We are committed to protecting the privacy of all of our customers and end users. The Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (Privacy Principles) set out in Schedule 1 of the Privacy Act, govern the collection, storage, use, and disclosure of information by which individuals may be identified. Further, to the extent applicable, we comply with EU General Data Protection Regulation 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA).
WHAT INFORMATION DO WE COLLECT?
Usage Information means anonymous aggregate data that is automatically collected through your use of our ZRF Website or Services. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the ZRF Website. This information is used for statistical analysis to help us to improve the Services to the benefit of all users.
HOW DO WE COLLECT YOUR INFORMATION?
Personal Information is collected directly from you when you:
- Contact us via our website, email, telephone or otherwise;
- Access, browse, use, follow, like, comment, or otherwise interact with our ZRF Website;
- Sign up to our mailing list to receive emails, newsletters, or other direct marketing communications about our products and services as offered to you from time to time. You will be required to provide your full name and a valid email in order to sign up to such mailing lists.
It is your choice to provide Personal Information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that it may be necessary for us to collect your Personal Information to enable us to provide the Services to you. As such, if you do not wish to provide your Personal Information, we may not be able to provide the Services to you in a fully operational form or at all.
We may collect anonymous Usage Information on our ZRF Website through Google Analytics, Facebook Ad Analytics or any other user/data analytics sites or programs from time to time, which utilises cookies, pixel tags and other tracking technologies (collectively, Cookies). Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that helps a website ‘remember’ your actions and preferences over time. These are the types of Cookies that we may use to operate our Services:
- Strictly Necessary Cookies: these Cookies are essential to make sure the ZRF Website works correctly, and to record information that allows you to move around the ZRF Website and navigate its features.
- Performance Cookies: these Cookies collect information about how you use the ZRF Website, such as how often you access the ZRF Website and if you encounter any errors.
- Functionality Cookies: these Cookies allow our ZRF Website to remember the choices you make to provide a more personalised experience.
- Targeting or Advertising Cookies: these Cookies deliver targeted advertising to you based on your interests and use of the ZRF Website.
Cookies can stay on your device temporarily (Session Cookies) or until you manually delete them (Persistent Cookies).
HOW DO WE USE YOUR INFORMATION?
Legitimate purposes that you agree we may use your Personal Data for include but are not limited to the following:
- to respond to requests or correspondence submitted by you;
- to provide the Services;
- to improve and develop the ZRF Website and the Services;
- to inform you of Services which may be of interest to you;
- to process your payment for any Services;
- to improve the functioning of the ZRF Website and Services; and
- to prevent, detect and investigate potential illegal activities, security breaches and fraud.
For the avoidance of doubt, we will only use your Personal Data for purposes that you would reasonably expect us to use your Personal Data for in connection with providing the Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or licence your email address or any of your Personal Data.
WHO DO WE DISCLOSE YOUR INFORMATION TO?
You agree and consent that we may disclose your Personal Data to:
- employees, service provides and contractors of ZRF; and
- authorities, including police and regulations if we are required to do so by law.
We may use de-identified wellbeing survey data, other survey data and data regarding use of our ZRF Website for purposes including research and analysis, case studies, marketing and improving and continuing to develop our Services.
For the avoidance of doubt, all employees, consultants, contractors, and agents of ours are bound by Australian privacy laws.
You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing us at email@example.com, but please note that withdrawal of such consents may affect your ability to access and use the ZRF Website and/or the Services.
YOUR RIGHTS TO INFORMATION
In accordance with the GDPR, we acknowledge the right of EU citizens to:
- have their data erased that is no longer being used for a legitimate purpose;
- request a copy of all Personal Data held about you by us in a readable format; and
- request restricted processing of your Personal Data whilst any complaints or concerns are being resolved.
To erase, request a copy of, or restrict processing of your Personal Data, please email us at firstname.lastname@example.org.
Upon your written request we will provide you with a copy of your Personal Data that we hold unless:
- we reasonably believe that giving access would pose a serious threat to the life, health, or safety of any individual, or to public health or public safety;
- giving access would have an unreasonable impact on the privacy of other individuals;
- your request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between us and you, and would not be accessible by the process of discovery in those proceedings;
- giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and giving you access would be likely to prejudice the taking of appropriate action in relation to those matters;
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
ACCESSING, REVIEWING AND CHANGING YOUR INFORMATION
We cannot modify your Personal Information without your instruction. You can update your details with us at any time by emailing us at email@example.com. You acknowledge that it is your responsibility to maintain the truth, accuracy, and completeness of your information at all times and your failure to do so may inhibit our ability to provide the Services. We shall have no liability to you or any third party arising from your failure to keep your information up to date.
How we use your Personal Data for Direct Marketing is tightly controlled by the Privacy Act. We will follow those laws to ensure you only receive Direct Marketing in circumstances where you are expecting to. Under the Privacy Act we may use your Personal Data for the purposes of Direct Marketing if:
- we collected the information directly from you; and
- you would reasonably expect us to use or disclose your Personal Data for the purpose of Direct Marketing.
As set out above, we may use your Personal Data to provide you with information regarding our Services and your Usage Information to provide you with customised recommendations regarding use of our ZRF Website (either by email, SMS, or through the ZRF Website).
Unless it would be impracticable or unreasonable, we need your consent when:
- collecting your Personal Data from a third party for the purpose of Direct Marketing; or
- you would not reasonably expect to receive the Direct Marketing.
If at any time you want to know who provided us with your Personal Data, then please send a request to us at firstname.lastname@example.org. We will provide the details of that third party within a reasonable time and without charge.
We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from Direct Marketing, and as such these consents can be modified at any time by emailing us at email@example.com or clicking unsubscribe on any Direct Marketing communications. We will always provide a simple means for you to “opt-out” from receiving Direct Marketing, which typically involves an “opt-out” or “unsubscribe” link on emails, a check box on the collection notice or through a pop-up on your screen when you provide personal information on our ZRF Website.
We will not use or disclose your Personal Data for the purposes of Direct Marketing material if you have previously told us not to.
If at any time in the future you do not want us (or one of our service providers) to send you Direct Marketing material or you wish to cancel a previous consent, please inform us by contacting us at firstname.lastname@example.org. We will affect the change in a reasonable time and without charge.
We protect your Personal Data through technical security measures i.e. firewalls, encryption that limit the risk of loss, disclosure, or unauthorised access. No security measures are, however, 100% secure so we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss or misuse of any information or data or for the actions of any third parties that may obtain any information or data.
Notwithstanding the above, we acknowledge our obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner and, where our data breach involves the information of EU citizens, report to the European Data Protection Supervisor. We will also inform you, where possible, if your data has been breached in circumstances where it poses a risk of serious harm or your rights and freedoms.
THIRD PARTY LINKS
We may, in the course of providing the Services to you, transfer your Personal Data to overseas countries that are deemed by the EU Commission as having an ‘adequate’ level of Personal Data protection. Where we transfer data to a third party in a country where no adequacy decision has been made, we warrant that any person or entity handling your data in those countries are bound under contract to meet the requirements of the Privacy Act, Privacy Principles and GDPR.
For the avoidance of doubt, we may transfer any data to an overseas third party with your express or implied consent, and the above condition only applies in the case of a data transfer or transmission to our related business entities in other countries.
Last Revise: 31st August 2021