At Kovalent we understand that we have a responsibility to protect your privacy and
carefully as it contains information on who Kovalent is and how and why we collect,
store, process and use your personal data. Your rights in relation to any of your
the event you need to contact us.
We collect, use and manage certain types of personal data about you. When we store data
we comply with the requirements of the jurisdictions where we operate including those of
Australia and the General Data Protection Regulation (GDPR) which covers the storage and
processing of personal data for subjects of the European Economic Area (EEA) and United
We, our, us: Kovalent Pty Ltd trading as Kovalent or Kovalent Systems
with registered offices at Suite 4, Level 1, 30 Bayfield Street, Rosny Park, Tasmania,
7018, Australia. Our ABN is 38 636 900 528.
Our data protection officer: Attn DPO Officer, Kovalent Pty Ltd, Suite 4,
Level 1, 30 Bayfield Street, Rosny Park, Tasmania, 7018, Australia. You can contact the
data protection officer at firstname.lastname@example.org.
Personal data: any information relating to an individual or that can
identify you as a specific individual.
Data we may collect about you
The personal data we collect about you varies depending on which product and service we
provide to you. When you use our products and services we may collect and use the following
personal data about you, including but not limited to:
- Your name and contact information
- If you are using a paid-for service we may store and process your payment information
- Uniquely identifying numbers such as your account number with us
- Your purchase and billing history
- Usernames and passwords for our products and services
- Content of communications with us
- Access and usage logs containing IP addresses when you use our services
We collect this personal data for the required operation and usage of our products and
services. Further details are described below. If you do not consent to provide certain personal
data you may not be able to use some of our products or services.
How we collect your personal data
We collect your personal data from you directly in person, by communication methods such
as telephone, post or email or by you using our products and services. We do not collect
information on you from third parties unless requested by you during the use of one of
our products or services. We may collect identifying personal data during routine accessing
of our products and services in access logs.
When and why we use your personal data
We only use your personal data where we have your consent, at your direct request, to
comply with a legal or regulatory requirement or where your data is needed for the
usage of one of our services or products.
We may use and process your personal data which you have provided to us or which we have
collected through your use of our products and services. Uses include but is not limited to:
- To perform services or to provide products to you
- Identify, fraud and security checks on you when you enter into a contract with us
- Screening for financial or political embargoes for compliance with legal and regulatory obligations
- Complying with lawful legal proceedings
- Ensuring terms and conditions you have agreed to when using our products and services are complied with
- Internal operational reasons, for example training and improving our products and services
- Analysis to prevent unauthorized access to information systems and data we control
- Ensuring safe work practices
- Marketing to existing customers, for example using your personal data in direct marketing messages to you
- External audits by authorized auditors
- To transfer between our products and services when you request their interoperability
References and links to third party content
Any links or references to third party content outside of any product or service operating by us is
We may use your personal data such as your name, email address and unique customer number to send you
marketing emails which include updates and notices about our products and services where you are already
an existing customer. This is a legitimate use of your personal data to which you have consented to by
using our products or services. You may opt out of marketing communications from us by using the
"unsubscribe" link which is included in every digital marketing communication.
Under legal requirements we may ask you to confirm your marketing contact preferences and contact details
from time to time.
We will never provide your contact details to a third party to send marketing notices other than in the
operation of our direct marketing communications. For example we may store your personal data with a
listed data processor for the act of sending our direct marketing communications but we will not sell
or otherwise distribute your personal data to any other party.
Who we share your personal data with
When you sign up to our products and services you consent to us storing and processing your personal data
- Companies owned and operated by us
Third parties that help us operate our products and services such as internet service companies and
- Third parties involved in business operations such as banks, accountants, auditors and insurance providers
Personal data will only be shared with authorized third parties who have compliant and compatible privacy
policies and who take appropriate measures to protect your personal data.
In addition to the above, our specified third parties may share personal data with external auditors,
accountants and other professional entities such as lawyers during the operation of their businesses
as required by legal or regulatory obligations.
Specific third parties your personal data is shared with
During the running and operation of our products and services we routinely use the following third
parties to store and process your personal data:
- Amazon Web Services Australia Pty Ltd. Registered in Australia. Used by us for general data storage and processing services such as internet services hosting.
- DigitalOcean LLC. Registered in the United States. Used by us for general data storage and processing services such as internet services hosting.
- Rackspace International GmbH. Registered in Switzerland. Used by us for general data storage and processing services such as internet services hosting.
- Hetzner Online GmbH. Registered in Germany. Used by us for general data storage and processing services such as internet services hosting.
- OVH Australia Pty Ltd. Registered in Australia. Used by us for general data storage and processing services such as internet services hosting.
- Mailgun Technologies, Inc. Registered in the United States. Used by us for email delivery.
- Cloudflare, Inc.. Registered in the United States. Used by us as a global CDN and for information security services.
- Gandi International SARL. Registered in Luxembourg. Used by us for domain name registrations.
- Nominet UK Ltd. Registered in the United Kingdom. Used by us for domain name registrations.
- Fastmail Pty Ltd. Registered in Australia. Used by us for email services.
- BunnyWay d.o.o.. Registered in Slovenia. Used by us as a global CDN.
This list of third party companies used by us may be updated regularly.
Where your personal data is held
Your personal data may be processed and stored globally either by us directly or with one of the
listed companies above. Some third parties may store and process your personal data outside of
Australia, the United States, the UK or EEA or other specific region. All third parties used by
us to store personal data have compatible upstream privacy policies.
In situations where we are are sub-processor for another company personal data may be kept within
specific regions such as Australia, The United States, the UK or EEA or other specific region.
How long your personal data will be stored
Your personal data will only be kept for the usage of our products and services. If you no longer
use our products and services we will delete or anonymize your your personal data within 12 months
or as required by any legal or obligatory requirements, whichever is sooner.
After the required retention period has elapsed your personal data will be deleted or anonymized.
Personal data transfers out of specific regions
Countries outside of the specific regions where we operate, including Australia, the United States,
the UK and EEA have different data protection laws which can provide alternative levels of protection
for your personal data. When your personal data is stored within Australia, the United States, the UK
or EEA or other specific region it is occasionally required that we transfer personal data to a different
region during the operation of our products and services. When this occurs we will comply with applicable
laws and regulations designed to ensure the privacy and security of your personal data.
Where we are a sub-processor for a product or service provided to a third party company, usually
our client, they may have an additional more comprehensive agreement with us. For example
when providing internet services including data storage and processing to our clients they may have
agreements with us that their services and products only have data stored and processed within a
specific region such as Australia, the UK or EEA.
Where your personal data is stored in the UK or EEA we will only transfer it outside of the UK or
EEA in compliance with article 45 of the GDPR covering adequacy regulation. You should refer to the
GDPR for the up to date list of countries which have adequately compliant regulations for personal data.
Where our products and services are global in operation your personal data may be processed globally
before being stored in a region with adequate protection for your personal data. Where we act as
a sub-processor your personal data may be processed globally before being stored in a specific region.
For example, a sub-processor agreement may require your personal data to be stored in the EEA however
due to how the internet functions at a technical level your personal data may transit through a
different region and be processed prior to storage in the EEA.
You may, at no cost to you, exercise the following rights to your personal data:
Request a copy of any personal data we store about you and optionally in a format that can be
easily processed by you
- Provide updates for any personal data we store about you
- Request we delete any personal data we store about you
Request we or a third party utilized by us to stop processing your data which may restrict
your access to our products or services
- Request we stop sending you communications
- To withdraw previously provided consent on how we store and process your personal data
Where we are a sub-processor for another company and we have not directly collected your personal
data, your request may be forward to the third party to action where reasonable. For example, where
we provide data storage or processing services to another company any requests regarding data
collected by the third party will be referred to the third party to process. Requests from any
jurisdiction where we operate that are accompanied by legally binding authorization will be complied
with regardless of your personal data being collected directly or through a sub-processor agreement
with a third party company.
In some jurisdictions we operate your legal rights may vary. We operate global services and
Where appropriate and reasonable we offer expanded rights beyond our legal requirements including
but not limited to appointing a data protection officer for all global services and offering the
right to be forgotten for all data subjects that use our products and services, including those
outside of the UK and EEA.
We apply appropriate and suitable security measures to prevent personal data from being accidentally
lost, used or accessed unlawfully. Access to personal data stored and processed by us is limited to
authorized employees and authorized third parties who have a legitimate business need to access it.
All personal data stored and processed by us, including personal data collected by third parties and
stored and processed by us as a sub-processor, is secured using industry standard methods such as
suitable levels of encryption and authentication in both transit and at rest.
We, and third parties approved by us, only process and store your personal data in an authorized way
and under the requirements of operating our products and services. We continually test our systems
and infrastructure and apply regular updates to our security policies to ensure we follow industry
standards and best practices for information and data security.
In the event of any suspected data security breaches we will notify you and any applicable regulatory
authority where we are legally required to do so.
Contact and requests
or about how we store and process your personal data. You can also exercise your rights under the
laws of your jurisdiction to make a complaint. You can email us at email@example.com or write
to us at Suite 4, Level 1, 30 Bayfield Street, Rosny Park, Tasmania, 7018, Australia.
has been published.