Privacy Policy

Last updated 03/02/2025

1. Introduction

This Privacy Policy outlines how InsurgenceAI Pty Ltd (Insurgence) – a provider of AI solutions for enterprises – collects, uses, stores, and discloses your personal information in compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA). This policy applies to the personal data collected and processed through Insurgence AI solutions and services integrated into enterprise systems.

2. Collection of Personal Information

2.1 Purpose

Insurgence collects personal information to provide AI-driven solutions that automate document processing, workflows, and other enterprise client functions.

2.2 Types of Information Collected

Insurgence collects personal information including, but not limited to:

  • Your name, email address, company name, and job title.
  • Profile information such as preferred language.
  • Data provided via team communication platforms (e.g., team or chat names, member details).
  • Any other information required to fulfil the services provided by Insurgence.

2.3 Compliance with Regulations

Under both the APPs (APP 3) and the GDPR (Article 6), Insurgence ensures that:

  • Collection is limited to necessary data for Insurgence business operations.
  • Data is obtained either directly from you or through enterprise clients who have engaged Insurgence to deliver AI solutions.

3. Use of Personal Information

3.1 Personal Data

Insurgence uses your personal data to:

  • Provide and improve Insurgence AI services.
  • Automate processes, such as completing document templates or sending notifications.
  • Analyse and optimise Insurgence services for better efficiency and user experience.

3.2 Legal Basis for Processing Personal Data

The legal basis for processing personal data under the GDPR (Article 6) includes:

  • Performance of a contract.
  • Compliance with legal obligations.
  • Legitimate interests, such as improving the services provided by Insurgence.

4. Disclosure of Personal Information

4.1 Disclosure to Third Parties

Insurgence does not disclose personal data to third parties without your consent, except where required by law or to deliver services as outlined in this policy. In compliance with APP 6 and GDPR Articles 13 and 14, Insurgence ensures transparency regarding any disclosure to third-party service providers or other entities, ensuring data security and protection.

4.2 Sharing of Data

Data may be shared:

  • With your enterprise organisation for the purposes of service delivery.
  • With third-party service providers who assist in fulfilling the contractual obligations of Insurgence (e.g., hosting providers or analytics services).

5. Data Security and Retention

5.1 Security Measures

Insurgence takes reasonable steps to protect your personal information from misuse, loss, or unauthorised access, in compliance with APP 11 and GDPR Article 32 (Data Security). Security measures include:

  • Encryption of data in transit and at rest.
  • Access control mechanisms.
  • Regular security audits and monitoring.

5.2 Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, in line with APP 11 and GDPR Article 5(1)(e).

6. Access, Correction, and Accuracy

6.1 Right to Access

You have the right to access the personal information Insurgence holds about you, to correct any inaccuracies, and to ensure your data is complete and up-to-date under APP 12 and GDPR Article 15 (Right of Access) and Article 16 (Right to Rectification).

6.2 Access or Correct Information

You may request access or correction by contacting Insurgence. Insurgence aims to respond to requests within a reasonable time frame, ensuring compliance with both APP 12 and GDPR regulations.

7. The Right to Be Forgotten (Erasure)

7.1 Right to Request Deletion

Under GDPR Article 17 and consistent with APP 11, you have the right to request the deletion of your personal data where:

  • The data is no longer necessary for the purposes it was collected.
  • You withdraw your consent (where consent was the legal basis for processing).
  • The data has been unlawfully processed.

7.2 Action on Valid Requests

Insurgence will action any valid requests for erasure – working with the enterprise client as appropriate – unless required by law to retain the information or for the establishment, exercise, or defence of legal claims.

8. Data Portability

8.1 Right to Data Portability

Under GDPR Article 20, you have the right to data portability, meaning you can request that Insurgence provides your personal data in a structured, commonly used, and machine-readable format.

8.2 Request to Send to Another Organisation

You can also request that Insurgence transmits your data directly to another organization, where technically feasible.

9. Restriction of Processing

9.1 Restrict Processing of Data

Under GDPR Article 18, you may request that Insurgence restricts the processing of your data where:

  • You contest the accuracy of the data.
  • The processing is unlawful, but you oppose the deletion of the data.
  • Insurgence no longer needs the data, but you require it for legal claims.

9.2 Storage of Data

In such cases where you request that Insurgence restrict the processing of your data, Insurgence will store your data but cease any other processing until the restriction is lifted.

10. Automated Decision-Making and Profiling

10.1 Automated Decision-Making

Insurgence AI solutions may involve some level of automated decision-making. However, under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects.

10.2 Human Intervention in Decision-Making

If applicable, you can request human intervention in decision-making, express your point of view, or contest the decision.

11. Cross-Border Data Transfers

11.1 Transfer of Data Outside Australia or the EEA

Where personal data is transferred outside Australia or the EEA (for example, to cloud service providers), Insurgence ensures that such transfers comply with APP 8 and GDPR Chapter V (Articles 44-50), using appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs).
  • Binding Corporate Rules (BCRs).

11.2 Third-Party Recipients of Data

Insurgence ensures that any third-party recipients of data provide the same level of protection as required by these regulations.

12. Continuous Improvement and Updates

12.1 Commitment to Compliance

In line with APP 1.2 and GDPR Article 5(1)(d), Insurgence is committed to reviewing and updating Insurgence privacy practices regularly to ensure ongoing compliance and to respond to changes in data protection laws. This includes periodic updates to this Insurgence Privacy Policy and Insurgence internal procedures.

13. Complaints and Dispute Resolution

If you have any concerns about how Insurgence handles your personal data, you may lodge a complaint with Insurgence by contacting Insurgence through the form at https://insurgence.ai/. Insurgence will take steps to resolve your concerns in accordance with APP 1.6 and GDPR Article 77, which entitles individuals to lodge a complaint with their relevant data protection authority if unsatisfied with the response from Insurgence.

14. Glossary

  • ABN: Australian Business Number.
  • Act: Australian Privacy Act 1988.
  • APPs: Australian Privacy Principles.
  • AI: Artificial Intelligence.
  • API: Application Programming Interface.
  • BCRs: Binding Corporate Rules.
  • Cth: Commonwealth.
  • EEA: European Economic Area.
  • GDPR: General Data Protection Regulation, a European Union regulation on information privacy in the European Union and the European Economic Area.
  • Insurgence: InsurgenceAI Pty Ltd.
  • SCCs: Standard Contractual Clauses.
  • URL: Uniform Resource Locator, the address of a unique resource on the internet.