EMBR Group Pty Ltd – Data Storage Policy

  1. Purpose

The purpose of this policy is to ensure that all lead data collected, stored, and distributed by EMBR Group Pty Ltd (EMBR) is handled securely, in full compliance with Australian law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy also recognises compliance with other data protection frameworks, such as the General Data Protection Regulation (GDPR), where EMBR Group collects or processes data from individuals outside Australia.

EMBR use Databowl to capture, store and distribute lead data.

 

Who is Databowl?

Databowl is one of the most advanced, enterprise-grade lead management platforms in the world. They have a global customer base of blue-chip companies and major brands who rely on privacy, security and deliverability. EMBR have processed over 5 million leads over the past 5 years through our Databowl instance, with zero compromise.

69 Cornish Place, Sheffield, S6 3AF

[email protected]

+44114 299 9120

Company No. 09033917 – VAT No. GB211870728

https://www.databowl.com/privacy-policy/

 

  1. Scope

This policy covers:

  • Data Capture – information collected via web forms, campaigns, and other lead-generation activities.
  • Data Storage – secure storage of lead data within Databowl and any connected systems.
  • Data Distribution – transfer of lead data via API to clients, partners, or integrated platforms.
  • Data Retention & Deletion – rules around how long data is retained and how it is disposed of.
  1. Data Classification

All lead data is classified as Confidential Information, which includes:

    • Personally Identifiable Information (PII) such as names, phone numbers, emails, addresses.
    • Campaign-specific details collected from prospects.
    • Metadata relating to lead source and distribution.
  1. Data Capture Practices

    • All data capture forms must include clear consent statements that meet the requirements of the Australian Privacy Principles (APP 1–5).
    • Only data necessary for business purposes will be collected.
    • Data must be transmitted securely using HTTPS/TLS protocols.
  1. Data Storage Practices

    • All lead data is stored within Databowl, a secure lead management platform.
    • Databowl and EMBR implement encryption at rest and in transit in compliance with Australian cybersecurity standards.
    • Access to stored data is restricted based on role-based permissions and is regularly reviewed.
    • All user access is logged and monitored.
  1. Data Distribution Practices

    • Lead data is distributed via Databowl’s API, using secure authentication and encryption methods.
    • API integrations must be reviewed and approved by EMBR’s data protection officer (or nominated IT lead or General Manager).
    • Data may only be shared with authorised partners/clients who agree to comply with the Privacy Act 1988 (Cth) and other applicable laws.
  1. Data Retention and Disposal

    • Lead data will be retained only for as long as necessary for the purposes for which it was collected, in line with APP 11 (security of personal information).
    • Default retention period: 24 months, unless required longer for contractual or legal obligations.
    • At the end of the retention period, data will be securely deleted or anonymised.
    • EMBR will respond promptly to data subject requests for access, correction, or deletion under the Australian Privacy Principles.
  1. Security Measures

    • Multi-factor authentication (MFA) is required for staff accessing Databowl.
    • Regular security reviews and penetration testing are conducted to ensure compliance with Australian cybersecurity standards.
    • Staff undergo annual training on data privacy and Australian privacy law.
    • Any eligible data breach will be reported in accordance with the Notifiable Data Breaches (NDB) Scheme under the Privacy Act.
  1. Legal Compliance

EMBR Group explicitly acknowledges and confirms that it:

    • Abides by and complies with Australian law, including the Privacy Act 1988 (Cth), the Australian Privacy Principles, and any other applicable state or federal regulations.
    • Applies GDPR compliance measures only when collecting or processing data from residents of the European Union or other jurisdictions requiring GDPR adherence.
  1. Policy Review

This policy will be reviewed annually or sooner if:

    • Australian legislation or privacy regulations are updated.
    • EMBR adopts new platforms or processes affecting data management.
    • Security risks are identified that warrant an update.