Privacy Policy

<h1>Privacy Policy</h1>
<h2>SmartSoft Document Management</h2>
<p><strong>Version 2.0 &ndash; March 2026</strong></p>
<p>Smart Records Group Pty Ltd (&ldquo;SRG&rdquo;, &ldquo;we&rdquo;, &ldquo;our&rdquo;, &ldquo;us&rdquo;) respects your privacy and is committed to protecting your personal data, as well as that of your organisation. This policy is governed by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Privacy and Other Legislation Amendment Act 2024 (Cth).</p>

<h3>1. Collection of Information</h3>
<p>SRG (the company behind SmartSoft) collects personal information about you in a variety of ways when you visit our website, use our web application, or deal with us by email or on the phone. We only collect personal information that is reasonably necessary for, or directly related to, our functions and activities (APP 3). This information may include:</p>
<ul>
  <li>Your name, email address, phone number, postal address and job title</li>
  <li>Your organisation&rsquo;s name and account details</li>
  <li>Billing and payment information</li>
  <li>Records and documents you upload to or create within SmartSoft</li>
  <li>Technical information such as your IP address, browser type, device identifiers, and cookies</li>
  <li>Usage data relating to your interactions with our platform</li>
</ul>
<p>We collect this information directly from you when you register for an account, use our services, visit our website, contact us, or when it is provided to us through your school or organisational administrator. Where practicable, we provide the option to interact with us anonymously or by pseudonym (APP 2).</p>
<p>We use cookies and similar technologies on our website. You can manage cookie preferences through your browser settings.</p>

<h3>2. Use of Information</h3>
<p>The personal information we collect is used for the primary purpose for which it was collected, or for a secondary purpose you would reasonably expect (APP 6). These purposes include:</p>
<ul>
  <li>Providing, maintaining and improving our services and platform</li>
  <li>Authenticating your identity and managing your account</li>
  <li>Processing payments and administering billing</li>
  <li>Communicating with you about your account and our services</li>
  <li>Conducting internal research and analytics to improve our products</li>
  <li>Complying with our legal obligations</li>
</ul>
<p>We may use your personal information to advise you of new or updated products, services, offers or promotions that may be of interest to you. You can opt out of direct marketing at any time by contacting us at <a href="mailto:privacy@smartrecordsgroup.com.au">privacy@smartrecordsgroup.com.au</a> or using the unsubscribe mechanism in any marketing communication (APP 7).</p>
<p>If you do not provide personal information to us, we may not be able to provide our services, or the services may not be suited to your needs.</p>

<h3>3. Information Sharing and Processing</h3>
<p>We may disclose personal information to third parties in the following circumstances:</p>
<ul>
  <li>To our service providers who assist in operating our business (including cloud hosting, IT support, payment processors, and customer relationship management platforms), under contractual obligations to protect your information</li>
  <li>Where required or authorised by law, including to comply with a court order, subpoena, or a request from a regulatory authority such as the Office of the Australian Information Commissioner (OAIC)</li>
  <li>To protect the rights, property or safety of SRG, our users, or the public</li>
  <li>In connection with a sale, merger, acquisition or restructure of some or all of our business</li>
</ul>
<p>To assist us in improving our products and services, we monitor aggregated data collected by our application and may share this with third parties collectively and in a de-identified way. This data will not reveal personal information.</p>
<p>We will not sell, rent or trade your personal information to any third party for their independent marketing purposes.</p>
<p>We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process it for specified purposes and in accordance with our instructions.</p>

<h3>4. Overseas Disclosure</h3>
<p>Some of our service providers are located outside Australia. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient complies with the APPs, or is subject to a law or binding scheme substantially similar to the APPs (APP 8). Personal information may be disclosed to recipients in:</p>
<ul>
  <li>United States of America &ndash; application runtime services (Heroku/Salesforce) and certain infrastructure providers</li>
</ul>
<p>All digital attachments uploaded to SmartSoft are stored in Sydney, Australia. Metadata about these files (dates, descriptions, retention periods) is processed by servers in the United States. All data is encrypted at rest and in transit, and is accessible only with authorisation.</p>

<h3>5. Storage and Protection of Your Data</h3>
<p>We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure (APP 11). This includes encryption of data at rest and in transit, two-factor authentication, role-based access controls, and continuous monitoring.</p>
<p>Access to your personal data is limited to employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.</p>
<p>You acknowledge that personal data you submit for publication through our website or services may be available via the internet around the world. We cannot prevent the use or misuse of such personal data by others.</p>
<p>For full details of our security controls, certifications and backup procedures, please refer to the Software Security section of our complete Privacy &amp; Security Policy document, available on request.</p>

<h3>6. Data Retention and Destruction</h3>
<p>We retain personal information only for as long as it is needed for the purposes for which it was collected, or as required by law. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it (APP 11).</p>
<p>Document retention periods within SmartSoft are configured by your organisation&rsquo;s administrator in accordance with applicable records retention schedules. Upon account termination or at your request, we will securely delete your data within a reasonable timeframe, unless retention is required for legal, auditing or legitimate business purposes.</p>

<h3>7. Data Breach Notification</h3>
<p>We have procedures in place to deal with any suspected personal data breach. In the event of an eligible data breach (as defined in Part IIIC of the Privacy Act), we will notify affected individuals and the OAIC as soon as practicable, in accordance with the Notifiable Data Breaches (NDB) scheme.</p>
<p>If you believe there has been a data breach involving your personal information, please contact us immediately at <a href="mailto:privacy@smartrecordsgroup.com.au">privacy@smartrecordsgroup.com.au</a>.</p>

<h3>8. Access and Correction</h3>
<p>You have the right to request access to the personal information we hold about you (APP 12). We will respond within 30 days. We may refuse access in limited circumstances permitted by the Privacy Act, and if so, we will provide written reasons.</p>
<p>You may request that we correct personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading (APP 13). If we refuse a correction request, we will provide written reasons and, if you request, attach a statement noting your disagreement.</p>
<p>If you request that we delete your personal information, we will take all reasonable steps to do so unless we need to keep it for legal, auditing or internal business purposes.</p>

<h3>9. Changes to This Policy</h3>
<p>We may review and amend this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance. Updated versions will be posted on our website. Where changes are significant, we will take reasonable steps to notify you directly.</p>

<h3>10. Questions or Complaints</h3>
<p>If you have any questions about this policy, or a complaint about how your personal information has been handled, please contact us. We take your privacy seriously and will respond to your complaint within 30 days.</p>
<p>Email: <a href="mailto:privacy@smartrecordsgroup.com.au">privacy@smartrecordsgroup.com.au</a><br>
Post: Privacy Officer, Smart Records Group Pty Ltd</p>
<p>If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):<br>
Website: <a href="https://www.oaic.gov.au">www.oaic.gov.au</a><br>
Phone: 1300 363 992</p>
<p>Your rights: Under the statutory tort for serious invasions of privacy (commenced 10 June 2025), individuals also have a direct legal avenue to seek redress for serious privacy breaches through the courts.</p>

<p><small>&copy; 2026 Smart Records Group Pty Ltd. All rights reserved.<br>
This policy was last updated in March 2026. It should be read in conjunction with our Terms of Service.</small></p>