseas locations.

The countries in which overseas recipients are located may vary depending on the service, customer configuration, support requirements, and the providers used from time to time. Where practicable, known overseas locations may include the United States and other countries where our service providers or their subprocessors operate.

Before disclosing personal information to an overseas recipient, or using a service provider that may process personal information overseas, we take reasonable steps to ensure appropriate privacy, confidentiality, and security protections are in place. These steps may include contractual obligations, data protection terms, security due diligence, access controls, and reliance on our platform provider’s applicable privacy and security commitments.

Further information about material overseas disclosures and service provider locations can be requested by contacting privacy@rsured.com.

7. Subprocessors and third-party tools

We use third-party services to operate our website, business, communications, and platform services. The specific providers used may change from time to time.

Current categories of third-party services may include:

  • Platform technology provider: technology licensed from iViis to operate and support the RSURED platform.
  • Cloud infrastructure and hosting: application hosting, storage, backups, monitoring, and infrastructure support.
  • Email and communications: transactional emails, system notifications, support communications, and marketing communications. Known providers include SendGrid/Twilio for email delivery.
  • Website and content tools: website hosting, content management, forms, and website performance tools.
  • Analytics tools: aggregated website usage and performance analytics.
  • CRM and sales tools: lead management, customer management, and sales pipeline activities.
  • Customer support tools: support tickets, helpdesk records, and service communications.
  • Identity, security, and integration tools: authentication, access control, security monitoring, and authorised customer integrations.
  • Finance and administration tools: invoicing, accounting, payment administration, and professional services.

We take reasonable steps to ensure that third-party providers and subprocessors apply appropriate privacy, confidentiality, and security protections having regard to the nature of the information they handle.

8. How we hold and protect personal information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure.

These steps may include:

  • role-based access controls and least-privilege access principles;
  • multi-factor authentication where supported and appropriate;
  • encryption in transit and, where supported by relevant systems, encryption at rest;
  • logging, monitoring, and review of security-relevant events;
  • regular backups and business continuity processes;
  • vendor and service-provider due diligence;
  • contractual confidentiality, privacy, and security obligations;
  • personnel confidentiality obligations and privacy awareness;
  • incident response processes aligned to the Notifiable Data Breaches scheme under the Privacy Act.

No system is perfectly secure. If we become aware of an eligible data breach involving personal information, we will assess the incident and notify affected individuals and the Office of the Australian Information Commissioner where required by law.

9. Retention of personal information

We retain personal information only for as long as is reasonably necessary for the purposes for which it was collected, including to provide our services, comply with legal and contractual obligations, resolve disputes, enforce agreements, and maintain business records.

When personal information is no longer required, we take reasonable steps to destroy or de-identify it.

For information held on behalf of customers within the RSURED platform, retention is generally governed by the customer agreement, the customer’s configuration and instructions, and the customer’s own data retention requirements. These requirements may be longer than RSURED’s own retention requirements due to workplace health and safety, mining, rail, training, employment, insurance, or other legal and operational record-keeping obligations.

10. Cookies and similar technologies

Our website may use cookies and similar technologies to:

  • enable core website functionality, including form submission and security;
  • remember preferences;
  • measure website performance and content engagement;
  • support analytics and improvement of our website;
  • support marketing activities where permitted and where any required consent has been obtained.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the website. Where required, we will request your consent before setting non-essential cookies.

11. Automated and rules-based decision support

The RSURED platform may use configured rules, workflows, compliance logic, alerts, dashboards, reports, and integrations to assist our customers to assess matters such as training status, competency status, site access eligibility, onboarding status, fitness-for-duty requirements, incident actions, corrective actions, audit findings, contractor compliance, and other workplace or operational requirements.

These outputs are based on customer-configured requirements, information entered into the platform, and information received from authorised integrations. Our customers remain responsible for determining how these outputs are used in their workplace, safety, compliance, legal, employment, and operational processes.

RSURED does not make employment, disciplinary, medical, legal, or site-access decisions on behalf of customers. We provide software and support services that assist customers to manage their own processes and obligations.

12. Your rights and choices

Under the Privacy Act, you may have rights to:

  • request access to personal information we hold about you;
  • request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading;
  • withdraw consent where we rely on consent for a particular use or disclosure;
  • opt out of marketing communications;
  • make a complaint about how we handle your personal information.

If the information you wish to access or correct is held within a customer’s RSURED tenant, such as your training, site access, incident, injury, contractor, or employment-related records, please contact that customer first. This will usually be your employer, principal contractor, site operator, or the organisation that provided you with access to the RSURED platform.

We will assist our customer to respond to access and correction requests where required and appropriate.

To exercise a right or make a request, contact privacy@rsured.com. We will respond within a reasonable period, generally within 30 days. We may need to verify your identity before acting on a request.

13. Complaints

If you believe we have breached the Privacy Act, the Australian Privacy Principles, or this Privacy Policy, please contact our Privacy Officer at privacy@rsured.com with details of your concern.

We will acknowledge your complaint promptly and aim to resolve it within 30 days. If we need more time, we will let you know.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001

14. Visitors from outside Australia

RSURED is based in Australia. If you access our website, communicate with us, or use services connected to RSURED from outside Australia, your personal information may be transferred to, stored, accessed, or processed in Australia.

Where additional privacy laws apply, additional terms, notices, or requirements may apply to the handling of your personal information.

15. Children and young people

Our website is intended for business users and is not directed at children.

The RSURED platform may, however, contain personal information about workers, contractors, trainees, apprentices, work experience students, or other individuals where that information is provided by our customers for workplace safety, compliance, training, onboarding, site access, or operational purposes.

Where information about a young person is handled through the platform, it is handled in accordance with our customer agreement, applicable law, and this Privacy Policy.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, service providers, or business operations.

The current version will be available on our website. The effective date at the top of this policy shows when it was last updated. Where changes are material, we may provide additional notice, such as by email, website notice, or platform notice.

17. How to contact us

Privacy Officer

RSURED Pty Ltd
Shop 6001 Robina Town Centre
19 Robina Town Centre Drive
Robina QLD 4226
Australia

Email: privacy@rsured.com
General enquiries: connect@rsured.com