Data Protection Policy

Last updated: 01/07/2025

1. Purpose

This Data Protection Policy outlines how Simple iD Pty Ltd (Australia), Simple iD Limited (New Zealand), and Simple iD Limited (United Kingdom) (“Simple iD”, “Cloud Made Simple”, “we”, “us”, “our”) manage personal data in compliance with applicable privacy laws including:

  • The Australian Privacy Act 1988 (Cth)
  • The New Zealand Privacy Act 2020
  • The UK General Data Protection Regulation (UK GDPR)

Our commitment is to ensure that personal information is collected, used, stored, and disclosed responsibly and transparently, protecting the rights of individuals across all regions we operate.

2. Scope

This policy applies to:

  • All personal information processed by Simple iD entities.
  • All staff, contractors, and third-party service providers who handle data on our behalf.
  • All data subjects whose personal information we collect, including customers, prospects, employees, and partners.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Processing: Any operation performed on personal data (e.g., collection, storage, use, disclosure, deletion).
  • Data Subject: The individual whose data is being processed.
  • Data Controller: Simple iD entities who determine how and why personal data is processed.
  • Data Processor: Third parties processing personal data on our behalf.

4. Key Principles

We are committed to managing personal data in accordance with the following principles:

  • Lawfulness, Fairness & Transparency: We collect personal data for legitimate business purposes and communicate clearly about how data is used.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes only.
  • Data Minimisation: We only collect personal data necessary for business operations.
  • Accuracy: We keep personal data accurate and up-to-date.
  • Storage Limitation: Personal data is retained only as long as necessary to fulfill its purpose or meet legal requirements.
  • Integrity & Confidentiality: We protect personal data using appropriate technical and organisational measures.
  • Accountability: We can demonstrate compliance with applicable data protection laws.

5. Types of Personal Data We Collect

We may collect and process:

  • Contact details (name, address, email, phone)
  • Employment information (for staff)
  • Company details (business name, registration numbers)
  • Service usage data (IP addresses, website analytics)
  • Communications (email correspondence, support tickets)
  • Consent preferences (marketing opt-ins, course sign-ups)

6. Lawful Basis for Processing

Depending on the circumstances, we process personal data based on:

  • Consent (e.g., marketing subscriptions, training registrations)
  • Contractual obligations (e.g., delivery of IT & AI services)
  • Legal obligations (e.g., tax, employment, regulatory compliance)
  • Legitimate interests (e.g., business improvement, customer engagement)

7. Data Security Measures

We implement a combination of administrative, technical, and physical safeguards:

  • Data encryption (in transit and at rest)
  • Role-based access controls
  • Secure cloud infrastructure (e.g., Microsoft 365, Mailchimp)
  • Staff training in privacy and data protection
  • Vendor due diligence for third-party service providers

8. Data Sharing

We may share personal data with:

  • Internal teams across Australia, New Zealand, and the UK.
  • Trusted service providers (e.g., cloud hosting, analytics, email marketing platforms).
  • Regulators or legal authorities when required.

All third parties are contractually obligated to maintain strict confidentiality and data security standards.

9. International Data Transfers

We may transfer data between our operations in Australia, New Zealand, and the UK, and to providers located in other countries. We ensure such transfers comply with:

  • UK GDPR requirements for international data transfers.
  • Australian Privacy Principles (APPs).
  • New Zealand Privacy Act provisions.

Where applicable, we use Standard Contractual Clauses or equivalent safeguards.

10. Data Subject Rights

Individuals have the right to:

  • Access their personal data
  • Correct inaccurate or incomplete data
  • Withdraw consent (where processing is based on consent)
  • Request deletion of personal data (subject to legal limitations)
  • Lodge complaints with a relevant data protection authority

Requests can be made via: support@cloudmadesimple.com

11. Breach Notification

In the event of a data breach:

  • We will investigate promptly.
  • Notify affected individuals if required by law.
  • Notify regulatory authorities within required timeframes.

12. Staff Responsibilities

All staff and contractors are responsible for:

  • Understanding their obligations under this policy.
  • Reporting suspected data breaches or incidents promptly.
  • Only processing data necessary for their role.

Failure to comply with this policy may result in disciplinary action.

13. Governance & Review

The management team at Simple iD is responsible for:

  • Regularly reviewing this policy.
  • Ensuring ongoing compliance with all applicable privacy laws.
  • Training staff on data protection responsibilities.

This policy will be reviewed annually or whenever significant changes occur.

14. Contact Information

For any questions or concerns regarding this policy, please contact:

Cloud Made Simple (All Regions)