Privacy Policy

1. WHO WE ARE

Data Controller: Optible Ventures Pty Ltd
Address: Lot Fourteen, North Terrace, Adelaide SA 5000, Australia
Email: support@optible.ai
Privacy Contact: support@optible.ai

2. WHAT PERSONAL INFORMATION WE COLLECT

We collect the following categories of personal information:

Website Visitors:

• Contact information (name, email address, phone number)

• Company/organisation details

• IP address and device information

• Website usage data through cookies and analytics

Service Users (Grant Applicants/Assessment):

• Contact and identification information

• Professional and employment details

• Financial information (for grant applications)

• Project descriptions and documentation

• Assessment criteria and merit-based information

• Any personal information contained in grant applications or forms processed through our AI systems

• Sensitive personal information where included in applications (health conditions, criminal history, etc.)

Business Customers:

• Contact information of representatives

• Company information

• Contract and billing information

• Usage data of our AI services

Minimum Age: Our services are for users 16 years and older. Users under 18 should have parental consent before submitting applications.

2.1. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Consent: When you voluntarily provide information or consent to marketing

• Contract Performance: To deliver our services and fulfill our obligations

• Legitimate Interests: To improve our services, prevent fraud, and ensure security

• Legal Obligation: To comply with applicable laws and regulations

3. HOW WE COLLECT PERSONAL INFORMATION

We collect personal information through:

• Direct submission via website forms and applications

• Upload of documents containing personal information for AI processing

• Telephone, email, or written communications

• Cookies and tracking technologies on our website

• Third-party integrations (with your consent)

4. LEGAL BASIS FOR PROCESSING (GDPR)

For individuals in the European Union, we process personal information based on the following legal bases:

• Contract: To perform our services under agreement with you or your organisation

• Legitimate Interest: To improve our services (based on our legitimate interest in business development balanced against minimal privacy impact), conduct business analytics, and prevent fraud (based on our legitimate interest in protecting our business and users)

• Consent: For marketing communications and non-essential cookies (where obtained)

• Legal Obligation: To comply with legal and regulatory requirements

• Substantial Public Interest: Processing sensitive information in grant applications is necessary for the assessment of public funding, where there is a substantial public interest in ensuring fair and transparent allocation of government and institutional grants.

5. HOW WE USE PERSONAL INFORMATION

We use personal information for:

Service Delivery:

• Processing and assessing grant applications using our AI technology

• Providing automated analysis and scoring of applications

• Generating reports and insights for our customers

• Communicating about services and support

• Sharing applications with relevant grant funding organisations

Business Operations:

• Account management and billing

• Customer support and technical assistance

• Service improvement and development

• Legal compliance and fraud prevention

Marketing (with consent):

• Sending newsletters and service updates

• Providing information about new features and services

6. AI ASSESSMENT AND AUTOMATED PROCESSING

Important: We use artificial intelligence to analyse and suggest scores for grant applications and other documents. However, we do not make automated decisions that significantly affect you.

Our AI Systems:

• Analyse applications against eligibility and merit criteria

• Generate suggested scores and recommendations for human reviewers

• Extract and structure data from unstructured documents

• Provide recommendations to decision-makers

Human Oversight:

• All AI suggestions require human validation before any decisions are made

• Grant funders make final funding decisions based on AI suggestions plus human review

• Human reviewers always have discretion to override AI suggestions

Your Rights Regarding AI Processing:

• Right to explanation of how AI suggestions are generated

• Right to contest AI suggestions through the grant funder's appeal process

• Right to request manual review if you believe AI suggestion contains errors

7. INTERNATIONAL TRANSFERS

Australia Adequacy Decision:

Personal information may be transferred from the European Union to Australia for processing. The European Commission has determined that Australia provides adequate protection for personal data, meaning these transfers are permitted under GDPR without additional safeguards.

Our Infrastructure:

• Data is processed and stored on Amazon Web Services (AWS) servers located in Australia

• AWS provides appropriate technical and organisational security measures

• No personal information is transferred to countries without adequacy decisions unless additional safeguards are in place

8. DATA SHARING AND RECIPIENTS

We may share personal information with:

Grant Funding Organisations:

• Your application data is shared with relevant grant funding organisations as directed by you

• When processing applications for grant funders, we act as a data processor on behalf of the funding organisation (data controller)

• Each funder has their own privacy policy governing their use of your data

• You consent to this sharing when submitting applications

Service Providers:

• Cloud hosting providers (AWS Asia Pacific (Sydney) region)

• IT support and maintenance providers

• Payment processors

• Analytics providers (with anonymised data only)

Business Partners:

• Authorised representatives of our business customers

• Professional advisors (lawyers, accountants)

Legal Requirements:

• Government agencies when required by law

• Law enforcement when legally obligated

• Courts and regulatory bodies

We do not sell personal information to third parties.

8.1 Your Data Protection Rights

Under GDPR, you have the right to:

• Access your personal data and receive a copy

• Rectify inaccurate or incomplete data

• Erase your data in certain circumstances

• Restrict processing of your data

• Data portability in a structured format

• Object to processing based on legitimate interests

• Withdraw consent at any time (where consent is the legal basis)

To exercise these rights, contact us at privacy@optible.ai

You also have the right to lodge a complaint with your local data protection authority.

9. DATA RETENTION

We retain personal information for the following periods:

• Grant Applications: 7 years after assessment completion (regulatory requirement)

• Website Contact Forms: 3 years from last contact

• Customer Account Data: Duration of relationship plus 7 years

• Marketing Communications: Until you unsubscribe or 3 years of inactivity

• Website Analytics: 26 months

• Legal/Compliance Records: As required by applicable law

Data is securely deleted at the end of retention periods unless legal obligations require longer retention.

Legal Retention vs. Right to Deletion: If you request deletion but we're legally required to keep data, we'll stop all processing except secure storage for legal compliance and delete permanently once the retention period expires.

10. YOUR PRIVACY RIGHTS

Under Australian Privacy Principles:

• Access your personal information

• Correct inaccurate information

• Make a complaint about privacy practices

Under GDPR (for EU individuals):

• Access: Obtain copies of your personal information

• Rectification: Correct inaccurate or incomplete information

• Erasure: Request deletion of your personal information

• Portability: Receive your data in a structured, machine-readable format (JSON or CSV)

• Restriction: Limit how we process your information

• Objection: Object to processing based on legitimate interests or for marketing

• Withdraw Consent: Withdraw consent for consent-based processing

How to Exercise Rights:

Contact us at support@optible.ai with:

• Clear description of your request

• Proof of identity (driver's licence, passport, or similar)

• Specific data or processing you're concerned about

We will respond within:

• 30 days (Australian requests)

• 1 month (GDPR requests, extendable to 3 months for complex requests)

If You Disagree with Our Response:

• Contact us at support@optible.ai to discuss concerns

• Escalate to Australian Privacy Commissioner (oaic.gov.au) for Australian users

• Contact your local data protection authority for EU users

11. SECURITY MEASURES

We implement comprehensive security measures to protect your personal information. For detailed information about our security practices, please see our Data Security Policy.

Our security measures include:

• Encryption of data in transit and at rest

• Multi-factor authentication for system access

• Regular security assessments and penetration testing

• Access controls and audit logging

• Staff training on data protection

• 24/7 security monitoring and incident response procedures

12. DATA BREACH NOTIFICATION

In the event of a data breach that poses risks to your rights and freedoms:

• We will notify affected individuals within 72 hours if there's high risk

• We will report to relevant supervisory authorities as required

• We will provide information about the breach and remedial actions taken

For detailed information about our incident response procedures, see our Data Security Policy.

12. How to contact us about privacy

Privacy matters: privacy@optible.ai

General support: support@optible.ai

Data Protection Officer: privacy@optible.ai

13. COOKIES AND TRACKING

Cookie Consent: We obtain consent for non-essential cookies through our cookie banner. You can withdraw consent at any time through browser settings or our preference center.

Website Cookies: Our marketing website uses cookies for:

• Essential website functionality

• Analytics and performance monitoring (with anonymised data)

• Preference settings

You can manage cookie preferences through your browser settings. Essential cookies cannot be disabled without affecting website functionality.

Application Platform: Our secure application platform uses essential technical cookies that cannot be disabled as they are required for the platform to function properly.

For detailed information about cookies and tracking, see our Data Security Policy.

14. AI TRAINING DATA AND OPT-OUT

Data Used for AI Training:

• We use anonymised application data to improve our AI models

• Personal identifiers are removed before using data for training

• How to opt out: Email support@optible.ai with "Opt out AI training" in subject line

• Service impact: Opting out doesn't affect the quality of AI suggestions for your applications

15. BUSINESS CONTINUITY

If Optible is Sold or Acquired:

• You'll be notified at least 30 days before any ownership change

• New owners must comply with the same privacy commitments

• You can request data deletion before transfer if you disagree with new ownership

If Optible Ceases Operations:

• We'll provide 90 days notice where possible

• You can download or request copies of your data

• All personal data will be securely deleted unless legal retention requirements apply

16. UPDATES TO THIS POLICY

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Post updated versions on our website

• Notify you of material changes via email (where we have your contact information)

• Obtain consent for material changes where required by law

17. COMPLAINTS AND DISPUTES

Governing Law: This policy is governed by Australian law. EU individuals also have rights under GDPR.

Data Protection Authorities:

If you're not satisfied with our response to your privacy concern, you can contact your local data protection authority:

• Australian users: Office of the Australian Information Commissioner (oaic.gov.au)

• EU users: Your local data protection authority

Internal Complaints:

Contact our Privacy Officer at support@optible.ai. We will:

• Acknowledge receipt within 5 business days

• Investigate thoroughly

• Respond with our findings and any corrective actions within 30 days

18. CONTACT INFORMATION

Privacy Questions: support@optible.ai
Data Subject Requests: support@optible.ai
Business Address: Lot Fourteen, North Terrace, Adelaide SA 5000, Australia

For detailed information about our data security practices, technical safeguards, and infrastructure, please refer to our Data Security Policy.