Privacy Policy

Privacy at Tofrum

Tofrum Pty Ltd (ABN 26 620 034 184) (Tofrum) understands the importance of protecting your personal information. Tofrum deals with personal information in accordance with the Australian Privacy Principles (APPs) which are contained in the Privacy Act 1988 (Privacy Act) and this privacy policy.

This privacy policy sets out the way in which tofrum handles personal information.

What is personal information?

When used in this privacy policy, the term “personal information” has the meaning given to it in the Privacy Act. Personal information is any information that can be used to personally identify you. This includes such things as your name, address, telephone number, email address and profession or occupation.

Privacy at Tofrum

Tofrum Pty Ltd (ABN 26 620 034 184) (Tofrum) understands the importance of protecting your personal information. Tofrum deals with personal information in accordance with the Australian Privacy Principles (APPs) which are contained in the Privacy Act 1988 (Privacy Act) and this privacy policy.

This privacy policy sets out the way in which tofrum handles personal information.

What personal information do we collect?

We collect personal information in order to provide our services and solutions, to conduct our business and to improve customer service.
The types of personal information we collect will depend on how you interact with us. Typically, we collect the following personal information:

  • Name
  • Title or Position
  • Business Address
  • E-mail
  • Phone Number
We do not normally collect sensitive information about you such as information relating to your health, religion, political beliefs or race. If we do collect sensitive information which is reasonably necessary for the operation of our business functions or activities, we will obtain your consent to do so.

If your organization is a tofrum client and you do not agree to provide us with your personal information, this may limit our ability to provide our services and solutions to your organization.

How do we collect personal information?

We collect personal information directly from you unless it is unreasonable or impracticable to do so. We may collect your personal information in the following ways:

  • When you purchase our solutions and services
  • When we respond to your inquiries and requests
  • During conversations or email exchanges between you and our representatives
  • When we obtain feedback from you about our solutions and services
  • When we conduct our administrative and business functions
  • When you register for our events, workshops and seminars or subscribe to our mailing lists and newsletters
  • When we market our solutions and services to you and through your access and use of our website
We may at times obtain personal information that relates to you through third parties. Where we do so, we will ask any third parties to confirm in writing that they have legally obtained your personal information and that we have the right to acquire it from them and to use it.

For what purposes do we collect, hold, use and disclose personal information?

We collect, hold, use and disclose personal information for the following purposes:

  • To send communications
  • To manage and maintain our business relationships
  • To respond to inquiries and requests
  • To improve the services and solutions we provide
  • To inform you about our services and solutions
  • To obtain feedback from you on our services and solutions
  • To provide you with a more personalized experience when they interact with us
  • To conduct administrative and business functions
  • To provide our services and solutions
  • To update our records and keep contact details up to date
  • To enable you to subscribe to our website, newsletters and mailing lists and to register for tofrum events, workshops and seminars
  • To assess the performance of our web applications and to improve its operation
  • To process and respond to privacy complaints and to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country
We will not share, sell, rent or disclose your personal information other than as described in this privacy policy.

To whom do we disclose personal information?

We may disclose your personal information to our employees and related bodies corporate for the purposes set out in paragraph 5 above.
We may combine or share any information that we collect from you with information collected by any of our related bodies corporate.
We may also disclose your personal information to:
Contractors, suppliers and other third parties with whom we have a commercial relationship for business, marketing, and related purposes and any organization for any authorized purpose with your express consent.

Except as set out above, tofrum will only disclose personal information if this is required by law or a court/tribunal order or otherwise permitted under the Privacy Act.

Do we disclose personal information to anyone outside Australia?

We may disclose personal information to our related bodies corporate based overseas for the purposes listed in paragraph 5 above.
We may also disclose your personal information to service providers located outside Australia such as India for some of the purposes set out in clause 5 above.
We will take steps to contractually ensure that overseas recipients of your personal information provide a level of protection for your personal information which is equivalent to the APPs.

How do we store and secure personal information?

We store personal information to ensure that we can manage and maintain communications with organizations with whom we do business. Contact may be verbal, electronic or written.
We will only store your personal information if it is relevant to your organization conducting business with us. We do not normally store information that is sensitive information.

We take all reasonable precautions to ensure that personal information is protected from misuse, interference, loss, unauthorized access, modification or disclosure using a combination of physical, administrative and technical safeguards. We hold personal information in either paper-based records in secure access controlled premises or in electronic form in databases and email files which require logins and passwords. tofrum personnel are also contractually bound by confidentiality obligations.

tofrum’s website is linked to the internet, and as the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

If your personal information is no longer needed, we will take reasonable steps to either delete it from our systems or de-identify it, except where tofrum is required by law or a court/tribunal order to retain the information.

Direct marketing

We may send you direct marketing communications and information about our services and solutions that we consider may be of interest to you.
We may send communications in various forms, including mail, SMS, fax and email, in accordance with applicable laws, such as the Spam Act 2003 (Cth). You consent to us sending you those communications by any of those methods.If you indicate a preference for a method of communication, we will use reasonable endeavours to use that method whenever practical to do so.

If you do not wish to receive electronic communications from us, you may opt-out of receiving them by contacting us using the contact details set out at the end of this privacy policy or by using the opt-out mechanisms provided in those communications. We will then remove your name from our mailing list.

We do not provide your personal information to other organizations for the purposes of direct marketing.

How can you access and correct personal information?

We will take all reasonable steps to ensure that the personal information we hold about you is accurate, up to date and complete.

You may request access at any time to personal information that we hold about you and we will give you access in the manner that you request where it is reasonable and practicable to do so, except where we deny access as permitted by the Privacy Act.

For example, we may need to refuse access if granting access would interfere with the privacy of others, is unlawful or would result in a breach of confidentiality.

You may also request that we correct your personal information when it is inaccurate, incomplete or out of date.

If you wish to access or correct your personal information, please send a written request to our Privacy Officer using the contact details set out below. Our Privacy Officer will respond to your request within 30 days after you make the request.

If we deny your request for access to or correction of your personal information, we will provide you with written reasons for refusing your request and the mechanisms available to you to complain about our refusal.

How can you complain about a breach of your privacy?

If you have concerns about how your personal information is being handled by tofrum or you wish to make a complaint about a breach of the APPs by tofrum, please send your complaint in writing to the Privacy Officer using the contact details set out below.

The Privacy Officer will respond to you in writing within 30 days of receiving your complaint, setting out what action tofrum will take as a result of your complaint or alternatively providing an explanation to you if there has been no breach of the law.

Using our website

When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognize your computer and greet you each time you visit our website without bothering you with a request to register. We use cookies to measure traffic patterns and to determine which areas of our website have been visited. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

Any activity you participate in on our website may be monitored. We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyze trends, administer the website, track users movements, and gather broad demographic information. We do not use cookies to track your internet activity before or after you leave the tofrum environment.

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website.

Changes to our privacy policy

We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website. Please review it regularly.

This privacy policy was last updated on 22 January 2019.

Contacting us

If you have any questions about this privacy policy, please contact our Privacy Officer as follows:
25, Angus Av,
Epping NSW 2121


Tofrum is a product, consulting and services company. Tofrum product is a SaaS platform that utilizes existing frameworks and guidelines i.e., ISO 31000:2018, for risk management. The platform is highly configurable to suit any industry and organization. The essential advantage of using the platform is simplifying the compliance process, saving time and cost for building an efficient and effective management system.

Subscribe to our newsletter