Portal Data Security, Privacy and Cookies Policy
The below information is what is displayed on the Portal for end users when they click "About Data Security and Privacy". Note that where the words "your Agent/Lawyer" appear it is replaced by your business name.
This information is provided so that you can better understand the security and privacy measures that have been put in place to protect the information that you provide using this Client Portal. This Client Portal is controlled by your Agent/Lawyer and on their instructions the data is processed by Migration Manager Pty Ltd (as the Data Processor), which is located in Queensland, Australia. This overview is about the security and privacy Migration Manager (“we”) provide as the processor of the data you enter in to this Client Portal.
What personal data do you collect and store?
The Client Portal collects data and documents that you enter in to the various fields and pages. This data includes sensitive personal information that is entered by you for the purpose of being transferred to your Agent/Lawyer.
We automatically receive certain types of data whenever you interact with the Client Portal. For example, when you use the Client Portal our systems automatically collect your IP address and the type of browser or operating system you use. We may also collect standard access data, such as the time and date of accessing the Client Portal, usage of the Client Portal and error tracking. We use such data to help us understand how our visitors use the Client Portal, to address performance issues and to manage security.
We also use session-based cookies to manage your login to the Client Portal. These session cookies exist only during one session and disappear from your computer when you close your browser or turn of your computer.
These processes and cookies do not collect data that individually identifies a visitor. All usage data that is collected is aggregated and anonymous. It is only used to tell us how our Client Portal is used so that we can optimize our users experience.
How and where is my personal data stored?
We encrypt the personal data and files that you enter in to the Portal using the AES-256 standard, which is the same encryption standard used by banks to secure customer data. Encryption for storage is applied at the time the data and files are saved or submitted.
The Portal uses Azure for data storage using exclusively its data centres in Australia. Azure stores data over several large-scale data centres. According to Azure, they use military grade perimeter control berms, video surveillance, and professional security staff to keep their data centres physically secure. You can find more information about Azure’s security on their website.
How do I see or edit my personal data?
For Documents: If you have uploaded a document to the Client Portal, you can view details of what you have sent by clicking the + button next to the document list or by opening up the secure message used to submit the document. Note that once the document is submitted it is securely transmitted to your Agent/Lawyer and then is deleted permanently from the Client Portal Server. You will need to contact your Agent/Lawyer in order to view any document that has previously been uploaded.
For Questionnaires: If you have not submitted a Questionnaire, you can log in to the Portal you can edit your data by clicking through the pages/fields of the Client Portal and manually change your data yourself. Once you have submitted your Questionnaire, your data is automatically and permanently deleted from the Client Portal after it has been securely transmitted to your Lawyer/Agent. If you would like your data to be edited after this point in time please contact your Agent/Lawyer.
How do I delete my personal data?
If you would like your data deleted please contact your Agent/Lawyer who are your Data Controllers. As Data Processors, Migration Manager can not edit or delete your data.
Is my personal data backed up?
Redundant backups of encrypted data stored in the Client Portal are stored in multiple locations in Australia to prevent the remote possibility of data loss. These backups include geo-replication of the data to a separate Azure data centre located in Australia. All back up are deleted automatically after 90 days.
The Client Portal is not intended for use by children. Due to the nature of the services provided by your Agent/Lawyer, personal details of children may be entered in to the Client Portal but only with the permission of an authorised adult responsible for that child.
Disclosure of Data and Compliance with Laws and Law Enforcement
Other than stated above, unless required by law, we do not share your data with any third party other than your Agent/Lawyer. In compliance with the law of Australia, Migration Manager will cooperate with law enforcement agencies of Australia when it receives a valid legal request, which may require us to provide a copy of your encrypted data to those authorities.
We may change this Policy at any time and from time to time. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Policy or other notice on the Website. We encourage you to review this Policy often to stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Policy.
If you have any questions or comments please contact us by email at:firstname.lastname@example.org