We are committed to respecting the privacy of your personal information and recognise that you have a right to control how your personal information is collected and used.
- our online properties, platforms and applications (including dataro.io);
- third parties, including our clients, customers and service providers; and
- any other means through which we lawfully collect personal information about you.
Where we have collected or received personal information from a third party, such as one of our clients, customers or service providers, we rely on that third party to obtain individual consents from the individuals to whom that personal information relates.
WHAT IS PERSONAL INFORMATION//
ON WHAT BASIS DO WE PROCESS YOUR DATA//
KINDS OF PERSONAL INFORMATION THAT WE COLLECT //
4. Personal information that we may collect includes, but is not limited to:
- your name;
- your contact details including your address, postcode, email address and telephone number;
- more detailed contact preferences;
- your age or date of birth;
- your gender;
- information regarding your education, qualifications and employment history;
- information regarding your personal interests;
- financial information including credit card details;
- information about your preferences, interests and experiences;
- information about your interactions with us, our clients, or our clients’ products or services, including transaction history, past communications and engagements with you, and similar;
- any other personal information which you provide directly to us or that may be required in order to facilitate your dealings with us.
5. When you use one of our websites, platforms or applications, we may also collect personal information about you in the following general categories:
- device information: such as the type of device you use, operating system, preferred language, unique device identifier and mobile network; and
- other information: such as your IP address, access dates and times, browser type, pages visited and standard web log information.
6. The collection of personal information is neither intended for, nor directed to, persons who are under the age of sixteen (16) years old. Personal information will not be collected by any person who we know to be under the age of sixteen (16) without the consent of a parent or legal guardian or where our client or customer has advised us that such consent has been obtained.
SENSITIVE INFORMATION //
7. We do not seek to collect sensitive information (or “special categories” of information under the GDPR). If we do collect sensitive information, we will only do so with your consent and where you provide it to us directly or have otherwise agreed for it to be provided to us. Where you provide us with any sensitive information (including, but not limited to, information about your sexual orientation, religious beliefs, medical and/or criminal history), we will only use this information for the purposes stated at the time of collection.
HOW DATARO COLLECTS AND HOLDS PERSONAL INFORMATION //
8. We may collect personal information directly from you, as a result of you using our products and services, from third parties including our clients and customers, or where it is otherwise lawful for us to do so. We may collect this information when you:
- communicate with us directly through correspondence, chats, email, or otherwise, including sending us enquiries;
- sign-up and/or register to become a member of any of our collection channels;
- subscribe to any newsletters, updates or alerts or request information from us;
- submit any forms or applications to us;
- participate in any offers, promotions or marketing activities;
- interact with or browse our websites, applications, products or services; or
- apply for employment with us.
9. We also receive information that may include limited personal information from our clients and customers in the course of providing our services, including our machine learning, propensity modelling and other data analytics services. In addition, we may collect your personal information from legitimate third party sources that share data in circumstances where it is lawful and/or you have given permission for them to do so.
PURPOSES FOR WHICH DATARO COLLECTS, HOLDS, USES AND DISCLOSES PERSONAL INFORMATION //
11. We may collect, hold, use and disclose your personal information for the following primary purposes:
- to enable you to access and use our websites, products and services;
- to consider and respond to your employment applications;
- to operate, protect, improve and optimise our products and services, to improve business and user experience, to perform analytics;
- to allow us to provide our professional services to our clients and customers, including generating ‘propensity scores’ for our client’s customers or donors (which may include you);
- to maintain our relationship with you, including responding to enquiries and providing information, products or services requested by you;
- to send you any technical, administrative or legal notices about our products and services;
- to provide you with information about your transactions and use of our content, products and services;
- to provide you with direct marketing materials and other information that may be of interest to you, including information sent by or on behalf of our business partners, customers and clients. Such materials may be provided electronically, including via email;
- to respond to customer enquiries, complaints and complaints handling;
- to improve website and system administration;
- to obtain opinions or comments about our or our clients’ products and/or services and to conduct other research and development;
- to record statistical data for marketing and other analysis;
- to comply with our legal obligations, resolve disputes and enforce our agreements with third parties; and
- to share personal information with our group companies, promotional partners and other trusted third parties (including our clients and customers).
CONSEQUENCES OF NOT PROVIDING INFORMATION //
12. No one is obligated to provide personal information to us. However, failure to do so may result in us being unable to provide you with information, products or services requested by you or otherwise to provide our products or services.
HOW WE MAY SHARE YOUR PERSONAL INFORMATION //
13. For the purposes described above, personal information may be shared with;
- our related bodies corporate and employees;
- our clients and customers, where your personal information was originally supplied to us by that client or customer;
- our suppliers and service providers who assist us in the delivery of our products and services and who have a need to know; and
- our professional advisors, business partners and agents who have a need to know; and
- specific third parties authorised by you to receive information held by us.
14. Suppliers and service providers may be engaged by us to perform a variety of functions in connection with our business, such as legal and accounting services, data storage, fulfilling orders, processing payments, marketing and email services, and providing technical services for our services. These companies may have access to personal information only if needed to perform such functions. With respect to data storage and processing, we use cloud services provided by Amazon Web Services (AWS). All Dataro AWS resources are hosted in Australian regions in secure facilities provided by AWS.
OUR WEBSITES AND COOKIES //
16. We may collect information that tells us about visitors to our websites and platforms. For example, we may collect information about the date, time and duration of visits and which pages of a website are most commonly accessed. This information is generally not linked to the identity of visitors, except where a website is accessed via links in an email we have sent or you are logged into an account.
18. Our Websites may use and combine such passively collected anonymous information or personal information and/or information from various third party sources, including as described above, and may combine this anonymous information or personal information with other personal information collected from you to provide better service to website visitors and users, customise a website based on your preferences, compile and analyse statistics and trends, provide you with relevant advertising when you visit a website or a third party website, and otherwise administer and improve our websites and platforms for your use. By accessing a website or platform, you consent to information about you being collected, compiled and used in this way.
CONTACTING YOU //
19. Dataro, our service providers and/or our clients or customers may contact you, including electronically (such as via email) in respect of the primary purposes for collection of personal information as stated above.
21. Despite removing your name from the database, we may send you non-commercial “Administrative Emails”. Administrative Emails relate to user accounts and may include administrative and transaction confirmations, requests and inquiries or information about a particular account.
YOUR PRIVACY RIGHTS //
22. You have a number of rights under Australian privacy law and the GDPR. These include:
- (access) to request access to your personal information from us, in a commonly used electronic format. On a case by case basis, Dataro may determine that it is not legally required to give an individual access to personal information, in which case Dataro will provide you with a written notice of its refusal to provide access;
- (correction) to request that we correct your personal information;
- (withdrawing consent) to withdraw your consent for us to use your personal information. Please note that you can also opt-out of online marketing communications at any time by using the opt-out feature in each electronic commercial message;
- (transparency) to be informed generally about the collection and use of your personal data, including where we intend to further process your personal data for additional purposes other than as discussed above; and
- (complaint) to complain about a breach of the Australian Privacy Principles.
- (deletion) you may also request that we delete your personal information, and all reasonable steps to delete the information will be made, except where it is required for legal reasons. Deletion of information may result in Dataro and its service providers or partners being unable to facilitate or provide you with information about certain transactions and other products and services. Unless required by applicable law, we are not responsible for removing your personal information from the databases of any third party who has previously been provided your information in accordance with this policy.
23. If you are an individual in the EU, you have additional rights under the GDPR that you can exercise against the “controller” of your data. Dataro will generally not be the controller of your data, however, where we are the controller of your data, your rights include:
- (access) to request that we transfer your personal information to another service provider of your choosing;
- (erasure) to request that we erase your personal data. All reasonable steps to delete the information will be made, except where it is required for legal reasons. Deletion of information may result in us being unable to facilitate or provide you with information about certain services;
- (objection and restriction) in some circumstances, to object to the use of your personal data by us and request that we restrict our use of your personal information; and
- (complaint) to lodge a complaint in relation to our processing of your personal data with a data protection supervisory authority under the GDPR.
STORAGE AND SECURITY OF PERSONAL INFORMATION //
25. We may hold personal information in either electronic or hard copy form. Dataro implements reasonable and appropriate security measures to keep personal information secure and to prevent unauthorised access, disclosure, modification or destruction of personal information. We also take appropriate steps to keep personal information accurate, up to date, complete and relevant and to ensure only those necessary have access to your personal information.
DISCLOSURE OF PERSONAL INFORMATION TO OVERSEAS RECIPIENTS //
27. In some cases, Dataro may disclose your personal information to overseas recipients. Our employees, data processors and other trusted third parties are obliged to respect the confidentiality of any personal information held by us. However, security of communications cannot be guaranteed, and therefore absolute assurance that information will be secure at all times cannot be given. Dataro will not be held responsible for events arising from unauthorised access to or disclosure of personal information.
28. For individuals in the EU, please note that the recipients of your personal information may be located in countries in which the privacy or data protection laws differ from those of the European Union. For recipients of your personal information in Australia, and the United States of America, appropriate or suitable safeguards over your personal data have been put in place by virtue of our compliance with the standard data protection contract clauses approved by the European Commission. Please contact our Privacy Officer for more information.
LINKS TO OTHER WEBSITES //
29. Our websites, platforms and plugins may, from time to time, contain links to or integrate with the websites or platforms of other organisations. Such links or integrations cannot be taken to imply any endorsement or validation by us of the content of the third party website or platform. Linked websites and platforms are responsible for their own privacy practices and you should check those websites and platforms for their respective privacy statements. Dataro is not responsible, nor does it accept any liability, for the conduct of companies linked to or integrated with our website, platforms or plugins.
RELATED WEBSITES //
SALE OF THE COMPANY //
PROBLEMS, COMPLAINTS AND QUERIES //
33. Please allow 30 days for this request to be processed. On receipt of your query, problem or complaint a review will be conducted and findings will be communicated to you where required. If you do not receive a satisfactory response to your query, problem or complaint within 30 days, you may refer your query, problem or complaint to the Office of the Australian Information Commissioner via the contact details listed at http://www.oaic.gov.au/about-us/contact-us-page, or, for individuals in the EU, to the data protection supervisory authority in your country.