SafetySuite respects your privacy and is committed to protecting information.
It is helpful to understand that SafetySuite acts as a data processor in the delivery of the SafetySuite Cloud Services. This means that SafetySuite processes personal data on behalf of the customer (organisation). The organisation acts as a data controller and determines the purposes and means of processing personal data. SafetySuite Cloud Service ensures the security and accessibility of the information in alignment with the Australian Privacy Principles.
Personal Information We Collect
SafetySuite collects information about you when your organisation provides it to us, when you create it using our product, when other sources provide it to us and when you use our Service. We collect and store personal information on any or all employees and contractors acting in your organisation only to perform the business processes required of our safety solutions. The type of information varies depending on the safety solution.
This information could include full name, ID’s, mailing address, phone number, gender, occupation, position within your company, email address and other relevant additional details required to ensure the solution performs as required.
For example, when Injury Management processes are required, additional data around nature of injuries, lodged claims, payments, and rehabilitation processes will be stored within SafetySuite Cloud. Additionally, if the Health Monitoring module is required, medical data, results and history could also be stored.
The data that we store may be passed to us from external systems such as HR or Payroll solutions or entered directly into SafetySuite Cloud. For example, in circumstances where contact details of a contractor, or member of the public, who was involved in a workplace safety incident.
We also collect information about your activity in our Service to provide reporting and auditing capabilities for your organisation. Only necessary information is collected to provide the SafetySuite Cloud Service.
How We Use Personal Information
Personal information is used in the provision of safety solutions within SafetySuite Cloud Service and to comply with our legal and contractual obligations. SafetySuite does not have access to any personal information without the explicit authorisation of the organisation.
Your information is used to provide our Safety products by carrying out the transactions requested by users of the Service. This includes the provision to you of Safety business processes and technical support, and other functions relevant to your use of SafetySuite Cloud.
Reasons We Share Personal Information
SafetySuite will not access your personal information for any reason other than to provide support, and only when expressly authorised by your organisation. Most support issues will be resolved without SafetySuite requiring access to your information.
The only circumstances where data from our system will be transmitted to a third party will be in line with subscribed safety services such as:
Claims Management interfaces to regulators or insurers,
Transmission of details for the purposes of case litigation,
Access to medical data to approved medical providers and the like.
Each of these processes will be triggered by your organisation’s safety, health and injury management teams and not by SafetySuite.
How We Store And Secure Personal Information
Your personal information is stored within the SafetySuite Cloud Service hosted by authorised Cloud Service Providers (see Third Party Service/Vendors below). It is protected by encryption, held within multiple private zones, and secured by a variety of cyber security defenses including firewalls, load balancing, Antivirus, malware protection and high availability infrastructure. SafetySuite Cloud is developed and tested against the OWASP framework. There is a shared responsibility model applied to securing your personal information. SafetySuite Cloud secures the processing of the information within the Service, and your organisation secures your information through identity and access control management.
Systems – CSP security best practices and security solution architecture.
Application – External vulnerability testing and OWASP framework driven development policy.
Infrastructure – Web application firewall, traffic load-balancing, DDoS mitigation, Antivirus and malware protection.
Data Encryption – Traffic (in transit) uses TLS 1.2 and data at rest uses AES-256. Credentials are hashed and salted using industry standard hash function (PBKDF2).
How You Access And Control Your Information
Industry standard IAM (Identity Access Management) and RBAC (Role Based Access Control) are used to ensure that your organisation controls who gets access to what. This means that your personal information is only available to authenticated and authorised parties. The Service provides Identity integration with your organisation and Multi Factor Authentication. All transactions are encrypted (see below). The handling of data is managed by secure, encrypted (TLS) transfer. The information is requested by authenticated and authorised users of the Service and remains protected during its transfer. SafetySuite and Third Party Providers have no access to the information unless explicitly granted by the organisation. Data transfer within the Service is also secured by TLS.
How We Transfer Personal Information
The handling of data is managed by secure, encrypted (TLS) transfer. The information is requested by authenticated and authorised users of the Service and remains protected during its transfer. SafetySuite and Third Party Providers have no access to the information unless explicitly granted by the organisation. Data transfer within the Service is also secured by TLS.
The organisation will be responsible for meeting any legal requirements applicable to content uploaded/submitted to the SafetySuite Cloud Service. This could include establishing a legal basis for processing, providing individuals or regulatory authorities with sufficient information about their personal data, and responding to data rights requests concerning the personal data they control.
If you would like to make any requests or queries regarding personal data we process on your organisation’s behalf, including accessing, correcting or deleting your data, please contact your organisation’s support directly.
The SafetySuite Cloud Service is made available through your organisation and information is retained for the duration required by your organisation, in alignment with any legal or regulatory requirements. Individual jurisdictions will determine safety data retention stipulations.
The SafetySuite Cloud Service comprises secure Service communications and notifications. These settings are controlled using SafetySuite Cloud by your organisation.
AWS – Cloud Service Provider
(For information regarding their security practices – AWS security)
We may only supply your personal or corporate information to third parties for a limited range of reasons. We may respond to subpoenas, court orders, or legal process by disclosing your data and other related information, if necessary. We also may choose to establish or exercise our legal rights or defend against legal claims.
Personal data may be transmitted to Government agencies, Insurance companies and medical providers in line with the Service we provide to your organisation.
Data Subject Rights
Questions, Concerns, Or Complaints
We take any privacy complaint seriously. We will work in collaboration during this process with all relevant information you have provided.
We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal complaint with the Office of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia).
Complaints must be made in writing.
Phone: 1300 363 992
Mail: Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Please direct any privacy issues or queries to SafetySuite by emailing: