Omnyfy Marketplace Platform Privacy Policy

1) Introduction

Omnyfy Technology Pty Ltd ABN 63 619 363 325 and its Australian related bodies corporate    (we, us, our) understand that your privacy is important and we are committed to safeguarding personal information about individuals that we handle.  This Privacy Policy describes generally how we manage your personal information and protect your privacy.

This Privacy Policy is intended to provide a general overview of our policies in respect of the handling of your personal information (whether you are a merchant, end user that uses our products, technology, platforms, applications or services (together the Services), a customer of a store or entity that uses our technology, a participant in our ‘Partner’ programs or whether you are simply visiting our websites). “Personal information” is essentially information or an opinion about an identified or reasonably identifiable individual.

By using any of our Services, or by dealing with a merchant or other entity using our Services, you are agreeing to the terms of this Privacy Policy and, as applicable, our Contract and Terms of Use.

Other policies may override or complement this Privacy Policy in certain circumstances.  For example, when we collect personal information from you, we may advise a specific purpose for collecting that personal information, in which case we will handle your personal information in accordance with that purpose.

This Privacy Policy is intended to cover most personal information handled by us, but is not exhaustive.  If you have any queries about our handling of your personal information, please contact us for further information using the details below.

We may update this Privacy Policy from time to time including in relation to changes to our privacy practices or for other operational, legal, or regulatory reasons. If material changes are made to this Privacy Policy, we will give you notice by posting the revised policy on our website, and where appropriate, by other means. By continuing to use our website or Services after any changes are posted, you agree to the revised policy.

 

2) Collection of personal information

We may collect your personal information throughout the course of your interaction with us (for example, if you obtain products or services from us, subscribe to our mailing list, fill out an online contact form, engage with our online marketing or submit an enquiry to us).  The personal information that we may collect and hold about you depends on your dealings with us.  Generally, we may collect:

  • your name and address, email address, telephone number and fax number;
    • payment details;
    • business details; and
    • other personal information that we require or that you volunteer to us (such as your resume, details of your qualifications, skills, education provider, work history and residency status in the event that you apply for employment or a position with us).

Generally speaking, we collect personal information so that we can provide better services to you and ensure that you have convenient access to our services.

We will collect your personal information directly from you unless it is unreasonable or impracticable to do so.  If circumstances require, we may collect personal information about you from third parties (such as your employees, representatives or personal referees) or publicly available resources.  All personal information we collect is limited to that which is reasonably necessary for our functions or activities.

We receive any personal information that you provide to us from third parties (for example, an employee of your business or a referee) on the understanding that we have that individual’s consent for us to collect and handle their personal information in accordance with this Privacy Policy.

When collecting your personal information, we will take reasonable steps to make you aware of the purposes for which we are collecting it, the types of organisations to which we would usually disclose it, whether we are likely to disclose it to overseas recipients (and where practicable the countries in which they are located), whether there are laws or court/tribunal orders which require or authorise us to collect it, and the main consequences for you if you fail to provide it to us.  This Privacy Policy provides these details as they typically apply in most cases, however different details may apply depending on our specific interaction with you.  If we do not notify you of such other details, the information in this Privacy Policy applies.

If you fail to provide personal information requested by us, or if the personal information you supply is incorrect or incomplete, there may be a range of consequences, for example we may be unable to process or respond to your request.  There will not usually be Australian laws or court/tribunal orders which require or authorise us to collect your personal information.

We do not generally collect sensitive information.  If we do collect sensitive information about you  (which may include your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships or details of health or disability), we will only do so with your consent and if the information is reasonably necessary for one of our functions or activities.  We will assume you have consented to us collecting, using and disclosing (in accordance with this Privacy Policy) all information that you provide to us, including any sensitive information, unless you tell us otherwise at the time of collection.

The type of personal information we collect will depend on your dealings with us and your use of the Services. For example:

Marketplace Ownerspersonal and contact details or those of individuals at your organisation (for example your name, email address, home address, telephone number, date of birth, gender) to enable the provision of services and to facilitate our relationship with you, including relevant marketing;

personal and contact details you give us when subscribing to receive emails, newsletters or marketing information from us;

payment details;

additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests;

data about your use of our Services, including when you access your account and our platform(s), including information about the device and browser you use, your network connection, your IP address, and information about how you browse through the our interface and platform;

personal information about your customers that you share with us or that customers provide while shopping or during checkout;

if we need to verify your identity (for example, if there are concerns around identity theft, or if you call into support and we need to authenticate your account), we may request that you provide us with government-issued identification information;

we may use some of the personal information you provide us to conduct some level of automated decision-making – for example, we use certain personal information to help us screen accounts for risk or fraud concerns;

Personal information including your name, address, contact information, driver’s licence or other ID information, business information, business registered number and other relevant information required by our payment gateway partners in order to setup and facilitate the use of the payment gateway for the collection and disbursement of funds on your marketplace platform.
Vendorspersonal and contact details (for example vendor’s name, email address, home address, telephone number, date of birth, gender) to enable the provision of services and to facilitate our and any other users’ (for example, Marketplace Owners’) relationship with you, including relevant marketing;

personal and contact details you give us when subscribing to receive emails, newsletters or marketing information from us;payment details; purchase and business history;
additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests;data about your use of our Services, including when you access your account and our platform(s), including information about the device and browser you use, your network connection, your IP address, and information about how you browse through the our interface and platform;

personal information about your customers that you share with us or that customers provide while shopping or during checkout;

if we need to verify your identity (for example, if there are concerns around identity theft, or if you call into support and we need to authenticate your account), we may request that you provide us with government-issued identification information;

we may use some of the personal information you provide us to conduct some level of automated decision-making – for example, we use certain personal information to help us screen accounts for risk or fraud concerns; Information required to perform KYC and AML checks prior to enabling the Vendor’s access to the marketplace and prior to making disbursements to the Vendor.Vendor business address or other such contact information in order to facilitate shipments from the Vendor, Vendor’s online conference links or other communication information in order to facilitate bookings with the Vendor
CustomersWe collect Marketplace Owners’, vendors’ and any other users’ customers’ name, email, shipping and billing address, payment details, company name, phone number, IP address, information about orders you initiate, information about our supported marketplace stores that you visit, and information about the device and browser you use;

and we use some of the personal information you provide us to conduct some level of automated decision-making — for example, we use certain personal information (for example, IP addresses or payment information) to automatically block certain potentially fraudulent transactions for a short period of time.
Supplierscontact details to enable the provision of your services to us and the fulfillment of our contract obligations, this may include names, email addresses and telephone numbers;

and

bank details and any other details required to enable payment for the services supplied.
Clientsyour contact details or those of individuals at your organisation (such as names, telephone numbers and email addresses) to enable the provision of services and to facilitate our relationship with you, including relevant marketing.
Prospective employees and contractorspersonal and contact details (for example your name, email address, date of birth, gender);business details (ABN, business name and your position within the company – if applicable);

personal and contact details of your emergency contact and referees;

during pre-employment vetting we will request details from you including, your name, your work history, qualifications, contact details (such as email, telephone number and home address), your right to work documents, details required for equality and discrimination legislation checks and your personal preferences, choices and requirements specific to particular requests or services;

details of your education, employment history, bank details and tax file number, Centrelink (or equivalent) and superannuation details, references, right to work and other information you tell us about yourself (e.g. the information contained within your CV);

information from online sources for example social media activity (such as likes, shares, tweets, social media profiles such as LinkedIn profiles), recruitment websites and job boards;

additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests;

we may also collect sensitive information about you (including details of your physical or mental health, racial or ethnic origin, criminal history, trade union membership and/or other sensitive information that you may choose to provide to us voluntarily from time to time;

and generally, we will only collect sensitive information with your consent. Unless you tell us otherwise, we will assume that you have consented to us collecting all sensitive information you provide to us, and to us handling that information in accordance with this Privacy Policy.
Referees and Emergency ContactsWe may require a referee’s contact details (name, email address and telephone number) to enable us to confirm certain details provided by the Candidate or prospective employee, to facilitate the employment process. We may require Emergency contact information (a name, email address and telephone number) is required in case of an emergency where we would need to contact someone on your behalf.

3) Use of personal information

We will generally only use your personal information for the purpose for which we collected it, and for related purposes we consider would be within your reasonable expectations.

We generally use personal information for the following purposes (as applicable in the circumstances):

  • to provide products or services to you or for your benefit;
    • to provide information that you request, to respond to your enquiries, or otherwise achieve the purpose for which you have contacted us;
    • to handle payments;
    • to provide you with marketing and promotional material regarding our or users of our Services’ products or services, including newsletters or other materials;
    • to seek feedback from you and perform market research, so that we can gauge your satisfaction with our products or services;
    • enable and assist Marketplace Owners to:
      • onboard and manage vendors on our platform;
      • collect specific information from vendors to determine if the vendor qualifies to join the platform;
      • attributes for vendors that can be used to search, filter, find and engage that vendor on the platform;
    • enable and assist to:
      • facilitate sign up of customers to the marketplace;
      • facilitate transactions between customers and vendors on the marketplace;
      • facilitate bookings to be taken on the marketplace;
      • enable transactions and fulfilment of services between vendors and customers on the marketplace;
    • enable collection of payment information and processing of payment information on behalf of customers on the marketplace;
    • facilitate payments, payouts and disbursements to the vendors on the marketplace;
    • facilitate support, triage and other help services for both vendors and customers on the marketplace;
    • for our general business operations (such as maintenance of our business records and compliance with our legal and insurance obligations); and
    • to engage in other activities where required or permitted by law.  

By providing us with your personal information, you consent to us using your personal information for these purposes.

You agree that we may send you marketing or promotional communications by post or by electronic means (including email and SMS).  You may request not to receive such material from us by contacting us via the details below or by using the opt-out function provided for in those communications.  If you do not opt-out in either of these ways you will be taken to have consented to receiving such communications from us.

There are no consequences of opting-out of receiving our marketing and promotional communications except that you will no longer receive them, and you may elect to re-join our marketing list at a later stage if you wish.

Where we propose to use your personal information for a purpose other than as outlined above, we will seek your permission (unless we are required or permitted by law to do so without seeking consent).

4) Storage of Personal Information

We take reasonable steps to protect your personal information from misuse, interference and loss as well as unauthorised access, modification or disclosure.

For example, information stored on our computer network is protected by security features and procedures.  We undertake regular monitoring of our practices and systems to ensure the effectiveness our security policies and identify and implement improvements where appropriate.

We make use of cloud-based services for our business systems.  Our data may be stored with these cloud providers in locations outside of Australia, including South East Asia, Europe and the Americas, depending on where the specific marketplace is located.

For the purposes of the Mirvac, the PaaS infrastructure will be provisioned in AWS Amazon Australia South East Available Zone. This ensures that all data is stored at rest within Australia in accordance with the requirements of the Australia Privacy Act.

Generally, we will take reasonable steps to destroy or permanently de-identify your personal information as soon as it is no longer required by us or another user of the Services, for example Marketplace Owners or vendors.  We may retain your personal information where we are required or permitted to do so by law, such as for insurance, legal or corporate governance purposes and for the prevention of fraud.  Your personal information may also be retained in our IT system back-up records.

5) Disclosure of personal information

We will generally only disclose your personal information for the purpose for which we collected it, and for related purposes we consider would be within your reasonable expectations.

We may disclose your personal information to the following third parties (as applicable in the circumstances):

  • Marketplace Owners and vendors. We generally require Marketplace Owners and vendors to ensure that information we disclose is only used for the purposes for which we collect it;
    • certain suppliers that provide services to us (for example, subcontract product manufacturers, market research companies or other service providers).  We generally ensure such organisations are contractually required to ensure that information we disclose is used only for the limited purposes for which we provide it;
    • contractors that we engage as part of providing services to you; or
    • members of our corporate group.

We are not generally likely to disclose personal information to overseas recipients, except with your consent or where we are required to or authorised to do so by law. Please see part 9 below for further information.

6) Access to and correction of personal information

You may contact us to request access to or correction of the personal information we hold about you.  We may refuse to allow access or to amend your personal information if we are legally required or entitled to do so.  If we do so, we will provide you with written reasons for the refusal (unless it is unreasonable to do so) together with information about the options available to complain about the refusal.

We may require you to pay certain costs in order to access your personal information held by us.  We will advise the amount payable (if any) once we have assessed your application for access.  We will not however charge a fee for you to lodge a request for access to or correction of your personal information.

If you lodge a request for access to your personal information, we may fulfil that request in any of a range of ways (for example, by supplying you with a copy of that personal information or providing you with the opportunity to inspect our records).  We may require you to comply with certain procedures before we allow access to or amendment of your personal information to ensure the integrity and security of information that we hold.  Depending on the nature of your request, this may include completing a personal information request form or otherwise verifying your identity to our satisfaction.

We will take reasonable steps to ensure that the personal information that we collect is accurate, up-to-date and complete and the personal information we use and disclose is accurate, up-to-date, complete and relevant.  If we are satisfied that any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly. 

Please notify us if your personal details change so that we may keep our records current.

7) Online privacy

This section of our Privacy Policy sets how we handle your personal information in respect of online services provided by us (which includes any services provided by us via the Internet, such as our website, and also includes email communications between us).

7.1 Automatic server logs

Our servers automatically collect various details when you use our website and platform, including:

  • your IP (Internet Protocol) address (generally, an identifier assigned to your computer when it is connected to the Internet);
    • the operating system and Internet browser software you are currently using; and
    • the data you access (such as web pages or other document files or software), and the time that you access it.

We do not attempt to identify individuals using this information, and only use it for statistical analysis, system administration, and similar related purposes.  This information is available to Marketplace Owners who use Omnyfy’s platform as a service solution and its associated applications and services.

7.2 Cookies and similar technologies

Our website uses “cookies”, which identify your computer to our servers when you visit our website.  We have also collect personal and other information using cookies. A web cookie is a small string of text sent from a website and placed on user’s hard drive by the user’s web browser during data exchange that happens when a browser visits a website.

Cookies allow a website to store information on your machine or mobile device and retrieve it later. Some cookies are managed by us (first-party cookies), while others are managed by third parties that we do not control (third-party cookies), such as Google Analytics. Personal information may also be collected or identified by other data collection or tracking technologies, such as web beacons, which imbed graphic files into our websites and online services which can be used to identify when someone visits our websites or online services, or in the case of web beacons, when an email is read or forwarded.

These small data files, cookies, and graphic files that may be on our websites, platform or systems serve various functions including:

  • delivery of our Services;
  • enhancement of our Services;
  • targeted ads (e.g. from Google or Facebook);
  • tracking performance and engagement across our website and Services; 
  • creation of user statistics and analytics for our website, platform or systems;
  • management of transactions across multiple pages;
  • authenticating you to systems and keeping you logged into those systems; and
  • remembering your preferences.

Our website may store cookies on your computer in order to improve and customise your future visits to the website.  By using cookies, our site can provide customised content to you.  If you do not want information collected through the use of cookies, you may be able to configure your Internet browser to disable cookies.

We do not attempt to specifically identify and track individuals using cookies.

You may choose not to accept cookies in connection with your use of our website or Services by deleting, blocking or disabling cookies via your browser settings (however, this may affect the use or functionality of some webpages or online services).

7.3 Google AdWords Remarketing

We use a Google AdWords advertising feature called Remarketing, as well as Google Analytics services.  These services make use of cookies and similar technologies, analytics and other identifiers to collect data about website traffic. For more information about Google Analytics and how it collects and processes data, see here.  

These features also allow our advertisements to be displayed to individuals that access our website or a marketplace on our platform when they subsequently visit other websites across the Google Display Network, and allow us to better understand how individuals interact with those advertisements and our website and marketplaces generally.  For example, third-party vendors may use cookies to select advertisements based on an individual’s browsing history including previous visits to our website and marketplaces.  Our use of Google services (and in particular, Remarketing) assists us in identifying and providing services to current and potential customers.

Users can usually block cookies, or remove cookies, by editing the privacy and security settings of their web browser or mobile device.  Some features of our website may require cookies to function properly.  If cookies are disabled or deleted, then depending on the particular cookie that is deleted or disabled, users may not be able to use such features of our website, or previous opt-outs may be undone.

By using our website, individuals consent to the storing and accessing of cookies or other information on their device for the purposes of Google AdWords and Analytics, unless they have opted out.  It is possible to opt out of Google AdWords and Analytics advertising features, such as interest based advertising served by Google on its products or across the Google Display Network, as well as prevent the collection of certain data, by visiting the Google Ads Settings website or through other available means.  The Google opt-outs do not stop all advertising.  Google may still serve advertising that is not interest based, and the user may still receive interest based advertising that is not served by Google.

7.4 Email and messages

We may collect personal information from you (such as your name and email address, and any other personal information you volunteer) if you send us an email.  We will use this to contact you to respond to your message, to send you information that you request, and for other related purposes we consider are within your reasonable expectations.  We will not use or disclose any such personal information for any other purpose without your consent.

7.5 Storage and transmission of personal information online

If you provide any personal information to us via our online services (including email) or if we provide such information to you by such means, the privacy, security and integrity of this information cannot be guaranteed during its transmission unless we have indicated beforehand that a particular transaction or transmission of information will be protected (for example, by encryption).

7.6 Other online services

If any of our online services (including any email messages we send to you) contain links to other online services that are not maintained by us, or if other services link to our online services, we are not responsible for the privacy practices of the organisations that operate those other services, and by providing such links we do not endorse or approve the other services.  This Privacy Policy applies only in respect of our Services.

8) Third Party applications

Our platform Shopify’s platform allows Marketplace Owner, vendors and other third parties to connect stores with third party applications, including, for example, to alter their store or provide new functionalities. We ae not responsible for and have no control over how these applications function. Marketplace Owners and vendors ultimately can control which applications they choose to use with their stores, and are responsible for making sure that they do so in compliance with relevant privacy and data protection requirements.

9) Overseas transfers

Generally we do not disclose personal information to recipients outside of Australia, other than to our services providers (such as cloud and storage providers), any vendors or Marketplace Owners located outside of Australia. Generally, these counties include Australia, South East Asia, Europe and Americas. This includes where, for example, you provide us with your contact details in order to process a purchase you make, and we transfer and remit this personal information to one of our vendors or Marketplace Owners, who may be located in another jurisdiction, country or state, in order to execute your order or otherwise.

By using and accessing our websites or Services and submitting your personal information you consent to any disclosure of your personal information by us overseas.

While we have privacy rules in place to protect your personal information, recipients outside Australia may not be subject to privacy obligations or to any principles similar to the Australian Privacy Principles.  Overseas recipients may also be subject to foreign laws which could compel disclosure of personal information to a third party, for example an overseas authority. If you consent to the disclosure and the overseas recipient mishandles the information, you may not be able to seek redress under the relevant laws and regulations of your jurisdiction or elsewhere, and we will not be accountable under any acts or regulations, to the extend permitted by law.

If we transfer your personal information to a person, company, office, branch, organisation, service provider or agent in another country, we will take steps which are reasonable in the circumstances to make sure that we have appropriate security and privacy measures in place with such third parties covering how they hold and maintain any personal information on our behalf.

We use Model Contractual Clauses for the international transfer of personal information collected in the European Economic Area and Switzerland unless the country to which the transfers occurs has been determined to be a Country with Data Protection Adequacy as determined by the European Commission.

10) Our commitment

We are committed to ensuring that your personal information is secure, accurate, current and up-to-date. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within our company.

11) Your rights

In certain circumstances, including if you are a citizen of or are located in the European Economic Area, you may have rights in relation to your personal information including:

  • Access: the right to obtain details as to what personal information is held by us on you and how it is used and to whom it is disclosed. You are also entitled to a copy of any personal information that is held.
  • Correction and deletion: a right to challenge the accuracy of personal information held about you, and right to request that we correct or delete (in certain circumstances) personal information.
  • Restrict use: the right to request that your personal information not be processed (used) for certain purposes.
  • Data portability: the right to request a copy of your personal information in an accessible and machine-readable format (such as a CSV file) and to request that your personal information be transferred to another organisation (if technically feasible).
  • Withdrawing consent: if we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.
  • You also have the right to object or raise a concern in relation to how we collect, process or otherwise deal with your personal information. If you wish to exercise any of these rights, please contact us using our details below. Although we hope that we can resolve any issues for you, you also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction at any time.

For more information about these rights, visit here.

As we wish to avoid taking action in respect of your personal information at the direction of someone other than you, we may ask you for information to verify your identity.  We will respond to your request within a reasonable time.

Please note that, in certain cases, we may continue to process your personal information after you have withdrawn consent and/or requested the deletion of personal information, where we are required to comply with any relevant legal obligation, if we require the personal information for lawful purposes for which the personal information was obtained or if it is necessary to pursue our legitimate interest in keeping our Services and operations safe and secure.

12) Data breach

If a data breach or suspected data breach occurs, we will undertake a prompt investigation, which will include an assessment of whether the incident is likely to result in serious harm to any individuals.  In such a situation we will comply with the requirements of the Act and General Data Protection Regulation (GDPR), which may require notification to the Office of the Australian Information Commissioner (OAIC), relevant European Data Protection Authority and affected individuals.  Please contact us if you have reason to believe or suspect that a data breach may have occurred, so that we can investigate and, if necessary, undertake appropriate containment, risk mitigation and notification activities as required.

13) Complaints

If you have a complaint about the way in which we handle your personal information, or you believe that a breach of your privacy has occurred, please contact us using the details below. 

Your complaint will be considered and dealt with by our nominated representative, who may escalate the complaint internally within our organisation if the matter is serious or if necessary to resolve it.

Please allow us a reasonable time to respond to your compliant.  If you are not satisfied with our resolution, you may make a complaint to the OAIC whose contact details can be found here.

14) Changes to our Privacy Policy

We reserve the right to amend this Privacy Policy at any time.  We publish our current Privacy Policy on our website, and you may obtain a copy of our Privacy Policy from that website or by contacting us.

15) Contact details

If you would like further information about the ways we manage your personal information, please contact us by telephone on +61 (3) 9190 8995, by email info@omnyfy.com  or as below.

Omnyfy Technology Pty Ltd

Attn: Privacy Officer

Suite 8, 134-136 Cambridge Street

Collingwood

VIC 3066

+61 (3) 9190 8995

  1. Disclaimer

To the extent permitted by law, including under the GDPR, this Privacy Policy is provided for the purposes of information only. While we have taken care to ensure that it is accurate and current, we provide no guarantee as to its accuracy or currency. We accept no liability for loss or damage suffered as a result of reliance on the information provided in this Privacy Policy.