SFI Allegro Privacy Policy

Last updated: August 17, 2023

This Privacy Policy statement made by Systems of the Future (Australia) Pty Ltd, trading as SFI Allegro (hereinafter referred to as “SFI”), along with its subsidiaries and affiliates (“SFI” or “We” or “Our”) with respect to access to and use of SFI’s Software, is effective as of 17th August 2023. SFI’s Software applies to Our SFI Websites, https://sfi.com.au including https://www.xugo.com.au, and their subpages (together, the "Website"), products and services.

Your privacy is important to us. This Privacy Policy explains how SFI collects, uses and your personal information that We handle on Our own behalf via the Website that link to this Privacy Policy. Our Privacy Policy, may be accessed by clicking on the words “Privacy Policy” at the bottom of each page of this Website.

This Privacy Policy applies to all users of the Website. If you do not agree to this Privacy Policy do not use or access any service or material from this Website.

1. Introduction:

This Privacy Policy applies to the Website. It also applies to the products and services provided by SFI through the Website, Our mobile applications and applications posted in other third-party online marketplaces.

This Privacy Policy details what information We do collect from you, what We do with it, who can access it and what you can do about it.

    • Information SFI collects and controls
      SFI uses information about Website visitors, potential customers, users of SFI products and services, and others who contact SFI through forms, webchat or email addresses published on or linked to Our Websites. It explains how SFI will collect, use, and disclose Personal Information, and how it will keep that information secure.
    • Personal Data that SFI collects and controls

    SFI collects Personal Information where the collection of such information is reasonably necessary for SFI to perform one or more of its functions or activities.

    How data is collected What data is collected For what purpose this data is processed
    In the course of downloading white papers, brochures or other information collateral from the Website Full name, contact information (email job title) company name.

    To contact you occasionally regarding SFI's services and products, subject to applicable laws (for example, where required, subject to your consent). Even if you authorise SFI to contact you, your authorisation may be revoked/withdrawn by you at any time and you may opt out of SFI's mailing lists by following the unsubscribe instructions in each of the emails you receive or by contacting us as described below.

    We use a (CRM) third party processor to host the landing page that captures the data and releases the SFI collateral to you.
    While completing contact forms or interacting with the chatbot on the Website

    Full name, contact information (email job title) company name.

    Any free text that you choose to provide – please avoid using free text to provide personal information about you or others; transcripts of conversations that take place using the chatbot.

    To contact you if you or someone in your organisation requests a product demonstration or product information, or otherwise to respond to your request, as applicable.

    To contact you occasionally regarding SFI’s services and products, subject to applicable laws (for example, where required, subject to your consent). Even if you authorise SFI to contact you, your authorisation may be revoked/withdrawn by you at any time by opting out of SFI's mailing lists by following the unsubscribe instructions in each of the emails you receive or by contacting us as described below.

    To respond to enquiries and assist you when interacting with the chatbot.

    We use a third party chat application.
    When registering to a webinar or other event on the Website; or other ad hoc forms that we may add to the Website on occasion Full name, contact information (email and phone number), job title, company name, country, professional interest and preferences that may relate to the event or occasion for which the form is available.

    To process your registration and participation in the webinar or other event to you which you have registered.

    To contact you occasionally regarding SFI’s services and products, subject to applicable laws (for example, where required, subject to your consent). Even if you authorise SFI to contact you, your authorisation may be revoked/withdrawn by you at any time by opting out of SFI's mailing lists by following the unsubscribe instructions in each of the emails you receive or by contacting us as described below.

    We use a third party webinar application.
    Testimonials Full name, job title, company name.

    When you authorise SFI to post testimonials about Our products and services on Our Websites.

    You are given an opportunity to review and approve before it is included on the site. If you wish to update or delete your testimonial, you can contact us as described below.
    Data that you provide passively (by using the Website, by navigating the screens, clicking on buttons etc.) Information that you have read, the web pages you visited, offers and services that were of interest to you, the location of the computer and the Internet Protocol (IP) address through which you had access to the Website, clicks that the users clicked while on the Website (e.g., downloads, view of a video, shares to social media, scroll depth, links clicked).

    Improve, modify and update SFI services and content offered on the Website.

    To monitor and ensure the orderly and proper operation and development of the Website and associated services.

    To improve and customise your experience and the content that is presented to you on the Website.
    Account signup Full name, contact information (email and phone number), job title, company name/address, country. When you sign up for an Account a username and password is required.

    When purchasing services via the Website –

    Payments and Billing

    		 Full name, address, email, password, answers to security questions, company name. SFI does not store credit card information.

    To process payment for the applicable services, to establish an account for return customers and to provide customer service activities.

    We use a third party processor to bill you when purchasing a product direct from SFI.
    Supplier related data Full name and contact details. To acquire goods and services.
    Contractor related data Full name and contact details. To administer the contract and manage the contracting relationship.
    In addition, SFI may process personal data collected via the Website:
    • For any other purpose specified in this Privacy Policy and/or in Our Terms of Use
    • To contact you as and when SFI believes it to be necessary for technical, administrative or security reasons
    • To prevent, detect and fight fraud, security threats, or other illegal or unauthorised activities
    • To ensure legal compliance with legal requirements that apply to us and you
    • To ensure compliance with the Terms of Use that apply to us and you
    • For the purposes described under the sections titled "Sharing of Information with Third Parties" and "Cookies".

    We will explicitly indicate the fields designated for mandatory completion. If you do not enter the requisite data in the mandatory fields, you will not be able to complete the relevant contact form.

    By providing any personal data to SFI you warrant and represent that the information you provide is complete, accurate and correct. Your failure to do so will likely result in SFI being unable to contact you about your inquiries.

    It is important that you understand there is no requirement by law for you to provide SFI with your personal details – the information you share with us is entirely voluntary, and you may avoid providing such information either by not filling in specific forms or by disabling cookies (please see more information in the Cookies section).

    • Information that SFI processes on your behalf
      SFI handles data that you entrust to SFI when you use Our products and services, or when you share any Personal or confidential Information with us while requesting Service Desk support.
      In this policy it also outlines the procedure to gain access to or change Personal Information which SFI holds, and to make a complaint concerning SFI handling of Personal Information; this applies to all Personal Information collected by SFI, including the Personal Information of customers, suppliers, contractors and employees (except to the extent that Personal Information is contained in an employee record).
    • Our legal basis for processing

    We will only process your personal information on Our own behalf where We have a legal basis to do so. The following are the legal bases under which We process your information in the manners specified above:

    • As permitted by applicable law
    • Legal obligation – We may process your personal information as necessary to comply with the law (not including contractual obligations)
    • Performance of a contract to which SFI and you are parties
    • Legitimate interests - We may use your personal data where We have legitimate interests to do so. For instance, We analyse users’ behaviour on the Website to continuously improve it and We process information for administrative, fraud detection and other legal purposes
    • Consent - where no other legal basis for processing applies, We may process your personal data based on your consent as you will be asked to provide from time to time.

    2. Definitions and Interpretation

    In this Privacy Policy:

    Disclose and Disclosure refer to the release of information to individuals or organisations outside SFI, including under a contract to undertake any outsourced functions.

    Payment Processor is a company (often a third party) appointed by a merchant to handle transactions from various channels.

    Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

    1. (a) whether the information or opinion is true or not; and
    2. (b) whether the information or opinion is recorded in a material form or not.

    Primary Purpose means the purpose or purposes for which the Personal Information is collected and, generally (but without limitation):

    1. (a) in respect of customers, means:
      providing products or services as may be offered by SFI from time to time and providing information about their availability, features and benefits, including products or services which SFI offers to its customers in response to a government policy or regulatory initiative;
    2. (b) in respect of suppliers, means acquiring goods or services from such suppliers;
    3. (c) in respect of contractors, means recruitment and selection, and administering the contracting relationship;

    Privacy Act means the Privacy Act 1988 (Cth).

    Secondary Purpose means a purpose for which Personal Information is Used or Disclosed other than the Primary Purpose, which is one or more of the following:

    1. (a) business planning and product development;
    2. (b) identifying and inviting customers to participate in surveys or trials of new products or services;
    3. (c) notifying customers of new products or services;
    4. (d) a Use or Disclosure which the individual would reasonably expect, and which is related (and, in the case of Sensitive Information, directly related) to the Primary Purpose;
    5. (e) any other Use or Disclosure for which the individual has given consent.

    Sensitive Information means

    1. (a) information or an opinion about an individual's:
      • racial or ethnic origin;
      • political opinions;
      • membership of a political association;
      • religious beliefs or affiliations;
      • philosophical beliefs;
      • membership of a professional or trade association;
      • membership of a trade union;
      • sexual preferences or practices; or
      • criminal record,
        that is also Personal Information; or
    3. (b) health information about an individual; or
    4. (c) genetic information about an individual that is not otherwise health information.

    Use means applications to which Personal Information can be put, including incorporating that information into a publication, but does not include mere Disclosure of that information.

    Unsolicited Personal Information means Personal Information, or a kind of information which includes Personal Information, or which allows Personal Information to be reasonably deduced, that SFI receives from the individual or a third party, and which SFI did not request the individual or third party to provide.

    Nothing in this Privacy Policy changes SFI existing obligations under the Privacy Act, and the Privacy Act prevails to the extent of any inconsistency.

    3. Data Retention Practices

    SFI retains your Personal Information for as long as it is required for the purposes stated in this Privacy Policy. SFI may retain your information for longer periods as permitted or required by law, if required in connection with a legal claim or proceeding, to enforce Our agreements, for tax, accounting, or to comply with other legal obligations. When there is no longer a legitimate need to process your information, We will delete or anonymise your information from Our active databases.

    3.1 Notification

    1. (a) SFI will take reasonable steps to notify you (including, but not limited to, SFI customers) or ensure awareness of the following matters before collecting any Personal Information:
      • SFI’s corporate identity contact details (if this is not obvious);
      • the Primary Purpose and any Secondary Purposes for which SFI is collecting the Personal Information;
      • where applicable, any law that requires the Personal Information to be collected;
      • the consequences (if any) for the individual if all or part of the Personal Information is not collected by SFI;
      • the organisations or types of organisations to which SFI usually Discloses Personal Information (including any contractors or entities located overseas);
      • that, in accordance with clause 10 of this Privacy Policy, you can seek access to and correction of your Personal Information that SFI holds by contacting SFI’s Data Privacy Officer (even if they are not a customer);
      • that an individual may contact SFI’s Data Privacy Officer (even if they are not a customer) if they have concerns about the way SFI handles Personal Information.
    2. (b) Where it is not practicable for SFI to notify you of the matters listed at paragraph (d) at the time of, or prior to, collecting Personal Information (including because SFI collected the information from a third party), SFI will take such reasonable steps (if any) to notify you of these matters as soon as possible after the Personal Information has been collected.
    3. (c) In some instances, SFI will make you aware of the matters listed in paragraph (d) by referring you or providing you, this Privacy Policy.

    3.2 Sensitive Information

    1. (d) SFI will not collect Sensitive Information about you except with your consent and only in circumstances where the information is reasonably necessary for SFI to perform one or more of its functions or activities, or otherwise as required or authorised by law.

    3.3 Unsolicited Personal Information

    1. (e) SFI may receive Unsolicited Personal Information about you, such as:
      • (1) correspondence to SFI from members of the community, or other unsolicited correspondence;
      • (2) a petition sent to SFI that contains names and contact information;
      • (3) an application for employment sent to SFI other than in response to an advertised vacancy.
    2. (f) If SFI receives Unsolicited Personal Information about you and determines that it could have collected that information under this Privacy Policy, SFI will handle the Unsolicited Personal Information in accordance with this Privacy Policy.
    3. (g) If SFI receives Unsolicited Personal Information about you and determines that it could not have collected that information under this Privacy Policy, and provided it is lawful and reasonable to do so, SFI will, as soon as practicable, destroy or de-identify the Unsolicited Personal Information.

    4. Use and Disclosure

    4.1 Consent

    1. a) SFI will obtain your consent to Use or Disclose Personal Information about that individual for a Secondary Purpose unless the Use or Disclosure is:
      • for a purpose which would be reasonably expected, and which is related and, in the case of Sensitive Information, directly related, to the Primary Purpose; or
      • otherwise permitted by law.

    4.2 Sharing of information with third parties

    We do not, and currently do not intend to, sell any of your personal data to any third party. SFI will not transfer your personal details or any information collected pertaining to your activities on the Website (provided that such details and information identify you personally) to any third party, except in the following cases or as otherwise outlined in this Privacy Policy.

    SFI reasonably believes that you have breached the Terms of Use, or performed any act or omission that SFI reasonably believes to be violating any applicable law, rules, or regulations, SFI may share your information with law enforcement and other competent authorities and with any third party that may consult SFI or assist in connection with any such breach as may be required to handle any result of your wrongdoing; including without limitation, in order to contain, remediate, prevent, investigate any such breach, and/or establish or exercise any of SFI’s legal rights.

    Further, your personal data may be disclosed:

    • As permitted or required by, or in response to lawful requests by applicable local law enforcement agencies or regulatory agencies, or agencies with responsibility to oversee and enforce national security;
    • In any case of dispute, or legal proceeding of any kind between you and SFI, or between you and other users or third parties;
    • In any case where SFI may reasonably believe that sharing information is necessary to prevent serious damage to you or to your property or to any third party or their property;
    • If SFI organises the operation of the Website within a different framework, or through another legal structure or entity, or if SFI is acquired by, or merged with another entity, provided however, that those entities agree to be bound by the provisions of this Privacy Policy; and
    • SFI may share personal data with its Affiliates, for the purpose of assisting in the processing activities detailed herein or if such Affiliate is the best suited to handle your enquiry.

    SFI may share personal data with its service providers for the purpose of helping SFI execute certain tasks outsourced to them, or providing capabilities SFI requires. The service providers to which SFI provides personal data in connection with the personal data collected through the Website are: (1) email service providers for email campaigns management and to send you emails on Our behalf, with the express provision that their use of such information must comply with Our instructions; (2) recruiting service providers, in relation to activities on the Website related to submission and processing of CV and job applications through the Website; (3) registration management of users to events through the Website; (4) billing, processing payments, marketing automation, SFI advertisements on social media, CRM platform, analytics tools providers, web page building tools, cloud services, support and maintenance operation tools. Our service providers do not have any right to use your personal data collected from the Website beyond what is necessary for the purpose of facilitating their services for us, and are subject to data protection agreements to the extent required under applicable law.

    SFI is also entitled to transfer or share anonymous, statistic or aggregative information with companies or organisations connected to SFI, and with suppliers, business partners, advertisers, and every third party, according to SFI's absolute discretion.

    4.3 Children's Privacy

    SFI does not knowingly collect personal data from minors who are under the age of 16 through the Website without appropriate consent. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information via the Website without his/her consent, then he or she should contact SFI at the information described below. If We become aware that a child under the age of 16 has provided us with personally identifiable information, We will delete such information from Our files.

    4.4 Cookies

    A cookie is a small text file that is stored in your web browser that allows SFI or a third party (such as SFI third party service providers) to recognise you. Cookies might be used for the following purposes: (1) to enable certain functions; (2) to provide analytics; (3) to store your preferences; and (4) to enable ad delivery and behavioural advertising. Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after multiple years. Cookies placed by the Website you're visiting are sometimes called "first-party cookies," while cookies placed by other companies are sometimes called "third party cookies."

    When you access and/or use the Website, SFI or a third party may place a number of cookies in your browser. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used.

    Each cookie serves one of four different purposes:

    • Strictly Necessary Cookies: These cookies are necessary for the Website to function and cannot be switched off in Our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
    • Targeting Cookies: These cookies may be set through Our site by Our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
    • Performance Cookies: These cookies allows to count visits and traffic sources so We can measure and improve the performance of Our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies We will not know when you have visited Our site, and will not be able to monitor its performance.
    • Functional Cookies: These cookies enable the Website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services We have added to Our pages. If you do not allow these cookies, then some or all of these services may not function properly.

    Finally, We may set cookies that monitor links to Our Website that We send to you (if you have consented to receive emails from us). These cookies are used to track visitors to Our Website sourced from these emails. To avoid these type of cookies, please follow the explanation below on how to change your browser cookies settings.

    In addition, We may use a tracking technology (pixels) in emails to understand how often Our emails are opened and clicked on by Our customers. If you do not wish this tracking to be affected, please change your email software or service (such as Outlook, Gmail etc.) settings to not automatically download images (to the extent it is not already your default) In some instances, depending on your email or browser settings, cookies in an email may be automatically accepted (for example, when you have added an email address to your address book or safe senders list). Please refer to your email browser or device instructions for more information on this.

    Third party companies like analytics companies and ad networks generally use cookies to collect user information on an anonymous basis. They may use that information to build a profile of your activities on the Website and other websites that you have visited.

    If you do not like the idea of cookies or certain types of cookies, you can change your browser's settings to delete cookies that have already been set and to not accept new cookies. To learn more about how to do this, visit the help pages of your browser. Some useful information can also be found here: https://www.allaboutcookies.org/ Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features We offer, you may not be able to store your preferences, and some of Our pages might not display properly.

    5. Information Quality

    SFI takes reasonable steps to periodically review its information collection and storage practices to ensure that Personal Information collected, Used or Disclosed by SFI is accurate, up-to-date, complete and relevant.

    6. Access and Correction

    1. (a) SFI will allow its records containing Personal Information to be accessed by the individual to whom the information relates, except where:
      • providing access would pose a serious threat to the life, health or safety of any individual, or to public health or safety;
      • the request is frivolous or vexatious in the reasonable opinion of SFI;
      • the information relates to existing or anticipated legal proceedings involving SFI and would not be discoverable in those proceedings;
      • SFI is otherwise not required to do so.
    2. (b) Where you are able to establish, or SFI is otherwise satisfied, that Personal Information held by SFI is inaccurate, out of date, incomplete, irrelevant or misleading, SFI will take reasonable steps to correct the individual’s Personal Information.
    3. (c) Where SFI corrects Personal Information about you that it previously disclosed to another entity (including a contractor), you may request SFI to notify that entity of the correction. SFI will take reasonable steps to make the notification unless it is impracticable or unlawful to do so.
    4. (d) If you wish to access and/or correct your Personal Information You should do so by contacting SFI’s Data Privacy Officer in accordance with clause 14 of this Privacy Policy.
    5. (e) SFI will endeavour to respond to a request for access or correction within 30 days.
    6. (f) SFI will not grant access or make corrections to its records containing Personal Information if prohibited from doing so by any law, regulation or court or tribunal order applicable to SFI.
    7. (g) SFI will give you:
      • a written notice of its decision to refuse to:
        a. give that individual access to their Personal Information;
        b. give access in the manner requested by the individual;
        c. correct the individual’s Personal Information;
      • the reasons for its decision;
      • information about how the individual can complain about the refusal.
    8. (h) If SFI refuses a request to correct your Personal Information, you may request SFI to associate with the information a statement that you consider the information is inaccurate, out of date, incomplete, irrelevant or misleading.

    7. Social Media Features

    The Website includes social media plugins, including links to LinkedIn. These features may collect your IP address, which page you are visiting on Our site, and may set a cookie to enable the plugin to function properly. Social media features are governed by the Privacy Policy of the company providing it.

    8. Video and Photography

    Please be aware that SFI will be taking photographs and video in public areas of any events. We may use such media in marketing materials, educational products and publications. Your image and the sound of your voice may be recorded. If you are identified during the recording, or identify yourself by name, that information may be included in Our materials. Recordings may be edited, copied, exhibited, published or distributed.

    9. Links to Third Party Sites

    This Website contains links to other sites that are not owned or controlled by SFI. Please be aware that We are not responsible for the privacy practices of such other websites. We encourage you to be aware when you leave Our site and to read the privacy statements of each and every website that collects personally identifiable information. This Privacy Policy applies only to information collected by SFI's Website.

    10. Data Security

    SFI implements data security systems and procedures to secure the information stored. SFI stores Personal Information electronically.
    SFI takes reasonable steps to ensure its IT systems are designed, operated and maintained in accordance with ISO/IEC 27001: Information Security Management and ISO/IEC 27002 Information Technology: Security Techniques – Code of Practice for information security controls. These standards represent international best practice for IT security. SFI periodically reviews its information security practices to ascertain how Personal Information can be protected from misuse and loss, and from unauthorised access, modification and disclosure.

    Unless the law requires otherwise, SFI takes reasonable steps to destroy or permanently de-identify Personal Information if it is no longer required for a Primary Purpose or a Secondary Purpose.

    Such systems and procedures reduce the risk of security breaches, but they do not provide absolute security. Therefore, SFI cannot guarantee that the Website is immune to unauthorised access to the information stored therein and to other information security risks.

    11. Information Quality

    SFI takes reasonable steps to periodically review its information collection and storage practices to ensure that Personal Information collected, Used or Disclosed by SFI is accurate, up-to-date, complete and relevant.

    12. GDPR Disclosure

    You may have the rights prescribed below in relation to personal data processed by us if you are a data subject in the European Economic Area or your personal data is otherwise governed by the EU General Data Protection Regulation 2016/679 (“GDPR”):

    • The right to be informed about how your personal data is being used;
    • The right of access to your personal data processed by us, which includes the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the purposes of the processing; categories of personal data concerned; recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored; the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling; the appropriate safeguards relating to the transfer of your personal data outside the EEA;
    • The right to request the correction of inaccurate personal data We hold about you;
    • Under some circumstances, the right to request that We delete your data;
    • The right to restrict processing of your personal data;
    • The right to object to processing activities, if the processing is based on Our legitimate interest;
    • The right to withdraw consent for processing at any time, if the processing is based on consent;
    • The right to object to processing of personal data for direct marketing purposes at any time;
    • In some circumstances, the right to request that We transfer or port elements of your data either to you or another service provider – if the processing is based on your consent, and is made by automated means.
    • The right to file a complaint with your Supervisory Authority (in the EEA, as prescribed by GDPR).

    You may exercise these rights to the extent these rights apply to you by contacting SFI via the contact information listed below. We will undertake to respond to your request within the applicable time frame prescribed by applicable law, and in any event We will make efforts to respond within 30 days of receipt of your request. Although SFI will make reasonable efforts to accommodate your requests, in some circumstances We may deem your request unfounded or not eligible under applicable law. If that should happen, SFI expressly reserves the right to refuse your request personal data. Before SFI is able to accommodate any request, provide you with any information or correct any inaccuracies We may verify your identity by requesting certain information or identification.

    13. Applicable Laws

    This Privacy Policy and all matters relating to SFI’s handling of Personal Information (including its collection, use, disclosure and storage of Personal Information and providing access to and correcting that information) are subject to applicable laws.

    14. Enquiries or Concerns

    If you have any questions, concerns or complaints about SFI’s privacy practices regarding SFI’s Privacy Policy or with respect to your Personal Information, you can reach out to our Data Privacy Officer by:

    • sending an email to – dpo@sfi.com.au
    • Calling +61 3 8847 1300 during business hours.
    • Or via a letter addressed to:

    Data Privacy Officer
    SFI Allegro

    Unit 3, 33 - 37 Duerdin Street
    Notting Hill, VIC 3168
    Australia

    15. Review

    From time to time, SFI may change the terms of this policy. Changes will take effect once they are posted online. If you do not agree with any of the amended terms, you must avoid any further use of the Website.