1.1 Subchat is committed to maintaining the security of Personal Information provided to us and providing a compliant and transparent approach to data protection.
1.2 When you share Personal Information with us, we treat it with care and take our responsibility to protect it seriously.
2.1 “Controller”, “Personal Data”, and “Processor” have the same meaning as in the EU General Data Protection Regulation (GDPR).
2.2 “European Union’s Standard Contractual Clauses” means standard contractual clauses regulating the transfer of personal data to third countries that have been adopted by the EU Commission.
2.3 “GDPR” means the EU General Data Protection Regulation 2016/679.
2.4 “NDB” means the Privacy Amendments (Notifiable Data Breaches) Act 2017 (Cth).
2.5 “Person” means any person that is recognised at law whether it be a natural person, an entity or corporation.
2.6 “Personal Information” means information about an individual whose identity is apparent or can reasonably be ascertained from that information.
2.7 “Privacy Laws” means the Privacy Act 1988 (Cth), Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), and the EU General Data Protection Regulation.
2.8 “Privacy Shield Certified” means the certification mechanism that complies with the GDPR requirements for the transfer of Personal Data from the European Economic Area (EEA) to the United States.
2.9 “App” means the mobile application ‘Subchat’.
(a) the types of Personal Information that Subchat collects and holds;
(b) how and when Subchat collects, discloses, uses, stores and otherwise handles Personal Information;
(c) the purposes for which Subchat collects, holds, uses and discloses Personal Information;
(d) how you may access your Personal Information, and seek correction of your Personal Information;
(e) how we store your Personal Information and keep it secure;
(f) how you may make a complaint, and how Subchat will deal with any such complaint.
4. The types of Personal Information we collect
4.1 We collect Personal Information for the primary purpose of supplying our App, providing information to our users and marketing.
4.2 Subchat collects the following types of Personal Information:
(a) Personal Information such as your name, your social media profile (where you choose to link you social media accounts with Subchat), your address, phone number, email address, payment details such as your credit or debit card details and any other Personal Information required for us to provide you with our App, communicate with you and to keep a record of your transactions.
(b) Marketing Personal Information so that we can market our App or that of third parties to you in accordance with your preferences. Before we share your Personal Information with any third party for marketing purposes, we will obtain your explicit consent. You may also unsubscribe from our mailing list at any time by following the opt-out link on any message sent to you. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
4.3 We may collect Personal Information from you, including but not limited to, when you provide us with feedback, when you provide us with data about your business activities, a password when you register with us, when you change your content or email preferences, when you respond to our surveys, or when you communicate with our customer support.
4.4 We may also collect any other type of Personal Information you provide to us while interacting with us through your use of our App and the supply of our App.
4.5 We do not knowingly collect any Personal Information from you that is considered a “Special Category” under the GDPR such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
4.6 We do not knowingly collect or process Personal Information of persons 13 years or younger. If you are under the age of 16, we request that you obtain and provide parental consent as required by the GDPR.
5. How we collect Personal Information
5.1 We collect Personal Information from you in a variety of ways, including when you interact with us electronically or in person, and when you access or install our App.
6. How we use your Personal Information
6.1 We use your Personal Information and you consent to us using your Personal Information to:
(a) provide you with our App;
(b) administer our business activities;
(c) process transactions through the App;
(d) manage, research and develop our App including through data analytics;
(e) provide you with information about our App;
(f) communicate with you by a variety of measures including, but not limited to, by telephone, email, SMS or mail;
(g) meet legal, regulatory and compliance obligations; and
(h) investigate any complaints.
6.2 If you choose to withhold your Personal Information, it may not be possible for us to provide you with our App or for us to respond to your query.
7. Disclosing your Personal Information to third-parties
7.3 We may share your Personal Information with third-party service providers to help us provide our App and to provide you with a payment platform.
7.5 If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our databases, together with any Personal Information and non-Personal Information contained in those databases.
8. Legal basis in the European Union (EU) for the collection and processing of your Personal Data
8.1 The legal basis for collecting and processing your Personal Data will depend on how your Personal Data is being used and how it was collected.
8.2 When you use our App, we process Personal Data on your behalf as a Processor where you are the Controller and otherwise to the extent that we are a Controller as defined in the GDPR.
8.3 The legal basis for which we collect and process your Personal Data is based on the following:
(a) Contractual basis. This legal basis applies to the collection or processing of Personal Data in order to fulfil or perform a contract with you, or to which you are a party.
(b) Consensual basis. This applies where you have provided your consent to the collection or processing of Personal Data for a specific purpose (for example, to provide you with marketing updates). You can withdraw your consent at any time by updating your email preferences, opting-out, or by contacting us directly.
(c) Legitimate interests. This applies where we have a legitimate interest to collect or process your Personal Data. For example, it may be to respond to an enquiry about our App, or to improve our App.
(d) Legal obligations. This applies where it is necessary to disclose your Personal Data to comply with a legal obligation.
8.4 Unless otherwise required by contractual obligation or any other legal basis, we only store your Personal Data while it remains necessary to fulfil the purpose for which it was collected, or if the purpose of the processing could not reasonably be fulfilled by other means. Periods of data retention will apply differently for each specific category of data.
8.5 When we use third-parties to process your Personal Data on our behalf, we ensure that the such Personal Data is pursuant to our documented instructions and in accordance with the legal basis for the processing.
8.6 We only employ third-party data processors that are compliant with the GDPR requirements and that have sufficient security measures in place to protect and safeguard your data.
9. International Data Transfers
9.1 We may store, process and transfer your data, including your Personal Data in countries other than the country you live in. Data transfer may occur in and between countries outside of Australia which may include but are not limited to the United States and Europe provided these are countries that the European Commission has approved as providing an adequate level of protection for Personal Data.
9.2 As part of our obligations under the GDPR, we only transfer the data of individuals residing in the EU to countries outside of the EU with adequate privacy data laws or to a third party where we have approved transfer mechanisms in place to protect your Personal Data (by entering into the European Commission’s Standard Contractual Clauses for data protection for data that is transferred internationally or ensuring the entity is Privacy Shield Certified for data transfer to third parties based in the United States.
9.3 If the above safeguards do not apply, we will request your explicit consent to any transfers and you will have the right to withdraw this consent at any time.
10. How we secure your Personal Information and Data Breach
10.1 We are committed to ensuring that the Personal Information you provide to us is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data and to protect this data from misuse, interference, loss and unauthorised access, modification and disclosure.
10.2 A reportable “Data Breach” is a security incident where the integrity of Personal Information or Personal Data is compromised through being destroyed, lost, altered, corrupted, disclosed or accessed by an unauthorised person where it is likely to result in serious harm to any individual affected.
10.3 We have procedures and systems in place including a data breach incident response plan, specific data breach policies and procedures and personnel to deal with an actual or suspected “Data Breach” and will notify you and the applicable regulator in accordance with our obligations under the NDB and GDRP.
10.4 Please report any actual or suspected breaches in relation to the supply of our App for investigation to Subchat by using the Contact Us section provided on our App.
11. Data Access Request under the GDPR (Right of Access and Correction)
11.1 If you are an individual residing in the EU, you have certain rights as to how your Personal Data is being controlled and used.
11.2 We comply with your rights under the GDPR (subject to the grounds set out in the GDPR and applicable law) that permit you:
(a) to be informed as to how your Personal Data is being used;
(b) to access your Personal Data and to know specifically what information is held about you and how it is processed, where and for what purpose (we will provide you a copy of your Personal Data in electronic format free of charge if requested);
(c) to rectify your Personal Data if it is inaccurate or incomplete;
(d) to erase your Personal Data (also known as 'the right to be forgotten') if you wish to delete or remove your Personal Data;
(e) to restrict processing of your Personal Data;
(f) to retain and reuse your Personal Data for your own purposes (“Personal Data portability”);
(g) to object to your Personal Data being used; and
(h) to object against automated decision making and profiling.
11.3 You can contact us any time to exercise your rights under the GDPR including as to:
(a) request access to Personal Data that we hold about you (“Data Access Request”);
(b) to correct any Personal Data that we hold about you;
(c) delete Personal Data that we hold about you; or
(d) opt out of emails, marketing, and any other notifications that you receive from us.
11.4 We may ask you to verify your identity before acting on any of your requests. All Data Access Requests will be processed within one (1) month and will be provided in a digital format free of charge.
11.5 If you have any questions about how we collect and store data, please Contact us using the contact details provided below.
12. Access to and how you can control your Personal Information
12.1 You may request details of Personal Information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth).
12.2 If you would like a copy of your data or believe that your data is inaccurate, out of date, incomplete, irrelevant, please Contact us using the contact details provided below.
13. Third-party website tools and cookies
13.1 We use technologies and third-party services that use Google Analytics, pixels, tags and web beacons (code snippets) on our App to improve user experience, the supply of our products and services and to analyse how our App is used.
13.2 The information collected is mostly anonymous traffic data aside from the approximate location (IP address) and may include browser type, device information, and language. The information collection is in aggregate form so that it cannot identify any individual user and provides an overview of how people use our App. It is not used for any additional purpose.
Our App may from time to time have links to other applications not owned or controlled by us. Links to third party applications do not constitute sponsorship or endorsement or approval of these applications. Subchat is not responsible for the privacy practices of other such applications.
15. Complaints About Privacy
15.1 Please contact us using the contact details below if you have any questions or concerns about our collection, use or disclosure of Personal Information. We will aim to resolve your complaint within 30 days.
15.2 If you remain dissatisfied, you may refer your complaint in writing to the Office of the Australian Information Commissioner.
17. Our Contact Details
17.1 Bilby Apps mailing address:
41/464-480 Kent Street
Sydney NSW 2000, Australia.
17.2 You can contact us:
(a) by post, using the mailing address given above;
(b) using our contact form on the App, should one be made available to you;
(c) by email at firstname.lastname@example.org
© 2018 Bilby Apps Pty Ltd. ALL RIGHTS RESERVED.
Terms last updated 24 August 2018.