Privacy and Security Policy
The requests we make for personal or business information on this web site is voluntary, and may include your name, company, e-mail address, and telephone number so that we can follow up on your request for information.
Once we receive your information it is securely stored behind highly robust security measures, accessible only by our staff that need it to fulfil your request.We will not take any contact details and place them on an e-mail marketing, or postal marketing list. Any of your personal or business information collected will not be sold, traded, given, or rented to other firms or individuals.
We will not secretly gain any information from your computer, or its connection identity.
Application Security & Privacy Framework
At the Elumina Group, the privacy and security of applications we develop is of critical importance. A key component of our build process is the security risks involved in handling client data and to ensure that the necessary processes and software are implemented to protect data from unauthorised access or loss. At a minimum we consider and adhere to as necessary the following application security protocols.
Encryption - Secure Socket Layers - (SSL)
As best practice for implementing security for web applications, SSL is always used as the base security layer, meaning that anything communicated over the web is encrypted with enterprise grade cryptographic protocols. By using SSL, all sessions to your application are encrypted and end-customers/users are directed to a secure HTTPS site.
Encryption - Data at rest
The Elumina Group has implemented third party software to encrypt the database, table space and table levels. The software encrypts the data before it hits the physical file system and protects from OS users and hard drive / backup media theft.
The advantages of this software introduction are:
- Advanced key management - we store keys separate from the encryption data to ensure data breaches do not result in the loss of the cryptographic key.
- The symmetric key is secured by certificates, fingerprints and other advanced methods to ensure secure and controlled access,
- Transparent data encryption protects data ‘at rest’, encrypts sensitive data within data files to prevent access from the operating system,
- Process-based access controls restricts access to specific processes rather than by OS user, restricts data availability to only those who need it,
- Encrypt and decrypt structured and unstructured data.
- Secures personally identifiable information, log files and other sensitive data.
Compliance with Information Privacy Principles
Working as an agency on behalf of our clients, the Elumina Group acknowledge that effective 12th March 2014 the Australian Privacy Principles (APPs) came into affect regulating the handling of personal information by Australian government agencies and some private sector organisations. We are cognisant of the overarching 13-point privacy principals.
The principles are to be followed by companies that collect personal information from their own customers. Any web solution we develop that collects such customer data therefore must consider how these elements apply and what security measures need to be put in place for the project at hand.
The Elumina Group will continue to adhere to all acts and practices that occurred prior to 12th March 2014 as well as the privacy principals.
3rd Party Hosting Service Compliance & Certification
Hosting services engaged by Elumina to host the applications we have developed for our clients are subject to stringent security and privacy criteria. Decisions on our hosts have been made on data centres that are proven to be compliant with industry standards and protocols relating to the application security techniques and privacy considerations relating to data handling.
Data Access & Retrieval
One of the key criteria we use in providing a SaaS solution for our clients is to ensure that the client's data, although hosted externally can be retrieved upon request and easily exported from the application for ongoing data backup and client use. All data can be easily transferred via Secure File Transfer Protocol to ensure privacy is maintained.