Zivora Privacy Policy

Effective date: 16 July 2019
  1. General
    1. Zivora Pty Ltd (ACN 613 314 819) (we, us, our) takes all necessary steps to ensure that any personal information collected through the website or mobile application owned or operated by us (Zivora Platform) is processed, used, shared, retrieved, stored, disclosed, altered and destroyed fairly and lawfully.

    2. Your privacy is important to us and we are committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Privacy Act) and the General Data Protection Regulation (EU 2016/679) (GDPR), which applies across the European Union (collectively, Privacy Laws).

    3. This policy outlines how and when we collect, process, use, share, store, disclose, retrieve, alter and destroy your personal information and applies to all personal information we collect through:

      1. the Platform; and
      2. our products and services.

    4. By accessing or using the Zivora Platform or any of our products or services, you indicate that:

      1. you have read and understood this policy; and
      2. you agree that your access to, or use of, the Zivora Platform or any of our products or services indicates your consent to this policy.

    5. If you have any questions about this policy, you can contact us using the details below.

  2. What personal information we collect
    1. Personal information

      1. Personal information is information or an opinion about a natural person which identifies a natural person, or which is reasonably capable of identifying a natural person, whether or not the information is true or recorded in a material form.
      2. We will only collect personal information that is necessary for one or more of our functions or for a purpose outlined in this policy or otherwise disclosed to you.
      3. We collect and use personal information from customers, authorised users or visitors of the Zivora Platform, purchasers of our products or services, and any other individual who interacts with us.
      4. We collect and use different types of personal information depending on the type of dealing you have with us, which may include:
        1. contact details (for example, full name, address, mobile and telephone numbers and email address and country of residence);
        2. employment or business details (for example, business name, business address, business role or position, work mobile and office telephone numbers and work email address);
        3. information about the products or services you order or enquire about, including how the products or services are used;
        4. information regarding your access and use of our Zivora Platform, including location information, IP address and any third party websites you access on, or via, the Zivora Platform;
        5. information relating to your Zivora Platform account, including your unique username and password;
        6. other information that you provide to us or that we may collect in the course of our relationship with you; and
        7. information you provide when you participate in surveys, competition forms, special events and other promotional activities.

    2. Sensitive information

      1. We do not intend collect your sensitive information (as defined by the Privacy Laws). However, some of our services are automated and we may not recognise that you have accidentally provided us with sensitive information.
      2. If you have accidentally sent us sensitive information, please contact us using the details below.

  3. Collection
    1. Direct collection from you

      1. We collect your personal information (directly or automatically) from you in a variety of ways, including if you:
        1. set up or update an account or other registration on the Zivora Platform;
        2. visit, access and use the Zivora Platform;
        3. use our products or services (and our records of these);
        4. submit an enquiry to us via the Zivora Platform or Help/Support Chat Box
        5. participate in our surveys, competitions, promotions, questionnaires or other promotional activities or complete any forms or documents for our products or service; or
        6. interact or communicate with us, such as by telephone, email or in person.
      2. When we collect personal information directly from you, we will take reasonable steps to notify you (using a collection notice) at, before, or as soon as practicable after, the time of collection.
      3. As a collection notice is specific to a particular collection of personal information, it will provide more specific information about our information-handling practices than this policy.
      4. This policy is subject to any specific provisions contained in our collection notices and the terms and conditions of any offers, products and services. We therefore encourage you to read those provisions carefully.
      5. By providing your personal information to us, you acknowledge that you are authorised to provide such information to us.

    2. Collection from third parties

      1. We may also collect personal information about you from publicly available sources and third parties, including:
        1. from third parties (including our related bodies corporate, business partners and service providers, credit reporting bodies, credit providers, government agencies and cloud-based accounting software platform providers);
        2. if you use:
          1. our social media sites or applications, pages or plugins; or
          2. one of our products or services that allow interaction with the Zivora Platform or cloud-based accounting software platforms.
      2. When we collect your personal information from third parties, we will take reasonable steps to make sure you are aware of the collection.
      3. If you provide us with personal information about another individual (as their authorised representative), we rely on you to:
        1. inform them that you are providing their personal information to us; and
        2. advise them that they can contact us for further information.
      4. You must take reasonable steps to ensure the individual is aware of, and consents to, the matters outlined in this policy, including that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual's right to access that information, and who we are and how to contact us.
      5. Upon our request, you must also assist us with any requests by the individual to access or update the personal information you have collected from them and provided to us.

    3. Data Processor For the purposes of the GDPR

      1. you (the Controller) appoint us as a Processor to collect, process, use, share, store, disclose, retrieve, alter and destroy your personal information in accordance with this policy;
      2. Controller means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal information; and
      3. Processor means a natural or legal person, public authority, agency or other body which processes personal information on behalf of the Controller.

    4. Legal basis for processing personal information

      1. where you have freely and expressly consented to the collection, use, storage, processing and disclosure of your personal information for a specific purpose. The provision of personal information to us is voluntary. However, if you do not provide your personal information to us, we may not be able to provide you with access to, and use of, our products, services or Zivora Platform. You may withdraw your consent at any time by contacting us using the details below;
      2. where the collection, use, storage, processing and disclosure of your personal information is necessary for the performance of a contract to which you are a party. For example, when collection and use is necessary to fulfil our obligations to provide you with access to, and use of, our products, services or Zivora Platform;
      3. for our legitimate business interests, including, but not limited to:
        1. providing, operating and improving our products, services or Zivora Platform;
        2. marketing new promotions, deals, competitions, products, services or features of the Zivora Platform provided by us or our Authorised Affiliates that we consider may interest or benefit you;
        3. managing, analysing, understanding and developing our relationship with you; and
        4. responding to your queries or complaints (such as when you submit a question via email or Help support Chat Box); and
      4. where there is a legal obligation to collect, use, store, process or disclose your personal information. For example, we may be obliged to disclose your personal information by reason of any applicable law, regulation or court order and/or to protect our interests and legal rights.

  4. How we use your personal information
    1. Purposes of use and disclosure

      1. We only use, process and disclose your personal information for the purposes for which it is collected.
      2. In particular, we use, process and disclose your personal information to:
        1. provide you with our products or services, or the Zivora Platform;
        2. improve, develop and manage our products, services and the Zivora Platform, and to assist us in providing a better service to you;
        3. operate, maintain, test and upgrade the Zivora Platform and systems; and
        4. notify you of opportunities we think you might be interested in, including new product or service offerings, information about the Zivora Platform, offers, competitions, promotions, events and surveys;
        5. to verify your identity;
        6. to conduct fraud, risk reduction and creditworthiness checks;
        7. to perform research and analysis about our products, services and the Zivora Platform, including usage patterns, trends, benchmarking and other statistical or behavioural data. Before we use your personal information for this purpose, we ensure personal information is made anonymous by removing data that can identify you;
        8. to comply with regulatory or other legal requirements,
        9. for any purpose to which you have consented; and
        10. for any other purpose notified to you at the time of collection.
      3. In the event of a merger, acquisition or sale of the whole or part of our business or assets, we reserve the right to transfer your personal information as part of the transaction, without your consent or notice to you.

    2. Disclosure to third parties

      1. With your consent, we may provide your personal information to the following recipients:
        1. our employees, related entities, business partners, third party contractors, suppliers and agents from time to time for the purpose of delivering, providing and administering our promotions, deals, competitions, products, services and the Zivora Platform;
        2. third party service providers who process or use your personal information for the purpose of performing functions on our behalf, but may not process or use such information for any other purpose. Examples of these third-party service providers include, but are not limited to, such as cloud-based accounting software platform, marketing and analysis organisations, financial and credit card institutions to process payments, hosting companies, web developers, internet service providers, customer service providers, customer support specialists, fulfilment companies and research and data analysis firms; and
        3. external business advisors, such as auditors, lawyers, insurers and financiers,
        (collectively, Authorised Affiliates).
      2. When we disclose your personal information to any of our Authorised Affiliates, we will ensure that they undertake to protect your privacy. These Authorised Affiliates are not permitted to use the information for any purpose other than the purpose for which they have been given access
      3. Our Authorised Affiliates may also provide us with personal information collected from you. If you disclose personal information to an Authorised Affiliate, we rely on you to provide the Authorised Affiliate with consent for us to collect, storage, use, process, alter and disclose your personal information.
      4. We may also disclose any personal information we consider necessary to comply with any applicable law, regulation, legal process, governmental request or industry code or standard.

    3. Overseas disclosure

      1. Our Authorised Affiliates may be located in or outside Australia, including in the United States of America and other countries from time to time, whose laws are not recognised by the European Commission as providing an adequate level of protection to personal information.
      2. Where we do transfer your personal information to our overseas Authorised Affiliate, we take steps reasonably necessary to ensure that:
        1. there is a legal basis for the transfer of your personal information; and
        2. your personal information is treated securely (including, using reasonable endeavours to ensure that each overseas Authorised Affiliate receiving your personal information are bound by Standard Contractual Clauses approved by the European Commission, which can be found at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).
      3. By accessing or using our products, services or the Zivora Platform, or providing your personal information to us, you explicitly and freely consent to the transfer of your Personal Information to our overseas Authorised Affiliates.
      4. If you do not wish to receive information from any of our Authorised Affiliates, please let us know using the details below.

    4. Disclaimer

      1. We will not disclose your personal information to any third party (other than our Authorised Affiliates) without your written consent, unless:
        1. we are otherwise required by the relevant Privacy Laws;
        2. we are permitted to under this policy; or
        3. such disclosure is, in our opinion, reasonably necessary to protect our rights or property, avoid injury to any person or ensure the proper functioning of the Zivora Platform.
      2. This policy only covers the use and disclosure of information we collect from you. The use of your personal information by any third party is governed by their privacy policies and is not within our control.

  5. Storage and security
    1. Protecting your personal information

      1. We take reasonable steps in the circumstances to keep your personal information safe. We use a combination of technical, administrative, and physical controls to protect and maintain the security of your personal information, including use of Secure Sockets Layer (SSL) which is an encryption technology used to protect data as it travels over the internet.
      2. Our officers, employees, agents and third-party contractors are expected to observe the confidentiality of your personal information.
      3. Whenever possible, we procure that Authorised Affiliates who have access to your personal information take reasonable steps to:
        1. protect and maintain the security of your personal information; and
        2. comply with the relevant APPs, and where required the GDPR, when accessing and using your personal information.

    2. No guarantee

      1. The transmission of information via the internet is not completely secure. While we do our best to protect your personal information, we cannot guarantee the security of any personal information transmitted through the Zivora Platform.
      2. You provide your personal information to us at your own risk and we are not responsible for any unauthorised access to, and disclosure of, your personal information.

    3. Destruction of personal information
      We will destroy or de-identify personal information where it is no longer required, unless we are required or authorised by law to retain the information.

    4. Suspected data security

      1. We have a comprehensive data breach notification policy and response plan (Response Plan), which outlines the steps our personnel are required to take in the event of a data breach. This allows us to identify and deal with a data breach quickly to mitigate any harm that may result.
      2. As part of the Response Plan, we will notify you as soon as practicable if we:
        1. discover or suspect that your personal information has been lost, accessed by, or disclosed to, any unauthorised person or in any unauthorised manner;
        2. believe that you are likely to suffer serious harm as a result; and
        3. are unable to prevent the likely risk of harm.
      3. If you would like more information about our Response Plan, please contact us using the details below.

  6. Direct marketing
    1. Your consent

      1. At the time of accessing, or using, our products, services, the Zivora Platform or otherwise from time to time, we may seek your express consent, by requesting that you tick the appropriate check box when providing us with your personal information, for us to send you marketing or promotional materials and other information.
      2. Where we have obtained your prior consent or are otherwise permitted under the GDPR, we may, from time to time, use your personal information to send you information about the promotions, deals, competitions, products or services we offer, and any other information that we consider may be relevant to you.
      3. These communications may continue, even after you stop using our products or services.

    2. Communication channels

      1. We may send this information to you via the communication channels specified at the time you provide your consent.
      2. These communication channels may include mail, email, SMS telephone, social media or by customising online content and displaying advertising on our site.

    3. Opting-out

      1. You can opt out of receiving these communications by:
        1. contacting us using the details below; or
        2. using the unsubscribe function in the email or SMS.
      2. You may re-subscribe at any time by re-registering via the Zivora website.

  7. Links to other sites from the Zivora Platform
    1. The Zivora Platform may contain hyperlinks or banner advertising to or from third-party websites.

    2. We do not endorse any of these third parties, their products or services, or the content on these websites.

    3. These websites are not subject to our privacy standards, policies and procedures. Therefore, we recommend that you make your own enquires about their privacy practices.

    4. We are in no way responsible for the privacy practices or content of these third-party websites.

  8. Cookies policy
    1. We may collect information when you access and use the Zivora Platform by utilising features and technologies of your internet browser, including cookies, pixel tags, web beacons, embedded web links and similar technologies. A cookie is a piece of data that enables us to track and target your preferences.

    2. The type of information we collect may include statistical information, details of your operating system, location, your internet protocol (IP) address, the date and time of your visit, the pages you have accessed, the links which you have clicked and the type of browser that you were using.

    3. We may use cookies and similar technologies to:

      1. enable us to identify you as a return user and personalise and enhance your experience and use of the Zivora Platform; and
      2. help us improve our service to you when you access the Zivora Platform and to ensure that the Zivora Platform remain easy to use and navigate.

    4. Most browsers are initially set up to accept cookies. However, you can reset your browser to refuse all cookies or warn you before accepting cookies.

    5. If you reject our cookies or similar technologies, you may still use the Zivora Platform but may only have limited functionality of the Zivora Platform.

    6. We may also use your IP address to analyse trends, administer the Zivora Platform and other websites we operate, track traffic patterns and gather demographic information.

  9. Your rights in relation to privacy
    1. Privacy rights (EU only)

      1. Under the GDPR, you have a number of important rights. Subject to certain exceptions, you have the right to:
        1. fair and transparent processing of your personal information and processing in accordance with the GDPR;
        2. require us to rectify or correct any personal information we hold about you that is inaccurate or incomplete;
        3. require us to erase your personal information in certain situations;
        4. obtain a copy of your personal information in a commonly used electronic format so that you can manage and move it, or request we send it to a third party;
        5. object or withdraw your consent at any time to the collection, use, processing or disclosure of your personal information (including for direct marketing purposes), but this does not:
          1. apply where we have other legal justifications to continue to collect, use, process or disclosure your personal information; or
          2. affect the lawfulness of any collection, use, processing or disclosure that occurred before you withdraw your consent;
        6. object to decisions being made by automated means which produce legal effects concerning you or significantly affecting you; or
        7. otherwise restrict our collection, use, processing or disclosure of your personal information in certain circumstances.
      2. You can exercise any of these rights by contacting us using the details below.

    2. Access rights

      1. We will use our reasonable endeavours to keep your personal information accurate, up-to-date and complete.
      2. You have the right to access any personal information we hold about you, subject to some exceptions provided by relevant Privacy Laws.
      3. You can access, or request that we correct, your personal information by writing to us using the details below. We may require proof of identity.
      4. If we do not allow you to access any part of your personal information, we will tell you why in writing.
      5. We will not charge you for requesting access to your personal information but may charge you for our reasonable costs in supplying you with access to this information.
      6. We will endeavour to respond to your request for access or correction within 1 month from your request.

  10. Children's policy
    1. We do not knowingly seek, collect or process personal information from or about persons under the age of 16 years of age (Children) without the consent of a parent or guardian.

    2. If we become aware that any personal information relating to a Child has been provided without the consent of a parent or guardian, we will use reasonable endeavours to:

      1. delete the personal information from all relevant files as soon as possible; or
      2. ensure , where deletion is not possible, that the personal information is not used further for any purpose or disclosed further to any Authorised Affiliate.

    3. Any parent or guardian with queries regarding our collection, use, processing or disclosure of personal information relating to their Child should contact us using the details below.

  11. Consent

    You expressly and freely acknowledge and agree that we, our Authorised Affiliates and each of their officers, employees, agents and contractors are permitted to collect, process, use, share, store, disclose, alter and destroy your personal information in accordance with this policy and the relevant Privacy Laws.

  12. Changes to the policy
    1. We may amend this policy from time to time at our sole discretion.

    2. Any revised policy will be posted on the Zivora Platform and effective from the time of posting.

    3. Your continued use of our products, services or the Zivora Platform following the posting of any revised policy indicates your acceptance of the changes to the policy.

    4. You should regularly check and read the policy.

  13. Complaint
    1. If you have any issues about this policy or the way we handle your personal information, please contact us using the details below and provide full details of your complaint and any supporting documentation.

    2. At all times, privacy complaints:

      1. will be treated seriously;
      2. will be dealt with promptly;
      3. will be dealt with in a confidential manner; and
      4. will not affect your existing obligations or your commercial arrangements with us.

    3. Our Privacy Officer will endeavour to:

      1. respond to you within 5 business days; and
      2. investigate and attempt to resolve your concerns within 30 business days or any longer period necessary and notified to you by our Privacy Officer.

    4. If you are dissatisfied with the outcome of your complaint, you may refer the complaint to:

      1. Office of the Australian Information Commissioner; or
      2. (EU only) the lead supervisory authority in the United Kingdom. )

  14. Contact us

    You can contact us by email to privacy@zivora.co