Privacy Policy

We are the data controller for the purposes of the EU General Data Protection Regulation (GDPR) (EU) 2016/679, the UK General Data Protection Regulation (UK GDPR), and the Australian Privacy Act 1988.

1.1 Our Contact Details

Rise-X Pty Ltd
ABN: 80 617242 869
Address: C/- Source Services, Level 39, 152-158 St Georges Tce, Perth, Western Australia, 6000
Email: connect@rise-x.io
Website: https://www.rise-x.io

1.2 Data Protection Officer

For data protection inquiries, you may contact our Data Protection Officer at:
Email: connect@rise-x.io

1.3 EU Representative

EU representative also be reached at:
Email: connect@rise-x.io

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

• Account Information: Name, email address, company name, phone number

• Communications: Content of messages, support tickets, and feedback you send to us

• Workflow Data: Data you input, upload, or process through our platform including documents, files, and business process information

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, click patterns, workflow interactions

• Device Information: IP address, browser type and version, operating system, device identifiers

• Location Data: General geographic location based on IP address

• Cookies and Similar Technologies: See our Cookie Policy for details

2.3 Information from Third Parties

• Integration Data: Information from third-party services you connect to Rise-X (e.g., cloud storage, business applications)

• Public Sources: Publicly available business information to verify company details

We process your personal data on the following legal bases under GDPR:

3.1 Contractual Necessity (Article 6(1)(b) GDPR)

Processing necessary to perform our contract with you, including:

• Providing access to the Services

• Managing your account

• Processing payments

• Delivering customer support

3.2 Legitimate Interests (Article 6(1)(f) GDPR)

Processing necessary for our legitimate business interests, including:

• Improving and developing our Services

• Security and fraud prevention

• Internal analytics and business intelligence

• Marketing our services to existing customers

• Maintaining backups and business continuity

We have assessed that these interests are not overridden by your rights and freedoms.

3.3 Legal Obligation (Article 6(1)(c) GDPR)

Processing necessary to comply with legal obligations, including:

• Tax and accounting requirements

• Regulatory compliance

• Responding to lawful requests from authorities

3.4 Consent (Article 6(1)(a) GDPR)

Where required, we obtain your explicit consent for:

• Marketing communications (where not based on legitimate interest)

• Non-essential cookies and tracking technologies

• Processing special categories of data (if applicable)

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

We use your personal data for the following purposes:

4.1 Service Delivery

• Providing, maintaining, and improving the Services

• Creating and managing your account

• Processing transactions and sending related information

• Enabling multi-party workflows and collaborations

• Providing customer support and responding to inquiries

4.2 Communication

• Sending service-related notifications and updates

• Responding to your requests and communications

• Sending administrative information about your account

• Marketing communications (with appropriate consent or legitimate interest)

4.3 Security and Compliance

• Detecting and preventing fraud, security threats, and illegal activities

• Monitoring and analyzing usage for security purposes

• Complying with legal obligations and regulatory requirements

• Enforcing our Terms of Service

4.4 Analytics and Improvement

• Understanding how users interact with our Services

• Improving features and functionality

• Developing new products and services

• Conducting research and analysis

We share your personal data only in the following circumstances:

5.1 Service Providers

We engage third-party service providers to perform functions on our behalf, including:

• Cloud hosting services (AWS, Azure, or similar)

• Payment processing

• Email delivery services

• Analytics providers

All service providers are contractually bound to protect your data and process it only as instructed.

5.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your data when required to:

• Comply with applicable laws, regulations, or legal processes

• Respond to lawful requests from public authorities

• Protect our rights, property, or safety

• Prevent fraud or illegal activities

5.4 With Your Consent

We may share your data with third parties when you explicitly consent to such sharing.

5.5 Aggregated or De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you.

Rise-X is based in Australia. When we transfer your personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place:

6.1 Adequacy Decisions

We transfer data to countries recognized by the European Commission as providing adequate protection (including the UK under the current adequacy decision).

6.2 Standard Contractual Clauses

For transfers to other countries, we use Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner's Office.

6.3 Additional Safeguards

We implement additional technical and organizational measures to protect your data, including encryption in transit and at rest.

You may request a copy of the safeguards we have in place by contacting us at connect@rise-x.io.

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

• Account Data: Retained while your account is active and for 2 years after account closure (unless legal requirements mandate longer retention)

• Payment Records: Retained for 7 years to comply with tax and accounting obligations

• Support Communications: Retained for 3 years after resolution

• Marketing Data: Retained until you unsubscribe or withdraw consent

• Usage Logs: Retained for 12 months

7.2 Deletion

After the retention period expires, we securely delete or anonymize your personal data. You may request earlier deletion by exercising your right to erasure (see Section 8).

Under the GDPR, you have the following rights regarding your personal data:

8.1 Right of Access (Article 15)

You have the right to obtain confirmation whether we process your personal data and access to that data. You may request a copy of your personal data.

8.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

8.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purposes collected

• You withdraw consent (where processing is based on consent)

• You object to processing based on legitimate interests

• The data was unlawfully processed

This right is not absolute and may be limited by legal obligations to retain certain data.

8.4 Right to Restriction of Processing (Article 18)

You have the right to request we restrict processing of your personal data in certain situations:

• You contest the accuracy of the data

• Processing is unlawful but you don't want erasure

• We no longer need the data but you need it for legal claims

• You have objected to processing pending verification

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller where:

• Processing is based on consent or contract

• Processing is carried out by automated means

8.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

8.7 Right Not to Be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently engage in such automated decision-making.

8.8 Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

8.9 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

For EU Residents:
Your local Data Protection Authority (DPA) or the Irish Data Protection Commission
Website: https://www.dataprotection.ie

For UK Residents:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

For Australian Residents:
Office of the Australian Information Commissioner (OAIC)
Website: https://www.oaic.gov.au
Phone: 1300 363 992

8.10 Exercising Your Rights

To exercise any of these rights, please contact us at:

• Email: connect@rise-x.io

• Subject line: "Data Subject Rights Request"

We will respond to your request within one month (extendable by two months for complex requests). We may request additional information to verify your identity before processing your request.

There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

9.1 Technical Measures

• Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)

• Regular security assessments and penetration testing

• Multi-factor authentication options

• Access controls and authentication mechanisms

• Regular security patches and updates

• Intrusion detection and prevention systems

9.2 Organizational Measures

• Staff training on data protection and security

• Confidentiality agreements with employees and contractors

• Limited access to personal data on a need-to-know basis

• Data protection impact assessments for high-risk processing

• Incident response and data breach notification procedures

• Regular audits and compliance reviews

9.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware

• Notify affected individuals without undue delay if the breach poses a high risk

• Describe the nature of the breach and measures taken to address it

We use cookies and similar tracking technologies. For detailed information, please see our separate Cookie Policy available at [link to cookie policy].

10.1 Types of Cookies We Use

• Essential Cookies: Required for the Services to function

• Performance Cookies: Help us understand how visitors use our Services

• Functional Cookies: Remember your preferences and choices

• Marketing Cookies: Track your activity to deliver relevant advertisements (with consent)

10.2 Managing Cookies

You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may limit functionality.

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

If you believe we have collected data from a child under 16, please contact us at connect@rise-x.io.

Our Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

13.1 Notification of Changes

We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date

• Sending an email notification to your registered email address

• Displaying a prominent notice on the Services

13.2 Continued Use

Your continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, please discontinue use and contact us to close your account.

We implement data protection principles from the design stage of our Services and throughout the data lifecycle:

• Data Minimization: We collect only data necessary for specified purposes

• Purpose Limitation: We use data only for the purposes disclosed

• Storage Limitation: We retain data only as long as necessary

• Integrity and Confidentiality: We maintain appropriate security measures

• Accountability: We document our compliance and processing activities

We do not intentionally collect or process special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data for identification purposes).

If you include such data in content you upload to the Services, you are responsible for ensuring you have a lawful basis for such processing and have obtained any necessary consents.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Email: connect@rise-x.io

Postal Address: C/- Source Services, Level 39, 152-158 St Georges Tce, Perth, Western Australia, 6000

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.