fbpx

Privacy Policy

 Last Updated: 30th May 2023

This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us, offline or online, including through the provision of our Services at any of our Sites, and in-person.          

We understand you are trusting us with your personal information, and we take the management of your personal information seriously.

In this Privacy Policy:

Controllers” are as defined by the GDPR being natural or legal persons, a public authority, agency or another body to which personal information or personal data has been disclosed, whether via a third party or not, and who determines the purposes and means of processing personal information.

data protection laws” means the laws which apply to us in the provision of our Services, which include the Australian Privacy Principles in the Privacy Act 1988 (Cth) and the NDB, the California Consumer Privacy Act (CCPA); the UK’s Data Protection Act 2018 (DPA) and the European Union General Data Protection Regulation (EU) 2016/279 (the GDPR), each to the extent applicable.

we”, “us” or “our” means itGenius Australia Pty Ltd with ABN 73 151 116 906.

you” or “your” means either/both a Customer or End User (as applicable) of our Services as more fully described in our webterms as well as our employees or consultants. 

“NDB” means the Notifiable Data Breaches Scheme applying under the Privacy Act 1988 (Cth).

personal data”, “processing” have the meaning ascribed in GDPR.

personal information” has the meaning ascribed in the Privacy Act.

processing” means any operation or set of operations which are performed on personal information, whether or not by automated means, such as collecting, recording, organising, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available personal information alignment or combination, restriction, erasure or destruction.

processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

related entity” means an entity or affiliate that belongs to the itGenius group of companies, including the following companies that provide [consumer services] in the EU: [EU entity 1, EU entity 2, etc] and provides [consumer services] in the UK: [UK Entity 1, UK Entity 2, etc] and provides [consumer services] in the US: [US Entity 1, US entity 2, etc], and provides [consumer services] in the AU: [AU Entity 1, Au Entity 2, etc]

sensitive information” means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation, sexual practices or sex life, criminal records, health information, or biometric information.

Services” means the services we provide to you as more fully described in our then current webterms and associated ordering documentation.

Site(s)” means our website, and our applications.

We collect, store, Process and use your personal information in accordance with data protection laws to the extent applicable.

 There are many aspects of our Sites, which can be viewed without providing personal information, however, for access to our Services you are required to submit personal information. This may include but not be limited to a unique username and password and access to your Google account.

 

Our Services

Our services include:

  1. Cloud Services, 
  2. Cloud Concierge Services, 
  3. value added Resold Services, 
  4. bundled Support Services; and 
  5. Non-Reselling Based Consulting Services, each as more fully described in our webterms.

    In order for an itGenius Customer or an End User (each as defined in our webterms) to receive the benefit of these Services it is necessary for you either as Customer or as End User to provide us with access to the Customer’s Google Account. In the case of an End User, such Google account details are provided via the itGenius Customer.

Our Services are provided in addition to your Google account and its platforms such as chrome browser, and our Resold Services are in addition to the third parties solutions which are described in our webterms.

You can also manage your privacy settings via your Google or third party accounts.

Personal information

The types of personal information or personal data we may collect about you include:

  • details of your identity, including your name, age date of birth, gender, images of you, and other information that appears on your identification documents; 
  • your contact details, including email address, mailing address, street address and/or telephone number
  • your financial information, including credit and debit card details, bank account details and/or billing information.
  • your demographic information, such as postcode
  • your preferences and/or opinions
  • the information you provide to us through customer surveys
  • details of products and services we have provided to you and/or that you have enquired about, and our response to you
  • identifiers arising from your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries, and/or browsing behaviour
  • information about your access and use of our Sites, including through the use of internet cookies, your communications with our Sites, the type of browser you are using, the type of operating system you are using and the domain name of your internet service provider
  • additional personal information that you provide to us, directly or indirectly, through your use of our Sites, associated applications, associated social media platforms and/or accounts from which you permit us to collect information from, which includes other information that can be reasonably linked to your personal information by Google, such as information associated with your Google account,  and
  • your Google account details together with any other personal information requested by us and/or provided by you or a third party.

We may collect these types of personal information directly from you or from third parties.

How do we collect your Personal information

We collect and process information about you and your interactions with us, for example:

  • when you inquire about, purchase, or request information about, our Services, call us, or otherwise visit our Sites and we provide you with our Services;
  • whenever you interact with us, including over the phone, through our online enquiry form, email, social media channels, or post, or leave a review of the Services we have provided to you;
  • we may also collect personal information from third parties; and
  • we may use publicly available sources or third-party vendors to allow us to maintain the accuracy of contact details we hold for you or provide missing information.

How and Why we use your personal information, including Disclosure of personal information to third parties

In some jurisdictions in which we collect and use personal information (in particular the UK and European Union), we are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. Under Australian privacy law, we are obliged to identify the reasons why we collect your personal information. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data or personal information to:

  • fulfill a contract that we have with you as an individual (Contract);
  • comply with our legal obligations (Legal Obligation);     
  • pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (Legitimate Interests); or
  • do something for which you have given your consent (Consent).

The table below sets out the specific purposes for which we use your personal information and the lawful basis we rely on when we do so.

 

Lawful Basis Purpose for using your personal information
Contract

Where you are a Customer, End User,      supplier on anyone else that contracts with us as an individual, to:

  • administrate or perform our contract with you.
  • To enable you to access and use our Services via our Sites, associated applications and associated social media platforms.
  • process your payment information in connection with any contract we have with you.
  • send you updates about the Services you have bought.
  • consider your employment application or application to provide services to us.
Legal Obligation

If processing of your personal information is necessary:

  • to record your preferences (e.g. marketing) to ensure that we comply with data protection laws. 
  • where we retain information to enable us to bring or defend legal claims. 
  • where we are required to assist government and law enforcement agencies or regulators.
Legitimate Interests

Where using your information is necessary to pursue our legitimate business interests to:

  • keep internal records.
  • administrate or perform our contract with your business or employer.
  • Contact and communicate with you, for example, to respond to your queries or complaints, or if we need to tell you something important.
  • perform accounting, billing and other administrative and operational functions.
  • perform routine analysis on the performance of our business, and on our marketing and sales activities, including to operate and improve our Services for our Sites, associated applications and associated social media platforms.  We may anonymise personal information before we do this.
  • run competitions and/or offer additional benefits to you.
  • for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you, but will not do so if you tell us not to. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
  • enable you to use our Sites.
  • improve and optimise our Sites.
  • monitor and make improvements to our website to enhance security and prevent fraud.
  • to protect our business and defend ourselves against legal claims.

Where we use your information for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms. 

Consent Where you have provided your consent to providing us with information or allowing us to use or share your information.
Where you consent to cookies – see details in the      Cookie section of this Policy.

How we store and hold personal information, and to whom we can disclose your personal information to and for what purpose

We store most information about you in computer systems and databases operated by either us at locations from where we provide goods and Services, or our service 

We may disclose personal information to:

  • our supply chain, third party service providers for the purpose of enabling them to provide their services, including (without limitation) suppliers, IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, professional advisors, and payment systems operators
  • third parties on an aggregated and anonymised basis
  • our personnel, employees, contractors, and/or related entities
  • our existing or potential agents or business partners
  • payment systems operators
  • sponsors or promoters of any competitions or marketing initiatives we run
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred
  • credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
  • regulatory and law enforcement authorities, courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia and
  • third parties to collect and process data or other relevant businesses. This may include parties that store data outside of Australia.
  • any actual or potential buyer of our business.

If we disclose your personal information to third parties, including data processors, we will request that the third party handle your personal information in accordance with this Privacy Policy. 

    Transfer of Personal Data overseas

    We may disclose personal information across borders to third parties so that they may perform services for us, on our behalf, or in the context of the provision of goods and Services to you.

    We may also disclose your personal information across borders to others outside our group of companies where:

    • it is necessary for the provision of our Services to you;
    • we are required or authorised by law to do so;
    • you may have expressly consented to the disclosure; or
    • we are otherwise permitted to disclose the information under any relevant privacy regulations.

    The third-party will only process your personal information in accordance with written instructions from us and we require that the third party either complies with the EU-US privacy shield principles, the cross border transfer principles set out in the Privacy Act, the cross border regulations set out in the GDPR, DPA (i.e. contracts approved by the European Commission or UK Secretary of State) or another mechanism set out by applicable EU & Swiss data protection laws for the transfer and processing of personal information. 

    By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia, if you are a European Union (EU) citizen, to third parties that reside outside the EU, if you are a UK citizen, to third parties that reside outside the UK, and if you are a US citizen, to third parties that reside outside the US. Where the disclosure of your personal information is solely subject to Australian privacy laws (and not subject to the GDPR, the DPA or the CCPA), you acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.

    How we treat personal information that is also sensitive information

    Sensitive information is a subset of personal information that is given a higher level of protection.

    We will not collect sensitive information about you unless it is strictly necessary for us to perform our services and without first obtaining your consent.

    Provided you consent, your sensitive information may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected, including:

    • providing services for a purpose that is directly related to the primary purpose for which the sensitive information was collected and
    • data analytics purposes.

    Sensitive information may also be used or disclosed if required or authorised by law.

    Under the UK DPA, sensitive information is also referred to as “special category data”

    Our responsibilities as under the GDPR and DPA

    We are a processor under the GDPR and the DPA as we collect, use and store your personal information to enable us to provide you with our goods and/or Services.

    As a processor, we have certain obligations under the GDPR and DPA when processing the personal data and personal information of EU citizens. If you are an EU or UK citizen, your personal data will:

    • be processed lawfully, fairly, and in a transparent manner by us
    • only be collected for the specific purposes we have identified in the ‘collection and use of personal information’ clause above and personal information will not be further processed in a manner that is incompatible with the purposes we have identified
    • be collected in a way that is adequate, relevant, and limited to what is necessary in relation to the purpose for which the personal information is processed
    • be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information)
    • be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal data was collected
    • be Processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

    We also apply these principles to the way we collect, store and use the personal information of our Australian customers or clients.

    Specifically, we have the following measures in place, in accordance with the GDPR and DPA:

    • Data protection policies: We have internal policies in place which set out where and how we collect personal information, how it is stored and where it goes after we get it, in order to protect your personal information.
    • Maintain records of processing activities
    • Notification of data breaches: We will comply with the NDB, GDPR and/or the DPA in respect of any data breach to the extent applicable to the specific datasets.

    Your rights and controlling your personal information

    Where you are resident in Australia or the United States, or other locations where we Services, you have rights under applicable law and regulations. 

    Where you are a resident of the UK or EEA, there are specific legal rights in relation to the your personal information, which are set out below:

    Choice and consent: Please read this Privacy Policy carefully. By providing personal information or personal data to us, you consent to us collecting, holding, Processing using and disclosing your personal information in accordance with this Privacy Policy. If you are under 16 years of age, you must have and have, and warrant to the extent permitted by law to us that you have, your parent or legal guardian’s permission to access and use the Sites and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this Sites or the products and/or services offered on or through it.

    Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

    Restriction: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict how we process your personal information, we will let you know how the restriction affects your use of our Sites or products and services.

    Objection: You may object to us using your personal information if you want us to stop using it. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.

    Objection to automated data processing including profiling: You may request for your personal information to not be subject to automated processing or be carried out without human intervention and would create legal consequences or something that significantly affects you.

    Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in an easily readable machine format. You may request that we erase the personal information we hold about you at any time. If you are an EU resident, you may also request that we transfer this personal information to another third party.

    Correction/Rectification: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

    Deletion/Erasure: You may request for us to delete or remove your personal information if there is no good reason for us to continue holding it or if you have asked us to stop using it (see below at “Objection”). If we think there is a good reason to retain the information you have requested us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.

    Complaints: If you believe that we have breached data protection laws and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You      also have the right to contact the Office of the Australian Information Commissioner (OAIC) or Information Commissioner’s Office (UK) if you wish to make a complaint, but we hope that we can respond to our concerns before it reaches that stage     

    Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

    If you are resident in the UK or EEA and wish to make any of the right requests listed above, you can do so by contacting us using the details below.

    We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. 

    We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive or if you require further copies of your data. If this happens we will always inform you in writing.

    Storage and security

    We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as:

    • the pseudonymisation and encryption of personal information;
    • the use of identity and access management technologies (such as two factor authentication) to control access to systems on which information is processed and stored;
    • requiring all employees to comply with internal information security policies and keep information secure; and
    • monitoring and regularly reviewing our practise against our own polices and against industry best practice.

         to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

    We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information are carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

    We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose under any relevant privacy regulations.

    How long we keep your information

    We retain information are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used.  We take into account legal and regulatory provisions which require information to be retained for a minimum period.  We also consider the limitation periods for taking legal action and good practice in the legal industry.

    We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. 

    If you have requested information from us or have subscribed to our mailing list, we will keep your details until you ask us to stop contacting you.

    Cookies and web beacons

    We may use cookies on our Sites from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our Sites with personal information, this information may be linked to the data stored in the cookie.

    We may use web beacons on our Sites from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

    We may use Google Analytics to collect and process data. To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time.

    Links to other websites

    Our Sites may contain links to other websites. Click on those links may allow for third parties to collect or share data about you. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy and we recommend and encourage that you read the Privacy Policy of every other website you visit.    

    Complaints, Contract & Amendments

    We may, at any time and at our discretion, vary this Privacy Policy.

    For any complaints, questions or notices, please contact us via email to: [email protected]