Privacy Policy

Why are we providing this information?

This Privacy Policy details how we comply with the requirements of the Privacy Act 1998 (Cth) and the 13 Australian Privacy Principles (“APPs””). This policy is intended to ensure that individuals with whom we interact, including visitors to our website, clients, potential clients, personnel of service providers or other suppliers and others who interact with us whether via our website, mobile application or by corresponding with us by other means (e.g. by emailing or phoning us) are aware of the categories of personal data about them that GatsbyApp Pty Ltd (ABN 77 679 422 032) and its subsidiaries and affiliates (“we”, “us” or “our”) may collect, how we collect it, what we use it for and with whom we share it.

“Personal data” means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

What type of personal information do we collect?

In the course of providing our products and services, we may collect and hold information that is reasonably necessary for the performance of our functions and activities. This information may include, but is not necessarily limited to;

  • Identity data: including names, date of birth, pronouns and titles;

  • Contact data: including telephone number, and email;

  • Financial information: including bank account and payment card details;

  • Technical and Usage Data: including information about when you access any of our websites/mobile applications, login data, browser session and approximate geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies or analytics), and communications with our website;

  • Interaction data: including information you provide to us when you participate in any interactive features, including surveys, contests, promotions, activities or events.  

  • Marketing and Communications data: including your preferences in receiving marketing from us and our third parties and your communication preferences.

Sensitive Information

We may collect Sensitive Information about you, with your consent. Sensitive information is a subset of personal information that is given a higher level of protection under the Australian Privacy Principles. Sensitive information means information relating to your racial or ethnic origin, health, political opinions, religion, trade union or other professional associates or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. The types of sensitive information we collect include:

  • biometric information; and

  • information relating to your racial or ethnic origin, such as nationality and country of birth.

Provided that you consent, your sensitive information may only be used and disclosed for purposes you have consented to or which are directly related to the primary purpose for which the sensitive information was collected, including (but not restricted to):

  • For the purpose of us maintaining a comprehensive company file;

  • For the purpose of data compilation or analysis for internal purposes; and

  • In an anonymised format for the purpose of data compilation or analysis to share with third parties.

We may also collect, hold, use and disclose sensitive information to contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent and if otherwise required or authorised by law.

How we collect and hold your personal information

This is dependent upon whose information we are collecting. If it is reasonable and practical to do so, we collect personal information directly from you.

Where possible we standardise the collection of personal information by using specifically designed forms (e.g. our application form). However, given the nature of our operations we often also receive personal information by email and through our website.

We may also collect personal information from third parties or independent sources (including from publicly available sources such as LinkedIn, X (fka Twitter), email etc.), however, we will only do so where it is not reasonable and practical to collect the information from you directly.

We may use cookies on our website from time to time. These cookies collect information about how you use our website and other technical data (such as your IP address, browser type and version, time zone settings and location), and allow third parties, such as Facebook, to cause our advertisements to appear on your social media and online feeds as part of our retargeting campaigns. If and when you choose to provide our website with personal information, this information may be linked to the data stored in the cookie.

  • We hold your personal information: In a variety of formats including on databases, in hard copy files and on computer devices, including computers;

  • Only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any application legal reporting or document retention requirements; and

  • Using industry standard security methods and best practices to protect your personal information from unauthorised access, modification or disclosure and from misuse, interference and loss.

  • Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us.

How we use your personal information

We only use personal information that is reasonably necessary for one or more of our functions or activities (the primary purpose) or for related secondary purpose that would be reasonably expected by you, or to which you have consented.

Our uses of personal information include, but are not limited to:

  • Providing you with one of more of our products or services;

  • Fulfilling our legal and regulatory obligations;

  • Performing our related administration and organisational functions and tasks;

  • To communicate with you about the products and services that we offer including in response to any support requests you lodge with us or other enquiries you make with us;

  • To contact and communicate with you about any enquiries you make with us via any website we operate;

  • For internal record keeping, administrative, invoicing and billing purposes;

  • For analytics, market research and business development, including to operate and improve our business;

  • For advertising and marketing, including to send you promotional information about information that we consider may be of interest to you;

  • If you have applied for employment with us, to consider your employment application; and/or

  • To comply with our legal obligations or if otherwise required or authorised by law.

When we disclose your personal information

We do not routinely disclose personal information to other organisations unless one or more of the following apply:

  • You have consented;

  • You would reasonably expect us to use or disclose your personal information in this way;

  • We are authorised or required to do so by law;

  • We may also share non-personal, de-identified and aggregated information for research or promotional purposes. Except as set out in this policy, we do not sell to, or trade personal information with third parties.

Personal information: We may disclose personal information (excluding sensitive information) to:

  • our employees, contractors and/or related entities;

  • cloud-based IT service providers, data storage, web-hosting and server providers. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed in this Policy;

  • marketing or advertising providers;

  • payment systems operators or processors (such as Xero);

  • data storage providers for current or potential employee information;

  • our existing or potential agents or business partners;

  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;

  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;

  • third parties to collect and process data, such as analytics providers and cookies; and

  • any other third parties as required or permitted by law, such as where we receive a subpoena.

We may use GoogleAnalytics from time to time to collect and process data. You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here.  To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On Android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device. To find out how Google uses data when you use third party websites or applications, please see here, or any other URL Google may use from time to time.

Disclosure of your personal information outside Australia

While we store personal information in Australia, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia, including. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.

Your right of access, correction and restriction

We will provide access to personal information upon request by an individual, except in the limited circumstances in which it is permitted for us to withhold this information (for instance, where granting access would infringe another personal privacy).

You may request access to the personal information we hold about you, or request that we change the personal information, by contacting us in the manner outlined below.

You may also contact us if any of the details you have provided change or if you believe that the information we have about you is not accurate, complete or up to date.

You may also request that we restrict the use of your personal information for direct marketing purposes by contacting us using the contact details below. Alternatively, to unsubscribe from our email database or opt-out of communication (including marketing communication) you may use the opt-out facilities provided in the communication or email us using the contact details below.

Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us.

Your right of complaint

If you wish to make a complaint about a breach by us to the Australian Privacy Principles, you may do so by providing your written complaint by email, letter or personal delivery to any one of our contact details as noted below. Where possible, the complaint should include enough information to help us resolve it.

We will respond to your complaint in writing within a reasonable time (usually no longer than 30 days) and we may seek further information from you in order to provide a full and complete response.

If you are not satisfied with our response to a complaint, you may lodge a complaint with the Office of the Australian Information Commissioner.

We do not charge for receiving a request for access to personal information or for complying with a correction request.

‍Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

How to contact us

You can contact us about this Privacy Policy or about your personal information by;

Changes to our privacy and information handling practices

This Privacy Policy is subject to change at any time. The amended policy will apply between us whether or not we have given you specific notice of any change.