Data Protection & Security Policy

Data Protection & Security – RealOnline CMS

Effective: 30 August 2025

This page explains how RealOnline CMS manages and protects customer and partner data. It is provided for transparency and reassurance to clients, partners, and website visitors. It is not a legal agreement on its own; read it alongside our Terms of Service and Privacy Policy.

1. Scope

Applies to data handled in RealOnline CMS (public website content, public and private listing data, CRM contacts, notes and emails stored in Admin, and media/documents stored via our private CDN). Not all client setups include listings.

2. Principles

  • Lawfulness & transparency — handled in line with the Australian Privacy Principles.
  • Data minimisation — we collect and process only what is needed.
  • Purpose limitation — data is used for stated business purposes.
  • Accuracy — reasonable steps to keep information current.
  • Storage limitation — retained no longer than necessary.
  • Security — safeguarded against unauthorised access, alteration, or loss.

3. Storage & Security

Primary hosting is in Australia (Brisbane) with commercial-grade redundancy. Some assets are delivered via a secure, token-protected CDN with a Sydney POP. Backups run on a rolling 60-day cycle. We apply industry-standard technical and organisational measures, use encrypted connections where applicable, restrict access to authorised users, and maintain separate backup systems.

4. Roles & Access

Admin access is limited to our team and authorised Partners. Partners may grant and manage end-user access for their clients. End users can create and manage their own logins. Unique credentials must be used, with secure passwords. Access is revoked when no longer required.

5. Use & Disclosure

Data is used to provide and improve RealOnline CMS, support clients, and meet legal obligations. We do not sell personal information. We disclose data only:

  • as directed by the customer or Partner,
  • to trusted service providers under contract (hosting, email delivery, analytics, logging),
  • where required by law or to protect rights, property, or safety.

6. International Transfers

Personal information may be processed in Australia and, where service providers operate, in other countries. We take reasonable steps to ensure overseas recipients handle personal information in line with this page and applicable law.

7. Individuals’ Rights

Individuals may request access to, correction of, or deletion of personal information. If your account is managed by a Partner, contact the Partner first for account or content changes. We assist Partners and customers with requests as required by law.

8. Incident Response

If we become aware of a data breach, we act to contain and assess the issue, notify affected customers or Partners as soon as practicable, and follow the Notifiable Data Breaches scheme where applicable.

9. Training & Awareness

This page is available to staff, contractors, and Partners. Training may be provided where required by agreement or risk.

10. Review

Reviewed periodically to keep it accurate and effective. The most recent version is published here with the effective date.

11. Contact

Questions: support@realonline.com.au