Phriendly Phishing is committed to protecting the privacy of personal information we handle. We take our obligations under privacy laws seriously and have prepared this document to set out our policy on the protection and handling of personal information and explain more about your privacy rights and inform you of the following:
For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of27 April 2016, known as the General Data Protection Regulation (the “GDPR”).For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018 as relevant also referred to as (the “GDPR”).
We have not appointed a Data Protection Officer as we do not fall within the categories of controllers and processors required to appoint a Data Protection Officer under Article 37of the GDPR.
When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful. You can withdraw your consent via our opt-out form here
4. Legal Basis for Processing
We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.
We rely on the following legal bases to collect and process the personal data of users:
Users have provided their consent to the processing of their data for one or more specific purposes;
Processing of user personal data is necessary for us or a third party to pursue a legitimate interest. Our legitimate interest is not overridden by the interests or fundamental rights and freedoms of users. Our legitimate interest(s) are: performing contract obligations, provision of information in response to your requests, provision of demonstrations, or making precontractual arrangements with you
Recruit and consider potential employees or applications for employment with us
Consider a potential contractor's engagement with us
Develop, provide, and improve our services and solution
Inform about our services and solutions
Obtain feedback on our services and solutions
Conduct administrative and business functions
Update our records and keep contact details up to date
Enable you to subscribe to newsletters and mailing lists
Process and respond to privacy questions, concerns and complaints
Fulfil legal and contractual obligations
Undertake any other purpose related to or ancillary to any of the above If you do not provide us with all or part of your personal information, we may not be able to carry out the purposes which are set out above, including the provision of services to you.
Legal and regulatory compliance
Our legitimate business interests, and those of our customers. We rely on our legitimate business interests, and those of our customers to process your personal data. For example, we have a legitimate interest in providing and improving our services; maintaining and improving the security and integrity of our Phishing Platform; minimizing security weaknesses and education for our customers, promoting our Phishing Platform, our services and our brand; research and analytics; and sharing information with our service providers who contribute to our services. In some cases where we send you promotional material by email we obtain your consent as a legal basis to processing your person data.
5. Types of personal data we collect
The types of personal information we collect, and hold include name, contact details, identification, affiliations, dealings and transactions with us, including by phone, email and online, Internet protocol address, browser type, domain names, times, and operating system. If you apply to work with us, we also collect information about your education, experience, character and background checks including eligibility to work, vocational suitability, identity, health, reference, directorship, financial probity, and criminal record checks. In addition, if you join us, we collect information about your employment or engagement including information about your performance, conduct, use of our IT resources and payroll matters.
6. How we collect personal information
Weendeavour to collect personal information directly from the individual or theirauthorised representative, in ways including:
Sometimes we collect personal information from a third party, such as our customers i.e. if you use our Phishing Platform while working for one of our customers, we will receive information (such as your email address, to create an account for you) from that customer. If you work for an organization, we may receive your name and contact details as part of delivery of our products or services such as the Phishing Platform, partners, or other third-party companies such as data providers, credit reporting bodies, lawen for cement agencies, recruitment companies or publicly available sources.
7. Our use and who we may disclose your data with
We only use and disclose personal information for the purposes for which it was given to us, or for purposes that are directly related to one of our functions or activities. For example:
We may exchange your personal information with third parties, your organisation, our advisers and representatives, government authorities, our related entities,and our advisors and contractors. Some of our employees are located overseas. Except where specific individual consent has been obtained, we take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. International Data Transfers We may disclose your personal information to entities located overseas, including the following:
If you are located in the United Kingdom or the European Union, we will only transfer your personal data if:
The country your personal data is being transferred to has been deemed to have adequate data protection by the European Commission or, if you are in the United Kingdom, by the United Kingdom adequacy regulations; or We have implemented appropriate safeguards in respect of the transfer. For example, the recipient is a part to binding corporate rules, or we have entered into standard EU or United Kingdom data protection contractual clauses with the recipient.
If you apply to work with us, we may exchange your personal information with educational institutions, recruiters, background checking services, professional and trade associations, law enforcement agencies, referees and your current and previous employers. In addition, if you join us, we may exchange your personal information with your representatives, other employers seeking a reference about you and providers of payroll, superannuation, banking, surveillance and training services.
We will not sell or share your data with any other third parties except where the law requires it, if it is required for a legal proceeding, to prove or protect our rights and to any buyers or potential buyers in the event that we seek to sell our company. If you click or follow any external links, we are not responsible for and have no control over their privacy policies or practices.
8. Your rights
Under the GDPR, you have the following rights;
In addition to the access, correction or complaints section, we provide a specific opt-out form where you can request removal from marketing activities, you can ‘unsubscribe’ at the bottom of emails or by sending a request to our Privacy Officer.
9. How we protect your data
We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We implement a range of measures to protect the security of personal information, including –depending on the circumstances – electronic access controls, premises security and network firewalls. Even though we have taken significant steps to ensure that your personal information is not intercepted, accessed, used, or disclosed by unauthorised persons, you should know that we cannot fully eliminate security risks associated with personal information.
10. Cookies and our Website
11. Access and Correction
If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, if you wo9uld like your data to be deleted or modified in any way, or if you wish to exercise any of your other rights under the GDPR, please contact our Privacy Office as set out below.
Please contact us if you wish to make a complaint about how we have handled your personal information. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your request and any resolution. For any questions and notices, please contact us at:
The Privacy Officer, Phriendly Phishing Pty Ltd
Phone: 1300 407 682
Address: Level 4, 330 Collins Street, Melbourne VIC 3000