Privacy Policy
1. Background
-
Oncord Pty Ltd ACN 116 347 909 (Oncord, Data Processor, We, Our, Us and other similar terms) takes all reasonable steps to implement
processes and procedures for the responsible management of Personal Info.
-
We have implemented this Privacy Policy in accordance with the Privacy Law in order to be open and transparent about how We collect,
hold, and use Your Personal Information, and under what circumstances We may disclose or transfer it.
-
This Privacy Policy applies to:
- all Personal Info collected by Oncord in the course providing access to the Platform and other Services to Our Subscribers (You, Your, Subscriber, Data Controller and other similar terms) and their End Users regardless of its source and forms part of our Terms of Use. Terms which are capitalised in this document are defined and take their meaning from Oncord’s Terms of Use available at - https://www.oncord.com/legal/terms-of-use/ or in this Privacy Policy.
2. Disclaimer
While Your privacy is important to Us, nothing in this Privacy Policy constitutes a voluntary opt in to any Privacy Law's, anywhere in the world, which We are not bound to comply with by statute.
3. Definitions
Terms that are capitalised in this Privacy Policy have special meanings and are defined in either Our Terms of Use or herein.
Data Subject means the identified or identifiable living individual to whom Personal Info relates under the Privacy Law.
Data Controller means the natural or legal person, public authority the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. In this Privacy Policy, Subscribers to Oncord’s Platform located in the United Kingdom, Europe and the United States are Data Controllers.
Data Processor means an entity or organization that processes Personal Data on behalf of a Data Controller, meaning they handle and manipulate data according to the instructions and specifications provided by the Data Controller, without having the authority to decide how the data is used or for what purpose. In this Privacy Policy Oncord is the Data Processor.
Data Processing Addendum means the separate agreement between a Subscriber based in the United Kingdom, the European Union or the United States and Oncord that defined the contains the rights and obligations that are between the Subscriber as Data Controller and Oncord as Data Processor.
Identifiable Living Individual means a living individual who can be identified, directly or indirectly, in particular by reference to:
- an identifier such as a name, an identification number, location data or an online identifier, or
- one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
Personal Data means any information relating to an identified or identifiable living individual (subject to subsection (14)(c)) of the DPAUk, GDPR or the US Privacy Law.
Processing in relation to information means an operation or set of operations which is performed on information, or on sets of information, such as:
- collection, recording, organisation, structuring or storage;
- adaptation or alteration;
- retrieval, consultation or use;
- disclosure by transmission, dissemination or otherwise making available;
- alignment or combination, or
- restriction, erasure or destruction.
Personal Info means ‘Personal Information’ and ‘Personal Data’ as defined in the Privacy Law and means:
-
under Australian law, information or an opinion about an identified individual or a reasonably identifiable individual, whether;
- the information or opinion is true or not, and
-
the information or opinion is recorded in a material form or not.
-
under the GDPR any information relating to an identified or identifiable natural person (Data Subject), where an
identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural, or social identity of that natural person;
-
under the Data Protection Act 2018 (Uk) (DPAUk) means any information relating to an identified or identifiable
living individual pursuant to section 14(c) of this Act;
- under the laws of the States of the United States of America (US Privacy Law) includes information that is linked or reasonably linkable to an identified or identifiable individual, who is a resident of the particular state acting an individual or household capacity
Privacy Law means the:
- Privacy Act 1988(Cth); and
- Data Protection Act 2018 (Uk) (DPAUk); and
- European Union’s, General Data Protection Regulation (GDPR); and
- the complex suite of State and Federal laws of the United States of America the relating to the protection of personal data about US residents (US Privacy Law).
Subscriber means the person or entity that is a party to Oncord’s Terms of Use and subsequently has a right to us the Platform.
4. Collection
4.1 Collection of Personal Information from those located in Australia
-
We collect Personal Information:
- when Subscribers and their Users and potential Subscribers interact with Us online, over the phone, by email, in person or through other means of communication; and
-
in order to assist Subscribers and their Users and potential Subscribers to access and use the Platform and provide Services or for other
purposes.
-
The type of Personal Information We collect generally includes the name of the Subscribers and their Users and potential Subscribers
telephone number, website, email address, company, relevant Facebook data, IP Addresses and any additional information provided to Us to
assist with use of the Platform.
-
Where Users contacts Us on behalf of a Subscriber the information provided often contains information about the Users employment,
position and employers contact details. In those circumstances certain employment related information is collected.
- Where possible, Information will only be collected directly from Subscribers and their Users unless another person authorised them to provide the information.
4.2 Collection of Personal Data from Subscribers and End Users the UK, Europe and the United States
-
We collect Personal Data about Data Subjects:
- when Subscribers and their Users and potential Subscribers interact with Us online, over the phone, by email, in person or through other means of communication; and
-
in order to assist Subscribers and their Users and potential Subscribers to access and use the Platform and provide Services or for other
purposes.
-
The type of Personal Data We collect about Data Subjects generally includes the name of the Subscribers and their Users and potential
Subscribers, telephone number, website, email address, company, relevant Facebook data, IP Addresses and any additional information
provided to Us to assist with use of the Platform.
-
Where a User contacts Us on behalf of a Subscriber the information provided often contains information about the User’s employment,
position and employers contact details. In those circumstances certain employment related information is collected.
- Where possible, Personal Data about Data Subjects will only be collected directly from them unless another person authorised them to provide the information.
4.3 Device information and cookies
-
When Subscribers and their Users and potential Subscribers visit our website, We may collect certain information about a persons' device,
including details about Your Web browser, IP address, time zone, and some of the cookies that are installed on Your device. Additionally,
as You browse, We collect information about the individual Web pages on Our Website that are viewed and information about how You
interact with Us online.
-
We collect device information using the following technologies:
- "Cookies" which are data files placed on Your device or computer which may include an anonymous unique identifier;
- "Log files" which track actions occurring on the website, and collect data including Your IP address, browser type, internet service provider, referring/exit pages, and date/time stamps; and
-
"Web beacons", "tags", and "pixels" which are electronic files used to record information about how You
browse Websites.
-
Please note that We do not alter Our Websites' data collection and use practices when We see a Do Not Track signal from Your
browser.
-
Through Our use of analytics services, the information generated by the cookie about Your use of the Website (including Your IP address)
will be transmitted to and stored by Our third-party analytics providers on their servers. These providers will use this
information for the purpose of evaluating Your use of the website, compiling reports on website activity for website operators, and
providing other services relating to website activity and internet usage.
-
Our analytics providers may also transfer this information to third parties where required to do so by law, or where such third parties
process the information on the provider's behalf.
- You may refuse the use of cookies by selecting the appropriate settings on Your browser, however if You do, You may not be able to use the full functionality of Our Website or the Platform.
5. Consent
-
By agreeing to this Privacy Policy, Subscribers and their End Users consent to use Your Personal Info as set out herein. You have a
right to withdraw Your consent at any time and may do so by contacting Us via the details provided below.
- By using Our Website and the Platform, Subscribers and their End Users consent to the processing of Personal Info You by Our third-party analytics providers in accordance with their respective privacy policies and for the purposes set out above. You can opt out of analytics tracking by disabling or refusing cookies, disabling JavaScript, or using the opt-out services provided by these analytics providers.
6. Personal Information
6.1 Use of Personal Info
-
We use Personal Info collected as part of Our business operations which are primarily associated with the promotion and sale of a digital
marketing software solutions. Examples of when Your Personal Info may be used include:
- informing You about the Platform and Our services;
- providing You with the access to the Platform as requested;
- administration requirements in relation to providing You with products and services, including managing Your account;
- to detect and prevent fraud, abuse, and security incidents, enhancing the safety and security of the Platform.
- dealing with requests, enquiries or complaints and other customer care related activities;
- engaging with Subscribers and Users to support use of the Platform;
- promoting use of the Platform and Our services generally; and
- carrying out any activity in connection with a legal, governmental or regulatory requirement imposed on Us or in connection with legal proceedings,
- We may also use Personal Info for purposes, as would be reasonably expected by You, in connection with the activities described above. However, We will not use Your Personal Info for purposes, other than as described in this Privacy Policy or other agreement We have with You, unless You consent to that use or there are specific law enforcement, public health or safety reasons.
6.2 Direct marketing
You are always in control of Your Personal Info, and if you choose to stop receiving our marketing information, you may click on the unsubscribe link at the bottom of our marketing material.
You can rest assured that, even if you unsubscribe, You will still receive the necessary emails for the management of your account on the Platform (for example, if you forget your password).
Accessing Your Personal Info on request and after satisfying ourselves of Your identity, We will provide access to the Personal Info We hold about You except in certain prescribed circumstances. These include, where:
- we believe giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- giving You access would be unlawful;
- granting access would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious; or
- there are anticipated legal proceedings
7. Oncord’s role as Data Processor
7.1 Access to Personal Data collected by Subscribers about Data Subjects
-
We provide access to Our Platform to Subscribers to manage the Subscriber’s Website. Subscribers may collect Personal Data about
Data Subjects for the purposes of managing their own business and their website. We do not have direct access to the Personal Data
collected by Subcriber’s about Data Subjects and act only in the capacity as a Data Processor.
- Subscribers that collect Personal Data about Data Subjects and store it on the Platform are known as Data Controllers. In acting as a Data Processor Our Platform takes instructions from Subscribers and their End Users who acts Data Controllers and are directly responsible for their own compliance with the GDPR and the DPAUk.
7.2 Obligations as Data Controller in the event of a data breach
If Oncord becomes aware of a Personal Data breach (in relation to personal data processed by the Data Processor), We will notify the respective Data Controller as soon as practical after we become aware of it. We will use Our best endeavours to assist the Data Controller to comply with their obligations under the GDPR and the DPAUk.
8. Obligations of Data Controllers using the Platform
The Data Controller must:
- comply with obligations in relation to personal data breaches as contained in section 67 and 68 of the DPAUk.
- appoint a designated Data Protection Officer in accordance with section 69, 70 and 71 of the DPAUk.
- Comply with all other obligations as contained in the relevant Privacy Law.
- Publish a Privacy Policy that is compliant with the respective Privacy Law on the Subscriber’s Website.
9. Data integrity
- We take reasonable steps to ensure the Personal Info We collect, use and disclose is accurate, complete and up to date. You have a right to correct incorrect information at any time and may do so by contacting Us using the details provided below.
- If You become aware Your information is no longer accurate, complete or up to date please contact Us.
10. How we share Personal Info
-
We may disclose Personal Info:
- with Your express consent;
-
where it is necessary for us to carry out actions and Our obligations in accordance with the provision of the Platform to Subscribers and
their End Users pursuant to Our Terms of Use;
- Our lawyers and accountants;
- law enforcement agencies to assist in the investigation and prevention of criminal activities; and
-
Our third-party contractors or service providers with whom We have a business association, including:
- marketing service providers;
- accounting service providers; and
-
information technology service providers including cloud application providers.
-
We may also share Your Personal Info to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other
lawful request for information We receive, or to otherwise protect Our rights.
- We will not disclose Your Personal Info other than in accordance with this Privacy Policy without Your consent unless we are compelled to do so at law.
11. Offshore transfers
-
The Personal Info We collect may be transferred out of Australia, the United Kingdom, Europe and the United States to other countries
where it is processed by third-party providers, and cloud-based service providers, who assist Us to manage promotional material, emails,
office administration and accounting services that are necessary for Us to operate our business.
- While We do not otherwise actively disclose Your Personal Information to other overseas entities, the service providers We engage may use international data centres and disaster recovery sites. Consequently, these providers may have access to Your Personal Information.
12. Anonymity and use of pseudonyms
We may interact with You anonymously or through the use of pseudonyms if You have questions general in nature. However, You are required to provide true and accurate details when requesting the supply of products or provision of services. You agree to provide accurate information if so required.
13. Security
We take commercially reasonable steps to protect the Personal Info We collect and hold from misuse, loss and unauthorised access, modification or disclosure. We do this by:
- maintaining and keeping Our systems and the Platform up to date;
- using secure servers protected from unauthorised access, modification or disclosure;
- using secure sockets layer (SSL) encryption to transfer data across public networks, such as the internet;
- using encryption at rest;
- relying on reputable service providers; and
- limiting the collection of Your Personal Info to that which We reasonably require to
14. Data retention
-
If We hold Personal Info about You, and We do not need that information for any purpose, We will take reasonable steps to destroy
or de-identify that information, in accordance with the Australian Privacy Act and the and the Data Protection Act 2018 (Uk)
unless We are prevented from doing so by law.
-
Under Australian law, financial records, such as those relating to financial transactions, must be retained for seven (7) years
after the transactions associated with those records are completed.
-
We envisage Your Personal Information will be deleted or de-identified within ten (10) years, if it is no longer reasonably
required.
-
When we no longer require your Personal Info, We will either delete or anonymize it or, if this is not possible (for example, because
your Personal Info has been stored in backup archives), then we will securely store it and isolate it from any further processing until
deletion is possible.
- You may make a request to Us in writing to remove Your Personal Info and, where permitted, We will do so in accordance with the Privacy Law.
14.2 Data about minors
Our Website and the Platform are not intended for children under the age of 18. We do not, knowingly, or intentionally, collect Personal Info about children who are under 18 years of age.
15. Additional rights under under the Data Protection Act 2018 (UK) UK GDPR
If You are a resident or citizen of the European Union (EU)or the United Kingdom, You have the right to access the Personal Info We hold about You and to ask that Your Personal Info be corrected, updated, or deleted. You may also object to the processing of Your Personal Info .
16. Complaints procedure
Oncord is a customer service-oriented business. Therefore, if You have a complaint about Our collection or use of Personal Info pertaining to You, then We would ask You to contact Us. Our Privacy Officer can be contacted via the information provided below.
-
Australian residents
If after investigating Your complaint and reporting our findings to You, You are still not satisfied then We ask You to consult:
The Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
- Alternatively, You may contact Your local supervisory authority.
17. Questions about our Privacy Policy and practices
For more information about Our privacy practices, if You have questions, or if You would like to make a complaint, please contact Us using the details provided below:
Oncord Data Protection Officer
Telephone: 1300 787 970
Email: privacy@oncord.com
18. Amendments
We are obligated to regularly review and update this Privacy Policy. As such We may update this Privacy Policy from time to time in order to reflect changes to Our practices or for other operational, legal or regulatory reasons.
This policy was last updated on 18 February 2024