2.2 This Policy is intended to describe what information we collect; who is collecting the information; when information is being collected; at what extent; how we use it; the legal basis for processing of information; how long the information is retained; and if we disclose it to a third-party and/or outside the EU. Please read this policy before using the Services or submitting any Personal Information. By using the Services, you are accepting the practices described in this policy.
2.3 We are committed to safeguarding your Personal Information that we may collect or hold from time to time in accordance with those principles.
2.5 We will not disclose your Personal Information collected about you otherwise than:
(b) for a purpose you would reasonably expect; or
(c) for a purpose required or permitted by law; or
(d) for a purpose otherwise disclosed to or permitted by you.
2.6 In the event of any inconsistency between the provisions of this Policy and those other disclosures, the other disclosures will prevail.
2.7 This Policy applies to the use of Our Services only. The Services may contain other third party services, including, without limitation, services provided by Our Payment Gateway Partner (Stripe), Mail delivery service (SendGrid), IP geolocation look up service (Ipstack) and Currency conversion service (Currencylayer API), which are not owned or controlled by us. We disclaim any liability in relation to the use of your Personal Information by Third Parties, and you agree to indemnify and hold Those Indemnified harmless against any loss, cost, expense, damage or liability which may be incurred as a result of, or in relation to, or in connection with any Third Party’s use of your Personal Information contrary to this Policy, whether such loss, cost, expense, damage or liability is actual or contingent, present or future, quantified or unquantified.
These third party services’ privacy policies can found at the links below. It is your responsibility to ensure that you read and understand such Third Parties Policies. If you do not agree with such Third Party Policies, you must immediately cease and forever desist from accessing the Platform or using Our Services.
3. Information we collect from you
3.1 We only collect Personal Information about you that are necessary for our functions and activities. The collection of your Personal Information is necessary for us to provide the Services for you.
3.2 We will collect Personal Information from you when you complete an online form upon registering an Account, or deal with us directly through any means, including via our ‘Facebook Connect’ feature, whether by telephone or email, or when you use the Services for any reason.
3.3 We generally collect Personal Information when it is voluntarily submitted you. This Personal Information is generally used and/or disclosed to fulfil your specific request to:
(a) register for an Account to use the Services; or
(b) register for an Account with Stripe to setup a fundraising account; or
(c) connect and interact with other users, including (without limitation) to Donate to a Campaign or get Donated; or
(d) increase you user experience; or
(e) contact you.
3.4 Additionally, the purposes for which we will generally collect and use your Personal Information will include:
(a) complying with legislative and regulatory requirements;
(b) performing our administrative operations, including accounting, risk management, record keeping, archiving, and development and testing;
3.5 Personal Information which you provide will be used and disclosed in accordance with this Policy or otherwise in accordance with your express consent.
3.6 Your Personal Information we collect directly from you includes:
(a) user name;
(b) date of birth;
(c) email address; and
(d) country of residence;
3.7 Your Personal Information being collected automatically when you use our service includes:
(a) IP address of your device being collected by ipstack when you sign up to our service or login to our service for the first time;
(b) Location of your mobile device generated by ipstack when you sign up to our service or login to our service for the first time;
(c) We use the location returned by our third party service, ipstack internal protocol to determine which currency shall be displayed on your account of the Services;
(d) We also use internet protocol addresses, browser information, operating system information and other information, whether it is from internal sources or external sources, which does not identify you personally but which tracks your usage of the Services (“Statistical Information”); and
(e) Our Service contains Third Party web links that may place their own cookies or other files on your computer or mobile device, solicit Personal Information from you and may or may not use your Personal Information in accordance with their own privacy policies which may differ from this Policy.
3.8 Your Personal Information we collect from other sources includes:
(a) user name from Third Party internal protocol when you login to our Services via Third Party service such as the Facebook Connect;
(b) date of birth from Third Party internal protocol when you login to our Services via Third Party service such as the Facebook Connect;
(c) Stripe authentication keys generated by Stripe when you connect our Services to Stripe. We use this key to identify your Stripe account and to process online payments on behalf of you; and
(d) expiry date, last 4 digits, brands and the Stripe tokens of your credit card or debit card generated by Stripe when you choose to save your credit card or debit card details with us. Please note that the security of your credit card or debit card details are of the utmost importance. We process payment you made via credit card or debit card through Our Payment Gateway Partner’s secure network. We charge your credit card or debit card via a secure token generated by Our Payment Gateway Partner. When you opt-in to save your card with Us, it is the expiry date, last 4 digits, brands and the Stripe generated secure token of your credit card or debit card that are stored in our server. Your full credit card or debit card details are stored in Stripe secure PCI compliance server; and
(e) We also use internet protocol addresses, browser information, operating system information and other information, whether it is from internal sources or external sources, which does not identify you personally but which tracks your usage of the Services (“Statistical Information”);
3.9 Your Personal Information our Third Party Services may collect from you separately from Us includes.
(a) Other personal information Stripe may collect directly from you.
3.10 Your Personal Information we collect directly from you and pass to our Third Party Service, Stripe includes:
(a) user name that you provide for us to register an account with Stripe for you;
(b) email address that you provide for us to register an account with Stripe for you;
(c) legal name that you provide for us to register an account with Stripe for you;
(d) entity type that you provide for us to register an account with Stripe for you;
(e) entity name that you provide for us to register an account with Stripe for you;
(f) address that you provide for us to register an account with Stripe for you;
(g) date of birth that you provide for us to register an account with Stripe for you;
(h) personal identification number that you provide for us to register an account with Stripe for you;
(i) telephone number that you provide for us to register an account with Stripe for you;
(j) bank account details that you provide for us to register an account with Stripe for you;
(k) country of residence that you provide for us to register an account with Stripe for you; and
(l) credit card or debit card details;
In the event that we receive unsolicited information about you, it will only be collected where:
(a) it is reasonably necessary for one or more of our functions or activities; and
(b) we obtain your consent; or
(c) it is authorised or required under an Australian law or a court/tribunal order; or
(d) it is otherwise permitted by the Privacy Act 1988 (Cth) (the “Act”).
3.12 Where Clause 3.11 does not apply, we will destroy any unsolicited Personal Information that we receive.
3.13 Where required by law, we will obtain your consent to collect Personal Information from third party sources and combine that information with the Personal Information which we have collected directly from you for analytical purposes.
3.14 We advise that tracking technologies are used on the Service in order to collect and collate Statistical Information. From time to time when you use our Services or login to your Account, we record the date and time of access to your Account and other information such as your browser type, operating system and location of your mobile device.
3.15 If you register an Account or continue to use the Services, you agree to our use of tracking technologies to track your usage and location of your mobile device.
3.16 This section details the information we collect, the purpose for its collection and use, and the legal basis for the processing.
To provide you with Wishsprout services
Performance of a Contract or Agreement.
Display the content of our services in your local currency for better user experience
To respond to your communications and to retain a record for quality and training purposes.
Legitimate interest; or Consent
To contact you about our products and services.
To contact you about the changes of the Services.
To send you confirmation of the Services you register or opt-in.
To send you receipt of payments you made using the Services.
Legitimate interest; or Consent
To determine your interest in our products and services.
To monitor and improve the performance of our Services and for analytical purposes.
4. Personal Information about third parties
5. Usage and Disclosure of Personal Information
5.3 Unless otherwise specified or required by law, where you made your account public on the Services’ platform, or voluntarily initiate contact with other users, or make a Donation to their Campaign, you authorise us to disclose necessary Personal Information to other users, including your name, and your WishSprout Account (including any information publicly displayed therein).
5.5 Notwithstanding with Section 3, We may also disclose your Personal Information to other third parties from time to time, such disclosure is necessary to provide you with our services or to manage our business. It is our legitimate interest to process your personal data for these purposes. Subject to what is permitted by law, the types of third parties to whom we may disclose your Personal Information may include:
(a) employees, our agents, IT service providers, solutions and analytics providers, marketing providers, contractors and external advisors whom we engage from time to time to carry out, or advise on, our functions and activities;
(b) regulatory bodies, government agencies, law enforcement agencies and courts;
(c) other organisations with whom we have alliances or arrangements for the purpose of promoting our Services (and any agents used by us and our business partners in administering such an arrangement or alliance);
(d) our legal or financial advisors;
(e) debt collecting agencies;
(f) Third Party Services we use to delivery Services (such as Stripe, ipstack, currencylayer and Sendgrid); or
(g) other users on the Services’ Platform;
5.7 We take the protection of your Personal Information very seriously. Our third parties are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We ensure that such third parties will be bound by terms complying with applicable Data Protection Law.
5.8 We reserve the right to disclose Statistical Information to third parties including, without limitation, to analytics companies and business partners, to help us understand usage patterns, to assist in product development and for advertising purposes.
5.9 We reserve the right to disclose Personal Information and Statistical Information with third parties where such disclosure is required by law, or when we reasonably believe in good faith that such disclosure is necessary to protect our rights or to comply with a judicial proceeding or legal process served upon us.
(a) we believe on reasonable grounds that the overseas recipient is bound by legislation or regulation that is substantially similar to the Act which can be enforced against the overseas recipient; or
(b) you give us an informed consent to the disclosure of your Personal Information to an overseas recipient who may not be bound by Australian law; or
(c) the disclosure to an overseas recipient is authorised or required by Australian law or a court or tribunal order; or
(d) it is permitted by the Act;
5.13 We may disclose both Personal Information and Statistical Information to a third party in a business transaction such as a merger with or acquisition by another company, or the sale of all or a substantial portion of our assets, of which your Personal Information and Statistical Information may be among the assets transferred. Where this occurs, we will notify you via an email sent to the email address which you provide to us in your Profile.
6. Transfer of your personal data outside the EEA.
6.1 We may need to transfer your personal information outside the EEA to provide the Services to you. Some of the countries to which your personal data may be transferred for these purposes that are located outside the EU do not benefit from an adequacy decision issued by the EU Commission regarding protection afforded to personal data in that country. However we are committed to ensure that:
(a) where we transfer your personal information outside the EEA, we ensure such transfers are undertaken in accordance with our legal and regulatory obligations or where we can be satisfied that alternative arrangement are in place to protect your privacy rights; or
(b) we obtain contractual commitments from them to protect your personal information; or
(c) where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed;
7. Storage and Retention of your Personal Information
7.1 All information that you provide to us is stored with Google Cloud Platform, https://cloud.google.com/.
7.2 We retain your Personal Information for no longer than necessary for the purpose for which it was collected. In determining how long your information will be stored, we will consider:
(a) the purpose(s) and use of your Personal Information both now and in the future;
(b) what information we need to:
best provide you with products and services;
manage your relationship with us;
meet our statutory obligations;
meet our taxation obligations;
meet our accounting functions;
develop our products and services;
meet our customers’ and previous customers reasonable expectations; and
legal or financial claim that relates to your relationship with us
7.3 Notwithstanding the termination of your Profile with us, you consent to our holding your Personal Information for the continuation of your Profile with us and for the duration of up to seven (7) years subsequent to the termination or deletion of your Profile.
7.4 Your Personal Information will be destroyed or de-identified anytime within the seven (7) year period subsequent to the termination or deletion of your Profile, provided that:
(a) you do not owe us any money; or
(b) there are no legal proceedings instituted against you for which we may be required to give evidence; or
8. Your Rights to your Personal Information
8.1 You have certain rights concerning your Personal Information under Data Protection law as mentioned below by addressing to our Data Protection Officer via email email@example.com.
8.2 You may exercise your rights to access, correct, update, restrict or delete any of your Personal Information which we have on you by logging in to your Account.
8.3 Where you are unable to access, correct, update, restrict or delete your Personal Information, please address our Data Protection officer via email firstname.lastname@example.org in order that we may enable you to access, correct, update or delete your Personal Information.
8.4 You may exercise your rights to obtain a copy of, or reference to, your Personal Information by addressing to our Data Protection officer via email email@example.com.
8.5 You may withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information. This will not affect the lawfulness of our processing of your data prior to you notifying us of your withdrawal. You can address our Data Protection officer via email firstname.lastname@example.org to withdraw your consent.
8.6 You may exercise your rights to object to the processing of your information by us. You may also exercise your right to object to us using or processing your information for direct marketing purposes by clicking the unsubscribe link contained at the bottom of any marketing email we send to you. You can address our Data Protection officer via email email@example.com if you have any objections.
8.7 You may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered. You can address our Data Protection officer via email firstname.lastname@example.org.
9. Personal Information’s Rights in California
9.1 If you are a resident of California you may have a right pursuant to Section 1798.83 of the California Civil Code to obtain certain information about the types of personal information that we have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. Please contact us by email to email@example.com if you would like to exercise any of your rights in relation to your personal information.
10. Security of Your Personal Information
10.1 We will use all reasonable efforts to keep secure your Personal Information and Statistical Information that we collect and maintain. Only our authorised employees, agents and contractors will have access to this information. We will maintain strict procedures and generally accepted industry standards and take all reasonable care to protect and prevent unauthorised access to, or modification and disclosure of, your Personal Information. We will take all reasonable steps to protect your Personal Information from misuse and loss.
10.2 Notwithstanding clause 10.1 above, no data transmission over the internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you provide through the use of our Services. You understand that any information you send over the internet is at your own risk.
10.3 Subject to our reserved rights to disclose and use your Personal Information and Statistical Information described in clause 5 above, we will limit access to your Personal Information to employees to whom we believe there is a reasonable need for us to disclose your Personal Information and Statistical Information in order for them to perform their duties.
11. Complaints about breaches of privacy
11.2 In all circumstances, you have the right to file complaints to the appropriate data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place. In the Australia you can make a complaint to the Office of the Australian Information Commissioner (OAIC) which can be contacted via their website https://www.oaic.gov.au/.
13. Third parties
13.2 You agree to indemnify and hold Those Indemnified harmless from and against any damage, loss, cost (including, without limitation, settlement costs), expense (including reasonable legal costs and expenses), damage or liability incurred by any of Those Indemnified arising from any claim, demand, suit, action or proceeding by any person against Those Indemnified as a result of, in connection with or in relation to the use of your Personal Information by third parties, whether such damage, loss, cost, expense, damage or liability is actual contingent, present or future, quantified or unquantified.