Privacy Policy
Privacy and Data Protection Policy
VERMIS AI PTY LTD and its related entities (operating as "Docci.ai", "we", "our" or "us") have created this Privacy and Data Protection Policy (the "Policy") to demonstrate our respect, commitment and vigilance in safeguarding the privacy and data security of the individuals and organizations with whom we deal and to ensure compliance with all applicable privacy and data security laws.
We collect, use and keep information in compliance with the Australian Privacy Principles set out in the Australian Privacy Act 1988 and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") and all relevant regulations.
This Policy aims to give you information on how VERMIS AI PTY LTD (operating as Docci.ai) collects, processes and uses your personal data, including when you contact us, visit our website, apply for a job, or use our products or services. Please note that:
- you agree to the terms and conditions of this Policy if you choose to use our website, products and/or services; and
- this Policy does not apply to any products, services, websites or content that are offered by third parties or have their own privacy policy or notice.
Personal data we may collect from you
The nature of our products and services and the fact we operate in a business-to-business ("B2B") environment means that we retain very little or none of your personal data, and we continue to strive to ensure that we retain as little personal data as possible of our clients.
The personal data we collect, hold, use or disclose about you depends on the nature of our interactions and the circumstances about its collection. We may collect and process the following data about you:
- contact and identity data – such as your name, email, job title, industry, address and telephone number(s)
- technical data – including your Internet Protocol (IP) address, login data, operating system and web browser type, browser plug-in types and version, traffic data, location (and other communication) data and the resources that you access
- profile data – including usernames, passwords, and feedback data
- usage data – including how you use our website, products or services
- communications and marketing data – including your communication preferences and communications in receiving marketing from us
We may also collect other data you choose to provide to us and details of the interactions that you have with us.
Document Usage
At Docci.ai, we take your document privacy very seriously. We want to be clear that any documents you upload to our platform are only used for the specific purpose of providing our document processing services to you. These documents:
- Are only processed to deliver the specific service you've requested
- Are not used for training our models without your explicit consent
- Are not shared with third parties except as necessary to provide our services
- Are handled according to the security measures outlined in this policy
We understand the sensitive nature of business documents and have designed our systems to maintain the confidentiality and integrity of your information at all times.
How we may collect your personal data
Whenever it is reasonable and practicable to do so we will collect data about you directly from you. We do this in various ways including when:
- enter and use our website – as you interact with our website, we will collect technical data (e.g. about your equipment, browsing actions and patterns) either automatically by using cookies and other similar technologies or from other websites that you visit which use our cookies
- purchase our products and services – if you purchase or use our products or services, we may use your personal data for specific purposes, including verifying your credentials, carrying out end user compliance checks for export control purposes, and processing orders and generating billing information
- request and receive marketing communication
- submit a job application
We may also collect data about you through our business relationships and contacts as well as from third-party sources, including publicly available sources such as Twitter, Facebook pages, LinkedIn profiles, company websites and online directories.
Why we collect, hold, use and disclose your personal data
Data about our clients is a critical part of our business and we are not in the business of selling our clients' personal data.
We collect, hold, use and disclose personal data for a range of purposes, including:
- to verify your identity
- to enable secure access to our website
- to help us operate, protect, improve and develop our products and services
- to measure, support and improve the presentation and content of our website
- to provide, recommend and personalize our products and services to you
- to provide technical support
- to respond to feedback, queries or complaints from you
- to customise and enhance your experience
- to provide you with information that is relevant to your use of our products and services
- to market and promote our products and services
- to notify you about changes to our products and services
- to direct you to content or to provide you with information, products and services which we feel may be of interest to you and your business
- to perform any contract we are about to enter into or have entered into with you, including notification of changes to our products and services
- to participate in any potential corporate activity or transaction that involves us or our assets
- to manage relationships with our clients, suppliers and contractors
- to comply with any legal or regulatory obligations
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
If we are unable to collect your personal data, we may not be able to communicate or respond to you or do business with you or your organisation.
We have set out below, in a table format, a description of the primary ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
| Purpose/Activity | Lawful basis |
|---|---|
| To register you as a client or account holder | To perform a contract with you |
| To manage our relationship with you | (a) To perform a contract with you (b) To comply with a legal obligation (c) For our legitimate interests (to keep our records updated and to analyse how clients use our products or services) |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) To comply with a legal obligation (b) For our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | For our legitimate interests (to analyse how clients use our products or services, to develop them, to grow our business and to inform our marketing strategy) |
| To use data analytics to improve our website, products/services, marketing, client relationships and experiences | For our legitimate interests (to define types of clients for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| To make suggestions and recommendations to you about goods or services that may be of interest to you | For our legitimate interests (to develop our products or services and grow our business) |
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates or third parties. The linked sites are not under the control or supervision of VERMIS AI PTY LTD (Docci.ai). If you follow a link to any of these websites, please note that these websites have their own privacy policies or notices and that VERMIS AI PTY LTD (Docci.ai) does not accept any responsibility or liability for these policies or notices. We recommend that you check these policies or notices before you submit any personal data to these websites. These links are provided merely as a convenience, and do not imply any endorsement of the site by VERMIS AI PTY LTD (Docci.ai).
Children's privacy
Docci.ai products and services are not designed for and are not marketed to people under the age of eighteen (18) or such other age designated by applicable law ("minors"). We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our products or services. If you are a minor, please do not use our products or services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us at privacy@docci.ai if you believe we might have personal information from or about a minor that should be removed from our system.
Marketing and promotion
You have the right to withdraw consent to marketing at any time by contacting us or by using the opt-out links in our communications.
Where you opt out of receiving these promotional or marketing messages, this will not apply to personal data provided to us as a result of a product or service purchase.
If you are an existing client, we will only contact you by email with information about products and services similar to those that were the subject of a previous sale to you.
We will not sell or rent your personal information to third parties or share your data with third parties for marketing purposes. We may use third party software to send you information for marketing purposes, but such third parties will not have access to or be able to read your personal information.
If you receive an email which claims to come from us but does not use our domain, or if you are suspicious that an email may not be approved by us, then please send a copy of the email to privacy@docci.ai so we can investigate.
Cookies and Analytics
We use Internet Protocol ("IP") addresses to analyse trends, administer our websites, track your navigations among out webpages and gather broad information for aggregate use. Our web servers may also send a small data file known as a "cookie" to your internet browser or hard drive. We may use cookies to help us personalise and improve your experience with us and to ensure that our site stays easy to navigate and useful. For example, cookies may be used to track your onsite behaviour to ensure sites or pages work correctly.
Analytics Services
We use the following analytics services to understand how users interact with our website and services:
- Google Analytics: We use Google Analytics to collect information about how visitors use our website. Google Analytics uses cookies to collect information such as how often users visit the site, what pages they visit, and what other sites they used prior to coming to our site. We use this information to improve our website and services. Google Analytics collects only the IP address assigned to you on the date you visit our site, rather than your name or other identifying information. We do not combine the information collected through Google Analytics with personally identifiable information.
- PostHog: We use PostHog to collect information about user interactions with our platform. PostHog helps us understand user behavior, feature usage, and product engagement. It collects information such as clicks, page views, and user journeys through our application. This information helps us improve our product experience and develop features that better meet our users' needs.
Analytics Opt-Out
You can opt out of Google Analytics by using the Google Analytics Opt-Out Browser Add-on. For PostHog, you can contact us at privacy@docci.ai to request that your data not be tracked.
Most cookies don't collect personal data and only contain coded information that cannot be used by third parties to access your personal data. In addition, some cookies remain only for so long as you leave the website (i.e. session cookies) while others remain for a set period of time after session (i.e. persistent cookies) unless deleted by you. Most web browsers allow you to adjust settings to erase, refuse, disallow all or some cookies, or alert you when websites set or access cookies. We note that some parts of our websites may become inaccessible or not function properly if you disable or refuse cookies.
We or third parties may use cookies and other technologies such as chat bots, web beacons and JavaScript on our websites in connection with online services (including banner advertising, website analytics and surveys). These technologies enable information to be collected about your use of our websites (including your computer's IP address), which may be stored in Australia, the United States, or other countries. The information collected by these technologies give us and third party collectors the ability to deliver customised advertising content, measure advertising effectiveness, evaluate the use of our websites and other websites and provide other services relating to website activity and internet usage. We and third parties (including Google Analytics, Google AdSense, DoubleClick, Yahoo, Adobe, Bing, Kenshoo, Microsoft, PostHog and Segment) may also transfer collected information to others where, for example, required by applicable law or regulation, or where those third parties process the information on our behalf.
Personal data transfer, storage, security and processing
The security of your personal data is fundamental to the way that we do business and starts with our core infrastructure.
We endeavour to hold all personal data securely in accordance with our internal security procedures, industry standards and applicable law. We update and test our security on an ongoing basis. While we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website through the internet; any such transmission is at your own risk and we ask that you only do so in a secure environment.
We maintain appropriate administrative, physical, technical and organizational measures to protect your personal data received, accessed or processed by us against unauthorized or unlawful processing or accidental loss, destruction, damage or disclosure.
As a global enterprise, we have international sites and users all over the world. When you give us personal data, that data may be used, processed or stored anywhere in the world, including countries outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. We will take reasonable steps to prevent or stop such processing where we know that a supplier is using or sharing personal data in a way that is contrary to this Policy.
By submitting your personal data, you agree to this transfer, storing or processing of your personal data.
Personal data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Keeping your personal information complete, accurate and accessible
We take all reasonable measures to ensure that all personal data we collect, hold and use is complete, up to date and relevant. You can contact us at any time (using the "Contact Details" below) to request access to or to correct your personal information. Once we have verified your identity, we will generally provide you access to your personal data. However, there may be some instances where we are permitted or required (such as by law or regulation) to deny access or where we may refuse to correct your personal data. In such a situation, we will communicate the reasons for our decision. If we do not allow you to access or correct such data, and you do not agree with our decision, you can make a complaint by following the process below.
Keeping your personal information complete, accurate and accessible
GDPR gives you certain rights with respect to your personal data, including the right to access information held about you.
In accordance with the GDPR, you can exercise your right of access by emailing our Data Protection Officer and make one of the following requests:
- information about how your personal data is processed
- a copy of your personal data
- raise an objection about how your personal data is processed
- erasure of your personal data if there is no longer a justification for it
- restricting the processing of your personal data in certain circumstances
- opt out of the use of your personal data for any purposes or a specific purpose
Our Data Protection Officer is our General Counsel, contactable at privacy@docci.ai.
Questions, concerns and complaints
If you have any questions, concerns or complaints about how we have handled your personal information, then you may contact us using our "Contact Details" below. To help us respond to you, please include as much detail as possible about the information that you would like to access or correct and, if applicable, how you'd like to access this information.
If you are not satisfied with our response, you can contact us to further discuss your concerns or exercise your legal rights in the relevant jurisdiction. For example, in Australia, you may lodge a complaint with the Australian Information Commissioner (for more information here, please visit: www.oaic.gov.au).
Changes to this Policy
VERMIS AI PTY LTD (Docci.ai) reserves the right to amend this Privacy and Data Protection Policy at any time, for any reason, without notice to you, other than the posting of the updated Privacy and Data Protection Policy at this website. We encourage you to regularly check our website for any such updates and to see the current Privacy and Data Protection Policy that is in effect and any changes that may have been made to it. By continuing to use our website and or otherwise deal with us, you accept the terms and conditions of this Policy and our Website Terms of Use, as they apply from time to time.
Contact Details
If you would like more information about our approach to privacy and data protection, or if you wish to contact us regarding the terms in this Policy and how it may apply to you, please contact us:
- by email: wilmer@docci.ai