Privacy Policy

About This Policy

draventoisa respects your privacy and takes the protection of your personal information seriously. This policy explains how we collect, use, store, and protect your data when you interact with our budget risk management services.

We're based in Australia, and our practices comply with the Privacy Act 1988, including the Australian Privacy Principles. If you're reading this from somewhere else in the world, these same standards apply to you too.

This isn't just legal boilerplate — we actually care about being transparent with you. So we've tried to write this in plain English, though there are some technical bits we can't avoid.

What Information We Collect

The information we gather depends on how you interact with us. Here's what we typically collect:

Information You Give Us Directly

• Your name, email address, and phone number when you contact us or sign up for our services
• Business details if you're enquiring about corporate budget risk management
• Financial information needed to assess your risk management needs (we only collect what's necessary)
• Communication preferences and any specific requirements you share with us
• Feedback, questions, or concerns you submit through our contact forms

Information We Collect Automatically

• Technical data like your IP address, browser type, and device information
• How you navigate through our website — which pages you visit and how long you stay
• The source that referred you to our site (like a search engine or another website)
• Time zone settings and location data (general, not precise)

We don't use tracking cookies for advertising purposes. The cookies we do use help the website function properly and remember your preferences.

How We Use Your Information

We're not in the business of selling your data or bombarding you with marketing emails. Here's what we actually do with your information:

If we ever want to use your information for something not covered here, we'll ask for your permission first.

Who We Share Your Information With

We keep your information within our organization whenever possible. But sometimes we need to share it with others to provide our services properly:

• Technology service providers who help us run our website and manage our systems (they're contractually bound to protect your data)
• Professional advisers like lawyers and accountants when necessary for business operations
• Regulatory bodies if required by Australian law or financial regulations
• Business partners only when you've specifically requested a joint service or consultation

If draventoisa were ever to merge with or be acquired by another company, your information would transfer to the new entity — but the same privacy protections would continue to apply.

Your Privacy Rights

Australian privacy law gives you several rights over your personal information. Here's what you can do:

To exercise any of these rights, just send us an email at support@draventoisa.com with your request. We'll need to verify your identity before processing it — standard security practice.

How We Protect Your Information

Security isn't just a checkbox for us. We take practical steps to keep your data safe:

• All data transmissions are encrypted using industry-standard SSL/TLS protocols
• Our systems are protected by firewalls and regular security monitoring
• Access to personal information is restricted to staff who genuinely need it for their work
• We conduct regular security assessments and update our practices accordingly
• Our team receives ongoing training about data protection and privacy obligations
• We maintain secure backups to prevent data loss

That said, no system is completely foolproof. If we ever experience a data breach that could seriously harm you, we'll notify you and the relevant authorities as required by law.

How Long We Keep Your Information

We don't keep your information longer than necessary. The retention period depends on the type of data and why we collected it:

• Client service records: We keep these for seven years after our relationship ends (this matches Australian business record-keeping requirements)
• Financial records: Seven years minimum, as required by taxation law
• Marketing enquiries: If you don't become a client, we delete your details after two years of inactivity
• Website analytics: Aggregated and anonymized after 26 months
• Support correspondence: Three years from the last interaction

When we delete information, we do so securely. It's not just moved to a recycling bin — it's properly erased from our systems.

International Data Transfers

Our primary operations and data storage are in Australia. However, some of our technology providers have servers in other countries, which means your information might occasionally be processed overseas.

When this happens, we ensure those countries have adequate privacy protections, or we put contractual safeguards in place that meet Australian standards. Currently, our main service providers are located in Australia and the United States.

If you're accessing our services from outside Australia, your information will be transferred to and processed in Australia. By using our services, you acknowledge this transfer.

Children's Privacy

Our services are designed for adults and businesses. We don't knowingly collect information from anyone under 18 years of age.

If you're a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We'll delete it promptly.

Changes to This Policy

We review and update this privacy policy periodically to reflect changes in our practices or legal requirements. The "Last Updated" date at the top tells you when we last made changes.

If we make significant changes that affect how we handle your information, we'll notify you by email (if we have your email address) or through a prominent notice on our website.

We encourage you to review this policy occasionally to stay informed about how we're protecting your information.

Third-Party Websites

Our website might contain links to other websites that aren't operated by us. If you click on a third-party link, you'll be directed to that site.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We recommend reading the privacy policy of every website you visit.

Making a Complaint

If you're concerned about how we've handled your personal information, we want to hear about it. First, please contact us directly so we can try to resolve the issue:

We'll acknowledge your complaint within five business days and aim to resolve it within 30 days. If you're not satisfied with our response, you have the right to complain to the Office of the Australian Information Commissioner:

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Mail: GPO Box 5218, Sydney NSW 2001