Legal Privacy Policy

1 Agreement

  • This is the Privacy Policy which applies between You (You, Your) and Gearbox Shared Services Pty Ltd (ACN 677 043 122) (Us, Our and We).
  • Thank You for using Our website (Website) and/or choosing to purchase or subscribe to Our software, goods and services (together referred to as the Services).
  • This Privacy Policy governs:
    • (a) Your use of Our Website; and
    • (b) if applicable, Our provision of Our Services to You.
  • Please read this Privacy Policy carefully as by using the Website and/or subscribing or purchasing Our Services:
    • (a) You are confirming that You have not only read this Privacy Policy but that You agree to it; and
    • (b) You agree that this Privacy Policy applies to the submission, processing, payment and delivery of Our Services.

2 Privacy Policy
2.1 General
  • This Privacy Policy describes how We collect and use Your personal information.
  • We respect the rights and privacy of all individuals and are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APP’s) and protecting the personal information We hold.
  • If applicable, We are also committed to complying with the European Union General Data Protection Regulation (GDPR) (explained further in clause 3 of this Privacy Policy).
2.2 How do We collect personal information?

The information we collect may fall into two (2) categories:

  • personal information You voluntarily supply to Us to take advantage of Our Services, some of which may identify You personally; and
  • tracking information We may collect as You navigate through our Website.
2.3 What personal information do We collect?
  • We collect the types of personal information required to assist Us in providing Our Services, fulfilling Our functions and activities and informing You about them.
  • This includes personal information such as:
    • (a) contact details such as Your name, date of birth, gender, phone number, email, and home address;
    • (b) financial information such as Your bank account and credit card details;
    • (c) information to assist our relationship management and market research functions, which may include information relating to Your interests, experiences and preferences; and
    • (d) any other personal information you provide to Us.
2.4 How do We use Your personal information and who may We disclose it to?
  • We will use personal information You provide for the primary purposes of:
    • (a) informing You about Our business or Services;
    • (b) improving Our business or the Services;
    • (c) using that information as part of the provision of the Services by Us; and
    • (d) administering Our relationship with You by:
      • (i) responding to Your enquiries; and
      • (ii) providing You with information about Our Services that may be of interest to You.
  • We may also use and disclose Your personal information for a secondary purpose related to the primary purposes set out above including to:
    • (a) related entities, third party companies and partners with whom We have a relationship, and You may receive communications directly from these entities. We use reasonable endeavours to ensure that these companies do not breach any Australian laws, however, We disclaim all liability for any unlawful use of Your personal information by an affiliated or associated company; and/or
    • (b) governmental or regulatory authorities upon request being made.
  • By submitting Your personal information, You consent to Us using it to:
    • (a) provide You with Our Services;
    • (b) administer Our relationship with You;
    • (c) monitor online activity on the Website or with respect to our Services;
    • (d) market, improve and add to Our Services;
    • (e) respond to a serious threat to an individual’s life or to public health or safety;
    • (f) respond to suspected unlawful activity;
    • (g) where required or authorised by law, or
disclosing it to any governmental or regulatory authority upon request being made (including in connection with any legal proceedings or anticipated legal proceedings, or in order to comply with any legal obligation) and You irrevocably and unconditionally consent to Us using and disclosing it in such circumstances.
2.5 Can You remain anonymous or withhold personal information?

  • Where practical, You may choose not to identify yourself, deal with Us on an anonymous basis or use a pseudonym.
  • In some instances, if You do not provide Us with required personal information We may not be able to provide You with the requested Services.

2.6 Will You receive direct marketing?

  • If You provide Us with Your personal information and You consent to receiving direct marketing communications from Us. You authorise Us to send You promotional messages and materials related to Our Services, unless You submit a later request not to receive direct marketing communications.
  • Our direct marketing messages and materials will contain a prominent statement (including, for electronic messages, a functional unsubscribe facility) that You unsubscribe from receiving direct marketing communications.
  • If You do not wish to receive marketing or other communications from Us, please submit a request not to receive direct marketing communications or use the unsubscribe facility provided in the most recent communication from Us or contact Us on the details provided.

2.7 Will Your information be disclosed overseas?

  • Personal information that we collect may be transferred and stored outside of Australia between any of the countries in which we, our related entities or our service providers operate.
  • If We disclose any personal information to an overseas entity, we will ensure that, before disclosing personal information overseas, reasonable steps are taken to ensure that overseas recipients do not breach the Act or the APPs. It is not always possible to ensure that overseas recipients will comply. We do not take any responsibility for the actions of overseas third party recipients of personal information. By agreeing to this Privacy Policy You are agreeing that Your personal information may be disclosed overseas and that APP 8.1 will not apply to that disclosure. This means that You will not have recourse against Us under the Act in the event that an overseas recipient of Your personal information breaches the APPs.
  • We do not, and do not presently intend to, disclose or transfer any personal information to overseas recipients. If at some point in the future this position changes, We will take reasonable steps to notify You.
  • Your personal information may be transferred overseas if We sell, transfer or disclose our database of personal information to an actual or potential successor entity, purchaser or investor who is located or has offices overseas. It is not practicable to specify the likely countries in which recipients of information may be located in this regard.

2.8 How can You access and correct Your personal information?

  • You generally have the right to access Your personal information free of charge, subject to some limitations contained in the Privacy Act.
  • The APP’s set out some circumstances in which We are not required to provide You with such access. If You ask for Your personal information and any of these circumstances exist, You may be given access to the personal information in a way that is permitted under the Privacy Act.
  • To protect personal information held by Us, You may need to confirm Your identity before access to Your personal information is granted. It may take a little time to process Your application for access and retrieve information from storage (if applicable).
  • We encourage You to update Us so that we have accurate, current and complete information. You may correct any errors or request that We delete all or some of Your personal information. You may also submit a request not to have any further contact from Us.

2.9 Security

We will take all reasonable precautions to ensure that your personal information is not misused, interfered with, altered or otherwise unlawfully accessed.

2.10 How can You complain about privacy breaches?

If You have a complaint in relation to the collection, use and/or disclosure of Your personal information, please contact our Privacy Officer via the details provided below. Our Privacy Officer will review all complaints received and respond to each complainant upon due consideration (which may require further information to be provided).

2.11 Will this Privacy Policy change?

We may amend this Privacy Policy from time to time. Amendments will be effective immediately upon notification on the Website.

2.12 Who can You contact about Your personal information?

To contact Us about Your personal information, concerns or complaints, email our Privacy Officer on [email protected].

3.1 Application of the General Data Protection Regulation

  • This clause 3 of this Privacy Policy applies if You are a customer purchasing or subscribing to Our Services within the European Union.
  • The terms of this clause 3 apply in addition to clauses 1 and 2 of this Privacy Policy and in the event that the terms of this clause 3 conflict with any other clause of this Privacy Policy, the terms of this clause 3 will prevail.

3.2 Principles of processing Your Personal Data

We process Your Personal Data (as defined in the General Data Protection Regulation) in accordance with the principles of data processing set out in the GDPR including, but not limited to, processing Your Personal Data:

  • in a manner that is lawful, fair and transparent;
  • for specified, explicit and legitimate purposes;
  • to the extent that it is adequate, relevant and necessary for the specified legitimate purposes;
  • in a manner that maintains the accuracy of the Personal Data;
  • for no longer than is necessary;
  • in a secure and safe fashion; and
  • with accountability.

3.3 Purposes for processing Your Personal Data

  • We process Your Personal Data for the intended purposes specified in section 2.4 of this Privacy Policy or for any other purpose compatible with those specified purposes.
  • In the event that We intend to process Your Personal Data for any other purpose not specified in clause 2.4 of this Privacy Policy, We will obtain Your consent for the processing of Your Personal Data for that new purpose or otherwise rely on another lawful basis (as listed in clause 3.4(4) of this Privacy Policy) to process Your Personal Data.

3.4 Lawful basis for processing Your Personal Data

  • Our valid lawful basis for processing Your Personal Data is Your voluntary informed consent to the processing of Your Personal Data for the specific purposes stated in clause 2.4 of this Privacy Policy. You have provided Your consent by positively opting into the terms of this Privacy Policy.
  • You have the right to withdraw Your consent to the processing of Your Personal Data at any time.
  • If You are below sixteen (16) years of age, We require the consent of a person with parental responsibility.
  • We can determine one (1) or more of the following lawful basis to process Your Personal Data for any additional purposes not specified in clause 2.4 of this Privacy Policy:
    • (a) To perform or enter into any contract We have with You.
    • (b) To comply with a legal obligation to which We are subject.
    • (c) To protect Your vital interests or that of another person.
    • (d) Our legitimate interests in providing Our Services to You.

3.5 Your rights

You may exercise the following rights (if applicable) on the terms permitted by the GDPR:

  • The right to be informed about information in relation to Your Personal Data.
  • The right to access Your Personal Data.
  • The right to rectify inaccurate Personal Data.
  • The right to have Your Personal Data erased.
  • The right to restrict the processing of Your Personal Data.
  • The right to receive Your Personal Data and to have it transmitted to a third party.
  • The right to object to Your Personal Data being processed.
  • The right to object to automated decision making.

3.6 Data breach

  • We will advise the relevant supervisory authority of a data breach within seventy-two (72) hours of becoming aware, unless the breach is unlikely to result in a high risk to Your rights and freedoms.
  • In the event that the data breach is likely to result in a high risk to Your rights and freedoms, We will also notify You without undue delay.