Sprocket 365 Logo
Book demo
Try for free
Login

Last updated: 9 May 2025

Privacy Policy

This Privacy Policy describes how Sope Web Technologies Pty Ltd (“Sope”, “we”, “us” or “our”) collects, uses, stores, and protects your personal information when you use Sprocket 365 (the “Service”).
Sprocket 365 is a Microsoft SharePoint-based application suite published on Microsoft AppSource and distributed globally. This policy applies to all users of the Service, including users located in Australia, the European Union, and other jurisdictions.
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

Interpretation

Words with capitalised initial letters have defined meanings as set out below. These definitions apply whether the terms appear in singular or plural form.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for you to access the Service or parts of the Service.
  • Application refers to Sprocket 365, the software program provided by the Company.
  • Company (referred to as “the Company”, “We”, “Us” or “Our”) refers to Sope Web Technologies Pty Ltd, 595 Collins Street, Melbourne VIC 3000, Australia.
  • Data Controller means the entity that determines the purposes and means of processing personal data. For the purposes of this Privacy Policy, the Company is the Data Controller.
  • Data Subject means any individual whose personal data is processed by the Company.
  • Device means any device that can access the Service, such as a computer, mobile phone, or tablet.
  • Personal Data means any information that relates to an identified or identifiable individual.
  • Service refers to the Sprocket 365 Application.
  • Service Provider means any third party who processes data on behalf of the Company to facilitate or improve the Service.
  • Usage Data refers to data collected automatically from use of the Service or its infrastructure.
  • You means the individual or legal entity accessing or using the Service.

2. Data Controller

The Data Controller responsible for your personal data is:

Sope Web Technologies Pty Ltd
595 Collins Street, Melbourne VIC 3000, Australia
Email: [email protected]
Website: sope.com.au

If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us using the details above.

3. Data We Collect

Personal Data

While using the Service, we may collect the following personally identifiable information:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City

Usage Data

Usage Data is collected automatically when you use the Service. It may include information such as your device’s IP address, browser type and version, pages of the Service you visit, time and date of your visit, time spent on pages, unique device identifiers, and other diagnostic data.

When you access the Service via a mobile device, we may also collect information about the device type, mobile device unique ID, mobile operating system, and mobile browser type.

4. Lawful Basis for Processing (GDPR)

For users located in the European Union or European Economic Area, we process your personal data on the following lawful bases under the General Data Protection Regulation (GDPR):

  • Performance of a contract: Processing is necessary to provide the Service you have requested or to take steps prior to entering a contract with you.
  • Legitimate interests: We process certain data where it is in our legitimate interests to do so, such as improving the Service, monitoring security, and analysing usage patterns, provided these interests are not overridden by your rights.
  • Compliance with a legal obligation: We may process data where required to comply with applicable laws or respond to valid legal requests from public authorities.
  • Consent: Where we rely on consent as a lawful basis, you have the right to withdraw your consent at any time by contacting us at [email protected]. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

5. How We Use Your Data

The Company may use your Personal Data for the following purposes:

  • To provide and maintain the Service, including monitoring usage and performance.
  • To manage your Account and your registration as a user of the Service.
  • To fulfil contractual obligations in connection with products or services you have purchased.
  • To contact you with updates, security notices, and information related to the Service.
  • To provide you with relevant news, special offers, and information about similar products or services, unless you have opted out of such communications.
  • To manage and respond to your requests and support enquiries.
  • For business transfers, such as in the event of a merger, acquisition, or sale of assets.
  • For data analysis, identifying usage trends, and improving the Service, products, and user experience.

6. Sharing Your Personal Data

We may share your personal information in the following circumstances:

  • With Service Providers: We may share your data with trusted third-party providers who assist us in operating and improving the Service, subject to confidentiality obligations.
  • For business transfers: Your data may be transferred in connection with a merger, acquisition, or sale of all or part of our business.
  • With affiliates: We may share data with our affiliates, who are required to comply with this Privacy Policy.
  • With business partners: We may share data with partners to offer relevant products, services, or promotions.
  • With your consent: We may share your data for any other purpose with your explicit consent.
  • For legal compliance: We may disclose your data where required by law, court order, or to protect the rights, property, or safety of the Company, its users, or the public.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including Australia and the United States, where data protection laws may differ from those in your jurisdiction.

For users in the European Union, any transfer of personal data outside the EEA is carried out in accordance with applicable GDPR requirements. Where personal data is transferred to countries not recognised by the European Commission as providing an adequate level of protection, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) as approved by the European Commission, or other lawful transfer mechanisms.

Microsoft Azure, which hosts the Sprocket 365 infrastructure, is a party to the EU-US Data Privacy Framework and implements SCCs for international data transfers. For more information, refer to Microsoft’s Data Protection Addendum at microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in this Privacy Policy, or as required by law.

  • Account data is retained for the duration of your active account and for up to 3 years following termination of your account or our contractual relationship, unless a longer retention period is required by law.
  • Usage Data is generally retained for up to 12 months and used for internal analysis to improve the Service, unless retention for a longer period is necessary for security purposes or legal obligations.
  • Data retained for legal compliance purposes will be held for the period required by the applicable law or regulation.

When your data is no longer required, we will securely delete or anonymise it in accordance with our data retention policy.

9. Your Rights

Rights Under Australian Privacy Law

Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to:

  • Access the personal information we hold about you.
  • Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
  • Make a complaint about how we handle your personal information.

Rights Under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the GDPR:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent.
  • Right to restriction of processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
  • Right to object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

Right to Lodge a Complaint

If you are an EU/EEA resident and believe we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with the data protection supervisory authority in your EU member state. A list of EU data protection authorities is available at: edpb.europa.eu/about-edpb/about-edpb/members_en

We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority. Please contact us first at [email protected].

10. Deleting Your Personal Data

You have the right to request deletion of the personal data we hold about you. You may submit a deletion request by contacting us at [email protected].

Please note that we may be required to retain certain data to comply with legal obligations, resolve disputes, or enforce our agreements. Where retention is required, we will inform you of the basis for retaining the data.

11. Security of Your Personal Data

The security of your personal data is important to us. Sprocket 365 is hosted on Microsoft Azure and uses industry-standard security measures including encryption at rest (AES-256), encryption in transit (TLS 1.2 or higher), role-based access controls, and continuous security monitoring through Microsoft Defender for Cloud.

We hold ISO 27001 certification for information security, which governs our security policies, risk management, and data protection practices across the organization.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

12. Children’s Privacy

The Service is not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact us at [email protected] and we will take steps to remove that information from our systems.

13. Cookies and Tracking

The Service and associated websites may use cookies and similar tracking technologies to monitor activity and improve user experience. Usage data collected through Application Insights (Microsoft Azure) is used for performance monitoring and service improvement.

EU/EEA users will be presented with a cookie consent notice in accordance with GDPR requirements. You may adjust your cookie preferences at any time through your browser settings.

14. Links to Third-Party Websites

The Service may contain links to third-party websites not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the Privacy Policy of every site you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date at the top of the document.

Where required by applicable law, we will notify you of significant changes by email or through a prominent notice within the Service prior to the change becoming effective.

We encourage you to review this Privacy Policy periodically. Changes are effective when posted on this page.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

Sope Web Technologies Pty Ltd
595 Collins Street, Melbourne VIC 3000, Australia
Email: [email protected]
Phone: 1300 777 653
Website: sope.com.au

For GDPR-related enquiries, please include “GDPR Request” in the subject line of your email.

This Privacy Policy is effective as of 9 May 2025 and supersedes all previous versions.