PRIVACY AND DATA POLICY

We take security seriously at Gasworks. Not only do we adhere to the highest industry standards, we continually update our security practices to ensure your information is safe.

Gasworks is based in Queensland Australia and complies with all local regulation, including but not limited to the Spam Act 2003 and the Australian Privacy Principles (APPs).


Cookies and Collecting your Information


When browsing or registering on the Gasworks Platform, may be asked to enter your name, email address and other personally identifiable information to help you with your experience. Additional to the information you provide, we collect publically accessible information about your session to help us understand where our customers are coming from and how they prefer to consume our services.

We use cookies to help us understand when you’re a returning visitor, your site preferences, who you are and importantly to keep you logged into our Platform. These cookies can also be used to connect to advertisers and trusted 3rd parties.

We may use the information we collect from you when you register on the Platform, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
  • To improve our website in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To quickly process your transactions.
  • To send periodic emails regarding your subscription or other products and services.


Data Security


When you use the Gasworks platform, all the information you send and receive is transmitted securely over HTTPS (look for the green bar in your browser to confirm). This includes the mobile application and access from tablet devices or mobile web browsers.

To protect your privacy and your information, we limit the amount of sensitive data we store on our servers. For example, we do not store your payment information or credit card numbers. All company, staff or profile information is securely stored on our own private servers within the Cloud Infrastructure provider, Amazon Web Services. You can read their security policy here: https://aws.amazon.com/security/

You can expect the highest level of security and industry best practise. We encrypt all information not just on our database (for example, we never store your actual password, we just store a “one-way hash” of it. (If you’re curious, you can read more about that here: https://en.wikipedia.org/wiki/Salt_(cryptography)). We encrypt all ‘virtual servers’ in AWS which means not even Amazon can read the data we store on them. We run all IT infrastructure at the latest stable version which up to date security patches.

We designed and built all our systems with multiple levels of security, and we manage them according to industry best practices. Our hosting provider maintains world-class facilities that are certified to the highest levels of physical and virtual security. Reputable third-party security firms perform regular internal and external security audits of our systems, something we consider an essential investment.


Trusted 3rd Parties and Law Enforcement


We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information to companies that are not trusted 3rd parties to our Gasworks Cloud Platform. Gasworks have an established partner network of HR firms who specialise in working with leading companies to grow businesses, manage staff and build high performance teams. Gasworks will under certain circumstances share your information with our partners.

We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety. Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Privacy and Data Ownership


When you use Gasworks, you own and control your information. We limit access to your information whenever possible. Company information stores on our services (such as one one ones, or employee information) are only available to employees with specific and appropriate roles within that company.

We use the data your teams submit into the Platform to create a single organisational view into your HR and employee performance. Information collected within specific features of the Platform can and is used in other parts of the Platform to build in-depth and dynamic profiles of each team and team member in the organisation.

Company and Staff information for each company is stored securely and is not accessible to other companies who also utilise the Gasworks Cloud Platform. Within each company, we take the profiling of information very seriously. We understand that different roles in your organisation should see different organisation information and that’s why we have created role based access when you use our platform.

The team at Gasworks can view anonymous information across companies using the Gasworks platform. For example, we can see the average engagement score for all teams across the Platform. Although we have complete access to personally identifiable information, the team at Gasworks do not view or access this personally identifiable information.

The information we store on your Gasworks account is available to be exported in the event you choose to leave Gasworks, please contact us to request the information we store about you and your teams.

Keep Yourself Safe


Even though we apply a maximum level of protection accounts, we recommend managers and executives have a policy to train staff on best practises such as complex passwords. If you would like to leverage more advanced authentication features such as Sign Sign Of (SSO) or Two Factor Authentication, please contact us.

Responsible Disclosure


We take security seriously and we appreciate your help in notifying us of vulnerabilities in a responsible manner. If you are a security researcher and have found a potential security vulnerability in our systems, please contact us.