Click on one of the links below to jump to the listed section:
Background and overview
Our commitment
Personal information
Sensitive information
Transaction ID
How do we use your personal information?
Marketing
Disclosure
Third party use of information
Security and retention
Your information protection rights
Background and overview
We create software to be used via an application that allows individual consumers (Consumers) to visualise and personalise consumer products offered for sale by retailers that have engaged us to provide them with our personalisation software (Retailers). Our software is accessible by Consumers via a phone, tablet, PC or MAC on a Retailer’s website.
We collect personal information (as defined in the Privacy Act 1988 (Cth)) and personal data (as defined in the European Union General Data Protection Regulation (GDPR)) (collectively for the purposes of this privacy policy “personal information”) relating to Retailers and their representatives (such as officers or employees) and Consumers (where relevant). Information is collected by us via our software, application and websites www.spiff.com.au and www.spiff3d.com (Services).
Our commitment
We recognise the importance of protecting and maintaining the personal information we collect. Any personal information that we collect or hold will only be used for the purposes for which we have collected it, or as allowed by law. We will take all reasonable steps to protect the personal information we collect from unauthorised access, misuse, loss and unauthorised disclosure or modification. We are committed to providing Retailers and Consumers with the highest quality professional service while protecting the privacy of the information we collect and abiding by the Privacy Act 1988 (Cth), the Australian Privacy Principles established under Australian law and the GDPR. This policy outlines how we collect, use, store and deal with the personal information we collect. By using our Services, you consent to the practices outlined in this policy.
Personal information
We and our ISP may collect personal information (including an opinion) when Retailers and Consumers use our software, application and/or website including:
• contact information – such as your name, geographical location, email address, home address, work address, telephone number, your browser’s and device’s characteristics such as your IP address, browser type, any referring URLs, MAC address, heat maps, plus eye and mouse tracking information;
• demographic information – such as your age, date of birth, gender, preferences and interests; and
• site information – personal information you provide to our site and dates and times of site visits.
We collect personal information directly and indirectly from you when you make an account with us, make enquiries with us regarding our Services, contact us to resolve technical issues, from third parties and through running competitions.
We do not use cookies to collect information, however, we save application data from Retailers’ browsers for the purposes of running our software.
Sensitive information
We do not collect sensitive information (as defined in the Privacy Act 1988 (Cth)) and special categories of information (as defined in the GDPR) (collectively for the purposes of this privacy policy “sensitive information”) unless disclosed by a Consumer to us as discussed below under the heading “Transaction ID”. Sensitive information includes any information about your racial or ethnic origin, political opinion, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or union, sexual preferences or practices, criminal record, or health information.
Transaction ID
When Consumers use our Services to personalise products through a Retailer’s website, we collect the data relating to the transaction entered into between a Consumer and a Retailer, for example, information relating to the colours chosen, designs chosen, size of the product, amount spent by the Consumer, what products were purchased as part of the same transaction etc. We do not collect any personal or sensitive information of the Consumer unless the Consumer directly discloses personally identifiable or sensitive information when personalising a product using our Services, for example by seeking to print a person’s name, phone number or information regarding a person’s religious belief on a product. This information, which forms part of the Transaction ID, may be viewed, collected and used by us if disclosed by a Consumer.
How do we use your personal information?
We use the information we collect to:
• allow access to, and use of, our software, application and website;
• personalise your experience on our software, application and website;
• manage your account;
• process your order with us (for Retailers);
• process your order with Retailers (for Consumers);
• respond to and communicate with you about your requests, questions and comments;
• determine which areas and features are most popular, and to make improvements, updates to our site experience (including market and consumer research and trend analysis) and how we may tailor our site, application and software to better meet the needs of our users;
• help diagnose technical and service problems affecting you;
• operate and improve our business, for statistical and security purposes, analysing and enhancing our products, services and site, developing new products and services, running surveys and competitions, managing our business and marketing; and
• provide our Services to you or by third parties (and not for them to use it for any other purpose) where you consent to this disclosure or where we are obliged to do so by law. We do not use any automated decision-making system (eg: for profiling) with respect to any personal or sensitive information we receive.
Unless we provide you with specific notice, we will not use or disclose your personal information other than for the primary purpose for which it is collected, unless you would reasonably expect us to use or disclose the information for a secondary purpose or your consent has been collected to use the information for additional purposes. In using your information, we may transfer your information overseas.
If you are a Consumer, you may choose not to provide us with your personal information. There is no statutory or contractual requirement to do so. If you are a Retailer, you are not required by statute to provide us with your personal information. However, to allow us to provide you with the Services you contract with us to provide, we require you to disclose personal information to us. Failing to provide all required personal information may impact the provision or quality of the Services we provide you.
Marketing
We may send you information and communications about our products and services that we consider may be of interest to you. We may send this in various forms, including mail, SMS, fax and email, in accordance with applicable laws, such as the Spam Act 2003. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
In addition, at any time you may opt-out of receiving marketing communications from us by contacting us by email or by using opt-out facilities provided in the marketing communications. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your relationship, activities, transactions and communications with us.
We may create anonymous data records from your personal information by completely excluding information (such as your name) that makes the data personally identifiable to you. Typically, we use this anonymous data to analyse request and usage patterns so that we may enhance the content of our services and improve functionality. We may use anonymous data for any purpose and disclose anonymous data to third parties at our sole discretion.
Disclosure
We will not disclose sensitive information unless it is necessary for us to conduct our business with you. However, if you elect to provide us with unsolicited sensitive information, it may be retained. We do not sell, rent or lease our customer lists to third parties. However, from time to time, we may contact you on behalf of external business partners about a particular offering that may be of interest you. In those cases, your unique personally identifiable information (name, address, email, telephone number) is not disclosed to the third party. You agree that in addition to the uses of your personal and sensitive information described above, we may disclose such information otherwise as required by law. Third party use of information
If, as a Consumer, you disclosed information to a Retailer in the online checkout process through the website of a Retailer, your personal information may be collected, retained and used by the Retailer. The collection, retention and use of your personal information by a Retailer will be governed by the particular Retailer’s privacy policy. It is your responsibility to review the privacy policy of any such Retailer.
If, as a Retailer, you disclosed information to Shopify or any other third party reseller of our software or application, your personal information may be collected, retained and used by such a reseller. The collection, retention and use of your personal information by a reseller will be governed by the particular reseller’s privacy policy. It is your responsibility to review the privacy policy of any such reseller.
Our Services may also contain links to third parties’ sites, including social media applications. Those other sites are not subject to our privacy policy and procedures. You will need to review those sites to view a copy of their privacy policy.
These third party sites may collect and use information regarding your use of our Services. Any personal information that you provide through third party sites may be collected and used by other members of that medium and such interactions will be governed by their privacy policies. We do not have control over, or responsibility for, them or their use of your information.
Security and retention
We hold your information in electronic form. Your information may be stored by our domain host, email provider and/or backup service provider. These may be located overseas. We have put in place reasonable physical, electronic and management controls to keep information that we collect secure and protected from unauthorised disclosure or other access, misuse, interference and loss. Due to the open nature of the Internet, the risks associated with storage and transmission of information electronically cannot be eliminated. However, we cannot guarantee that all information will be free from unauthorised access by third parties and your use of our Services acknowledges your assumption of this risk.
Information that we collect is stored in a Virtual Private Cloud provided by Amazon Web Services (AWS) and involving the use of encrypted database connections. AWS is located overseas. You will need to review AWS’ website to view a copy of their privacy policy and any applicable terms and conditions that may apply from time to time.
We may disclose personal information in our communications with Retailers, partners and suppliers from time to time to allow us to provide our Services to you. These communications occur through the use of communications platforms including Gmail and Freshdesk. You will need to review their respective privacy policies on their websites regarding their storage and retention of information. We do not have any control over how such information is stored or retained and will use our best endeavours to ensure that our disclosure of any personal information through such platforms is kept to the minimum required for us to satisfactorily provide our Services.
We do not collect credit card information. Instead, we use a third party payment gateway provided by www.paypal.com. You will need to review PayPal’s website to view a copy of their privacy policy and terms and conditions.
We will retain your personal and sensitive information for as long is necessary to fulfil the purpose for which it was collected, including for satisfying any legal, accounting or reporting requirements or to comply with our data retention practices or until such time as you request that we delete it. In deleting your personal and sensitive information, we irretrievably destroy the information from the AWS Virtual Private Cloud, along with any electronic files containing your personal or sensitive information on our hardware.
Your information protection rights
We would like to make sure that you are fully aware of all of your information protection rights. You are entitled to the following:
• The right to access: You may request copies of the personal or sensitive we possess relating to you. We may charge you a small fee for this service.
• The right to rectification: You may request that we correct any personal or sensitive information you believe is inaccurate, or that we complete information that you believe is incomplete.
• The right to deletion: You may request that we delete your personal or sensitive information, under certain conditions.
• The right to restrict processing: You may request that we restrict our processing of your personal or sensitive information, under certain conditions. • The right to object to processing: You may object to our processing of your personal or sensitive information, under certain conditions.
• The right to information portability: You may request that we transfer your personal or sensitive information that we have collected to another organisation, or directly to you, under certain conditions.
Please note that exercising any of the rights above may impact our ability to deliver our Services to you.
Depending on the type of request that you make, we may respond to your request immediately. Usually, we respond within 14 days of receiving your request. We may need to contact others to properly investigate your request, but in any event will respond to you within 30 days.
If we decline to correct your personal information, we will provide you with our reasons for not doing so.
If you believe that we have breached our obligations, or wish to contact us regarding this privacy policy, please contact our Privacy Officer in writing at:
Shadi Taleb
Suite 12, Shop 18, 100 Harbour Esplanade, Docklands VIC, 3008, Australia
+61413 433 007
support@spiff.com.au
If you are not satisfied with our response, you may raise your complaint with the Office of the Australian Information Commissioner (enquires@oaic.gov.au) or the Information Commissioner’s Office in the European Union. This policy may be updated periodically. We will post notice on our site to advise any significant changes to our policy. This privacy policy was last updated in August 2020.
Date of this policy: 20 August 2020
Version: 1
Approved by: Shadi Taleb (Privacy Officer)