1. Introduction and Purpose
CommandPost® is committed to maintaining the highest standards of data protection. The following Data Protection Policy details our approach to handling Customer Data throughout its lifecycle, from collection to disposal.
The objectives of policy is to ensure we maintain appropriate administrative, physical, and technical safeguards for the protection and integrity of Customer Data.
2 Data Collection and Storage
All Customer Data is stored in secure, encrypted environments, with access limited to authorised personnel only. All Customer Data is stored within Australia, using Amazon Web Services (AWS), which includes data backups – no data is ever transmitted or stored outside of Australia.
3 Data Access and Sharing
Access to sensitive client data is only granted on a need-to-know basis and by authorised users through role-based access controls. Data sharing with third parties is conducted in accordance with contractual agreements and applicable laws and regulations. End-to-End Encryption (E2EE) is implemented when transmitting sensitive data over public networks.
4 Data Usage
Customer Data is only be used for the purpose for which it was collected and to provide services as required within the Licence Agreement.
5 Data Retention and Disposal
Customer Data shall be retained only for the duration necessary to fulfil the intended purpose and comply with legal obligations. Customer Data that is no longer needed is securely disposed of.
6 Information Security Controls
Regular risk assessments and security audits are conducted to identify vulnerabilities and implement necessary controls. Security measures, such as firewalls, intrusion detection systems, and antivirus software are in place to protect against unauthorised access and cyber threats.
7. Compliance and Accountability
CommandPost® complies with with relevant. state and federal laws in our provision of the services and our processing of Customer Data. We reserve the right at all times to disclose any information as necessary to satisfy any law, regulation, legal process or governmental request.
8. Review and Updates
This Data Protection Policy is reviewed periodically to ensure its effectiveness and relevance. Updates may be made to reflect changes in technology, regulations, and business practices. By adhering to this policy, we continue to show our commitment to maintaining the confidentiality, integrity, and availability of sensitive client information.