Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your billing and credit card information.
What personal information do we collect?
We may collect the following types of personal information:
- mailing or street address;
- email address;
- telephone number and other contact details;
- your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
- details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
- any additional information relating to you that you provide to us directly through our website or indirectly through your use of our website or through other websites or accounts from which you permit us to collect information; or
- information you provide to us through customer surveys.
We may collect these types of personal information either directly from you, or from third parties (including your employer). We may collect this information when you:
- register to use the PERSUIT Platform and related services;
- communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
- interact with our sites, services, content and advertising; and
- share (or your employer shares) information relating to you.
Why do we collect, use, process and disclose personal information?
We will collect, hold, use, process and disclose your personal information for the purposes set out in the table below. If you are located within the European Union, the lawful basis for our collection, holding, use, processing and disclosure of your personal information is also set out in this table.
Purpose of collection, holding, use, processing and disclosure
To enable you to access and use use the PERSUIT Platform and related services;
Your consent (if given to us). Performance of a contract with you For our legitimate interests in operating our business efficiently and effectively
To operate, protect, improve and optimise the PERSUIT Platform and related services, business and our users’ experience;
For our legitimate interests in operating our business efficiently and effectively
To send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
Your consent (if given to us) Performance of a contract with you For our legitimate interests in operating our business efficiently and effectively
To send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
Your consent (if given to us) For our legitimate interests in operating our business efficiently and effectively
To administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners; and
Your consent (if given to us) For our legitimate interests in operating and promoting our business and rewarding the loyalty of our customers
To comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
In order to take steps requested by you prior to considering whether to enter into an employment agreement with you
Why do we collect, use, process and disclose personal information?
We and/or our carefully selected business partners may send you direct marketing communications and information about services and products if you have consented to receiving these communications. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided in the communication (eg an unsubscribe link).
To whom do we disclose your personal information?
- our employees and to our related bodies corporate but only for the purposes of complying with our obligations under this Agreement;
- third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you) but only for the purposes of complying with our obligations under this Agreement;
- our existing or potential agents, business partners or partners but only for the purposes of complying with our obligations under this Agreement;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
Storage of Australian personal information outside Australia
We may store personal information outside of Australia to third party suppliers, for example, cloud service providers located in Singapore and the United States of America.
When you provide your personal information to us, you consent to the storage of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with Australian Privacy Law. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.
Transfers of personal information of European individuals outside of the European Union
We may hold personal information about European individuals outside of the European Union. Personal information transferred to our Australian companies will be undertaken in accordance with an agreement that implements standard data protection clauses as permitted under Article 46.2 of the GDPR.
In addition, we may disclose personal information to that are located outside of, or may store personal information outside of, the European Union, including in Singapore, Australia and the United States. When we disclose personal information to these third parties, we do so:
- on the basis of an adequacy decision under Article 45(9) of the GDPR in respect of the EU-US Privacy Shield Framework for any US-based third party who has self-certified its compliance with the EU-US Privacy Shield Framework to the US Department of Commerce; or
- otherwise on the basis of a data transfer agreement with that third party that implements standard data protection clauses as permitted under Article 46.2 of the GDPR.
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. However, we cannot guarantee the security of your personal information.
We have described below some practical examples of steps that PERSUIT takes in order to protect your personal information, which takes into account the sensitivity of the information we collect, process and store, as well as the current state of technology.
- Encryption: we may encrypt the transmission of certain information using secure socket layer technology (SSL). The PERSUIT services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit.
- Confidentiality: The operation of the PERSUIT services requires that some of our employees have access to the systems which store and process your data. For example, in order to diagnose a problem you are having with the PERSUIT services, we may need to access your data. These employees are prohibited from using these permissions to view such data unless it is necessary to do so.
- Compliance: The environment that hosts the PERSUIT services contains multiple certifications for its data centres including ISO 27001 compliance, PCI Certification, and SOC reports.
- Security Features for Administrators: We provide additional tools to enable certain Administrator users to protect customer data.
- Access Logging: We log every time an account signs in, noting the type of devices used and the IP address of the connection.
- External Security Audits: We contract with respected external security firms who perform regular audits of the PERSUIT services to verify that our security practices are sound and to monitor the PERSUIT services for new vulnerabilities discovered by the security research community.
Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the information below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
Additional rights under GDPR for individuals within the European Union
If you are located within the European Union, then you also have the following additional rights under the GDPR. We will comply with all of our obligations under the GDPR in respect of these rights.
Where we process any personal information about you on the basis of any consent given by you, you have the right to withdraw your consent at any time by giving notice to us (which you can do using our contact details set out above). We will give effect to your withdrawal of consent promptly and will cease any processing that you no longer consent to, unless we have another lawful basis for that processing. The withdrawal of your consent will not affect the lawfulness of any processing that occurred prior to the date that you notified us that you were withdrawing your consent.
You have a right to information portability, which is the right in certain circumstances to request a copy of your personal information in a structured, commonly used and machine-readable format and to transmit this information to another data controller. You may also request that we erase any personal information that we hold about you which is no longer necessary for any of the purposes that we collected it for, which you have withdrawn your consent in respect of or processing which you are allowed under the GDPR to object to. We will comply with such requests unless we are permitted or required by law to retain that information.
You also have the right to object to our processing of personal information in certain circumstances, including where we process personal information based on our legitimate interests. You can also request that we restrict our processing activities in some circumstances. If you make such a request in those circumstances, then we will continue to store your personal information but will not otherwise process your personal information without your consent or as otherwise permitted by law.
Making a complaint
If you think we have breached the Privacy Act (if you are located in Australia) or the GDPR (if you are located within the European Union), or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within the time required by law (if applicable) or otherwise within a reasonable period of time, typically within 30 days. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
As our core activities do not consist of processing operations that require regular and systematic monitoring of data subjects on a large scale, we are not required under GDPR to appoint a data protection officer.
Attention: Privacy Officer
Effective: January 2019