Last updated on [10 November 2020]
- you or your means both you and any entity or firm you’re authorised to represent;
- E7, we, our or us means E7 Pty Ltd and its related bodies corporate (as that term is defined in the Corporations Act 2001 (Cth));
- personal data means information or an opinion, whether true or not and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable from that information or opinion and includes information such as an individual’s name, email, address, telephone number, bank account details and support queries.
How we collect your personal data
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:
- Information you provide to us directly: You may provide personal data directly to us when you visit or use some parts of our websites and/or services. The personal data you provide in these circumstances allows us to provide our services to you and enables you to interact with us. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.
- Information we collect automatically: We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see). Some of this information is collected using cookies and similar tracking technologies. You can control or reset your cookies through your web browser and, if you choose to, you can refuse all cookies. However, some of the features of our website and services may not function properly if you disable the ability to accept cookies.
Children’s personal data
We do not knowingly collect personal data from anyone under the age of 16. If you are a parent or guardian and you become aware that your child has provided us with personal data, please contact us using the details set out in the Contact us section below. If we become aware that we have collected personal data from anyone under the age of 16 without parental consent, we take steps to remove that information from our servers.
How we use your personal data
We use your personal data to operate our website and provide you with any services you’ve requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
- To communicate with you: This may include:
- providing you with information you’ve requested from us or information we are required to send to you;
- operational communications like changes to our websites and services, security updates, or assistance with using our websites and services;
- marketing communications in accordance with your marketing preferences or for products and services that we think you might be interested in; and
- asking you for feedback or to take part in any research we are conducting.
- To support you: This may include assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise.
- To improve our website and services and develop new ones: For example, by tracking and monitoring your use of websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimise your user experience and provide you with more efficient tools.
- To protect: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our websites and services fairly.
- To analyse, aggregate and report: We may use the personal data we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly and use to improve our website and services.
- When required by law: We will use or disclose your personal data where we reasonably believe that such action is necessary to: (a) comply with our legal obligations and the reasonable requests of law enforcement or a government authority; (b) to enforce any agreement we have in place with you or to protect the security and integrity of our website and services; and (c) to exercise or protect the rights, property or personal safety of our business, our customers or others.
- Where you have given your consent: We may seek your consent to use your personal data for a particular purpose in addition to those set out above. Where you give your consent for us to do this, we will use your personal data in accordance with that purpose. You can withdraw your consent to these uses at any time.
For European Union data protection purposes, we are a processor of your personal data. When we process personal data subject to the EU General Data Protection Regulation (Regulation 2016/679) (the GDPR) and any applicable national laws made under the GDPR (together, Applicable Data Protection Laws), we’ll only process it:
- where you have given your consent;
- to perform a contract that we have with you;
- in accordance with a legal obligation; or
- where we have legitimate interests to process the personal data and they’re not overridden by your rights.
When we share your personal data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- other companies in our E7 group of companies;
- where you work for an organisation that is using our services, the organisation itself as well as other users that your organisation has chosen to share your personal data with. Please refer to your organisation’s internal policies if you have questions about this;
- third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you;
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure;
- an actual or potential buyer (and its agents and advisors) in connection with an actual or proposed purchase, merger or acquisition of any part of our business; or
- other people where we have your consent.
We also adhere to the additional obligations imposed by Applicable Data Protection Laws when it comes to sharing your personal data. Where we process personal data on your behalf and you are a controller with respect to that personal data under the GDPR, you consent to us engaging third-party subprocessors to process the personal data for the purposes of performing our contract with you provided that:
- we maintain an up-to-date list of our subprocessors (available on our website) which we will update with details of any change in subprocessors at least 30 days prior to the change;
- we impose data protection terms on any subprocessor we appoint that require it to protect the personal data to the standard required by Applicable Data Protection Laws; and
You may object to our appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. Where you do object, we will either not proceed with the appointment or replacement or, if we determine in our sole discretion that this is not reasonably possible, you may terminate the contract that you have with us without penalty (subject to any fees incurred by you up to and including the date of termination).
International data transfers
Subject to any business agreement we have with you, when we share personal data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States and Australia, where our data hosting provider’s servers are located and other countries where our third party service providers are located. These international transfers are made in order to provide you with, and improve, our website and services. Where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected. For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where we have approved transfer mechanisms in place to protect your personal data (for example, by entering into the European Commission’s Standard Contractual Clauses).
We follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once we receive it (including encryption and password protection). However, no method of transmission over the Internet using industry standard technology is 100% secure which means we cannot guarantee the absolute security of your personal data.
Links to other websites
Retention of your personal data
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements). We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
You have rights to know what personal data we hold about you, and to make sure it’s correct and up to date, request a copy of your personal data, or ask us to restrict processing your personal data or delete it and to object to our continued processing of your personal data. You can exercise these rights at any time by making a request using the contact details in the “Contact Us” section below. Please note that we may ask You to verify Your identity before responding to such requests. If you have an account with us, you may update certain account information by logging into your account.
Where you work for an organisation that is using our services, you should first direct your queries about your personal data that has been shared with us to your organisation.
Subject to our legal obligations, we may limit or reject your request in certain cases, including without limitation where the burden or expense of providing access would be disproportionate to the risks to your privacy for that particular situation or where the rights of other persons would be violated.
If you are unhappy with our data practices and are located in:
- the EEA, you also have a right to lodge a complaint with your local supervisory authority; or
- Australia, you can also contact the Office of the Australian Information Commissioner and make a complaint at https://www.oaic.gov.au/privacy/privacy-complaints/ or by writing to:
Director of Compliance
Office of the Australian
GPO Box 5218
Sydney NSW 2001