Privacy Policy
One Click System’s Privacy Guide
Here at One Click System, we are committed to protecting the privacy of our customers. We are proud to announce that One Click System is now certified under the EU Data Privacy Framework, which furthers our dedication to ensuring the security and privacy of your personal data when using our platform.
The documents below provide information about our role as a data processor, our customers’ roles as data controllers, and the steps we take to keep data secure. You should review these documents in conjunction with our Privacy Policy, and we recommend that you contact a legal specialist if you require advice or more information.
- Privacy Guide for Customers
- Security and Compliance Overview
- LeadConnector's Security and Compliance Overview
- Privacy Policy
- Data Processing Agreement
- Data Deletion Request
Privacy Laws And Regulations
Privacy laws regulate the storage and usage of personally identifiable information, personal healthcare information, and financial information of individuals that is collected by governments, public or private organisations, or other individuals. The laws may vary by country, region, territory, state, or otherwise, but there are some commonalities amongst most privacy laws in terms of the rights, obligations, and enforcement provisions.
If you collect, store, or use information that is subject to privacy regulations, then you are required to take certain steps to protect that information based on the location of the individual from whom you are collecting data. For example, if you collect personally identifiable information from your customer in the EU, you must comply with the EU’s General Data Protection Regulation (GDPR). If you collect personally identifiable information from a customer in California, United States, you must comply with the California Consumer Privacy Act (CCPA). If you are based in Victoria, Melbourne, Australia, and collect personally identifiable information, you must comply with Australia’s privacy laws, including the Privacy Act 1988, which outlines the Australian Privacy Principles (APPs) that govern the handling of personal information.
How To Use This Guide
Privacy laws and regulations are rapidly evolving, and we’re going to be honest—these laws are complex! But, One Click System wants to make it easy for our customers to stay compliant with the latest privacy laws. While One Click System makes efforts to be compliant with privacy regulations, our customers also have to take steps to be compliant.
This guide is not meant to explain all the applicable privacy laws and regulations. It is intended to be a resource to help you use the One Click System Platform in a way that complies with privacy requirements. That being said, our lawyer wants us to make it very clear that this document does not constitute legal advice nor is it intended to ensure compliance with privacy laws and regulations.
DISCLAIMER: One Click System is not a licensed legal representative and cannot provide legal advice or interpret the law for you. Please consult
your own legal advisor. This document does not constitute legal advice and should not be used as such.
Now, let’s dive in…
Data Roles
Privacy laws impose various obligations on a person depending on whether they are a controller or a processor of personal data. A controller is an entity which decides to process personal data and makes decisions regarding the basis of processing and the methods which will be used. Controllers have certain obligations regarding personal data, which you should familiarise yourself with before collecting personal data from your customers. A processor is an entity which processes data for and on behalf of a controller. They make no independent decisions regarding the data or its processing, as they only process it on behalf of the controller and must comply with all instructions given by the controller. When you use the One Click System Platform, you are a controller. You are in control of the data you upload to the One Click System platform, what you do with that data, and why. As a result, you are responsible for ensuring that you have a legal basis on which to process the data, and that you do not retain the data for any longer than is necessary. You should ensure that you understand your obligations as a controller and update your own systems and policies to allow the lawful transfer of personal data to One Click System. We recommend you consult your own legal counsel to ensure you fully understand your obligations as a controller. In the meantime, you can use the checklist below to get started on your compliance journey!
Controller Checklist
One Click System makes efforts to provide our customers with the functionality they need to ensure that the One Click System portion of your business can comply with privacy laws, specifically adhering to the Australian Privacy Principles (APPs) under the Privacy Act 1988 in Australia. Below, you will see recommended steps that you should take in your One Click System Platform account. You’ll also see recommended steps that you should take outside of your One Click System Platform account for compliance purposes.
And just as a reminder, One Click System is not a legal representative. The recommendations below are simply that—just suggestions! We cannot interpret the law or give you legal advice, and we recommend that you consult with your own lawyer.
By the way, this checklist is intended to cover privacy laws in general. GDPR is considered to be one of the most restrictive privacy laws, so we have tailored this checklist to reflect controller obligations under GDPR. However, as we mentioned earlier, privacy laws are rapidly evolving.
We’ll do our best to update this checklist on a regular basis, but if new laws are implemented or if existing laws are modified, this list might become outdated. Again, we encourage you to consult with your own lawyer to make sure you are taking all the appropriate measures to be compliant with privacy laws! We also welcome any feedback on how we can improve the One Click System Platform to make compliance even easier for our customers!
| Privacy Law Requirement | Explanation | What You Need To Do In Your One Click System Platform Account | What You Need To Do Outside of Your One Click System Platform Account |
|---|---|---|---|
| Right to Be Informed | You need to tell your customers how you plan to process their data, how you won’t process their data, and when you’ll be done processing their data. | You need to create a privacy notice and link to it on all webforms, landing pages, order forms, shopping carts, etc. (wherever you collect personal data). | If you choose to collect customer data through offline methods (i.e., in person), you need to make sure your privacy notice is accessible during that interaction |
| Lawfulness of Processing | In order to process someone’s data, you need to have a legal basis for doing so. A “legal basis” could be informed consent, performance of a contract, or other legitimate interests. This is where you should consult your own counsel to determine if you have a “legal basis” for processing someone’s data. | Create tags to track the lawful basis or create consent checkboxes to collect express consent. Create a regular process for removing EU contact info where you no longer have a lawful basis to process their data or if the contact withdraws their prior consent. | If you are ever audited in the future, you may need to provide records that indicate the lawful basis under which you collected your customers’ information. If you collect customer information offline, be sure to keep detailed records of those collections since you won’t have the records in your One Click System Platform account. |
| Consent | If you want to use consent as your lawful basis to process data for a contact, there are a few requirements that you should consider: 1) You must be clear about what consent you’re asking for (and make reference to your privacy notice); 2) Do not pre-check the consent checkboxes; customers need to explicitly consent by checking the box themselves; and 3) you need to be able to show proof of consent for prospects and customers who have granted it. | Update all your webforms and landing pages with consent checkboxes. | Implement these guidelines anywhere else in your business where you ask for consent or personal information. Consider creating documentation (with a time stamp) any time you make changes to your consent checkboxes or privacy notices. This is important so that you can show the exact text your contacts agreed to. This information is not captured in your One Click System account automatically. |
| Right to Erasure/ Delete; Right to Rectify/Correct Inaccuracies | If a person wants you to stop processing their data, they can request to be erased from your data records completely. | Create a simple way for your customers to request to be erased. For example, you can provide customers with a deletion request form that they must complete and return to you in order to request deletion. | You are responsible for carrying out your customer’s request to erase their data and can do so within your One Click System Platform account. Make sure you have an internal process to monitor deletion requests and ensure they are handled in a timely manner. If you keep customer contact records outside of One Click System, you need to erase those as well upon request. |
| The Right to Data Access and Portability | Your customer has the right to know whether their data is being processed. If you are processing their data, they have a right to know what you’re processing and should be able to request access to see it in a portable, visually friendly fashion. | Create a simple way for your customers to request access to the data you are processing for them. There are a few ways you can do this within One Click System: 1) You can take a screenshot (that shows their record and send it); or 2) You can export a contact’s details in a CSV file and send it. | You’re responsible for carrying out your customers’ requests promptly. Make sure you have an internal process to monitor requests and ensure they are handled in a timely manner. This right to access and portability is not limited to the data in your One Click System account. You’ll need to find a way to collect other pertinent data for your customers and transfer it to them securely. |
| Right of Rectification | Your customer has a right to see their data and ensure that it is accurate. If errors exist, they have the right to request you update that information in a reasonably expedient manner. | Create a simple way for your customers to request you update their data. You could use a request form similar to the data deletion request form template we provided above. | Make sure you have an internal process to monitor data update requests and ensure they are handled in a timely manner. In addition to updating your contact information in One Click System, you’ll also need to update the customer’s information in other systems and notify any other authorized 3rd parties that process your customer’s data. |
| Right of Rectification | You may want to appoint a Data Protection Officer (DPO) or a Chief Data Security Officer for your organization. In addition, if you have customers in the EU or the UK and have not appointed an EU or UK Data Protection Officer, you will need a representative in each region to handle any data or security dealings. There are third party services that can serve this role for you. | Update your privacy notice to name the individuals who fulfill the EU and UK representative roles. If you have one, identify your Data Protection Officer and Chief Data Security Officer, if applicable. | Update your privacy notice to name the individuals who fulfill the EU and UK representative roles. Identify your Data Protection Officer and Chief Data Security Officer, if applicable. |
About One Click System
Our Company and Products
Developed for agencies by an agency, One Click System’s mission is to empower marketing professionals and agencies…
Security and Compliance
One Click System Security and Risk Focus
One Click System places utmost importance on the security of our customers’ data…
Our Security and Compliance Objectives
- Customer Trust and Protection…
- Availability and Continuity of Service…
- Information and Service Integrity…
- Compliance with Standards…
One Click System Security Controls
Infrastructure Security
Cloud Hosting ProviderOne Click System entrusts the hosting…
Network and PerimeterOur product infrastructure utilises multiple layers…
Configuration ManagementOne Click System’s infrastructure thrives on automation…
LoggingActions and events that occur within the One Click System application…
Alerting and MonitoringOne Click System invests in automated monitoring…
Application Security
Web Application DefencesAll customer content hosted on the One Click System platform is safeguarded…
Development and Release ManagementOne Click System optimises our products using a modern continuous delivery approach…
Vulnerability ManagementThe One Click System team employs a multi-layered approach to vulnerability management…
Customer Data Protection
Data Classification
Per One Click System’s Terms of Service…
Tenant Separation
One Click System offers a multi-tenant SaaS solution…
Encryption
All data is encrypted in transit with TLS version 1.2 or 1.3…
Key Management
Encryption keys for both in transit and at rest encryption are securely managed…
Data Backup and Disaster Recovery
System Reliability and Recovery
One Click System is committed to minimising system downtime…
Backup Strategy
System Backups
Systems are backed up on a regular basis…
Physical Backup Storage
Because we leverage public cloud services for hosting…
Backup Protections
By default, all backups are protected…
Customer Data Backup Restoration
One Click System customers don’t have access…
Identity and Access Control
Product User Management
Systems are backed up on a regular basis…
Product Login Protections
The One Click System products allow users to log in…
One Click System Employee Access to Customer Data
Access to Production Infrastructure
User access to internal data stores…
Access to Customer Portals
By default, Customer Support, Services…
Corporate Authentication and Authorization
Access to the One Click System company network requires MFA…
Organisational and Corporate Security
Background Checks and Onboarding
One Click System employees undergo a third-party background check…
Policy Management
To ensure all our employees are aligned…
Security Awareness Training
One Click System employees are required to complete CyberSafety training…
Vendor Management
One Click System may leverage third-party service providers…
Endpoint Protection
Company-issued laptops are centrally managed…
Privacy and Data Governance
Privacy
As described in our Privacy Policy, we do not sell your personal data…
Data Retention and Deletion
Customer data is retained for as long as you remain an active customer…
Privacy Program Management
One Click System’s Legal Team collaborates with our engineering and product teams…
Breach Response
One Click System will notify customers as required by law…
Regulatory Compliance
GDPR
One Click System aims to provide features that enable our customers to achieve GDPR compliance…
Other Information
Document Scope and Use
This document is intended to be a resource for our customers…
Contact Us
Questions about this document? You can reach us at support@oneclicksystem.ai.
Our Company And Products
Developed for agencies by an agency, LeadConnector’s mission is to empower marketing professionals and agencies to exceed their benchmarks for success…
LeadConnector Security and Risk Focus
LeadConnector places utmost importance on the security of our customers’ data…
Our Security and Compliance Objectives
- Customer Trust and Protection: Deliver exceptional products and services while safeguarding the privacy and confidentiality of data.
- Availability and Continuity of Service: Guarantee service availability and minimise service continuity risks.
- Information and Service Integrity: Ensure the accuracy and integrity of customer information.
- Compliance with Standards: Meet or surpass industry-standard best practices.
LeadConnector Security Controls
Infrastructure Security
Cloud Hosting Provider
LeadConnector entrusts the hosting of its product infrastructure to leading cloud infrastructure providers…
Network and Perimeter
Our product infrastructure utilises multiple layers of security to scrutinise all connections…
Configuration Management
LeadConnector’s infrastructure thrives on automation…
Logging
Actions and events that occur within the LeadConnector application are consistently and comprehensively logged…
Alerting and Monitoring
LeadConnector invests in automated monitoring, alerting, and response capabilities…
Application Security
Web Application Defences
All customer content hosted on the LeadConnector platform is safeguarded…
Development and Release Management
LeadConnector optimises our products using a modern continuous delivery approach…
Vulnerability Management
The LeadConnector team employs a multi-layered approach to vulnerability management…
Customer Data Protection
Data Classification
Per LeadConnector’s Terms of Service, our customers are responsible for ensuring they only capture appropriate information…
Tenant Separation
LeadConnector offers a multi-tenant SaaS solution…
Encryption
All data is encrypted in transit with TLS version 1.2 or 1.3…
Key Management
Encryption keys for both in transit and at rest encryption are securely managed…
Data Backup and Disaster Recovery
System Reliability and Recovery
LeadConnector is committed to minimising system downtime…
Backup Strategy
Systems are backed up on a regular basis with established schedules…
Physical Backup Storage
Because we leverage public cloud services for hosting…
Backup Protections
By default, all backups are protected through access control restrictions…
Customer Data Backup Restoration
LeadConnector customers don’t have access to the product infrastructure…
Identity and Access Control
Product User Management
Systems are backed up on a regular basis…
Product Login Protections
The LeadConnector products allow users to log in…
LeadConnector Employee Access to Customer Data
Access to Production Infrastructure
User access to internal data stores and production infrastructure is strictly controlled…
Access to Customer Portals
By default, Customer Support, Services, and other customer engagement staff can obtain limited access…
Corporate Authentication and Authorization
Access to the LeadConnector company network requires MFA…
Organisational and Corporate Security
Background Checks and Onboarding
LeadConnector employees undergo a third-party background check prior to employment…
Policy Management
To ensure all our employees are aligned in protecting data…
Security Awareness Training
LeadConnector employees are required to complete CyberSafety training…
Vendor Management
LeadConnector may leverage third-party service providers…
Endpoint Protection
Company-issued laptops are centrally managed and configured…
Privacy
Data Retention and Data Deletion
Customer data is retained for as long as you remain an active customer…
Privacy Program Management
LeadConnector’s Legal Team collaborates with our engineering and product development teams…
Breach Response
LeadConnector will notify customers as required by law…
GDPR
LeadConnector aims to provide features that enable our customers to easily achieve GDPR compliance…
Document Scope and Use
This document is intended to be a resource for our customers…
Contact Us
Questions about this document? You can reach us at support@oneclicksystem.ai.
Overview
OneClickSystem AI (“OneClickSystem,” “we,” “us,” and “our”) values your privacy and is dedicated to safeguarding it through adherence to this Privacy Policy (“Privacy Policy”). This document outlines our practices regarding the collection and use of your Personal Information when you visit our website at https://oneclicksystem.ai or engage with our Platform as further described in the Terms of Service, including any information you may provide through electronic communications to OneClickSystem.
We encourage you to read this Privacy Policy carefully to understand how we treat your Personal Information and the measures we take to protect it. If you disagree with our policies and practices, you should not access or use the Platform. By accessing or using the Platform, you acknowledge and consent to the practices described in this Privacy Policy.
OneClickSystem reserves the right to modify this Privacy Policy at any time and at our discretion. Your continued use of the Platform following any changes signifies your acceptance of those changes. Therefore, we recommend reviewing the Privacy Policy periodically for updates.
This Privacy Policy is governed by and must be read in conjunction with the OneClickSystem Terms of Service, which also encompass the Services detailed within.
The Types of Information That OneClickSystem Collects About You and How OneClickSystem Collects Information About You
OneClickSystem collects two categories of information from you when you interact with the Platform: Personal Information and Non-Personal Information (together referred to as “Information”).
- Personal Information is data that can be used to identify you personally, such as your name, email address, employer details, job title, department, and telephone number.
- Non-Personal Information refers to data that does not personally identify you but is related to your usage of our Platform. This includes details of your interactions with the Platform that do not reveal your identity directly.
Information is collected:
- Directly from you when you provide it voluntarily. This can include subscribing to a newsletter, creating an account, making a purchase, or requesting information from OneClickSystem. When you engage with us for services, participate in events, or contact us directly, you may offer similar information voluntarily. It’s your responsibility to have the authority to share Personal Information of others with us, ensuring it aligns with this Privacy Policy.
- From third parties, through partners, vendors, and other external sources. We engage with various entities for advertising, data analysis, event participation, and other business operations, ensuring they have legal grounds to share your Personal Information with us. We also integrate data from multiple sources to enhance our Platform and services.
- Automatically through your use of the Platform, utilising cookies, pixel tags, and similar tracking technologies to understand your interactions. Our separate Cookies Policy details how we use these technologies and your control over them.
How OneClickSystem Uses Personal Information It Collects About You and the Purposes for the Collection and Use
The Personal Information collected is utilised to:
- Enhance Platform Functionality and Services: We use the Information to deliver and personalise our services, including through IP address-based communications for network connectivity, diagnostics, and security. Our use of cookies and similar technologies is outlined in our Cookies Policy.
- Support and Development: Information aids in providing updates, maintenance, and customer support for our Platform, ensuring it functions optimally and securely.
- Business Operations: Essential for running our business, including accounting, fraud prevention, legal compliance, and fulfilling contractual obligations. We also use your Information for marketing our services in line with your preferences.
- Communication: We use your contact information for essential communications, including service alerts, policy updates, marketing materials, and participation in surveys or research, always respecting your communication preferences.
- Advertising and Marketing: Personalized content and effective campaign analysis may be based on the amalgamation of collected Personal Information, adhering to your device settings and preferences.
- Platform Improvement: Aggregated data assists in understanding user needs, improving the Platform, and developing new features based on user interaction patterns.
Legal Basis for Processing (For EEA and UK Visitors): We process Personal Information based on consent, contractual necessity, legal obligations, or our legitimate interests, ensuring transparency and adherence to data protection laws. Your rights regarding this processing are outlined, including contact information for further inquiries.
Retention of Personal Information: Your Personal Information is kept only as long as necessary for the purposes stated in this Privacy Policy, adhering to legal and regulatory requirements. You have the right to request deletion of your data under certain conditions, as detailed in the “YOUR LEGAL RIGHTS” section.
How OneClickSystem Protects Your Information
OneClickSystem prioritises the security of your Personal Information and implements robust administrative, technical, and organisational measures to protect it against risks such as loss, destruction, and unauthorised access or disclosure. We demand similar security standards from our suppliers and vendors who may access or use your Personal Information, ensuring they adhere to our strict privacy protocols.
We recognize the shared responsibility in safeguarding data and urge our users to take proactive steps in protecting their accounts and personal information. Despite our efforts, no method of data transmission or storage is entirely secure. If you believe your interaction with OneClickSystem has been compromised, please contact us immediately as detailed in the “HOW TO CONTACT US” section.
When OneClickSystem Shares Your Information
Our collaborative efforts with affiliates, authorised suppliers, and business partners are essential in delivering the OneClickSystem platform and services. We ensure that any sharing of your Personal Information is governed by strict measures to limit its use to purposes that align with this Privacy Policy, maintaining confidentiality and security at all times.
Personal Information may be shared:
- With Affiliates and Subsidiaries: Limited to purposes consistent with this Privacy Policy.
- With Suppliers: Authorised vendors and suppliers might need access to Personal Information to perform services like product delivery, website hosting, data analysis, IT services, customer support, etc. We use various software and tools as part of our business operations, processing Personal Information accordingly. Our contracts with these entities include clauses to protect your Personal Information.
- With Partners: For marketing promotions, joint products, research studies, or to facilitate services on the Platform, always with additional terms or privacy policies provided for transparency.
- For Advertising and Marketing: We collaborate with third-party partners to deliver personalised ads and analyse campaign effectiveness. This involves sharing your information under lawful bases and according to your preferences.
- Sales, Mergers & Acquisitions: In events like reorganisation, merger, or sale, Personal Information may be part of the transferred assets.
- With Your Consent: We may share Personal Information with other parties based on your explicit consent.
Non-personally identifiable information, such as anonymized or aggregated data, may be shared for analytical purposes, trend identification, or the development of new services. Importantly, OneClickSystem does not sell your Personal Information for monetary compensation.
Information From Children
OneClickSystem does not intentionally collect or use information from children under the age of 16. Upon discovering the collection of Personal Information from a child under this age, we will take immediate steps to delete the information. Individuals under 16 should refrain from providing any Personal Information to OneClickSystem. If you are aware of a child under 16 providing us with Personal Information, please contact us using the methods outlined in the “HOW TO CONTACT US” section.
Links to Other Websites and Services
We are not responsible for the practices employed by websites or services linked to or from the Platform, including the information or content contained therein. This Privacy Policy does not address, and we are not responsible for, the policies and practices of third parties or other organisations that are not operating on One Click System’s behalf, including policies and practices related to privacy and security, data collection, processing, use, storage, and disclosure. This includes: (a) any third party operating any site or service to which the Platform links – the inclusion of a link on the Platform does not imply endorsement of the linked site or service by us or by our affiliates; or (b) any app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer (such as Facebook, Apple, Google, Microsoft, LinkedIn, etc.) – including any Personal Information you disclose to other organisations through or in connection with the Platform or other One Click System Services.
Do Not Track
Some browsers incorporate a “Do Not Track” (“DNT”) feature that, when turned on, signals to websites and online services that you do not want to be tracked. At this time, the Platform does not respond to DNT signals.
YOUR LEGAL RIGHTS
One Click System respects your rights in how your Personal Information is used and shared. Depending on where you live, you may have rights to request access or corrections to your personal data and make choices about the kinds of marketing materials you receive (or choose not to receive marketing from One Click System at all). See below for more information, depending on your location.
European Privacy Rights
If you are in Europe, you may have additional rights under the GDPR, the UK GDPR, or nFADP. Additional choices and rights may be available to you depending on which One Click System Services you use.
- Access, Correction to or Deletion of Your Information. If you would like to correct or update your Personal Information, or to request access to or deletion of your Personal Information, you may contact us by visiting the Platform or by using the contact details provided under the “HOW TO CONTACT US” section below. If you request a change to or deletion of your Personal Information, please note that we may still need to retain certain information for recordkeeping purposes, and/or to complete any transactions that you began prior to requesting such change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion). Some of your information may also remain within our systems and other records where necessary for compliance with applicable law.
- At your request and where the law requires us to do so, we will confirm what Personal Information we hold about you. You may also have a legal right to obtain a copy of your Personal Information. You can make such a request by making a written request in one of the ways described in the “HOW TO CONTACT US” section below. We may charge a processing fee for this service where permitted by law and we will require evidence of your identity before fulfilling your request.
- Data Privacy Rights Specific to Individuals in the European Economic Area, the United Kingdom, and Switzerland. You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information, or request portability of your Personal Information. You can exercise these rights by making a written request in one of the ways described in the “HOW TO CONTACT US” section below.
- Similarly, if we have collected your Personal Information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect (1) the lawfulness of any processing we conducted prior to your withdrawal, or (2) processing your Personal Information under other legal bases.If you believe we are using your Personal Information in a way that is inconsistent with this Privacy Policy or for more information about your rights, contact your local data protection authority. Additionally, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF, you may contact JAMS Mediation, Arbitration, and ADR Services to address complaints and provide appropriate recourse free of charge to you. Under certain conditions, you may invoke binding arbitration.
- Advertising and Marketing Choices. We give you many choices regarding our use and disclosure of your Personal Information for advertising and marketing purposes. You may access or update your contact details and modify your communication preferences by using one of the methods provided under the “HOW TO CONTACT US” section below. Please also note that if you choose not to receive marketing communications from us, we may still send you communications related to your products or the Platform, such as information about a security update, service issue or product delivery. Some advertising content is delivered through the Platform’s use of cookies and similar technologies. Our Cookies Policy includes more information on One Click System’s use of such technologies for advertising and other purposes.
International Compliance
One Click System is a global organisation with its headquarters in the United States. As such, we may transfer your Personal Information between the United States and our affiliates and business partners in other countries. We may also transfer your Personal Information to our third-party service providers, who may be located in a different country to you.
One Click System transfers information internationally to operate efficiently, to improve performance, and to create redundancies to protect information in the event of an outage or other problem. In doing so, we will process your Personal Information in a way that meets the commitments of this Privacy Policy and complies with the law wherever we transfer it, including adherence to the Australian Privacy Principles (APPs) when transferring personal information from Australia.
Whenever One Click System transfers Personal Information beyond the country of origin, including from Australia, we will do so in accordance with applicable laws, including the Privacy Act 1988 (Cth) for Australian-sourced personal information. We commit to ensuring that any international transfers of personal information are conducted in a manner that provides comparable safeguards to the protections under Australian law. This includes ensuring any overseas recipients comply with the APPs or an equivalent standard.
One Click System may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, and will take steps to ensure that any such disclosures are compliant with Australian law and our Privacy Policy.
Data Privacy Framework
One Click System acknowledges the importance of protecting personal data and commits to adhering to the Australian Privacy Principles (APPs) for the handling of personal data collected from Australia. While the original policy referenced compliance with international frameworks such as the EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework, One Click System ensures that its practices are in line with the requirements set forth by the Australian Privacy Act 1988 (Cth) for the processing and transfer of personal data.
For personal information originating from Australia and transferred internationally, One Click System will take appropriate steps to ensure that such transfers are carried out in accordance with the Privacy Act and the APPs. This may involve ensuring that overseas recipients undertake to protect the information in a way that is consistent with the privacy safeguards set by Australian law. Our commitment to protecting your personal information does not diminish when your data crosses borders, and we strive to provide a high level of protection in all jurisdictions in which we operate.
California Privacy Rights
This section is addressed to California residents only and provides more information about your rights under the California Consumer Privacy Act or “CCPA” (California Civil Code Section 1798.100 et seq.), as amended. Subject to certain exceptions, the CCPA grants to California residents the rights to: be notified about the collection, use, disclosure, sale or sharing of their Personal Information; request access to, deletion of, or correction of their Personal Information; request to opt out of the “sale” or “sharing” of Personal Information (where such information is sold or shared); limit the use or disclosure of Sensitive Personal Information (as defined under CCPA); and to not be discriminated against for exercising such rights.
One Click System does not sell your Personal Information. If you wish to exercise your right to opt-out of One Click System using your Personal Information for cross-contextual targeted advertising purposes (called “sharing” under the CCPA), you may do so by using the details in the “HOW TO CONTACT US” section or the appropriate withdrawal mechanism provided to you on the Platform.
You can request access to, correction of, or deletion of your Personal Information by using the details in the “HOW TO CONTACT US” section. If you request a deletion of your Personal Information, please note that One Click System may still need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to requesting such deletion, to comply with applicable law, or for other purposes permitted by CCPA. If you submit a request to exercise rights under CCPA, One Click System will ask you to provide certain information to verify your identity. This information will depend on your prior interactions with One Click System and the sensitivity of Personal Information at issue. If One Click System denies your request, we will explain why.
You can designate an authorised agent to make a request under the CCPA on your behalf in certain circumstances. If you use an authorised agent for this purpose, One Click System may ask you to verify your identity or that you provided the authorised agent signed permission to submit a request under the CCPA. If you provide an authorised agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and One Click System will respond to any request from such authorised agent in accordance with the CCPA.
The Privacy Policy describes the categories of Personal Information that One Click System collects and how One Click System uses such Personal Information. If One Click System collects Sensitive Personal Information, we limit our use of the Sensitive Personal Information to uses: (1) you have authorised, (2) that are required to fulfil your requests for goods or services, or (3) that are otherwise allowed by the CCPA or required by other laws or regulations.
The categories of Personal Information collected, disclosed, and sold from California residents over the preceding 12 months and One Click System’s applicable retention periods include:
Colorado Privacy Rights
This section is addressed to Colorado residents only and provides more information about your rights under the Colorado Privacy Act or “CPA.” Subject to certain exceptions, the CPA grants to Colorado residents the rights to: be notified about the collection, use, disclosure, or sale of their Personal Information; request access to, deletion of, or correction of their Personal Information; and request to opt out of the use of Personal Information for targeted advertising, sale, or certain profiling.
You can request access to, correction of, or deletion of your Personal Information by using the details in the “HOW TO CONTACT US” section. If you request a deletion of your Personal Information, please note that One Click System may still need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to requesting such deletion, to comply with applicable law, or for other purposes permitted by CPA. If you submit a request to exercise rights under CPA, One Click System will ask you to provide certain information to verify your identity. This information will depend on your prior interactions with One Click System and the sensitivity of Personal Information at issue. If One Click System denies your request, we will explain why. If we have not responded to your request or asked for additional time to respond to your request within 45 days after you send us a request, you have the right to appeal our failure to take action. To appeal our failure to take action, contact us using the details in the “HOW TO CONTACT US” section.
You can designate an authorised agent to make a request under the CPA on your behalf in certain circumstances. If you use an authorised agent for this purpose, One Click System may ask you to verify your identity or that you provided the authorised agent signed permission to submit a request under the CPA.
Connecticut Privacy Rights
This section is addressed to Connecticut residents only and provides more information about your rights under the Connecticut Data Privacy Act or “CTDPA.” You can exercise your rights by using the details in the “HOW TO CONTACT US” section. If One Click System informs you that we decline to take action regarding your request, you have the right to appeal our failure to take action by contacting us using the details in the “HOW TO CONTACT US” section.
Privacy Policy Information Table
| Personal Information Category | Retention Period | Business Purpose | Collected | Disclosed | Sold |
|---|---|---|---|---|---|
| Identifiers (such name, address, IP address, email, etc.) | See Section 3 of Privacy Policy: “Retention of Your Personal Information” | For functionality, customer support, business operations, communication, advertising and marketing, and statistical purposes. | Yes | Yes | No |
| Personal information defined in Civil Code Section 1798.80(e) (such as signature, SSN, financial information, and insurance information, etc.) | No | No | No | ||
| Protected personal information (such as gender, religion, sexual orientation, or disability) | No | No | No | ||
| Commercial information (such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, etc.) | See Section 3 of Privacy Policy: “Retention of Your Personal Information” | For development, customer support, business operations, communication, advertising and marketing, and statistical purposes. | Yes | No | No |
| Biometric information | No | No | No | ||
| Internet or other similar network activity (such as information on a consumer’s interaction with a website, application, or advertisement, etc.) | See Section 3 of Privacy Policy: “Retention of Your Personal Information” | For functionality, business operations, and statistical purposes. | Yes | Yes | No |
| Geolocation data | No | No | No | ||
| Audio, electronic, visual, thermal, or olfactory information | No | No | No | ||
| Professional or employment-related information | No | No | No | ||
| Education information | No | No | No | ||
| Inferences (such as analytics and preferences) | Yes | Yes | No |
Utah Privacy Rights
This section is addressed to Utah residents only and provides more information about your rights under the Utah Consumer Privacy Act or “UCPA.” You can exercise your rights by using the details in the “HOW TO CONTACT US” section of One Click System.
Virginia Privacy Rights
This section is addressed to Virginia residents only and provides more information about your rights under Virginia’s Consumer Data Protection Act or “VCDPA.” Subject to certain exceptions, the VCDPA grants to Virginia residents the rights to: be notified about the collection, use, disclosure, or sale of their Personal Information; request access to, deletion of, or correction of their Personal Information; request to opt out of the use of Personal Information for targeted advertising, sale, or certain profiling; and to not be discriminated against for exercising such rights.
You can request access to, correction of or deletion of your Personal Information by using the details in the “HOW TO CONTACT US” section of One Click System. If you request a deletion of your Personal Information, please note that One Click System may still need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to requesting such deletion, to comply with applicable law, or for other purposes permitted by VCDPA. If you submit a request to exercise rights under VCDPA, One Click System will ask you to provide certain information to verify your identity. This information will depend on your prior interactions with One Click System and the sensitivity of Personal Information at issue. If One Click System denies your request, we will explain why. If we inform you that we decline to take action regarding your request, you have the right to appeal our failure to take action. To appeal our failure to take action, contact us using the details in the “HOW TO CONTACT US” section.
How To Contact Us About This Privacy Policy
To ask questions about this Privacy Policy and our privacy practices, contact us at support@oneclicksystem.ai
This One Click System Data Processing Agreement and its Annexes A, B, and C (“DPA”) is between One Click System Pty Ltd (“One Click System”) and the party executing this agreement as Customer (“Customer”). This DPA reflects the parties’ agreement with respect to the Processing of Personal Data by One Click System on behalf of Customer in connection with the Service under the contemporaneously-executed Terms of Service agreement between the parties (“Agreement”).
This DPA is part of the Agreement and is effective upon execution or another time as specified in the Agreement, an Order, or an executed amendment to the Agreement. In case of any conflict or inconsistency with the terms of the Agreement, this DPA will take precedence over the terms of the Agreement to the extent of such conflict or inconsistency, and it will supersede any previous DPA.
Definitions
a. APP means the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) as amended (including by the Privacy Amendment (Enhancing Privacy Protection) Act 2012).
b. Australian Personal Information means Personal Data that is subject to the protection of the Privacy Act 1988 (Cth).
c. Controller, Processor, Data Subject, Personal Data, Personal Data Breach, Process, and Processing shall have the meaning given to them in the Data Protection Laws;
d. Customer Personal Data means any information relating to an identified or identifiable individual where (i) such information is contained within Customer Data provided under the Agreement; and (ii) is protected as personal data, personal information, or personally identifiable information under applicable Data Protection Laws including the Privacy Act 1988 (Cth).
e. Data Protection Laws means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the Agreement, including without limitation, the Privacy Act 1988 (Cth), the European Data Protection Laws, and other international laws; in each case as amended, repealed, consolidated, or replaced from time to time.
f. Europe means the European Union, the European Economic Area and/or their member states, Switzerland, and the United Kingdom.
g. European Data means Personal Data that is subject to the protection of European Data Protection Laws.
h. European Data Protection Laws means data protection laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, the GDPR; (ii) Directive 2002/58/EC concerning the Processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”); and (iv) Swiss Federal Data Protection Act on 19 June 1992 and its Ordinance (“Swiss DPA”); in each case, as may be amended, superseded, or replaced.
i. GDPR means the General Data Protection Regulation ((EU) 2016/679), and the retained UK version of the same;
j. Standard Contractual Clauses means the standard contractual clauses for the transfer of personal data to third countries pursuant to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
k. UK Addendum means the International Data Transfer Addendum to the Standard Contractual Clauses issued by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018 currently found at [ICO website], as may be amended, superseded, or replaced.
Compliance
Both parties will comply with all applicable requirements of Data Protection Laws. This schedule is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under Data Protection Laws.
Controller/Processor
The parties have determined that for the purposes of Data Protection Laws, One Click System shall process the Customer Personal Data as a processor on behalf of the Customer. Customer may be either a Controller or Processor.
Consents
Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of Customer Personal Data to One Click System, and the lawful collection of the same by the Customer using the One Click System Services for the duration and purposes of the Agreement and DPA and shall indemnify One Click System against all loss and damage (including fines) arising from a failure to do so.
Nature, Scope, Purpose of Processing, and Data Subjects
Annex A sets out the scope, nature, and purpose of Customer Personal Data Processing by One Click System, the duration of the Processing, and the types of Customer Personal Data and categories of Data Subjects.
Customer Instructions
One Click System shall process Customer Personal Data only on the documented instructions of the Customer, unless One Click System is required by any applicable laws to otherwise process that Customer Personal Data. The Agreement and DPA are deemed to be the instructions of Customer; the parties may agree to additional instructions. One Click System shall inform the Customer if, in the opinion of One Click System, the instructions of the Customer breach Data Protection Laws.
One Click System Obligations
One Click System will:
a. Implement and maintain appropriate technical and organisational measures to protect Customer Personal Data from Personal Data Breaches, as described under Annex B to this DPA (“Security Measures”). Notwithstanding any provision to the contrary, One Click System may modify or update the Security Measures at One Click System’s discretion provided that such modification or update does not result in a material degradation in the protection offered by the Security Measures.
b. Ensure that any personnel engaged and authorised by One Click System to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality.
c. Assist the Customer insofar as this is reasonably possible (taking into account the nature of the Processing and the information available to One Click System), and at the Customer’s cost and written request, in responding to any request from a Data Subject and in ensuring the Customer’s compliance with its obligations under Data Protection Laws with respect to security, breach notifications, impact assessments, and consultations with supervisory authorities or regulators.
d. Notify the Customer without undue delay on becoming aware of a Personal Data Breach involving the Customer Personal Data.
e. At the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the Agreement unless One Click System is required by any applicable law to continue to process that Customer Personal Data. For the purposes of this paragraph, Customer Personal Data shall be considered deleted where it is put beyond further use by One Click System.
f. For European Data, assist Customer in ensuring compliance with Articles 32 to 36 of the GDPR; make available all information reasonably necessary to demonstrate compliance with this DPA available to Customer and allow for and contribute to audits, including inspections conducted by Customer to assess compliance with this DPA to the extent required by Data Protection Laws; and will make available all information reasonably necessary to demonstrate compliance with GDPR Article 28 requirements for Processors;
g. Maintain records to demonstrate its compliance with this paragraph.
Service Provider
The parties agree that if the APP applies, Customer is a “business” and One Click System is a “service provider” as defined under the APP. One Click System will not retain, use, or disclose the Australian Personal Information it collects pursuant to the Agreement for any purposes other than to perform the Agreement or as otherwise permitted by the APP; and (b) One Click System will not retain, use, or disclose the Australian Personal Information it collects pursuant to this the Agreement outside of the direct business relationship between One Click System and Customer, unless otherwise permitted by the APP. One Click System will not “sell” or “share” Australian Personal Information as those terms are defined in the APP or combine the Australian Personal Information with personal information obtained from sources other than Customer, except to the extent necessary to perform the Agreement. From time to time, customers may ask for, and One Click System will provide, reasonable evidence of its compliance with this Section 8.
European Data: Transfer Mechanisms for Data Transfers/Standard Contractual Clauses
a. One Click System will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) transferring such Personal Data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws, or to a recipient that has executed appropriate standard contractual clauses in each case as adopted or approved in accordance with applicable European Data Protection Laws.
b. Customer acknowledges that in connection with the performance of the Service, One Click System is a recipient of European Data in Australia. Subject to sub-sections (c), the parties agree that the Standard Contractual Clauses will be incorporated by reference and form part of the Agreement as follows:
(1) EEA Transfers. In relation to European Data that is subject to the GDPR (i) Customer is the “data exporter” and One Click System is the “data importer”; (ii) the Module Two terms apply to the extent the Customer is a Controller of European Data and the Module Three terms apply to the extent the Customer is a Processor of European Data; (iii) in Clause 7, the optional docking clause applies; (iv) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified in accordance with the ‘Sub-Processors’ section of this DPA; (v) in Clause 11, the optional language is deleted; (vi) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes for the Standard Contractual Clauses will be determined in accordance with the relevant European Data Protection Laws; (vii) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Annexes of this DPA; and (viii) if and to the extent the Standard Contractual Clauses conflict with any provision of this DPA the Standard Contractual Clauses will prevail to the extent of such conflict.
(2) UK Transfers. In relation to European Data that is subject to the UK GDPR, the Standard Contractual Clauses will apply in accordance with subsection (1) and the following modifications (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which will be incorporated by reference and form an integral part of the Agreement; (ii) Tables 1, 2 and 3 of the UK Addendum will be deemed completed with the information set out in the Annexes of this DPA and Table 4 will be deemed completed by selecting “neither party”; and (iii) any conflict between the terms of the Standard Contractual Clauses and the UK Addendum will be resolved in accordance with Section 10 and Section 11 of the UK Addendum.
(3) Swiss Transfers. In relation to European Data that is subject to the Swiss DPA, the Standard Contractual Clauses will apply in accordance with subsection (1) and the following modifications (i) references to “Regulation (EU) 2016/679” will be interpreted as references to the Swiss DPA; (ii) references to “EU”, “Union” and “Member State law” will be interpreted as references to Swiss law; and (iii) references to the “competent supervisory authority” and “competent courts” will be replaced with the “the Swiss Federal Data Protection and Information Commissioner ” and the “relevant courts in Switzerland”.
c. If One Click System cannot comply with its obligations under the Standard Contractual Clauses or is in breach of any warranties under the Standard Contractual Clauses or UK Addendum (as applicable) for any reason, and Customer intends to suspend the transfer of European Data to One Click System or terminate the Standard Contractual Clauses, or UK Addendum, Customer agrees to provide One Click System with reasonable notice to enable One Click System to cure such non-compliance and reasonably cooperate with One Click System to identify what additional safeguards, if any, may be implemented to remedy such non-compliance. If One Click System has not or cannot cure the non-compliance, Customer may suspend or terminate the affected part of the Service in accordance with the Agreement without liability to either party (but without prejudice to any fees Customer have incurred prior to such suspension or termination).
Amendments
Notwithstanding anything else to the contrary in the Agreement, One Click System reserves the right to make any updates and changes to this DPA, including to address changes in Data Protection Laws and to revise the security provisions in this DPA, so long as One Click System does not materially reduce the overall security level provided to Customer Personal Data.
ANNEX A – Details of Processing
A. List of Parties
Data exporter:
Name: You, as defined in One Click System’s Terms of Service
Address: Your address as specified by your Platform Account
Contact person’s name, position, and contact details: Your contact details, as specified by your Platform Account
Activities relevant to the data transferred under these Clauses: Performance of the Agreement between the parties as a Controller.
Role (controller/processor): Controller or Processor
Data importer:
Name: One Click System Pty Ltd
Address: Level 19, 2 Southbank Boulevard, Southbank, Melbourne, VIC 3006, Australia
Contact person’s name, position, and contact details: Robby Choucair, Director
Activities relevant to the data transferred under these Clauses: Performance of the Agreement between the parties.
Role (controller/processor): Processor
B. Description of Transfer
Categories of Data Subjects whose Personal Data is Transferred: Customers and potential customers of clients.
Categories of Personal Data Transferred: The Personal Data input and collected as decided by the Customer, including name, age, date of birth, phone number, email address, social media profiles.
Sensitive Data transferred and applied restrictions or safeguards: The parties do not anticipate the transfer of sensitive data.
Frequency of the transfer: Variable during the Agreement term.
Subject Matter and Nature of the Processing: One Click System will provide the Services to the Customer under the Agreement between the parties. The Customer will use the Services to collect and process Personal Data of their customers and potential customers for the purposes of managing and carrying out marketing activities, which may be targeted to their customers and potential customers.
The Processing will involve collecting, storing, recording, contacting, and managing Personal Data, in particular for the purpose of running marketing campaigns, providing marketing services, and managing marketing generally.
Purpose of the transfer and further Processing: One Click System will Process Personal Data as necessary to provide the Service pursuant to the Agreement, as further specified in an order form, and as further instructed by Customer in Customer’s use of the Service.
Period for which Personal Data will be retained: The duration of the period in which the Customer accesses and uses the One Click System platform under the Services Agreement.
C. Competent Supervisory Authority:
For the purposes of the Standard Contractual Clauses, the supervisory authority that will act as competent supervisory authority will be determined in accordance with the Transfer Mechanisms for Data Transfers section of this DPA.
Description of the technical and organisational security measures implemented by the data importer in accordance with clause 4(d) and clause 5(c) (or documents/legislation attached):
ANNEX B to the Standard Contractual Clauses
Description of the technical and organisational security measures implemented by the data importer in accordance with clause 4(d) and clause 5(c) (or documents/legislation attached):
| Measure | Description |
|---|---|
| Measures of pseudonymisation and encryption of personal data | All personal data at rest is encrypted with AES 256 CBC. All personal data in transit is encrypted with TLS V1.2+. |
| Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services | Processor has endpoint protection on its APIs. Processor has uptime monitors. Processor has implemented access control measures. Processor uses managed services (AWS, GoogleCloud). |
| Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident | Personal data backed up on AWS and GoogleCloud with 5 minute granularity. |
| Measures for user identification and authorisation | Processor uses encrypted signed tokens, role-based authorizations, and password protection. |
| Measures for the protection of data during transmission | SSL certificates and https are used, protected with TLS v1.2+. |
| Measures for the protection of data during storage | Personal data is encrypted at rest with AES-256 CBC encryption. |
| Measures for ensuring physical security of locations at which personal data are processed | Processor uses managed services to ensure physical security of server locations. |
| Measures for ensuring events logging | Processor uses logging for user actions and audit logs with GoogleCloud ops and AWS’s Cloudwatch. |
| Measures for ensuring system configuration, including default configuration | Configurations stored in version control, use of standardized images, automatic updates and patching managed by GoogleCloud. |
| Measures for internal IT and IT security governance and management | Processor uses a third-party vendor for internal IT and IT security. |
| Measures for certification/assurance of processes and products | The Compliancy Group has issued Processor a HIPAA Seal of Compliance Certificate. |
| Measures for ensuring data minimisation | Minimum data requirement set by Processor. |
| Measures for ensuring data quality | Processor enables customers to update personal data, uses two-factor authentication. |
| Measures for ensuring limited data retention | Data retention configurable by customer administrator. |
| Measures for ensuring accountability | Processor access to personal data is restricted based on rules. |
| Measures for allowing data portability and ensuring erasure | Customers can download or request deletion of their personal data via support tickets. |
Describe the specific technical and organisational measures to be taken by Data Importer to be able to provide assistance to the Data Exporter:
| Measure | Description |
|---|---|
| Self-Service | Personal data can be downloaded by customers from within the Service. Customer admins can set data retention for terminated personnel. |
| Customer and Product Support | FAQs, support tickets for specific queries not addressed by collateral on Processor customer/product support website. |
You may be entitled to request that HighLevel erase any personal data that it holds about you. We will make reasonable efforts to promptly respond to such requests. In any event, we will respond within one month of (i) our receipt of your written request, or (ii) our receipt of any further information we may ask you to provide to enable us to comply with your request (whichever is later).
The information you provide in this form will only be used for the purposes of:
(i) identifying the personal data you are requesting that we erase and (ii) responding to your request.
Please fill out this form – Click here