Privacy Policy

This Privacy Policy explains how DRRP Corp Pty Ltd collects, uses, stores and discloses personal information through the Valour Compliance website and related services.

It is intended to help you understand how your information is handled and how you can access or correct it.

Version:
1
Status:
Approved
Effective date:
1 May 2026
Next review:
1 May 2027
Owner:
DRRP Corp Pty Ltd

1. Key Terms

  • Personal information has the meaning given in the Privacy Act 1988 (Cth).
  • Sensitive information is a subset of personal information as defined in the Privacy Act.
  • Content: information you submit to the Service, including information, questionnaire responses, evidence, and generated outputs (gap reports, action plans and related artefacts).
  • Outputs: reports, gap analysis results, prioritised action lists and other results generated by the Service.

2. What Information We Collect

We may collect the following types of information:

  • Account and contact details (e.g., name, email, role, organisation).
  • Content you provide, which may include personal information and may include sensitive information depending on what you upload.
  • Usage and device data (e.g., IP address, browser type, pages viewed, access logs, audit logs).
  • Support communications (e.g., emails, tickets).
  • Billing and transaction records (payment processing is generally handled by third‑party payment providers; we do not store full card details).

3. How We Collect Information

  • Directly from you when you create an account, complete workflows, provide information as part of the service, or contact support.
  • Automatically through website technologies such as cookies and similar tracking tools (see Cookies section).
  • From third parties only where necessary to provide the service (e.g., payment confirmation from a payment provider).

4. Why We Collect, Use and Disclose Information

We collect, use and disclose personal information to:

  • provide the Service and generate Outputs (compliance gap analysis);
  • verify and manage accounts and subscriptions;
  • respond to support requests and communicate service updates;
  • maintain security, prevent fraud, and monitor for misuse;
  • improve the Service using aggregated and de‑identified information where appropriate;
  • comply with legal obligations and enforce our agreements.

5. Disclosures to Third Parties (Subprocessors)

We may disclose personal information to third parties that help us operate the Service, such as:

  • hosting and infrastructure providers;
  • payment processing providers;
  • email/communications providers;
  • support/ticketing providers;
  • analytics providers (where enabled).

We take reasonable steps to ensure these providers handle information securely and only for authorised purposes.

6. Australia-Only Data Storage and Overseas Disclosure

Our policy is to store and process customer data in Australia only.

We do not intentionally disclose personal information to overseas recipients. If an exceptional circumstance arises that requires overseas disclosure, we will update this policy and, where required, seek appropriate consent or provide required notices.

7. Data Security

  • We use reasonable administrative, technical and physical safeguards appropriate to the sensitivity of the information.
  • We apply access controls, logging/monitoring, and encryption in transit (and where supported, at rest).
  • You are responsible for keeping your login credentials secure and using secure devices.

8. Data Retention and Deletion

We retain information only as long as necessary to provide the Service and meet legal and operational requirements.

  • Active accounts: Your Content is retained while your account is active.
  • Cancellation: after the cancellation effective date (end of your current billing cycle), you will not be able to access your account.
  • Downloads/exports: downloads/exports of Outputs are available until the cancellation effective date. After the cancellation effective date, you will not be able to access your account or any Outputs generated while the account was active.
  • Reactivation: if you reactivate prior to the cancellation effective date (end of the current billing cycle), access will be restored upon successful payment and previously generated Outputs and Content are preserved (subject to tier limits).
  • Backups: after deletion from active systems, copies may persist in backups until backup rotation completes (currently up to 30 days).

You may request deletion of your account and Content. We will action requests as soon as reasonably practicable, subject to legal obligations, security/fraud requirements, disputes, and backup rotation cycles.

9. Access, Correction and Complaints

  • You may request access to, or correction of, personal information we hold about you.
  • If you have a complaint about how we handle your personal information, you can contact us using the contact details below. We will respond within a reasonable timeframe.
  • If you are not satisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

10. Cookies and Analytics

We may use cookies and similar technologies to operate the website, remember preferences, and understand usage. You can control cookies through your browser settings, but this may affect functionality.

11. Notifiable Data Breaches

If we experience an eligible data breach that is likely to result in serious harm, and the Notifiable Data Breaches scheme applies to us, we will notify affected individuals and the OAIC in accordance with the Privacy Act 1988 (Cth).

12. Changes to this Policy

We may update this Privacy Policy from time to time. The current version will be published on our website. Material changes will be communicated through reasonable means (e.g., website notice and/or email).

13. Contact

Privacy contact: DRRP Corp Pty Ltd

Attention: Company Secretary

Privacy contact email: info@valourcompliance.com.au

See also: Terms of Service · Customer Policies Pack · Product Disclosure Statement