Kontent.ai’s compliance with Australian Privacy Principles

What are the Australian Privacy Principles?

The Australian Privacy Principles (APPs) form the fundamental basis of privacy protection within the Privacy Act of 1988.

Within the APPs, there are 13 main principles setting standards, rights and obligations, including the following:

• The collection, usage, and disclosure of personal information
• The governance and accountability requirements
• The integrity of personal information
• The right to access one’s personal information

For more information about the APPs, see the Office of the Australian Information Commissioner.

The personal data we collect

We store only necessary personal information about our users. Detailed information on what personal information we collect and why is available in our Privacy policy and Cookies policy.

If you have any questions regarding Kontent.ai’s APP compliance, please do not hesitate to contact us at any time.

APP 1: Open and transparent management of personal information

This principle ensures that APP entities manage personal information in a transparent way.

Kontent.ai is committed to protecting your personal information. Whenever you provide such information, we will only use your information in line with all applicable data protection laws, including the General Data Protection Regulation. Your information will be kept in a secure environment, and access to it will be restricted according to the 'need to know' principle.

The complete Privacy Policy of Kontent.ai can be found at https://kontent.ai/privacy/.

APP 2: Anonymity and pseudonymity

Individuals should be given the option by the APP entities not to identify themselves if they so desire or to use a pseudonym.

Individuals using Kontent.ai resources have the option to remain anonymous or use a pseudonym, as identity verification is not mandatory for accessing these resources. This allows users to register and log in using a single-purpose email that does not reveal their true identity. Thanks to that, the account cannot be connected with other applications registered with the owner’s primary email.

APP 3: Collection of solicited personal information

This principle defines when entities are allowed to collect solicited personal information. APP entities must demonstrate the need for this data.

By the nature of headless CMS, Kontent.ai does not collect or process sensitive personal information unless such information is entered into our systems as content by our customers; in that case, the customer must ensure their compliance with the applicable legislation, i.e., have the right to process such data or obtain relevant consents.

APP 4: Dealing with unsolicited personal information

This principle explains how APP entities should deal with unsolicited personal information. This applies to information received by the entity without a prior explicit request.

Kontent.ai application only processes personal information that is required for its operation and customer use cases and has processes in place to properly dispose of any unsolicited PII received.

APP 5: Notification of the collection of personal information

This principle specifies the situations under which APP entities collecting personal information are required to inform an individual about specific matters.

The Kontent.ai Privacy Policy, which can be found at https://kontent.ai/privacy/, contains all information about personal information processing.

APP 6: Use or disclosure of personal information

The APP entities are required to only use personal data relevant to the original purpose for which it was collected. 

No personal information is used or disclosed for purposes other than those covered in the Kontent.ai Privacy Policy (https://kontent.ai/privacy/).

APP 7: Direct marketing

Based on this principle, organizations can only use or disclose personal information for direct marketing purposes, provided that certain conditions are met.

We are processing your personal information based on the terms of conditions.

APP 8: Cross-border disclosure of personal information

This principle defines the steps APP entities are to take to protect personal information before disclosing it overseas. In such cases, entities are required to ensure the recipient complies with the Australian Privacy Principles through contractual obligation.

Kontent.ai utilizes subprocessors of personal information overseas. In all applicable cases, there is a relevant Data Protection Agreement or similar contractual framework to ensure an adequate level of protection for personal information. 

For more information, refer to:

• https://kontent.ai/learn/docs/architecture/behind-kontent-ai
• https://kontent.ai/learn/docs/security/personal-data-in-kontent-ai
• https://kontent.ai/privacy/

APP 9: Adoption, use or disclosure of government-related identifiers

This principle explains the limited circumstances of cases where organizations may adopt a government-related identifier of an individual as its own identifier or use or disclose a government-related identifier of an individual.

Kontent.ai does not process government-related identifiers unless such information is uploaded by the customer directly.

APP 10: Quality of personal information

All information received by an APP entity must be complete, accurate, and up to date, and the entity must take reasonable steps to ensure this is the case.

Kontent.ai ensures that all personal information captured from individuals (e.g., user activity in the system) is accurate and up-to-date.

APP 11: Security of personal information

Based on this principle, APP entities are required to protect the personal information they hold from misuse, interference, loss, unauthorized access, modification, or unauthorized disclosure.

Kontent.ai has implemented organizational, physical, technical, and administrative controls and safeguards to ensure ongoing confidentiality, integrity, and availability of any customer data, including personal information. 

Learn more about how organizations safeguard their brands with our enterprise-grade security and governance.

APP 12: Access to personal information

This principle outlines the steps to be taken by an APP entity when individuals request access to personal data retained by the entity. The requirement to provide access unless a specific exception applies is included.

Kontent.ai provides access to personal data to individuals who request it.

APP 13: Correction of personal information

This principle explains the obligation of APP entities in relation to the correction of the personal information they retain about individuals.

Kontent.ai has processes that correct any inaccuracies in personal information that are brought to our attention.

Overview of the shared responsibilities

Customers are encouraged to contact Kontent.ai through their customer representative or security@kontent.ai should they seek further information.

Information here is for informational purposes only and does not constitute legal advice. It discusses how Kontent.ai helps with compliance with key requirements from the Australian Privacy Principles (APP). The information provided is based on general principles of Australian laws and regulations as of the publication date. The information provided in this Whitepaper may not reflect recent changes in APP or legal interpretations. Readers are advised to consult legal professionals for tailored advice and guidance. While efforts have been made to ensure accuracy, no representation or warranty, express or implied, is made regarding completeness, accuracy, reliability, or suitability. Kontent.ai is not liable for any direct, indirect, incidental, consequential, punitive, or special damages arising out of or in connection with the use of this Whitepaper or reliance on the information contained herein. Customers are responsible for their own compliance with APP and any other regulations and for ensuring that the Kontent.ai application is used in compliance with applicable laws.