Canvas takes data security seriously. We are committed to safeguarding your privacy and ensuring that you can access our platform without worrying about the security of your personal information. We partner with two companies that handle your Personally Identifiable Information (PII). These are:
VIX VERIFY INTERNATIONAL PTY LTD (ABN 165 074 395), is a private identity verification services provider and a gateway service provider for the Commonwealth Document Verification Service. Vixverify or GreenID is the 3rd party ID verification service Canvas utilises, as we do not hold client identification details (such as Medicare / Drivers License / Passport etc) on our Canvas server. GreenID data security measures includes the below excerpts from their website:
http://www.vixverify.com/news-resources-2/#privacy_policy
Formstack Forms (Formstack, LLC) is a private workplace productivity solution tool that Canvas utilises to capture data for client operations. The data privacy and security for Formstack can be found on their website:
https://www.formstack.com/data-security#GlobalPrivacy
Campaign Monitor is an email marketing software that Canvas utilises to send out messages and emails for client operations. The data privacy and security for Campaign Monitor includes the below excerpts from their website:
https://www.campaignmonitor.com/trust/security/
All personal information held by Vixverify is protected from unauthorised access through the use of secure passwords and user logons and other forms of biometric verification.
Vixverify stores all personal information that it collects securely in a manner that is sufficient to prevent misuse and loss, unauthorised access, modification or disclosure of personal information. Vixverify maintains a high level of data security by implementing:
Formstack uses AWS in the United States as its external security hosting provider. AWS meets System and Organization (SOC) standards verified by independent third-party examination reports demonstrating how the provider achieves key compliance controls and objectives. Please see the following website for further details on AWS compliance:
https://aws.amazon.com/compliance/programs/
All submission data to Formstack is disk encrypted under AES-256 and data in transit is protected by TLS >=1.2 to provide end-to-end communication security.
Campaign Monitor stores data in a US-based data centre and it uses multiple data processing locations including USA, Australia and Germany. Campaign Monitor also uses CloudFront at strategic AWS edge and regional locations as an external content delivery network for faster content caching. More on Amazon’s CloudFront can be found here:
https://aws.amazon.com/cloudfront/features/
Physical controls are also implemented to prevent unauthorised access to, or disclosure of, customer data. The data centres are monitored 24×7 for all aspects of operational security and performance. They are also equipped with state-of-the-art security such as biometrics, sensors for intrusion detection, keycards, and around-the-clock interior and exterior surveillance.
The application of Campaign Monitor has been designed with focus on security by leveraging OWASP-aligned security principles for software engineering, encryption technologies and security assurance.
Users can contact Vixverify to address any concerns that they have about their personal information.
If you would like access to the personal information which Vixverify holds about you or a person whom you are authorised to represent, please contact Vixverify using the contact details set out in the Contact Details section of this Privacy Policy. Your request should specify the format in which you wish to be provided the personal information (for example, in person, by email, by telephone, hard copy or other electronic record). This application is free of charge. However, Vixverify may make a reasonable charge for providing access to you. If Vixverify wishes to charge you to access the personal information, Vixverify will notify you of this charge prior to giving you access to the personal information.
To comply with privacy practices globally, Formstack is committed to continued Forms compliance with GDPR, PIPEDA, and other privacy regulations and laws:
https://www.formstack.com/features/gdpr-compliant-forms
If you have a dispute regarding an individual’s Personal Information, you must contact our internal disputes resolution team in writing at support@canvas.co in order for us to investigate the matter further. We aim to respond to your dispute within a 30 dayperiod to resolve your matter in a reasonable timeframe and manner.
If you are still not satisfied with the outcome upon conclusion of our investigation, you may escalate the matter to OAIC using the details below:
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001
Website: www.oaic.gov.au
If we become aware of any unauthorised access to an individual’s Personal Information we will inform you at the earliest practical opportunity once we have established what information was accessed and how.