In this privacy policy, ‘Dataro’, ‘we’, ‘us’ or ‘our’ means Dataro Tech Pty Ltd (ACN 623 147 277), Dataro Ops Pty Ltd (ACN 623 149 173) and our related bodies corporate.
We are committed to respecting the privacy of your personal information and recognise that you have a right to control how your personal information is collected and used.
This Privacy Policy explains how we collect, use, store and disclose your personal information. By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other agreement or arrangement that applies between us.
This Privacy Policy also applies to personal information that we collect or receive through:
- our online properties, platforms and applications (including dataro.io);
- third parties, including our clients, customers and service providers; and
- any other means through which we lawfully collect personal information about you.
Where we have collected or received personal information from a third party, such as one of our clients, customers or service providers, we rely on that third party to obtain individual consents from the individuals to whom that personal information relates.
We have developed and implemented this policy with regard to the requirements of the Privacy Act 1988 (Cth) and the European Union’s General Data Protection Regulation (GDPR). We may revise this Privacy Policy at any time without notice. We will post any changes to this Privacy Policy on our website, so we encourage you to check our website from time to time so that you are aware of our current Privacy Policy.
You may contact us with any queries you may have in respect of this Privacy Policy or your personal information by contacting our privacy officer in Australia via email: privacy@dataro.io or mail: The Privacy Officer, Dataro, 2/11 York Street, Sydney NSW 2000.
WHAT IS PERSONAL INFORMATION//
1. Throughout this Privacy Policy, we refer to your ‘personal information’, which means information relating to an identified or identifiable natural person, including information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not. Your full name, gender, date of birth, address, telephone number and email address are examples of information which may constitute personal information. Personal information may also include information we may collect about your individual preferences.
ON WHAT BASIS DO WE PROCESS YOUR DATA//
2. The only personal information collected by us is what has been provided to or collected by us in accordance with this Privacy Policy or has otherwise been provided to us lawfully by third parties, including our clients and customers. We will generally deal with personal information for the primary purposes set out in this Privacy Policy.
3. For individuals in the European Union, we process your personal information for the purpose of our legitimate interests as set out in this Privacy Policy, such as providing our machine learning, propensity modelling and data analytics services to our clients and customers. We may also process your personal information in accordance with consents you grant to us and to our clients and customers. We also reserves the right to use, disclose or otherwise process any personal information if required to satisfy any law, regulation or legal request, or in relation to our other legitimate interests such as and where the information is relevant to legal action relating to Dataro.
KINDS OF PERSONAL INFORMATION THAT WE COLLECT //
4. Personal information that we may collect includes, but is not limited to:
- your name;
- your contact details including your address, postcode, email address and telephone number;
- more detailed contact preferences;
- your age or date of birth;
- your gender;
- information regarding your education, qualifications and employment history;
- information regarding your personal interests;
- financial information including credit card details;
- information about your preferences, interests and experiences;
- information about your interactions with us, our clients, or our clients’ products or services, including transaction history, past communications and engagements with you, and similar;
- any other personal information which you provide directly to us or that may be required in order to facilitate your dealings with us.
5. When you use one of our websites, platforms or applications, we may also collect personal information about you in the following general categories:
- usage and preference information: such as the pages you visit, your preferences, and settings that you choose. We may do this through the use of cookies and other similar technologies that uniquely identify you;
- device information: such as the type of device you use, operating system, preferred language, unique device identifier and mobile network; and
- other information: such as your IP address, access dates and times, browser type, pages visited and standard web log information.
CHILDREN //
6. The collection of personal information is neither intended for, nor directed to, persons who are under the age of sixteen (16) years old. Personal information will not be collected by any person who we know to be under the age of sixteen (16) without the consent of a parent or legal guardian or where our client or customer has advised us that such consent has been obtained.
SENSITIVE INFORMATION //
7. We do not seek to collect sensitive information (or “special categories” of information under the GDPR). If we do collect sensitive information, we will only do so with your consent and where you provide it to us directly or have otherwise agreed for it to be provided to us. Where you provide us with any sensitive information (including, but not limited to, information about your sexual orientation, religious beliefs, medical and/or criminal history), we will only use this information for the purposes stated at the time of collection.
HOW DATARO COLLECTS AND HOLDS PERSONAL INFORMATION //
8. We may collect personal information directly from you, as a result of you using our products and services, from third parties including our clients and customers, or where it is otherwise lawful for us to do so. We may collect this information when you:
- communicate with us directly through correspondence, chats, email, or otherwise, including sending us enquiries;
- sign-up and/or register to become a member of any of our collection channels;
- subscribe to any newsletters, updates or alerts or request information from us;
- submit any forms or applications to us;
- participate in any offers, promotions or marketing activities;
- interact with or browse our websites, applications, products or services; or
- apply for employment with us.
9. We also receive information that may include limited personal information from our clients and customers in the course of providing our services, including our machine learning, propensity modelling and other data analytics services. In addition, we may collect your personal information from legitimate third party sources that share data in circumstances where it is lawful and/or you have given permission for them to do so.
10. We may collect personal information from you in a passive manner including through the use of cookies and other tracking tools such as Internet tags, tracking pixels, web beacons and unique device identifiers. Further information about the use of passive personal information collection is outlined in this Privacy Policy.
PURPOSES FOR WHICH DATARO COLLECTS, HOLDS, USES AND DISCLOSES PERSONAL INFORMATION //
11. We may collect, hold, use and disclose your personal information for the following primary purposes:
- to enable you to access and use our websites, products and services;
- to consider and respond to your employment applications;
- to operate, protect, improve and optimise our products and services, to improve business and user experience, to perform analytics;
- to allow us to provide our professional services to our clients and customers, including generating ‘propensity scores’ for our client’s customers or donors (which may include you);
- to maintain our relationship with you, including responding to enquiries and providing information, products or services requested by you;
- to send you any technical, administrative or legal notices about our products and services;
- to provide you with information about your transactions and use of our content, products and services;
- to provide you with direct marketing materials and other information that may be of interest to you, including information sent by or on behalf of our business partners, customers and clients. Such materials may be provided electronically, including via email;
- to respond to customer enquiries, complaints and complaints handling;
- to improve website and system administration;
- to obtain opinions or comments about our or our clients’ products and/or services and to conduct other research and development;
- to record statistical data for marketing and other analysis;
- to comply with our legal obligations, resolve disputes and enforce our agreements with third parties; and
- to share personal information with our group companies, promotional partners and other trusted third parties (including our clients and customers).
CONSEQUENCES OF NOT PROVIDING INFORMATION //
12. No one is obligated to provide personal information to us. However, failure to do so may result in us being unable to provide you with information, products or services requested by you or otherwise to provide our products or services.
HOW WE MAY SHARE YOUR PERSONAL INFORMATION //
13. For the purposes described above, personal information may be shared with;
- our related bodies corporate and employees;
- our clients and customers, where your personal information was originally supplied to us by that client or customer;
- our suppliers and service providers who assist us in the delivery of our products and services and who have a need to know; and
- our professional advisors, business partners and agents who have a need to know; and
- specific third parties authorised by you to receive information held by us.
14. Suppliers and service providers may be engaged by us to perform a variety of functions in connection with our business, such as legal and accounting services, data storage, fulfilling orders, processing payments, marketing and email services, and providing technical services for our services. These companies may have access to personal information only if needed to perform such functions. With respect to data storage and processing, we use cloud services provided by Amazon Web Services (AWS). All Dataro AWS resources are hosted in Australian regions in secure facilities provided by AWS.
15. We recognise the trust with which you provide personal information, and except as stated in this Privacy Policy or as is otherwise lawful, such information will not be used or disclosed for any other purposes without consent. However, we reserve the right to use or disclose any information, including personal information, as needed to satisfy any law, regulation or legal request, to protect the rights or property of Dataro or its employees or related bodies corporate, or any member of the public, to protect the integrity of a website, to fulfil your requests, or to cooperate in any law enforcement or regulatory investigation or an investigation on a matter of public safety.
OUR WEBSITES AND COOKIES //
16. We may collect information that tells us about visitors to our websites and platforms. For example, we may collect information about the date, time and duration of visits and which pages of a website are most commonly accessed. This information is generally not linked to the identity of visitors, except where a website is accessed via links in an email we have sent or you are logged into an account.
17. As you navigate through our Websites, certain information can be collected using various technologies, such as Unique Device Identifiers (UDI), cookies, tags or web beacons, and navigational data collection (e.g. log files and server logs). In certain circumstances, this information may be considered anonymous information or personal information under the Privacy Act 1988 (Cth) or the GDPR. This is dependent on the device used and the method by which an individual connects to the Internet. This information may include the URL of the website you just came from, pages your visit, duration of visit, your IP address, your location, the UDI (if applicable) and the browser version your device is currently using. Our websites may also collect anonymous information or personal information from your device through cookies and Internet tags or web beacons. You may set your browser to notify you when a cookie is sent or to refuse cookies altogether, but certain features of a website might not work without cookies and this may limit the services provided by a website. Cookies and other technical methods may involve the transmission of information either directly to us or to another party authorised by us to collect information on our behalf.
18. Our Websites may use and combine such passively collected anonymous information or personal information and/or information from various third party sources, including as described above, and may combine this anonymous information or personal information with other personal information collected from you to provide better service to website visitors and users, customise a website based on your preferences, compile and analyse statistics and trends, provide you with relevant advertising when you visit a website or a third party website, and otherwise administer and improve our websites and platforms for your use. By accessing a website or platform, you consent to information about you being collected, compiled and used in this way.
CONTACTING YOU //
19. Dataro, our service providers and/or our clients or customers may contact you, including electronically (such as via email) in respect of the primary purposes for collection of personal information as stated above.
20. We do not send advertising or marketing information without obtaining prior consent, for example the consent contained within this Privacy Policy, or as is otherwise lawful. If you receive communications from us which you do not wish to receive, you may remove your name from the database in the manner indicated in the communication, including by utilising the opt-out facility or by contacting us at the contact details in this Privacy Policy. Please allow 30 days for this request to be processed.
21. Despite removing your name from the database, we may send you non-commercial “Administrative Emails”. Administrative Emails relate to user accounts and may include administrative and transaction confirmations, requests and inquiries or information about a particular account.
YOUR PRIVACY RIGHTS //
22. You have a number of rights under Australian privacy law and the GDPR. These include:
- (access) to request access to your personal information from us, in a commonly used electronic format. On a case by case basis, Dataro may determine that it is not legally required to give an individual access to personal information, in which case Dataro will provide you with a written notice of its refusal to provide access;
- (correction) to request that we correct your personal information;
- (withdrawing consent) to withdraw your consent for us to use your personal information. Please note that you can also opt-out of online marketing communications at any time by using the opt-out feature in each electronic commercial message;
- (transparency) to be informed generally about the collection and use of your personal data, including where we intend to further process your personal data for additional purposes other than as discussed above; and
- (complaint) to complain about a breach of the Australian Privacy Principles.
- (deletion) you may also request that we delete your personal information, and all reasonable steps to delete the information will be made, except where it is required for legal reasons. Deletion of information may result in Dataro and its service providers or partners being unable to facilitate or provide you with information about certain transactions and other products and services. Unless required by applicable law, we are not responsible for removing your personal information from the databases of any third party who has previously been provided your information in accordance with this policy.
23. If you are an individual in the EU, you have additional rights under the GDPR that you can exercise against the “controller” of your data. Dataro will generally not be the controller of your data, however, where we are the controller of your data, your rights include:
- (access) to request that we transfer your personal information to another service provider of your choosing;
- (erasure) to request that we erase your personal data. All reasonable steps to delete the information will be made, except where it is required for legal reasons. Deletion of information may result in us being unable to facilitate or provide you with information about certain services;
- (objection and restriction) in some circumstances, to object to the use of your personal data by us and request that we restrict our use of your personal information; and
- (complaint) to lodge a complaint in relation to our processing of your personal data with a data protection supervisory authority under the GDPR.
24. To exercise these rights, please contact us at the contact details listed in this Privacy Policy. Please allow for a reasonable amount of time for us to process your request, which will generally be up to 30 days.
STORAGE AND SECURITY OF PERSONAL INFORMATION //
25. We may hold personal information in either electronic or hard copy form. Dataro implements reasonable and appropriate security measures to keep personal information secure and to prevent unauthorised access, disclosure, modification or destruction of personal information. We also take appropriate steps to keep personal information accurate, up to date, complete and relevant and to ensure only those necessary have access to your personal information.
26. Dataro uses cloud services provided by Amazon Web Services (AWS). All Dataro resources are hosted in Australian regions in secure facilities provided by AWS. All Dataro resources are hosted in Australian regions in secure facilities provided by AWS. Data is stored at rest using AWS Simple Storage Service (S3). The data is stored in private buckets encrypted using AES-256 with multi-factor authentication protocols. Access is limited to our employees and service providers who strictly require access for the purposes set out in this Privacy Policy. Dataro retains your information only for as long as necessary for the purposes listed in this Privacy Policy.
DISCLOSURE OF PERSONAL INFORMATION TO OVERSEAS RECIPIENTS //
27. In some cases, Dataro may disclose your personal information to overseas recipients. Our employees, data processors and other trusted third parties are obliged to respect the confidentiality of any personal information held by us. However, security of communications cannot be guaranteed, and therefore absolute assurance that information will be secure at all times cannot be given. Dataro will not be held responsible for events arising from unauthorised access to or disclosure of personal information.
28. For individuals in the EU, please note that the recipients of your personal information may be located in countries in which the privacy or data protection laws differ from those of the European Union. For recipients of your personal information in Australia, and the United States of America, appropriate or suitable safeguards over your personal data have been put in place by virtue of our compliance with the standard data protection contract clauses approved by the European Commission. Please contact our Privacy Officer for more information.
LINKS TO OTHER WEBSITES //
29. Our websites, platforms and plugins may, from time to time, contain links to or integrate with the websites or platforms of other organisations. Such links or integrations cannot be taken to imply any endorsement or validation by us of the content of the third party website or platform. Linked websites and platforms are responsible for their own privacy practices and you should check those websites and platforms for their respective privacy statements. Dataro is not responsible, nor does it accept any liability, for the conduct of companies linked to or integrated with our website, platforms or plugins.
RELATED WEBSITES //
30. All websites and platforms operated by us will adhere to this Privacy Policy. The policies on the websites of some members of our group may vary, however, because of local customs, practices or laws.
SALE OF THE COMPANY //
31. If Dataro merges with, or is acquired by, another company, or sells all or a portion of its assets, your personal information may be disclosed to our advisers and any prospective purchaser’s adviser, and may be among the assets transferred. However, personal information will always remain subject to this Privacy Policy unless you are otherwise notified.
PROBLEMS, COMPLAINTS AND QUERIES //
32. If you have any questions about our Privacy Policy, or any problems or complaints about how we have collected, used, stored, handled and/or disclosed your personal information, please contact our privacy officer via email: privacy@dataro.io or mail: The Privacy Officer, Dataro, 2/11 York Street, Sydney NSW 2000. Please include your name, email address and/or telephone number and clearly describe your complaint.
33. Please allow 30 days for this request to be processed. On receipt of your query, problem or complaint a review will be conducted and findings will be communicated to you where required. If you do not receive a satisfactory response to your query, problem or complaint within 30 days, you may refer your query, problem or complaint to the Office of the Australian Information Commissioner via the contact details listed at http://www.oaic.gov.au/about-us/contact-us-page, or, for individuals in the EU, to the data protection supervisory authority in your country.