CASSA
Legal
Privacy Policy
This page details CASSA's current privacy policy.
Updated 2 weeks ago
Last Updated: February 24, 2025
What's covered in this article
This article contains the following (plus quick links to the relevant sections):
1. Introduction
CASSA respects each individual's right to personal privacy. We understand the importance of protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our construction industry management platform, including our website (cassa.io), mobile applications, and related services (collectively, the "Service").
We collect your information only with your consent; we only collect personal information that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties; and we only use it as this Privacy Statement describes.
We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy outlines our practices for handling your personal information in accordance with these regulations.
2. Personal Information We Collect
2.1. Information You Provide
We collect personal information that you voluntarily provide when using our Service, including:
Name, email address, and contact details
Company information and ABN
Employment details and qualifications
Login credentials
Payment information
Construction site documentation and records
Safety management documentation
Training and certification records
Incident reports and related documentation
2.2. Information Collected Automatically
When you use our Service, we automatically collect:
Device information (type, operating system, browser)
IP address and location data
Usage data and interaction with our Service
Log files and error reports
Performance data and analytics
2.3. Information from Third Parties
We may receive information about you from:
Your employer or principal contractor
Regulatory bodies and licensing authorities
Training providers and certification bodies
Insurance providers
Payment processors
3. How We Use Your Information
We use your personal information for the following purposes:
3.1. Primary Purposes
Providing and maintaining our Service
Processing your transactions and subscriptions
Managing your account and user profile
Facilitating construction site safety management
Supporting compliance with regulatory requirements
Enabling document control and organization
Managing contractor qualifications
Processing incident reports
Tracking training and certifications
Managing equipment and machinery records
3.2. Secondary Purposes
Improving and developing our Service
Analyzing usage patterns and trends
Communicating service updates and changes
Providing customer support
Marketing our services (with consent)
Conducting research and analytics
Maintaining security of our Service
4. Data Storage, Security, and Ownership
Although CASSA owns the data storage, databases, and the CASSA Site, you retain all rights to your data. This section outlines how we protect and manage your information.
4.1. Storage Location
Your personal information is stored securely in Australia on servers provided by Australian data center providers who comply with relevant security standards and certifications.
4.2. Security Measures
We implement appropriate technical and organizational measures to protect your personal information, including:
Industry-standard encryption protocols
Secure access controls and authentication
Regular security assessments and audits
Employee training on data protection
Incident response procedures
Regular backup procedures
System monitoring and logging
4.3. Data Retention
We retain your personal information for as long as:
Required by law or regulatory obligations
Necessary for the purposes outlined in this policy
Needed for legitimate business purposes
Your account remains active
5. Disclosure of Your Information
5.1. We may share your information with:
Your authorized representatives
Your employer or principal contractor
Our service providers and partners
Regulatory authorities when required
Emergency services in case of incidents
Legal advisors and authorities as required by law
5.2. Third-Party Service Providers
When we engage third-party service providers, we:
Select providers who maintain appropriate security standards
Require contractual commitments to protect your information
Regularly review their privacy and security practices
Limit access to only what is necessary
6. Your Rights and Choices
Under Australian privacy law, you have the right to:
Access your personal information
Request correction of inaccurate information
Opt-out of marketing communications
Lodge a complaint about privacy concerns
Request deletion of your information (subject to legal requirements)
Withdraw consent for specific processing activities
7. International Data Transfers
While we primarily store data in Australia, some data may be transferred internationally when necessary. In such cases, we:
Ensure compliance with Australian privacy laws
Implement appropriate data transfer agreements
Verify adequate protection measures are in place
Obtain necessary consents where required
8. Chat AI Privacy Considerations
8.1. Data Collection and Use
When using our Chat AI feature:
Conversations are recorded for service improvement
Personal information should be minimized in queries
Generated content may be analyzed for quality assurance
Usage patterns are monitored for system optimization
8.2. Data Protection
We protect Chat AI data through:
Encryption of conversation logs
Limited retention periods
Access controls and monitoring
Regular privacy impact assessments
9. Children's Privacy
Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information.
10. Cookies and Tracking Technologies
10.1 Cookies
A "cookie" is a small text file containing a unique identifier that our web server sends to a user's browser, and may be stored on a user's hard drive. Cookies are required to use CASSA services. If you have your browser set to reject cookies, your use of the CASSA services is likely to be interrupted. The cookies we use are not permanent.
10.2 Usage
We use cookies and similar technologies to:
Maintain your session and preferences
Analyze usage patterns
Improve Service performance
Enable certain Service features
Support security measures
10.3 Online Advertising
CASSA participates in online advertising, including remarketing. Third party vendors, including Google, show CASSA ads on other sites on the internet. The vendors use cookies to serve CASSA ads based on a user's prior visits to the CASSA website. Users may opt out of a third party vendor's use of cookies by visiting the Network Advertising Initiative opt out page.
10.4 Control
You can control cookie settings through your browser preferences. However, please note that certain features of the Service may not function properly without cookies.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through:
Email notifications
Service announcements
Website notices
Continued use of our Service after changes constitutes acceptance of the updated policy.
12. Privacy Concerns and Contact Information
For privacy-related queries or complaints:
Email: legal@cassa.io
Phone: +61 1300 600 150
Address: BBD RESOURCES PTY LTD, 20 Signature Drive, Rosslea, QLD 4812, Australia
You can also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Privacy Act or APPs.
13. Additional Privacy Safeguards
13.1. Staff Training
Our employees undergo regular privacy training and are bound by confidentiality obligations.
13.2. Data Breach Response
We maintain a data breach response plan and will notify affected individuals and the OAIC of eligible data breaches as required by law.
13.3. Privacy Impact Assessments
We conduct privacy impact assessments for new features or significant changes to our Service.
This Privacy Policy was last updated on February 24, 2025. Previous versions are available upon request.