By accessing the Platform or using any Services, you are consenting and giving us permission to process your personal information in accordance with and for the purposes outlined in this Privacy Policy.
1. Definitions
1.1 Unless otherwise specified, the definitions used in this Privacy Policy are the same as the definitions used in the Terms of Use Agreement.
1.2 This Privacy Policy forms part of the Terms of Use Agreement.
2. Application of Privacy Policy
2.1 This Privacy Policy (“Policy”) applies to our collection and disclosure of certain information which may identify you personally or which may otherwise be personal to you (your “Personal Information”) when you use the Services or when you register an Account.
2.2 This Policy is intended to describe what information we collect; who is collecting the information; when information is being collected; at what extent; how we use it; the legal basis for processing of information; how long the information is retained; and if we disclose it to a third-party and/or outside the EU. Please read this policy before using the Services or submitting any Personal Information. By using the Services, you are accepting the practices described in this policy.
2.3 We are committed to safeguarding your Personal Information that we may collect or hold from time to time in accordance with those principles.
2.4 For the purpose of this Policy, the term Personal Information, in addition to that which is defined in the Terms of Use Agreement, includes personal information obtained from an individual or third party which, under and in accordance with the Privacy Act may lawfully be exchanged.
2.5 We will not disclose your Personal Information collected about you otherwise than:
(a) for a purpose set out in this Policy or the Terms of Use Agreement; or
(b) for a purpose you would reasonably expect; or
(c) for a purpose required or permitted by law; or
(d) for a purpose otherwise disclosed to or permitted by you.
2.6 In the event of any inconsistency between the provisions of this Policy and those other disclosures, the other disclosures will prevail.
2.7 This Policy applies to the use of Our Services only. The Services may contain other third party services, including, without limitation, services provided by Our Payment Gateway Partner (Stripe), Mail delivery service (SendGrid), IP geolocation look up service (Ipstack) and Currency conversion service (Currencylayer API), which are not owned or controlled by us. We disclaim any liability in relation to the use of your Personal Information by Third Parties, and you agree to indemnify and hold Those Indemnified harmless against any loss, cost, expense, damage or liability which may be incurred as a result of, or in relation to, or in connection with any Third Party’s use of your Personal Information contrary to this Policy, whether such loss, cost, expense, damage or liability is actual or contingent, present or future, quantified or unquantified.
These third party services’ privacy policies can found at the links below. It is your responsibility to ensure that you read and understand such Third Parties Policies. If you do not agree with such Third Party Policies, you must immediately cease and forever desist from accessing the Platform or using Our Services.
https://sendgrid.com/policies/privacy/
https://currencylayer.com/privacy
3. Information we collect from you
3.1 We only collect Personal Information about you that are necessary for our functions and activities. The collection of your Personal Information is necessary for us to provide the Services for you.
3.2 We will collect Personal Information from you when you complete an online form upon registering an Account, or deal with us directly through any means, including via our ‘Facebook Connect’ feature, whether by telephone or email, or when you use the Services for any reason.
3.3 We generally collect Personal Information when it is voluntarily submitted you. This Personal Information is generally used and/or disclosed to fulfil your specific request to:
(a) register for an Account to use the Services; or
(b) register for an Account with Stripe to setup a fundraising account; or
(c) connect and interact with other users, including (without limitation) to Donate to a Campaign or get Donated; or
(d) increase you user experience; or
(e) contact you.
3.4 Additionally, the purposes for which we will generally collect and use your Personal Information will include:
(a) complying with legislative and regulatory requirements;
(b) performing our administrative operations, including accounting, risk management, record keeping, archiving, and development and testing;
(c) managing our rights and obligations under the Terms of Use Agreement;
3.5 Personal Information which you provide will be used and disclosed in accordance with this Policy or otherwise in accordance with your express consent.
3.6 Your Personal Information we collect directly from you includes:
(a) user name;
(b) date of birth;
(c) email address; and
(d) country of residence;
3.7 Your Personal Information being collected automatically when you use our service includes:
(a) IP address of your device being collected by ipstack when you sign up to our service or login to our service for the first time;
(b) Location of your mobile device generated by ipstack when you sign up to our service or login to our service for the first time;
(c) We use the location returned by our third party service, ipstack internal protocol to determine which currency shall be displayed on your account of the Services;
(d) We also use internet protocol addresses, browser information, operating system information and other information, whether it is from internal sources or external sources, which does not identify you personally but which tracks your usage of the Services (“Statistical Information”); and
(e) Our Service contains Third Party web links that may place their own cookies or other files on your computer or mobile device, solicit Personal Information from you and may or may not use your Personal Information in accordance with their own privacy policies which may differ from this Policy.
3.8 Your Personal Information we collect from other sources includes:
(a) user name from Third Party internal protocol when you login to our Services via Third Party service such as the Facebook Connect;
(b) date of birth from Third Party internal protocol when you login to our Services via Third Party service such as the Facebook Connect;
(c) Stripe authentication keys generated by Stripe when you connect our Services to Stripe. We use this key to identify your Stripe account and to process online payments on behalf of you; and
(d) expiry date, last 4 digits, brands and the Stripe tokens of your credit card or debit card generated by Stripe when you choose to save your credit card or debit card details with us. Please note that the security of your credit card or debit card details are of the utmost importance. We process payment you made via credit card or debit card through Our Payment Gateway Partner’s secure network. We charge your credit card or debit card via a secure token generated by Our Payment Gateway Partner. When you opt-in to save your card with Us, it is the expiry date, last 4 digits, brands and the Stripe generated secure token of your credit card or debit card that are stored in our server. Your full credit card or debit card details are stored in Stripe secure PCI compliance server; and
(e) We also use internet protocol addresses, browser information, operating system information and other information, whether it is from internal sources or external sources, which does not identify you personally but which tracks your usage of the Services (“Statistical Information”);
3.9 Your Personal Information our Third Party Services may collect from you separately from Us includes.
(a) Other personal information Stripe may collect directly from you.
3.10 Your Personal Information we collect directly from you and pass to our Third Party Service, Stripe includes:
(a) user name that you provide for us to register an account with Stripe for you;
(b) email address that you provide for us to register an account with Stripe for you;
(c) legal name that you provide for us to register an account with Stripe for you;
(d) entity type that you provide for us to register an account with Stripe for you;
(e) entity name that you provide for us to register an account with Stripe for you;
(f) address that you provide for us to register an account with Stripe for you;
(g) date of birth that you provide for us to register an account with Stripe for you;
(h) personal identification number that you provide for us to register an account with Stripe for you;
(i) telephone number that you provide for us to register an account with Stripe for you;
(j) bank account details that you provide for us to register an account with Stripe for you;
(k) country of residence that you provide for us to register an account with Stripe for you; and
(l) credit card or debit card details;
3.11 In accordance with the Terms of Use Agreement, we may also use your Personal Information and disclose the same to an Authority of competent jurisdiction in order to conduct investigations into alleged fraudulent activity, and to assist any Authority in their investigations into the same.
In the event that we receive unsolicited information about you, it will only be collected where:
(a) it is reasonably necessary for one or more of our functions or activities; and
(b) we obtain your consent; or
(c) it is authorised or required under an Australian law or a court/tribunal order; or
(d) it is otherwise permitted by the Privacy Act 1988 (Cth) (the “Act”).
3.12 Where Clause 3.11 does not apply, we will destroy any unsolicited Personal Information that we receive.
3.13 Where required by law, we will obtain your consent to collect Personal Information from third party sources and combine that information with the Personal Information which we have collected directly from you for analytical purposes.
3.14 We advise that tracking technologies are used on the Service in order to collect and collate Statistical Information. From time to time when you use our Services or login to your Account, we record the date and time of access to your Account and other information such as your browser type, operating system and location of your mobile device.
3.15 If you register an Account or continue to use the Services, you agree to our use of tracking technologies to track your usage and location of your mobile device.
3.16 This section details the information we collect, the purpose for its collection and use, and the legal basis for the processing.
|
Purpose |
Personal Information |
Processing ground |
|
To provide you with Wishsprout services |
|
Performance of a Contract or Agreement. |
|
Display the content of our services in your local currency for better user experience |
|
Legitimate interest |
|
To respond to your communications and to retain a record for quality and training purposes. |
|
Legitimate interest; or Consent
|
|
To contact you about our products and services. To contact you about the changes of the Services. To send you confirmation of the Services you register or opt-in. To send you receipt of payments you made using the Services. |
|
Legitimate interest; or Consent
|
|
To determine your interest in our products and services. |
|
Legitimate interest |
|
To monitor and improve the performance of our Services and for analytical purposes. |
|
Legitimate interest |
4. Personal Information about third parties
4.1 If at any time you supply us with Personal Information about another person, you should ensure that you have written consent from that person to do so, and you must agree to inform that person about us and that we may use and disclose their Personal Information in accordance with and for the purposes outlined in this Privacy Policy.
5. Usage and Disclosure of Personal Information
5.1 You authorise us to use your Personal Information to contact you in relation to your use of the Services, including (without limitation) any modifications to our Terms of Use or this Privacy Policy.
5.2 Unless otherwise specified or required by law, you authorise us to disclose your Personal Information to third parties where we assign, transfer, sell or otherwise license under the Terms of Use Agreement to a third party.
5.3 Unless otherwise specified or required by law, where you made your account public on the Services’ platform, or voluntarily initiate contact with other users, or make a Donation to their Campaign, you authorise us to disclose necessary Personal Information to other users, including your name, and your WishSprout Account (including any information publicly displayed therein).
5.4 Please note that other users may use your Personal Information in a manner other than as outlined in this Privacy Policy. We do not accept any responsibility whatsoever, including (without limitation) any liability as a result of for any loss, cost, expense, damage or liability incurred as a result of, or in connection with, or in relation to the use of your Personal Information by third party users of our Services.
5.5 Notwithstanding with Section 3, We may also disclose your Personal Information to other third parties from time to time, such disclosure is necessary to provide you with our services or to manage our business. It is our legitimate interest to process your personal data for these purposes. Subject to what is permitted by law, the types of third parties to whom we may disclose your Personal Information may include:
(a) employees, our agents, IT service providers, solutions and analytics providers, marketing providers, contractors and external advisors whom we engage from time to time to carry out, or advise on, our functions and activities;
(b) regulatory bodies, government agencies, law enforcement agencies and courts;
(c) other organisations with whom we have alliances or arrangements for the purpose of promoting our Services (and any agents used by us and our business partners in administering such an arrangement or alliance);
(d) our legal or financial advisors;
(e) debt collecting agencies;
(f) Third Party Services we use to delivery Services (such as Stripe, ipstack, currencylayer and Sendgrid); or
(g) other users on the Services’ Platform;
5.7 We take the protection of your Personal Information very seriously. Our third parties are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We ensure that such third parties will be bound by terms complying with applicable Data Protection Law.
5.8 We reserve the right to disclose Statistical Information to third parties including, without limitation, to analytics companies and business partners, to help us understand usage patterns, to assist in product development and for advertising purposes.
5.9 We reserve the right to disclose Personal Information and Statistical Information with third parties where such disclosure is required by law, or when we reasonably believe in good faith that such disclosure is necessary to protect our rights or to comply with a judicial proceeding or legal process served upon us.
5.10 We may share your Personal Information and Statistical Information with third parties where we reasonably believe in good faith that such disclosure is necessary in order to investigate, prevent or take action regarding illegal activities such as suspected fraud; situations involving potential threats to the physical safety of any person; violations of our terms of use agreement or as otherwise required by law.
5.11 We may from time to time disclose your Personal Information to overseas entities who may not be bound by Australian legislation without your consent, except in circumstances where clause 5.3, 5.4, 5.5, 5.6 5.7, 5.8 or 5.9 applies. Where we disclose Your Personal Information to overseas recipients, We will make every reasonable effort in the circumstances to ensure that the overseas recipients comply with this Privacy Policy and any applicable Australian law or regulation with respect to the protection of Personal Information, unless:
(a) we believe on reasonable grounds that the overseas recipient is bound by legislation or regulation that is substantially similar to the Act which can be enforced against the overseas recipient; or
(b) you give us an informed consent to the disclosure of your Personal Information to an overseas recipient who may not be bound by Australian law; or
(c) the disclosure to an overseas recipient is authorised or required by Australian law or a court or tribunal order; or
(d) it is permitted by the Act;
5.12 By continuing to use our Services, you agree to consent to the disclosure of your Personal Information in accordance with this Privacy Policy.
5.13 We may disclose both Personal Information and Statistical Information to a third party in a business transaction such as a merger with or acquisition by another company, or the sale of all or a substantial portion of our assets, of which your Personal Information and Statistical Information may be among the assets transferred. Where this occurs, we will notify you via an email sent to the email address which you provide to us in your Profile.
5.14 We will not use or disclose your Personal Information for any purpose other than as disclosed in this Privacy Policy.
6. Transfer of your personal data outside the EEA.
6.1 We may need to transfer your personal information outside the EEA to provide the Services to you. Some of the countries to which your personal data may be transferred for these purposes that are located outside the EU do not benefit from an adequacy decision issued by the EU Commission regarding protection afforded to personal data in that country. However we are committed to ensure that:
(a) where we transfer your personal information outside the EEA, we ensure such transfers are undertaken in accordance with our legal and regulatory obligations or where we can be satisfied that alternative arrangement are in place to protect your privacy rights; or
(b) we obtain contractual commitments from them to protect your personal information; or
(c) where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed;
7. Storage and Retention of your Personal Information
7.1 All information that you provide to us is stored with Google Cloud Platform, https://cloud.google.com/.
7.2 We retain your Personal Information for no longer than necessary for the purpose for which it was collected. In determining how long your information will be stored, we will consider:
(a) the purpose(s) and use of your Personal Information both now and in the future;
(b) what information we need to:
best provide you with products and services;
manage your relationship with us;
meet our statutory obligations;
meet our taxation obligations;
meet our accounting functions;
develop our products and services;
meet our customers’ and previous customers reasonable expectations; and
legal or financial claim that relates to your relationship with us
7.3 Notwithstanding the termination of your Profile with us, you consent to our holding your Personal Information for the continuation of your Profile with us and for the duration of up to seven (7) years subsequent to the termination or deletion of your Profile.
7.4 Your Personal Information will be destroyed or de-identified anytime within the seven (7) year period subsequent to the termination or deletion of your Profile, provided that:
(a) you do not owe us any money; or
(b) there are no legal proceedings instituted against you for which we may be required to give evidence; or
(c) there are no legal proceedings instituted against us in which you are obliged to indemnify us according to the Terms of Use Agreement and this Privacy Policy;
8. Your Rights to your Personal Information
8.1 You have certain rights concerning your Personal Information under Data Protection law as mentioned below by addressing to our Data Protection Officer via email service@wishsprout.com.
8.2 You may exercise your rights to access, correct, update, restrict or delete any of your Personal Information which we have on you by logging in to your Account.
8.3 Where you are unable to access, correct, update, restrict or delete your Personal Information, please address our Data Protection officer via email service@wishsprout.com in order that we may enable you to access, correct, update or delete your Personal Information.
8.4 You may exercise your rights to obtain a copy of, or reference to, your Personal Information by addressing to our Data Protection officer via email service@wishsprout.com.
8.5 You may withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information. This will not affect the lawfulness of our processing of your data prior to you notifying us of your withdrawal. You can address our Data Protection officer via email service@wishsprout.com to withdraw your consent.
8.6 You may exercise your rights to object to the processing of your information by us. You may also exercise your right to object to us using or processing your information for direct marketing purposes by clicking the unsubscribe link contained at the bottom of any marketing email we send to you. You can address our Data Protection officer via email service@wishsprout.com if you have any objections.
8.7 You may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered. You can address our Data Protection officer via email service@wishsprout.com.
9. Personal Information’s Rights in California
9.1 If you are a resident of California you may have a right pursuant to Section 1798.83 of the California Civil Code to obtain certain information about the types of personal information that we have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. Please contact us by email to service@wishsprout.com if you would like to exercise any of your rights in relation to your personal information.
10. Security of Your Personal Information
10.1 We will use all reasonable efforts to keep secure your Personal Information and Statistical Information that we collect and maintain. Only our authorised employees, agents and contractors will have access to this information. We will maintain strict procedures and generally accepted industry standards and take all reasonable care to protect and prevent unauthorised access to, or modification and disclosure of, your Personal Information. We will take all reasonable steps to protect your Personal Information from misuse and loss.
10.2 Notwithstanding clause 10.1 above, no data transmission over the internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you provide through the use of our Services. You understand that any information you send over the internet is at your own risk.
10.3 Subject to our reserved rights to disclose and use your Personal Information and Statistical Information described in clause 5 above, we will limit access to your Personal Information to employees to whom we believe there is a reasonable need for us to disclose your Personal Information and Statistical Information in order for them to perform their duties.
10.4 You understand that if you access the Service from outside Australia, other entities, such as governments, may collect, use and disclose your Personal Information in ways which differ from this Privacy Policy and the laws of Australia.
11. Complaints about breaches of privacy
11.1 If you believe that the privacy of your Personal Information has been compromised or has not been used in accordance with this Privacy Policy, you should contact us as soon as possible by email to service@wishsprout.com.
11.2 In all circumstances, you have the right to file complaints to the appropriate data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place. In the Australia you can make a complaint to the Office of the Australian Information Commissioner (OAIC) which can be contacted via their website https://www.oaic.gov.au/.
11.3 Your complaint will be taken seriously and addressed in accordance with clause 13 of the Terms of Use in relation to Dispute Resolution.
12. Variation of Privacy Policy
12.1 We may change this Privacy Policy at any time and at our sole discretion by posting a notice on the Services, and may notify you in other ways that we deem appropriate, such as sending a notice to the email address specified in your Profile. You agree that you will be deemed to have notice of any modifications once we post them to the Services and/or notified you via email, and that your continued use of our Services after such notice will be construed as your acceptance of the modified Privacy Policy.
12.2 Notwithstanding our right to change this Privacy Policy at any time, these changes will only apply to activities and information going forward, and not on a retroactive basis.
12.3 You are encouraged to review the policy whenever you use our Services to keep track of the policy changes and make sure that you understand how any Personal Information you provide will be used. If you do not agree with the modified Privacy Policy, you must close your Profile immediately and cease to use our Services.
13. Third parties
13.1 Where we provide your Personal Information to third parties or if third parties associated with our Services been in contact with you for such information, you acknowledge and agree that the usage of your Personal Information by third parties is not in our reasonable control. If you have been contacted by any suspicious third parties for collecting your Personal Information on behalf of our Services, you should immediately contact us by email to service@wishsprout.com. You further acknowledge that third party websites may place their own cookies or other files on your computer or mobile device, solicit Personal Information from you and may or may not use your Personal Information in accordance with their own privacy policies which may differ from this Policy. You agree that we are not liable for the use of your Personal Information in circumstances which are not in accordance with this Privacy Policy.
13.2 You agree to indemnify and hold Those Indemnified harmless from and against any damage, loss, cost (including, without limitation, settlement costs), expense (including reasonable legal costs and expenses), damage or liability incurred by any of Those Indemnified arising from any claim, demand, suit, action or proceeding by any person against Those Indemnified as a result of, in connection with or in relation to the use of your Personal Information by third parties, whether such damage, loss, cost, expense, damage or liability is actual contingent, present or future, quantified or unquantified.
--End of Privacy Policy