myDeskee (“myDeskee”, “we”, “us”) operates a helpdesk and support-portal SaaS for Pacific service teams. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights available to you under the laws of the Pacific region in which you reside.
We aim to comply with the privacy frameworks in the jurisdictions where our users and customers are based. Where laws differ, we apply the higher standard.
Australia · Privacy Act 1988 (Cth) New Zealand · Privacy Act 2020 Fiji · Constitution Art. 24 PNG · Cybercrime Code Act 2016
1. Who we are and how to contact us
myDeskee is the data controller for personal information collected through this website and through the myDeskee application. To exercise any right described in this policy, or to raise a privacy concern, contact us at [email protected].
2. Personal information we collect
2.1 Information you provide directly
- Account information – company name, contact name, email address, and chosen package when you request access through this site or activate a tenant.
- Authentication credentials – hashed passwords and (optionally) TOTP 2FA secrets, stored encrypted at rest.
- Support content – ticket subjects, ticket bodies, internal notes, attachments, and knowledge-base articles created by you or your users within your tenant.
- Communications – emails, messages and any other correspondence you send us.
2.2 Information we collect automatically
- Log data – IP address, user agent, request paths, timestamps. Used for security, abuse detection, and audit.
- Cookies and similar technologies – strictly-necessary cookies for authenticated sessions and CSRF protection. We do not use third-party advertising cookies.
- Audit events – login attempts, role changes, attachment downloads, tenant administration actions. Retained per Section 7.
2.3 Information we do not collect
- We do not sell personal information.
- We do not use behavioural advertising networks on this site.
- We do not require unnecessary identity verification beyond what your package and security configuration require.
3. How we use personal information
We use personal information to:
- Provide, maintain and improve the myDeskee service;
- Authenticate users and enforce tenant isolation and role-based access;
- Send transactional emails (account activation, password reset, ticket replies, notification events);
- Investigate suspected abuse, fraud or security incidents;
- Comply with our legal obligations under the laws listed in Section 12.
We rely on the legal grounds appropriate to your jurisdiction – contract performance, our legitimate interests in operating a secure platform, your consent where required, and compliance with applicable Pacific-region law.
4. Sharing and subprocessors
We share personal information only with the limited set of subprocessors needed to operate the service:
- Cloud hosting and storage – to host the application and store tenant data;
- Email delivery – for transactional and notification email;
- CDN and DDoS protection – for site delivery and abuse mitigation;
- Backup providers – for encrypted offsite backups.
A current subprocessor list is available on request to [email protected]. We do not disclose personal information to third parties for advertising or independent commercial use.
5. Cross-border data transfers
myDeskee operates from the Pacific region. Some of our infrastructure providers store data in Australia, New Zealand or other approved jurisdictions. Where we transfer personal information from your country of residence to another country:
- For Australian users, we apply Australian Privacy Principle 8 (cross-border disclosure) and reasonably ensure recipient handling is consistent with the APPs.
- For New Zealand users, we apply Information Privacy Principle 12 of the Privacy Act 2020, which requires comparable safeguards in the destination.
- For Fiji, PNG and other Pacific users, we apply equivalent contractual safeguards with recipients.
6. Security
We design the service so security is enforced server-side, not by hiding controls in the UI. Specific measures include:
- Tenant isolation enforced on every read and mutation;
- Role-based access controls enforced in application controllers;
- Rate-limited login and password-reset flows; email-enumeration-resistant responses;
- Optional TOTP-based 2FA for tenant admins and platform operators (encrypted at rest);
- HTTPS-only delivery with HSTS; security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy);
- Authenticated, signed URLs for attachment downloads; direct attachment URLs return 403;
- Encrypted offsite backups with documented restoration procedures.
Where required, we notify affected individuals and the relevant regulator of eligible data breaches in accordance with the Notifiable Data Breaches scheme (AU) and the breach-notification provisions of the Privacy Act 2020 (NZ).
7. Retention
We retain personal information only for as long as we need it for the purposes set out in this policy, or as required by law:
- Account & tenant data – for the life of the subscription, plus 90 days for offboarding and export.
- Support tickets & KB articles – for the life of the tenant; you may delete or export them at any time.
- Audit logs – 24 months by default; configurable per tenant within statutory limits.
- Email delivery logs – 90 days.
- Backups – rolling 30 days, after which they are securely overwritten.
8. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you;
- Correct information that is inaccurate or incomplete;
- Delete information where retention is no longer required;
- Export your personal information in a portable, machine-readable format;
- Withdraw consent where processing is based on consent;
- Complain to the privacy regulator in your jurisdiction (see Section 13).
To exercise any of these rights, contact [email protected]. We will respond within the statutory timeframe for your jurisdiction, and in any event within 30 days.
9. Cookies
This website and the myDeskee application use only strictly-necessary cookies – authenticated session cookies and CSRF protection. We do not use cookies for cross-site tracking, behavioural advertising, or audience profiling. We do not embed third-party advertising pixels.
10. Children
myDeskee is intended for business and organisational use. It is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact [email protected] and we will take prompt steps to delete it.
11. Changes to this policy
We may update this policy from time to time. Where the change is material, we will notify customers by email and through the application. The “Last updated” date at the top of this page reflects the current version.
12. Applicable legislation
This policy is written to be consistent with the privacy laws of the Pacific region, including:
- Australia – Privacy Act 1988 (Cth), the Australian Privacy Principles, the Notifiable Data Breaches scheme, the Spam Act 2003 (Cth).
- New Zealand – Privacy Act 2020, the Information Privacy Principles, the Unsolicited Electronic Messages Act 2007.
- Fiji – Article 24 (right to personal privacy) of the 2013 Constitution of the Republic of Fiji; Online Safety Act 2018; Cybercrime Act 2021.
- Papua New Guinea – Section 49 of the Constitution (right to privacy); National Information and Communications Technology Act 2009; Cybercrime Code Act 2016.
- Other Pacific jurisdictions – applicable constitutional rights to privacy and locally enacted cybercrime / online safety legislation.
13. Complaints and regulators
If you are not satisfied with our response to a privacy concern, you may complain to the relevant regulator:
- Office of the Australian Information Commissioner (OAIC) –
oaic.gov.au - Office of the Privacy Commissioner of New Zealand –
privacy.org.nz - Fijian Human Rights and Anti-Discrimination Commission – privacy and dignity complaints under the 2013 Constitution.
- National Information and Communications Technology Authority (NICTA, PNG) – telecommunications and ICT consumer matters.
If your jurisdiction is not listed, contact [email protected] and we will help you identify the appropriate regulator.