This Document describes Our Privacy Policy.
It should be read in conjunction with Our Cookie Policy
and Our Terms of service as definitions contained therein also apply to this document.
Cookie Policy and Terms of service are incorporated in this policy by reference in their entirety.
SBP is legally obligated to protect the privacy and security of the information entrusted to Us in accordance with numerous data protection laws and regulations from around the world. Primarily governed by the The federal Privacy Act 1988 (Cth) ("Privacy Act")(as amended), where required, We adhere to the Australian Privacy Principles. SBP also strives to comply with the European General Data Protection Regulations (“GPDR”). This Privacy Policy informs You of Our policies regarding the collection, use and disclosure of personal data from users of Our Service and Online Platform and the choices You have associated with the use of that data.
This Policy applies to SBP’s collection, use and disclosure of the personal information of the following categories of Data Subjects:
Website Visitors: Those who visit Our Online Platform in order to use some or all of Our Services, including those who may opt to provide an email address or other contact information to receive communications from SBP, fill out a survey, provide feedback or contact us directly.
Customers: Individuals or entities who enter into a commercial relationship with SBP for the Purchase of Services or a Subscription to ongoing use of the Services and/or the Online Platform, and/or any additional services individually negotiated and agreed in writing between You and SBP.
General Public: Other individuals or entities to optionally and proactively contact SBP via email, phone or postal mail.
Excluded categories from this Policy are those of job applicants and candidates who apply for employment with Us, Directors, employees and agents of Commercial Partners and Our employees whose Personal Data is subject to different privacy notices which are provided to such individuals in the context of their employment or working relationship with SBP.
It is possible that You are a member of multiple categories at the same time.
Our Online Platform and Services are not intended for, nor designed to attract, individuals under the age of eighteen. Cloudflare does not knowingly collect or share personal information from any person under the age of eighteen. To the extent We become aware that We have the personal information of a person under the age of eighteen, We will delete that information.
By category of Data Subjects:
Website Visitors
- Name, email address and other contact details. We ask for and, at Your option to provide,
collect Personal Information from You when You submit web forms on Our Online Platform,
including when You sign up for and agree to receive email communications from Us.
- We may ask You to provide Personal Information if You choose to use interactive features of the Services, including but not limited to, surveys, contests, promotions, sweepstakes or studies, requesting customer support, submitting feedback or otherwise communicating with Us.
- Log files: As with almost all online services, when You visit Our Online Platform We gather certain technical information sent by Your device as part of how it interacts with the Online Platform, and store it in log files. This information includes, but is not limited to, the time and date of the interaction, IP (Internet Protocol) address, system configuration information, browser user-agent information, referring webpage, and probable locale, language and country of origin of the request.
- Cookies and other tracking technologies: We may use cookies and other information-gathering technologies in accordance with Our Cookie Policy to provide functionality to the Online Platform. Note that while You have the choice of disabling cookies when using the Online Platform the Online Platform may not work correctly.
Information and possible Personal Data You choose to provide when using interactive features of the Service, including but not limited to, filling out forms, surveys, contests, promotions, sweepstakes or studies, requesting customer support, submitting feedback or otherwise communicating with Us.
- Material contributed in Interactive Areas: The Online Platform may have publicly accessible blogs, community forums, comments sections, discussion forums or other interactive features (“Interactive Areas”). If You choose to participate in any of these Interactive Areas, please be aware that any information You post in an Interactive Area might be publicly viewable and might be read, collected and used by others who access it. If You wish to remove previously submitted information from any of Our Interactive Areas please see the Data Subject Rights and Choices section of this Policy.
Customers
- Customer Account information: When You register for and then customise an Account We collect contact and configuration information (“Account Information”). Depending on Your Subscription type, and whether You provide additional information for invoicing purposes, this contact information may include Your Customer name, associated email addresses of Your Account administrators and/or other people who receive communications from the Online Platform (for example, copies of Invoices may be sent to a nominated email address, usually Your finance team/accounts department), telephone numbers and addresses necessary to process payments and provide the Services. In addition, when You use the Services, We collect information about how You configure Your Account and the Services.
- Information received through the use of integrated services. You may be given the option to access or register for an Account through the use of third party identity providers (each, an “Integrated Service”) such as ‘Sign in with Google’ functionality. By using an Integrated Service You grant that Integrated Server permission to share Your Personal Data with Us (for example, Your email address and name). If You have an existing Account registered with the same email address, Your Account will be linked with Personal Data provided by the Integrated Service. By using an Integrated Service in this way, You grant Us permission to collect and process Personal Data provided by the Integrated Service
- Service Usage: When using the Services and the Online Platform We collect information about how You use the Services. This is in order to provide You with the Service and for billing purposes.
- Payment meta-information: Payments are processed by an external 3rd party payment processor. We are not privy to the payment methods’ details (such as the credit card number or expiry date) as they are handled securely by the payment processor. We receive other payment meta-information such as time/date, amount and currency, email address, address and billing address.
SBP only processes Personal Information in a way that is compatible with and relevant to the purposes for which it was collected or authorised.
We may use Your Personal Information to:
- Provide, operate, monitor, maintain, improve and promote the Services and Online Platform for You and all users of the Services and Online Platform;
- Enable You to access and use the Services and Online Platform;
- Process and complete Purchase transactions, and send You and Your nominated recipients related information such as purchase confirmations and invoices;
- Send transactional messages, including responses to Your comments, questions and requests; provide customer service and support and send You technical notices, updates, security alerts and support and administrative messages;
- Comply with legal obligations as well as to investigate and prevent fraudulent transactions, unauthorised or abusive access to the Services and Online Platform, and other illegal activities;
- For other purposes for which We obtain Your consent.
In addition, We may also use the information We collect from Website Visitors and Customers’ Account Information to:
- Send commercial communications, in accordance with Your communications preferences, such as providing information about products and services, features, surveys, newsletters, offers, promotions, contests and events about Us and Our Commercial Partners; and to send news, announcements or information about Us and Our Commercial Partners;
- Process and deliver contest or sweepstakes entries and rewards;
- Monitor and analyse trends, usage and activities in connection with the Services and the Online Platform for marketing or advertising purposes;
- Personalise the Services and Online Platform, including by providing or promoting features or content that match Your interests, preferences or related to Services You have used.
- Combine information We collect as described above with Personal Data We obtain from third parties. For example, We may combine information entered on an Online Platform submission form with information We receive from a third-party sales intelligence platform vendor to enhance Our ability to market Our Services to Customers or potential Customers. For example, if someone contacts Our sales department enquiring about Our Services, We may Google them or look them up on LinkedIn to better understand them as a potential customer.
Data Aggregation
SBP may aggregate data We acquire about Our Website Visitors and Customers. For example, We may assemble data to observe how web crawlers use Our Services in order to detect if they are engaged in malicious activity or to compile web traffic reports and statistics. Non-personally identifiable, aggregated information may be shared with 3rd parties or publicly.
Information Sharing
SBP works with other companies who provide us with services that help run Our business, Our Services and Our Online Platform (“Service Providers”). These companies provide services to help us deliver customer support, process credit card payments, manage and contact Our existing Customers as well as sales leads, provide marketing support, and otherwise operate and improve Our Services. These Service Providers may only process Personal Data pursuant to Our instructions and in compliance both with this Privacy Policy, the contracts We have in place with such Service Providers, and other applicable confidentiality, data protection, and security measures and regulations.
Specifically, We do not permit Our Service Providers to sell any Personal Data We share with them or to use any Personal Data We share with them for their own marketing purposes or for any purpose other than in connection with the services they provide to us.
In addition to sharing information, including Personal Data, as described above, We may also share information, including Personal Data, in the following circumstances:
- Within SBP, including but not limited to, Our directors and employees;
- In the event of a merger, sale, change of control or ownership or reorganisation of all or part of Our business;
- Where We are required to by law, to respond to a valid legal process or to exercise Our legal rights or defend against legal claims;
- Where We have a good faith belief sharing is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situatinos involving potential threats to the physical safety of any person or violations of Our Terms; or as otherwise required to comply with Our legal obligations; or
- As You may otherwise consent from time to time.
SBP is an Australian company but the Online Platform has technical infrastructure around the world in order to better serve Customers from outside of Australia. We primarily store and process Your information in the United States (on Amazon Web Services’ infrastructure) and in Australia (on both Amazon Web Services’ infrastructure and Our own in-house equipment). To facilitate the operation of the Online Platform and Our business operations We may transfer and access Your information from around the world, including other countries in which SBP does not have a physical presence for the purposes described in this Policy.
Whenever SBP transfers Personal Data originating from one country to another country, whether between SBP companies or a 3rd party, We will implement appropriate measures, consistent with the laws of the country from which the Personal Data originates.
When SBP transfers or processes Personal Data from the EEA, Switzerland or the United Kingdom to the United States We rely on the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the UK extension to the EU-U.S. Data Privacy Framework to ensure Our Commercial Partners provide equivalent privacy protections.
Your attention is specifically drawn to the fact that Australia is not a subject of an adequacy decision by the EU as being recognised as having a ‘compatable’ level of data protection within its own laws as compared to the GDPR. This page provided by the Office of the Australian Information Commissioner (OAIC) highlights the differences between Australia’s Privacy Act 1988 (Cth) and the GDPR.
https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/australian-entities-and-the-european-union-general-data-protection-regulation
Where requirements of the Australian Privacy Act 1988 (Cth) fall short of the requirements of the GDPR, SBP commits to comply with the requirements of the GDPR in so far as is possible without contradicting Australian laws. The Office of the Australian Information Commissioner has jurisdiction over SBP’s Australian entities. We may be required to disclose Personal Data We receive in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
SBP remains liable for Personal Data it receives and subsequently transfers to a third party acting as an agent on its behalf. SBP shall remain liable if its agent processes such Personal Data in a manner inconsistent with this policy, unless SBP proves that it is not responsible for the event giving rise to the damage.
SBP recognizes individuals’ data protection rights. You have the right to access, correct, update, port, or delete Your personal information, and to restrict or object to the processing of Your personal information (each of these a “Rights Request”). You may email us at [email protected] with any Rights Request, and We will respond within thirty (30) days. Customers also can access or update their Account information by editing their profile via the CardDetails API.
Before We can action a Rights Request, We will need to verify that Your identity matches that of the data in which You are requesting to exercise Your rights. You can expect a verification email under separate cover, to the email address associated with Your Personal Data on file. If You are making a Rights Request on behalf of another individual as an authorized agent, We require that either 1) the Data Subject must verify their identity and directly confirm with SBP they provided the authorised agent permission to submit the Rights Request, 2) the authorized agent must be provided power of attorney by the Data Subject in accordance with the law of the Data Subject’s jurisdiction, or 3) the Rights Request must otherwise be submitted in accordance with applicable privacy law.
For any Rights Request, We will need to verify a requestor is inquiring about their own information before We can assist. Where a Rights Request may implicate the personal information of another individual, We must balance the request against the risk of violating another person’s privacy rights and We reserve the right to partially fulfil or deny a Rights Request. We will comply with Rights Requests to the extent required by applicable law or to the best of Our ability to fulfil the Swiss-U.S, EU-U.S. Data Privacy Framework . In the event that Your Rights Request is denied or partially fulfilled, residents of the EEA, the UK, and Switzerland have the right to lodge a complaint with a supervisory authority.
SBP may send You commercial communications based on Your communication preferences. SBP will also send You transactional Service-related communications. You can manage Your receipt of commercial communications by clicking the ‘Unsubscribe’ link located at the bottom of thise emails.
SBP takes all reasonable steps to protect information We collect from You from accidental or unlawful destruction, loss, alteration, and unauthorised disclosure or access. We have put in place appropriate physical, technical and administrative measures to safeguard and secure Your information, and We make use of privacy-enhancing technologies such as encryption.
We store Your Personal Data for a period of time that is consistent with the business purposes set forth in the ‘How We use Your data’ section of this policy or as long as needed to fulfill and comply with legal obligations. The criteria We use to determine how long We store Your personal information will vary depending on several different factors.
We typically consider the following when determining data retention:
- Whether the purpose for collecting the Personal Data in the first place remains current. For example, while You maintain an Account on the Online Platform, We are required to maintain Your contact information during that period, in order to be able to provide You access to Your Account and to be able to support or contact You regarding Your Account;
- The potential risk of harm from unauthorized use or disclosure of the Personal Data;
- Whether We can achieve the purposes for processing with less data or through other means
- Legal requirements that may apply to the data, such as applicable statutes of limitation, accounting, tax or contractual obligations.
When the data retention period expires for a given type of data, We will delete or destroy it. If, for technical reasons, We are unable to do so, We will implement appropriate security measures to prevent any further use of such data.
If We make changes to this Policy that We believe materially impact the privacy of Your personal information, We will promptly provide notice of any such changes (and, where necessary, obtain consent), as well as post the updated Policy on this website noting the effective date of any changes.
We may assign or transfer this Policy, as well as information covered by this Policy, in the event of a merger, sale, change in control, or reorganization of all or part of Our business.
“Personal Data” as referenced in this Privacy Policy corresponds to the term “personal data” as defined under the European Union (“EU”) General Data Protection Regulations (“GDPR”) and its United Kingdom (“UK”) GDPR counterpart. SBP is a data controller for the Personal Data collected from all categories of Data Subject listed above.
If You are an individual from the European Economic Area (“EEA”), the UK or Switzerland, Our legal basis for collecting and using Your Personal Data will depend on the Personal Data collected and the specific context in which We collect it. We collect Personal Data when: 1) We have Your consent to do so, 2) where We need Your Personal Data to perform or fulfil a contract with You (e.g. to deliver a Service via the Online Platform), or 3) where the processing is in Our legitimate interests.
In most cases, if You choose not to provide the requested information SBP will be unable to provide the requested service.
In some cases, We may also have a legal obligation to collect Personal Data from You, or may otherwise need the Personal Data to protect Your vital interests or those of another person. Where We rely on Your consent to process Your Personal Data You have the right to withdraw or decline consent at any time. Where We rely on Our legitimate interests to process Your Personal Data You have the right to object by emailing us at [email protected].
This section only applies to residents of California, USA and is related to the provisions of
the California Consumer Privacy Act (“CCPA”).
It describes how We collect, use and share Personal Information of California residents in operating Our business and their rights with respect to that Personal Information. For the purposes of this section, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household as defined in CCPA. It does not include information exempted from the scope of the CCPA.
How We collect, use, and share Your personal information under the CCPA.
- We may collect, use, and disclose for Our business and commercial purposes, the following categories of Personal Information:
- Identifiers for the categories of individuals/users as defined earlier in this policy;
- Payment and Customer records of Our Customers;
- Protected classification characteristics to the extent these characteristics are voluntarily disclosed to Us or contained in any content transmitted across or stored within the Online Platform;
- Commercial information such as records of products or services purchased, obtained, or considered, or other purchasing or usage histories;
- Professional or employment information;
- Internet or other electronic network activity information; and
- Inferences (.e.g. Information about Your interests or preferences).
The sources of collected information are described earlier in this Policy.
The business and commercial purposes for which We collect and use this information are described earlier in this Policy.
The categories of third parties to whom We “disclose” this information for a business purpose are described earlier in this Policy.
As a California resident, You have the rights listed below. However, these rights are not absolute, and in certain cases We may decline Your request as permitted by law.
Knowledge.
You can request information about what personal information We have collected about You, including:
- the categories of personal information;
- the categories of sources from which the Personal Information is collected;
- The business or commercial purpose for collecting, selling, or sharing Personal Information;
- The categories of third parties to whom We disclose Personal Information;
- The specific pieces of Personal Information that We have collected about You.
Access. You can request a copy of the Personal Information that We have collected about You.
Deletion. You can request us to delete the Personal Information that We have collected from You.
Correction. You can ask us to correct or rectify inaccurate Personal Information and, taking into account the purpose of processing the Personal Information, ensure that it is correct.
Opt-out of sales or sharing. You can ask that We do not “sell” or “share” Your Personal Information as “sell” and “share” are explicitly defined under the CCPA. For more information, please refer to the section titled “Right to Opt Out of the Sale and Sharing of Your Personal Information” below.
Nondiscrimination. You are entitled to exercise the rights described above free from discrimination.
In order to submit a request to exercise Your right of knowledge, access, or deletion pursuant to the CCPA, please follow the instructions for submitting a Rights Request as detailed above. We reserve the right to confirm Your California residence to process Your requests and may be required to confirm Your identity to process certain requests. For example, We take reasonable steps to verify the identities of California residents submitting requests to delete or access Personal Information.
Right to Opt Out of the Sale and Sharing of Your Personal Information
SBP does not sell Your Personal Information in the conventional sense (i.e., for money). Like many companies, however, We may use services that help deliver interest-based ads to You. The advertising network serving these advertising may compile Personal Information of their own about You. Making Personal Information (such as online identifiers or browsing activity) available to these companies may be considered a “sale” or “sharing” of Your Personal Information under the CCPA.
In a situation where such advertising is shown to You, You can request to opt out of such “sale” or “sharing” of Your Personal Information using the “Control Cookies” link in the footer of each page.
In addition, some internet browsers offer the option to enable opt-out signals such as Global Privacy Control that lets You tell websites that You do not want to have Your online activities tracked. SBP responds to these signals by processing them as a request to opt out of the “sale” or “sharing” of Your Personal Information as discussed above.
Please note that You will still see some advertising, regardless of Your selection. We do not impose verification protocols for processing opt out requests unless We have reason to question the authenticity of a requester’s identity, in which case We may request evidence of identity and California residency.