1. We comply with the Privacy Act

Gratifii Limited (ABN 47 125 688 940) and its related bodies corporate (we, us or our) are organisations and “APP Entities” for the purposes of the Privacy Act 1988 (Act), and are bound by the Australian Privacy Principles contained in the Act.

We appreciate the importance of good privacy practice and are committed to safeguarding personal information about individuals that we handle. This Privacy Policy describes generally how we manage this personal information and protect privacy, including how we comply with the Act and the Australian Privacy Principles.

This Privacy Policy is intended to provide a general overview of our policies in respect of the handling of your personal information. “Personal information” is essentially information or an opinion about an identified or reasonably identifiable individual.

This Privacy Policy is intended to cover most personal information we handle but is not exhaustive. Other policies may override or supplement this Privacy Policy in certain circumstances. For example, when we collect personal information from you, we may advise a specific purpose for collecting that personal information, in which case we will handle your personal information in accordance with that purpose. If you have any queries about our handling of your personal information, please contact us (see section 19 below) for further information.

2. Notification of collection

When we collect your personal information, we take reasonable steps to ensure you are aware of certain details. This Privacy Policy provides those details as they typically apply in many situations. Specifically:

  • the purposes for which we collect personal information are described in section 3;
  • the organisations to which we would usually disclose it are described in section 6;
  • whether we are likely to disclose it to overseas recipients, and where practicable the countries in which they are located, are described in section 9;
  • whether there are laws or court/tribunal orders which require or authorise us to collect it is described in section 10; and
  • the main consequences for you if you fail to provide it are described in section 11.

However, depending on our specific interaction with you, different details may apply. If we do not notify you of such other details, the details in this Privacy Policy apply.

3. Why we handle personal information

Generally speaking, we collect, hold, use and disclose personal information so that we may provide our products and services, and effectively communicate and interact with you.

The purposes for which we handle personal information depend on your dealings with us, but generally they may include enabling us to:

  • provide products and services to our customers;
  • communicate with our customers, suppliers and other business contacts (including providing information you request, responding to your enquiries, managing complaints or otherwise facilitating the purpose for which you have contacted us);
  • handle payments;
  • manage and account for our products and services;
  • verify your identity if required;
  • inform our customers and other business contacts about product and industry developments, or provide marketing and promotional material regarding our products or services (including newsletters or other materials);
  • market our products or services and send invitations to our events or presentations;
  • analyse and measure how our products or services are used;
  • manage our employees and contractors;
  • seek feedback from you and perform market research, so that we can gauge your satisfaction with our products or services;
  • generally carry on our business (including maintaining our business records and ensuring compliance with our legal and insurance obligations); and
  • to engage in other activities where required or permitted by law or where you have given your consent.

4. What personal information we collect and hold

The kinds of personal information we may collect and hold about you depend on your dealings with us, but generally it may include:

  • your name and address, email address and telephone number;
  • information about your relationships with others, such as our business contacts or customers;
  • credit card and payment details if you purchase products or services from us; and
  • associated business details (ABN, business name, business address, other business contact details, details of products or services purchased, and your position within your business or organisation if applicable);
  • other personal information that we require or that you volunteer to us (such as details of your qualifications, skills, education provider, work history, resume and residency status if you apply for employment with us).

We aim to limit personal information we collect to that which is reasonably necessary for our functions or activities.

5. How we collect and hold personal information

We may collect personal information from various sources, including directly from you or from our customers, suppliers, business contacts and prospective employees.

The ways in which we collect and hold personal information depend on your dealings with us, but generally it may include if you:

  • meet with us (when you might inform us of your personal details or hand over a business card);
  • communicate with us (eg, if you submit an enquiry), including by letter, telephone, SMS or email);
  • order products or services from us or register your interest in our products or services;
  • subscribe to our publications;
  • engage with our online marketing;
  • register for or attend our events or presentations; or
  • submit information through our websites, blogs or other social media accounts (for example, LinkedIn).

In some circumstances, we may collect personal information about you from third parties such as (as applicable):

  • our customers, potential customers and their business contacts;
  • your employees, representatives or personal referees;
  • your employer; or
  • publicly-available resources.

We receive all personal information that you provide to us about third parties on the understanding that you have obtained the relevant individual’s consent for us to collect and handle that personal information in accordance with this Privacy Policy.

We may hold personal information in electronic or hard-copy formats. More information about how we store personal information is set out in section 13.

6. Use and disclosure of personal information

We will generally only use or disclose your personal information for the purpose for which we collected it, and for related purposes we consider would be within your reasonable expectations. 

Where we propose to use or disclose your personal information for a purpose other than as described in this Privacy Policy, we will seek your permission (unless we are required or permitted by law to use or disclose personal information without obtaining consent).

By providing us with your personal information, you consent to us using and disclosing your personal information as described in this Privacy Policy.

7. Who we disclose personal information to

We generally disclose personal information to (as applicable in the circumstances):

  • certain suppliers who provide products or services to or for us (for example, those who develop and maintain our computer systems, electronic records, websites and social media accounts, or provide payment processing services or other services);
  • other persons in connection with the provision of our products or services (such as our customers, suppliers and their contractors and other business contacts);
  • our auditors, insurers and legal and other professional advisers;
  • members of our corporate group; and
  • any person to whom you authorise us to disclose the information.

We endeavour to ensure third parties only receive the personal information necessary to undertake their work for us, and that they are bound by appropriate confidentiality obligations to ensure the information we disclose is only used for the limited purposes for which we provide it.

We generally ensure such organisations are contractually required to ensure that information we disclose is used only for the limited purposes for which we provide it.

8. Direct marketing

We may send you marketing or promotional communications by post or by electronic means (such as email or SMS). You may ask not to receive such material from us by contacting us (see section 19 below) or by using the opt-out function included in those communications.

There are no consequences of opting-out of receiving our marketing and promotional communications except that you will no longer receive them, and you may elect to re-join our marketing list at a later time if you wish.

9. Overseas recipients

We may disclose personal information within our corporate group, including to our personnel based overseas, for the purpose for which it was disclosed to us. This includes disclosing personal information to personnel based in our other offices. Parties to whom we disclose personal information may be in countries such as New Zealand, South Africa, the United Arab Emirates and the Philippines.

We may disclose personal information to overseas recipients where required in order to provide specific products or services our customers require (limiting the disclosure to the extent required for such purposes). For instance, we use software developers based in India and South Africa from time to time.

Personal information may be stored or processed on servers located overseas, however generally we retain effective control over such data.

10. Legal requirements for collection

There will not usually be Australian laws or court/tribunal orders which require or authorise us to collect your personal information.

11. Consequences of failure to collect personal information

If you fail to provide personal information requested by us, or if the personal information you supply is incorrect or incomplete, there may be a range of consequences, for example we may be unable to process or respond to your request or provide products or services to you.

You have the option of not identifying yourself, or of using a pseudonym, when dealing with us, unless it is legally necessary or impracticable for us to deal with individuals who are not properly identified. If we request your personal information but would prefer to remain anonymous, please let us know. We will inform you if we require you to be identified or provide personal information for the particular interaction in question.

12. Sensitive information

We do not generally collect sensitive information (which may include, for example, information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, professional association or trade union membership, sexual orientation, criminal record, or health or disability).

If we do collect sensitive information, we only do so with your consent and if the information is reasonably necessary for one of our functions or activities. We will assume you have consented to us collecting, using and disclosing (in accordance with this Privacy Policy) all information that you provide to us, including any sensitive information, unless you tell us otherwise at the time of collection. If we request your sensitive information but you have any concerns providing it to us, please let us know.

13. Storage and security

We take reasonable steps to protect your personal information we hold from misuse, interference and loss as well as unauthorised access, modification or disclosure.

For example, information stored on our information technology systems is protected by security features and procedures. We undertake regular monitoring of our practices and systems to ensure the effectiveness our security policies and identify and implement improvements where appropriate.

However, we cannot and do not guarantee that personal information we hold will be protected against unauthorised access or misuse. Unfortunately, no system or methodology for holding personal information can be guaranteed as entirely secure.

Generally, we will take reasonable steps to destroy or permanently de-identify your personal information as soon as it is no longer required or permitted to be used by us. We may retain your personal information where we are required or permitted to do so by law, such as for insurance, legal or corporate governance purposes or for the prevention of fraud. Your personal information may also be retained in our archival records.

14. Access to and correction of personal information

You may contact us to request access to or correction of the personal information we hold about you.

We may refuse to allow access or to amend your personal information if we are legally required or permitted to do so. In that case, we will (unless it is unreasonable to do so) provide you with written reasons for the refusal together with information about the options available to complain about the refusal.

We will respond to your request for access within a reasonable period after the request is made and we will give access to the information in the manner requested if it is reasonable and practicable to do so. We may require you to comply with certain procedures before we allow access to or amendment of your personal information (eg, providing satisfactory identification), in order to ensure the integrity and security of information that we hold. Please understand that our requirements to identify individuals requesting access to personal information are designed to protect you and other individuals from unauthorised access.

We may require you to pay certain costs in order to access your personal information held by us. We will advise the amount payable (if any) once we have assessed your application for access. We will not however charge a fee for you to lodge a request for access to or correction of your personal information.

We will take reasonable steps to ensure that the personal information we collect is accurate, up-to-date and complete, and the personal information we use and disclose is accurate, up-to-date, complete and relevant. If we are satisfied that any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly.

Please let us know if your personal information changes, so that we may ensure our records are current.

15. Online privacy

This section of our Privacy Policy describes how we handle your personal information in connection with online services we provide (which includes services provided by us via the Internet such as our website, email and social media accounts). This section applies to personal information handled in connection with online services in addition to the remainder of the Privacy Policy.

15.1    Automatic server logs

Our servers automatically collect various details when you use our website, including:

  • your IP (Internet Protocol) address (generally, an identifier assigned to your device when it is connected to the Internet);
    • the operating system and Internet browser software you are currently using; and
    • the data you access (such as web pages or other document files or software), and the time that you access it.

We do not attempt to identify individuals using this information, and only use it for statistical analysis, system administration, and similar related purposes. This information is not disclosed to any other party.

15.2    Cookies

Our website uses “cookies”, which identify your device to our servers when you visit our website. Our website may request to store cookies on your device in order to improve and customise your future visits. Through the use of cookies our site can deliver customised content to you. If you do not want information collected through the use of cookies, you may be able to configure your Internet browser to disable them.

We do not attempt to specifically identify and track individuals using cookies.

15.3    Google Analytics

Our website also uses Google Analytics services. These services make use of cookies and similar technologies, analytics and other identifiers to collect data about website traffic. For more information about Google Analytics and how it collects and processes data, see www.google.com/policies/privacy/partners/.

Users can usually block cookies, or remove cookies, by editing the privacy and security settings of their web browser or mobile device. Some features on our website may require cookies to function properly. If cookies are disabled or deleted, then depending on the particular cookie that is deleted or disabled, users may not be able to use such features of our website, or previous opt-outs may be undone.

15.4    Email and messages

We may collect personal information from you (such as your name and email address, and any other personal information you volunteer) if you send us an email. We will use this to contact you to respond to your message, to send you information that you request, and for other related purposes we consider are within your reasonable expectations.

15.5    Storage and transmission of personal information online

If you provide any personal information to us via our online services (including email) or if we provide such information to you by such means, the privacy, security and integrity of this information cannot be guaranteed during its transmission unless we have indicated beforehand that a particular transaction or transmission of information will be protected (for example, by encryption).

15.6    Other online services

If any of our online services (including any email messages we send to you) contain links to other online services that are not maintained by us, or if other services link to our online services, we are not responsible for the privacy practices of the organisations that operate those other services, and by providing such links we do not endorse or approve the other services. This Privacy Policy applies only in respect of our online services.

15.7    No data extraction

You are not permitted to extract, harvest or “scrape” personal information or other data from our website using any automated or non-automated process (whether directly or indirectly).

16. Data breach

If we suspect or there is unauthorised access to or disclosure of, or loss of, personal information we hold, we will undertake a prompt investigation, which will include an assessment of whether the incident is likely to result in serious harm to an individual. If that is the case, we will comply with the requirements of the Act which may require notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals.

Please contact us if you have reason to believe or suspect that a data breach may have occurred, so that we may investigate and, if necessary, undertake appropriate containment, risk mitigation and notification activities as required.

17. Complaints

If you have a complaint about our handling of your personal information, or you believe that a breach of your privacy has occurred, please contact us using the details below.

Your complaint will be considered and dealt with by our nominated representative, who may escalate the complaint internally within our organisation if the matter is serious or if necessary to resolve it.

Please allow us a reasonable time to respond to a compliant. If you are not satisfied with our response, you may make a complaint to the OAIC (whose contact details can be found at: http://www.oaic.gov.au/).

18. Changes to our Privacy Policy

We may amend this Privacy Policy at any time. We publish our current Privacy Policy on our website, and you may obtain a copy of our Privacy Policy from our website or by contacting us.

19. Contact details

Please contact us at the email address privacy@gratifii.com if you have an enquiry about our privacy practices or handling of your personal information.