Personal information includes information or an opinion about an individual that is reasonably identiﬁable. For example, this may include your name, age, gender, postcode and contact details. It may also include ﬁnancial information, including your credit card information or information from your interactions with us or otherwise visits to our website.
1. What personal information do we collect?
We may collect the following types of personal information:
- mailing or street address;
- email address;
- telephone number and other contact details;
- credit card information;
- your device ID, device type, geo-location information, computer and connection information, statistics on page views, trafﬁc to and from the sites, ad data, IP address and standard web log information;
- details of the products and services we offer or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
- any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys; or
- any other personal information that may be required in order to facilitate your dealings with us.
2. How do we collect personal information?
We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:
- register an account or a user for our web-based platform and services
- register on our website or app;
- communicate with us through correspondence, phone, email, chats or otherwise; or
In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. As our employee, we may also collect certain information from you in connection with your employment relationship with us.
Certain privacy and data protection legislation (including, for example, the Privacy Act 1988 (Cth) (Privacy Act) in Australia) contains certain exemptions in relation to certain acts undertaken in relation to employee records and related bodies corporate. Where appropriate we make use of relevant exemptions in that legislation.
We endeavour to collect your information directly from you. However, in some circumstances we may collect your information from third parties, such as your employer or contracting organisations, a service provider or from a publicly available record.
3. Why do we collect, hold, use and disclose personal information?
We may collect, hold, use and disclose your personal information for our business operations and activities, including for the following purposes set out in the table below.
In certain circumstances, we may collect, hold, use and disclose personal information of individuals who are in the European Union in a manner that means that the General Data Protection Regulation (Regulation (EU) 2016/679) applies. Where that is the case, we do so for the applicable lawful bases set out in the table below.
Why we collect, hold, use and disclose personal information:
- To enable you to access and use our services and to access and use our website
- To operate, protect, improve and optimise our services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing
- To send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you
- To send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting
- To administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners
- To comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties
- To consider your employment application and to administer your employment relationship with us
Lawful basis (for purpose of the GDPR):
- For our legitimate interests in being able to provide our services as requested.
- For our legitimate interests in operating our business efﬁciently and effectively.
- Your consent (if given to us). Performance of a contract and manage our relationship with you.
- Your consent (if given to us).
- Compliance with our legal obligations. For our legitimate interests in enforcing our contractual and legal rights.
- Performance of a contract with you. Compliance with our legal obligations. For our legitimate interests in operating our business efﬁciently and effectively.
Where permitted under relevant privacy and data protection legislation, we may also use and disclose your personal information for any purposes (secondary purposes) related to any of the purposes above which would be reasonably expected in the circumstances.
We collect personal information about you in order to provide our services to you and so that we may contact you to obtain your instructions in relation to our services. If you do not provide this personal information to us, we may not be able to provide our services or perform our services to the same standard.
In addition, when you apply for a job or position with us, we collect your personal information so we can assess whether job applicants are qualiﬁed to work with us, to support and manage our relationships with our staff, and comply with our legal requirements. If you don’t provide us with your personal information, you may not be able to work with us.
4. Do we use your personal information for direct marketing?
We may send you direct marketing communications and information about our products and services.
This may take the form of emails or other forms of communications in accordance with relevant legislation (including, in Australia, the Spam Act 2003 (Cth) and the Privacy Act). You may opt-out of receiving marketing materials from us by using the opt-out function contained within these emails or communications.
5. To whom do we disclose your personal information?
- our employees and related bodies corporate;
- third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
- professional advisers, dealers and agents;
- payment systems operators (e.g. merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
6. Disclosure of personal information outside Australia
We may disclose your personal information outside Australia to our employees and related bodies corporate; HubSpot or other CRM software provider; BigCommerce, Stripe or other e-commerce and financial services software provider; and Microsoft and Google data centres, located in the European Union, New Zealand, United Kingdom and the United States.
When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with Australian Privacy Principles (APP).
7. Storage of personal information
We will store your personal information for so long as required for the purposes for which it was collected or for any secondary purpose permitted under the APP. After this time, we will continue to store your personal information to the extent required by any law applicable to our business or for compliance and risk management purposes. We will take reasonable steps to delete or de-identify your personal information when it is no longer necessary or required to be kept.
8. Using our website and cookies
We may collect personal information about you when you use and access our website.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small ﬁles that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
We may hold your personal information in either electronic or hard copy form.
We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modiﬁcation or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. However, we cannot guarantee the security of your personal information, particularly any information that is transmitted over the internet.
Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained.
11. Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the contact information set out below. Sometimes, and where permitted by law, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
12. Making a complaint
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (OAIC) (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
13. Additional matters relating to individuals in the European Union
13.1 Overseas recipients
The transfer of personal information in such circumstances will be undertaken with your consent.
13.2 Additional data rights for residents of the European Union
Under the European Union (EU) General Data Protection Regulation (GDPR), as a data subject you have the right to:
access your data;
- have your data deleted or corrected where it is inaccurate;
- object to your data being processed and to restrict processing;
- withdraw consent to having your data processed;
- have your data provided in a standard format so that it can be transferred elsewhere; and
- not be subject to a decision based solely on automated processing
We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please contact us using the details set out below if you would like to make a Data Subject Rights request.
You have a right to lodge a complaint in respect of our processing of your personal information with the data protection supervisory authority in the member state of the European Union that you ordinarily reside or work in.
14. Contact Us
Level 9/120 Sussex Street
Sydney NSW 2000