PREAMBLE

AusfoTech, as a personal data administrator, collects and processes certain information about individuals.
This information may refer to employees, managers, clients, suppliers, contractors, business contacts and other individuals with whom the Administrator has a connection or wants to establish business contacts.
This privacy policy governs how personal data is collected, processed and stored to meet the standards of the Administrator's organization and is consistent with legal requirements.

I. Legal basis

AusfoTech refund policy will be nil if;
This Privacy Policy ("Policy") is issued on the basis of the Personal Data Protection Act and its Amending Laws ("Australia Legislation") and the General Data Protection Regulation (US) 2016 / 679 ("GDPR")
Australia legislation and the GDPR provide rules on how organizations, Software Ltd. must collect, process and store personal data. These rules are applied by the Administrator regardless of whether it is data processed electronically, on paper or on other media.
In order for personal data to be processed in accordance with legal requirements, personal data is reasonably collected and used, stored securely and the Administrator takes the necessary measures to ensure that the processed personal data are not subject to unlawful disclosure.
The Privacy Controller is familiar with and follows the principles set forth in the GDPR:
- the personal data are processed in a lawful, conscientious and transparent manner; - personal data are collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with those purposes; - personal data is appropriate, relevant and limited to what is necessary for connection with the purposes for which it is being processed; - personal data are accurate and, if necessary, kept up-to-date; - the personal data are kept in a form that allows the persons concerned to be identified for a period no longer than is necessary for the purposes for which the personal data are processed; - personal data are processed in such a way as to ensure an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures.

II. Goals of Policy

The present Policy aims to:
- be in compliance with the applicable legislation on personal data and follow best practice; - establish the mechanisms for keeping, maintaining and protecting the accounting registers; - Establish the responsibilities of officials handling personal data and / or persons having access to personal data and working under the direction of personal data processors, their liability for non-performance of these obligations; - protect the rights of staff, clients and partners; - be discovered how to store and protect the personal data of individuals; - establish the necessary technical and organizational measures to protect personal data from unauthorized processing (accidental or unlawful destruction, accidental loss, unauthorized access, alteration or dissemination, and all other unlawful forms of processing of personal data); - be protected against the risk of disturbances.

III. Scope

This Policy applies to the processing of personal data of suppliers, human resources, clients and partners as described in the electronic reporting registers established in accordance with this Policy, Australia Legislation and Art. 30 of the GDPR ("Registry of Processing Activities").

IV. Collection of personal data

Categories of data and entities
"Personal Data" means any information relating to an identifiable natural person or an identifiable natural person (the "Data subject"), namely:
The administrator collects personal data with respect to the following categories of persons:
- persons representing the companies with which the Administrator has business relationships; - contact persons in companies with which the Administrator has business relationships; - persons who are interested in obtaining information services - newsletters, guides, etc .; - persons who register for the use of an online shop.

Targets of data collection

The administrator collects personal data in connection with the following purposes:
1. To carry out activities related to the concluding, existence, modification and termination of contractual relations, incl. for:
- preparation of any documents; - to establish contact with the contact person by telephone, fax or any other lawful means; - for the delivery and/or acceptance of goods / services, communication in connection with the provision and/or receipt of goods / services and the provision of related customer service; - Accounting for performance of contracts under which the Administrator is a party; - For processing of payments in connection with the contracts entered into by the Administrator; - For sending important information to entities in connection with changes to Administrator's policies, terms and policies and / or other administrative information;

2. For marketing purposes - subject to the explicit consent of the data subjects;

3. For statistical purposes.

Collect data

Data of contractors (managers, representatives and / or contact persons of the legal entity under a commercial contract)
The personal data for each person shall be provided voluntarily by the persons themselves and shall be collected by the Administrator in fulfillment of a statutory obligation in connection with the conclusion of a contract and / or fulfillment of the obligations under a contract under the provisions of the Commercial Act, the Accountancy Act, and contracts, Value Added Tax Act and others. and the terms and conditions set forth in a sales contract with the respective client through paper - written documents (including proxies, contracts, attachments, bank information, etc.), by e-mail - provided in connection with the execution of a commercial contract and/or a registration form. Individuals are notified of the provisions of this Policy in advance or at the time of receiving their details.

V. Legitimate interests pursued by the Administrator

In relation to data processing of managers and contractors:
The processing of the data is done on the grounds of a legitimate interest in connection with the conclusion, existence, modification, and termination of commercial and civil contracts in the implementation and implementation of the normative requirements of the Commercial Act, the Social Security Code, the Tax Insurance Procedure Code, , The Law on the Taxes on Income of Natural Persons, the Accountancy Law, the Law on Obligations and Contracts, etc.

VI. Technical and organizational data protection measures

The protection of the data of a hard copy and an electronic medium from unauthorized access, damage, loss or destruction is ensured through a series of internal technical and organizational measures.

VII. Violations Notification of violations

Violations

A security breach occurs when the personal data that AusfoTech responds to are affected by a security incident that results in a violation of privacy, privacy, or integrity of personal data. In this sense, a breach of data arises when there is a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of data that is transmitted, stored or otherwise processed.
In the event of a breach of security of personal data, it should be immediately notified

Evaluation of violations

Once the respective employee of AusfoTech has received information about a violation, it has to determine whether the particular event is a violation of personal data and notify the Administrators of the event (in case they do not know).
In the event of a personal data breach likely to pose a risk to the rights and freedoms of individuals, the Administrator (through the relevant employee), without undue delay and where feasible - no later than 72 hours after it is learned about it, informs the Commission about the protection of personal data
Where and as far as it is not possible to submit the information at the same time, the information may be submitted in stages without further unnecessary delay.
Where the personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the Administrator shall without undue delay notify the offender of the violation.
The administrator shall document any violation of personal data security, including the facts of the violation, its consequences, and the action taken to address it.

Additional provisions

This Policy is subject to affirmation and disclosure to the persons concerned by an order of the administrator of the Administrator.
The policy was effective since: 25.05.2021.