1 PURPOSE OF OUR POLICY
2 WHO AND WHAT THIS POLICY APPLIES TO
2.2 We handle Personal Information in our own right and also for and on behalf of our customers and users.
2.5 If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.
3 THE INFORMATION WE COLLECT
3.1 In the course of business it is necessary for us to collect Personal Information. This information allows us to identify who an individual is for the purposes of our business, share Personal Information when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
(a) Personal Information. We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other information defined as “Personal Information” in the Privacy Act that allows us to identify who the individual is;
(b) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
(c) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
(d) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and
(e) Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities.
3.3 We may also collect non-Personal Information about an individual such as information regarding their computer, network and browser. This may include their IP address. Where non-Personal Information is collected the Australian Privacy Principles do not apply.
4 HOW INFORMATION IS COLLECTED
4.1 Most information will be collected in association with an individual’s use of Vantage Interactive, an enquiry about Vantage Interactive or generally dealing with us. However we may also receive Personal Information from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
(a) Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;
(b) Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
(c) Supply. When an individual supplies us with goods or services;
(d) Contact. When an individual contacts us in any way;
(e) Access. When an individual accesses us physically we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
(f) Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
4.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.
4.3 Information about an individual is collected when you use our services, including browsing our websites and taking certain actions within the Services.
4.4 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information, in accordance with the Australian Privacy Principles.
5 WHEN PERSONAL INFORMATION IS USED & DISCLOSED
5.1 In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected without the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
5.3 If it is necessary for us to disclose an individual’s Personal Information to third parties in a manner compliant with the Australian Privacy Principles in the course of our business, we will inform you that we intend to do so, or have done so, as soon as practical.
5.4 We will not disclose, share or sell an individual’s Personal Information to unrelated third parties without an individual’s consent. For collaboration – the creation of content, which may contain information about you, we do not share information that we collect.
5.5 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
(a) The provision of goods and services between an individual and us;
(b) Verifying an individual’s identity;
(c) Communicating with an individual about:
(i) Their relationship with us;
(ii) Our goods and services;
(iii) Our own marketing and promotions to customers and prospects;
(iv) Competitions, surveys and questionnaires;
(d) Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
(e) As required or permitted by any law (including the Privacy Act). There are some circumstances in which we must disclose an individual’s information:
(i) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
(ii) As required by any law (including the Privacy Act); and/or
(iii) In order to sell our business (in that we may need to transfer Personal Information to a new owner).
5.7 We make collaboration tools. This means sharing information through the Services and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties.
6 OPTING “IN” OR “OUT”
6.1 An individual may opt to not have us collect their Personal Information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
(a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
(b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
6.2 If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us on the details below.
7 THE SAFETY & SECURITY OF PERSONAL INFORMATION
7.2 We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
7.3 Vantage Interactive uses SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
7.4 We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
7.5 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
7.6 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
8 HOW TO ACCESS AND/OR UPDATE INFORMATION
8.1 Users of Vantage Interactive can update their Personal Information from within their Vantage Interactive web portal account or Vantage Interactive profile.
8.2 Subject to the Australian Privacy Principles, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information within 28 days of receiving their written request.
8.3 If an individual cannot update its own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.
8.4 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
8.5 We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.
9 HOW DOES VANTAGE INTERACTIVE STORE AND SEND DATA
9.1 Our goal is to provide our customers with secure, fast, and reliable services. As a provider of global services, we run our services with common operational practices and features across multiple jurisdictions. Website data is stored in Australia only. We store specific application data in data centres located in the US, AU and EU. Data is stored in the data centre closest to the location of the majority of users accessing an instance. We may also allow employees and contractors located around the world to access certain data for product promotion and development, customer and technical support purposes.
9.2 Vantage Interactive offers European hosting, we will optimise where to host customer data based on how it is accessed around the world. By default, we don’t guarantee that your data will be hosted in a specific location, but specific server locations can be arranged upon negotiation with Vantage Interactive. Data hosting location determinations are, where possible, based on reducing latency and achieving optimal performance for you and your users.
10 COMPLAINTS AND DISPUTES
10.1 If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.
10.2 If we have a dispute regarding an individual’s Personal Information, we both must first attempt to resolve the issue directly between us.
10.3 If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
11 CONTACTING INDIVIDUALS
11.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
12 CONTACTING US
12.1 All correspondence with regards to privacy should be addressed to:
The Privacy Officer
Vantage Interactive Pty. Limited
Suite 706, 275 Alfred Street,
North Sydney, NSW 2060
You may contact us by email in the first instance.
13 ADDITIONS TO THIS POLICY
14 COMPLIANCE WITH GDPR
14.1 Your rights under GDPR >We welcome the General Data Protection Regulation (“GDPR”) of the European Union (“EU”) as an important step forward in streamlining data protection globally. We intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of data subjects in the EU that we may obtain.The requirements of the GDRP are broadly similar to those set out in the Privacy Act and include the following rights: you are entitled to request details of the information that we hold about you and how we process it. For EU residents, we will provide this information for no fee; you may also have a right to: have that information rectified or deleted; restrict our processing of that information; stop unauthorised transfers of your personal information to a third party; in some circumstances, have that information transferred to another organisation; and lodge a complaint in relation to our processing of your personal information with a local supervisory authority. where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time. If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, please be aware that: such objection or withdrawal of consent could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing our services to other customers/clients subject to appropriate confidentiality protections; and even after you have chosen to withdraw your consent, we may be able to continue to keep and process your personal information to the extent required or otherwise permitted by law, in particular: to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests; and in exercising and defending our legal rights and meeting our legal and regulatory obligations.
14.2 Processing of your data Data that we collect about you may be stored or otherwise processed by third party services with data centres based outside the EU, such as Google Analytics, Microsoft Azure, Amazon Web Services, Apple, etc and online relationship management tools. We consider that the collection and such processing of this information is necessary to pursue our legitimate interests in a way that might reasonably be expected (eg, to analyse how our customers/clients use our services, develop our services and grow our business) and which does not materially impact your rights, freedom or interests. We will require that all third parties that act as “data processors” for us provide sufficient guarantees and implement appropriate technical and organisational measures to secure your data, only process personal data for specified purposes and have committed themselves to confidentiality.
14.3 Duration of retention of your data We will only keep your data for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements. At the end of any retention period, your data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning). In some circumstances, you can ask us to delete your data.