This privacy statement applies to the ASO website. It tells you how we collect information from you and how we use it. The ASO Privacy statement was last updated September 2019.
The ASO website, asoeye.org is managed by Vanguard Health.
asoeye.org collects personal information that you choose to give us, for example your email address.
If you visit our site to read or download information we record the following information for statistical purposes:
- Your server address and associated country
- The pages you accessed and the documents you downloaded
- The date and time you visited the site
- The previous site you visited
- Your operating system (e.g. Windows, Mac)
- The type of browser you use (e.g. Internet Explorer).
- Your Network properties including service provider, hostname and connection speed (e.g. Telstra)
We use Google Analytics to collect this information and store it in our online account that is protected by Google’s security and privacy policies. Google Analytics reports do not include identifiable information about site users.
Cookies are pieces of information that a website can transfer to an individual’s computer. We do not use persistent cookies. We only use session-based cookies for the single sign-on service and to gather anonymous website usage data to help us improve the structure and functionality of asoeye.org. You can change your web browser settings to reject cookies or to prompt you each time a website wishes to add a cookie to your browser. Some functionality on the website may be affected by this.
We will not attempt to identify users or their browsing activities. However, there are some circumstances when we may need to disclose information that may be used to identify users to law enforcement authorities.
Members Only Account
The asoeye.org members only database has been developed in conjunction with Creative Curiosity (acting as our service provider).
All ASO members are provided access to a password secured area of aso.asn.au. In this area we collect any information you choose to include in your asoeye.org account. This could include:
- Biographic details: name, email address,
- Geographic details: address
- Demographic details: e.g., occupation position
We also log account activity such as last login, attempted logins and password changes. You can see much of this in your account history.
Use of Your Personal Information
Any personal information you provide to us, including your email address will only be used or disclosed for the purpose for which you have provided it for (example: sending member bulletins, updates and media releases).
Your personal information will not be used or disclosed for any other purpose without your consent.
We do not share information about you with other government agencies or other organisations without your permission unless it:
- is necessary to provide you with a service that you have requested;
- is required or authorised by law; or
- will prevent or lessen a serious and imminent threat to somebody’s health.
If we ask you for personal information in order to provide you with a service that you have requested then we will tell you how we intend to use that personal information if you choose to give it to us.
We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure and against other misuse. These steps include storing electronic files in secure facilities, encryption of data, regular backups of data we hold, audit and logging mechanisms and physical access restrictions.
All of our live system information is stored within the Amazon Web Services (AWS) cloud platform. This cloud platform is one of the most highly secured, regulated and certified data storage platforms in the world. For a full and continually-updated list of AWS’s compliance and security platforms, please refer to:
Equally the ASO provides the following security mechanisms for storing your personal data:
PCI Compliance - The credit card industry's standard for security
PCI compliance is a must for any organization that wants to accept credit card payments online. ASO has chosen Stripe as the payment platform for online payments. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
The system is protected by AWS-facilitated firewall protection which includes:
- The denial of unnecessary ports and network services
- Protections against brute-force attacks against the server infrastructure
- Distributed denial of service (DDOS) attacks against the server infrastructure
Our site makes use of 256-bit encryption using modern encryption protocols and algorithms. All of our system interactions with our customers are transmitted securely using these encryption mechanisms.
Data Center Security
All hardware and services are located in a secure data center (an ISO 9001:2000-certified provider) that is monitored onsite 24x7x365. Multiple security checkpoints must be cleared to gain access to data center. Closed-circuit television cameras record all data center activity. Data center network infrastructure provides multiple security layers to safeguard against unauthorised access.
Access to member area of the ASO website requires a login using your unique username and password. To ensure safety, these passwords can be changed at anytime.
Others log out each user’s login session after 60 minutes of inactivity to prevent unintended access. For user convenience, a timeout notification box appears minutes before the logout and gives the option to continue the session.
User group permissions
You can decide what access to member information and product feature each type of user (member, staff, board member, vendor, etc.) has.
Users can elect to hide specific profile fields from all users that have permission to see their profiles. Only administrators have permission to see these hidden attributes.
Extra protection for financial information
Credit card numbers and other sensitive pieces of financial information are not stored within our system or database. These pieces of information are securely stored within Stripe’s infrastructure, with access being provided to our system on an as-needs basis via the use of a secure token.
We store your data, and that is all we do with it. Unlike other companies, we do not share your data with anyone.
Secure, redundant backups
We go above and beyond. Instead of CD or tape backups, we have dedicated data storage devices that are backed up frequently and securely distributed to multiple locations on a regular basis.
When no longer required, personal information is destroyed in a secure manner.
Access to Your Personal Information
You may gain access to personal information about you that we hold. You can have us correct any errors or delete the information we have about you.
You may request to be unsubscribed from any further contact from us whenever you choose.
To protect your privacy and the privacy of others, we may have to gain evidence of your identity before we can give you access to information about you or to allow the necessary changes to be made.
If you have forgotten your username for your asoeye.org Member’s Only Account, we are able to assist you to regain access to your account through the email address you have provided to us.