Last Updated: February 24, 2025
What's covered in this article
This article contains the following (plus quick links to the relevant sections):
- Introduction
- Personal Information We Collect
- How We Use Your Information
- Data Storage, Security, and Ownership
- Disclosure of Your Information
- Your Rights and Choices
- International Data Transfers
- Chat AI Privacy Considerations
- Children's Privacy
- Cookies and Tracking Technologies
- Changes to This Policy
- Privacy Concerns and Contact Information
- Additional Privacy Safeguards
1. Introduction
CASSA respects each individual's right to personal privacy. We understand the importance of protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our construction industry management platform, including our website (cassa.io), mobile applications, and related services (collectively, the "Service").
We collect your information only with your consent; we only collect personal information that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties; and we only use it as this Privacy Statement describes.
We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy outlines our practices for handling your personal information in accordance with these regulations.
2. Personal Information We Collect
2.1. Information You Provide
We collect personal information that you voluntarily provide when using our Service, including:
- Name, email address, and contact details
- Company information and ABN
- Employment details and qualifications
- Login credentials
- Payment information
- Construction site documentation and records
- Safety management documentation
- Training and certification records
- Incident reports and related documentation
2.2. Information Collected Automatically
When you use our Service, we automatically collect:
- Device information (type, operating system, browser)
- IP address and location data
- Usage data and interaction with our Service
- Log files and error reports
- Performance data and analytics
2.3. Information from Third Parties
We may receive information about you from:
- Your employer or principal contractor
- Regulatory bodies and licensing authorities
- Training providers and certification bodies
- Insurance providers
- Payment processors
3. How We Use Your Information
We use your personal information for the following purposes:
3.1. Primary Purposes
- Providing and maintaining our Service
- Processing your transactions and subscriptions
- Managing your account and user profile
- Facilitating construction site safety management
- Supporting compliance with regulatory requirements
- Enabling document control and organization
- Managing contractor qualifications
- Processing incident reports
- Tracking training and certifications
- Managing equipment and machinery records
3.2. Secondary Purposes
- Improving and developing our Service
- Analyzing usage patterns and trends
- Communicating service updates and changes
- Providing customer support
- Marketing our services (with consent)
- Conducting research and analytics
- Maintaining security of our Service
4. Data Storage, Security, and Ownership
Although CASSA owns the data storage, databases, and the CASSA Site, you retain all rights to your data. This section outlines how we protect and manage your information.
4.1. Storage Location
Your personal information is stored securely in Australia on servers provided by Australian data center providers who comply with relevant security standards and certifications.
4.2. Security Measures
We implement appropriate technical and organizational measures to protect your personal information, including:
- Industry-standard encryption protocols
- Secure access controls and authentication
- Regular security assessments and audits
- Employee training on data protection
- Incident response procedures
- Regular backup procedures
- System monitoring and logging
4.3. Data Retention
We retain your personal information for as long as:
- Required by law or regulatory obligations
- Necessary for the purposes outlined in this policy
- Needed for legitimate business purposes
- Your account remains active
5. Disclosure of Your Information
5.1. We may share your information with:
Your authorized representatives
- Your employer or principal contractor
- Our service providers and partners
- Regulatory authorities when required
- Emergency services in case of incidents
- Legal advisors and authorities as required by law
5.2. Third-Party Service Providers
When we engage third-party service providers, we:
- Select providers who maintain appropriate security standards
- Require contractual commitments to protect your information
- Regularly review their privacy and security practices
- Limit access to only what is necessary
6. Your Rights and Choices
Under Australian privacy law, you have the right to:
- Access your personal information
- Request correction of inaccurate information
- Opt-out of marketing communications
- Lodge a complaint about privacy concerns
- Request deletion of your information (subject to legal requirements)
- Withdraw consent for specific processing activities
7. International Data Transfers
While we primarily store data in Australia, some data may be transferred internationally when necessary. In such cases, we:
- Ensure compliance with Australian privacy laws
- Implement appropriate data transfer agreements
- Verify adequate protection measures are in place
- Obtain necessary consents where required
8. Chat AI Privacy Considerations
8.1. Data Collection and Use
When using our Chat AI feature:
- Conversations are recorded for service improvement
- Personal information should be minimized in queries
- Generated content may be analyzed for quality assurance
- Usage patterns are monitored for system optimization
8.2. Data Protection
We protect Chat AI data through:
- Encryption of conversation logs
- Limited retention periods
- Access controls and monitoring
- Regular privacy impact assessments
9. Children's Privacy
Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information.
10. Cookies and Tracking Technologies
10.1 Cookies
A "cookie" is a small text file containing a unique identifier that our web server sends to a user's browser, and may be stored on a user's hard drive. Cookies are required to use CASSA services. If you have your browser set to reject cookies, your use of the CASSA services is likely to be interrupted. The cookies we use are not permanent.
10.2 Usage
We use cookies and similar technologies to:
- Maintain your session and preferences
- Analyze usage patterns
- Improve Service performance
- Enable certain Service features
- Support security measures
10.3 Online Advertising
CASSA participates in online advertising, including remarketing. Third party vendors, including Google, show CASSA ads on other sites on the internet. The vendors use cookies to serve CASSA ads based on a user's prior visits to the CASSA website. Users may opt out of a third party vendor's use of cookies by visiting the Network Advertising Initiative opt out page.
10.4 Control
You can control cookie settings through your browser preferences. However, please note that certain features of the Service may not function properly without cookies.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through:
- Email notifications
- Service announcements
- Website notices
Continued use of our Service after changes constitutes acceptance of the updated policy.
12. Privacy Concerns and Contact Information
For privacy-related queries or complaints:
- Email: legal@cassa.io
- Phone: +61 1300 600 150
- Address: BBD RESOURCES PTY LTD, 20 Signature Drive, Rosslea, QLD 4812, Australia
You can also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Privacy Act or APPs.
13. Additional Privacy Safeguards
13.1. Staff Training
Our employees undergo regular privacy training and are bound by confidentiality obligations.
13.2. Data Breach Response
We maintain a data breach response plan and will notify affected individuals and the OAIC of eligible data breaches as required by law.
13.3. Privacy Impact Assessments
We conduct privacy impact assessments for new features or significant changes to our Service.
This Privacy Policy was last updated on February 24, 2025. Previous versions are available upon request.