Reviewa Pty Ltd ACN 636 118 217 take pride in the trust and confidence that our clients have when interacting with us and accessing the services that we provide. Personal data is highly important, and we consider it just as important to ensure that you fully understand how we will collect, use, disclose and store (process) the personal data that we receive.
When we refer to personal data, we are referring to any information that may be able to identify you personally, alone or in combination with other information, and whether it has been provided to us by you personally, or through one of our partners, service providers or third-party integrations.
This Privacy Policy outlines how we will process the personal data that we receive in connection with any of our websites, software, mobile applications or other services that have linked or directed you to this Privacy Policy.
If we are required to make changes to this Privacy Policy we will notify you that changes have been made through our platforms and the updated policy will be available on our websites.
Our role in how we handle and process personal data, including what we can and can’t do with that personal data, can change in different circumstances. Unlike the Australian Privacy Laws (Privacy Act 1988 (Cth)), some legal systems make a distinction between organisations that simply handle data at someone else’s instruction (data processors) and those organisations that make decisions on how personal data is processed (data controllers).
In simple terms, in some circumstances we will be a data controller – making decisions about how personal data is collected, stored and the purposes for which it is used. For example, if you are a Service Provider (see below), we will make decisions regarding the personal data that we require from you in order to create your account. In other circumstances, we will be only a data processor – using your personal data in the manner that we are instructed. For example, where you are a Service Recipient, we will only use your personal data in the way we are directed by your Service Provider.
The role that we are acting in (data controller vs data processor) can affect how we interact with you and respond to your requests regarding our processing of your personal data. We have provided more information on data requests below.
Throughout our Privacy Policy there will be a number of areas where we invite you to contact us. We welcome any enquiries regarding your Personal Data, or this Privacy Policy. If you have any questions, we are happy to provide answers. You can contact us at support@reviewa.net.au.
We collect different types of personal data about you, depending on how you interact with us. We have provided a breakdown to help you easily identify what we collect and why we need to collect that personal data.
Establishment and service information is the information that we use to establish your accounts with us and to provide our services to you. Examples of the information that fall within this category are: full names; email addresses; passwords that you provide; phone numbers; billing information; name of your business and business address; date of birth, place of birth, ASIC Edge credentials and residential and billings addresses.
We need your personal details so that we can conduct business with you, provide you our services and otherwise communicate with you generally. If you make a payment to us, we may require your account details or other financial information that relates to your payment.
We will collect your communications and feedback for the purposes of improving our services. We collect information that you provide to us throughout our interactions, for example when you send us emails, call us via telephone or submit queries and information through our platforms and applications.
We access information from Microsoft and Google about the device and applications you use to access our services. Device data mainly means your operating system version, device type and browser version. We will also collect your IP address. This information provides us with more detailed of who you are, how you access and use our services.
We may use cookies to track your movement throughout our website. A cookie expires (and therefore is automatically deleted) when you end your browsing session (such as when you log out or close the browser). We also use Google Analytics and Hotjar Ltd to track your behaviour across our sites and applications. This information helps us with security and also provides us with more detailed information regarding who you are and how you access and use our services. Cookies enable us to gather metrics about your interactions with us and to tailor advertising and services to you. You can turn off cookies in your browser settings.
If you access our services from an external source (such as a link on another website or in an email), we record information about the source that referred you to us. Our platform also has a number of third-party integrations. Where you have requested that we provide services to you, we may draw personal data relating to you from those third-party integrations to maximise your service level and experience.
Third party information is collected by us to provide an indication of how you access or locate our services. Third party personal information is also utilised to increase the level of service that we are able to provide to you when you request our services.
Now that you know what personal data we collect, who (or which data subjects) do we collect it from? How we process your personal data depends upon how you use our services. There are four main categories:
You haven’t requested that we provide you with our services, however you have landed on our website, or have interacted with us in some context, such as through a telephone or email enquiry.
You are accessing our services on your own behalf. You will be required to provide us with your own personal data for the purpose of us delivering the services that you have requested. However, you may also provide us with the personal data of other individuals.
You access our services for the purposes of providing your own professional services to clients. You will be required to provide us with your own personal data in order to establish an account with us and to access our services. You will also provide us with the personal data of your clients.
You have engaged a Service Provider to undertake particular services on your behalf. As part of delivery of those services, the Service Provider has engaged with us and provided us with your personal data. In these instances, we are both a data controller and a data processor (in the context that we are using your personal data at the instruction of the Service Provider).
We collect information about Service Providers, Service Recipients, Individual Users and General Contacts for different reasons.
We will only collect personal data about you where you have either consented to our collection of your personal data, it is reasonably necessary for us to provide our services or it is in our legitimate business interests to do so. For example, where you have made an enquiry of us regarding our services, you have provided your personal data to us to enable us to contact you, or we are contacting you following your attendance at one of our events.
We will collect personal data about you where you have provided your consent for us to collect that data, to fulfil our contractual responsibility to deliver our services and to pursue our legitimate business interests. Where you are a Service Recipient and we have received your personal data, we will only process that personal data in accordance with instructions from the Service Provider.
By accessing and using our services (Service Providers, Recipients and Individual Users), or providing us with your personal data (General Contact), you are consenting to the collection and use of your personal data in accordance with this policy. Consent can be withdrawn at any time by ceasing to use our services and notifying us that you have withdrawn your consent.
We process data that we have collected about you in different ways, which largely depend on whether you are using our services as a General Contact, Service Provider, Service Recipient or an Individual User. Each of the below sections sets out how and why information is collected about our different user groups.
If we are required by the order of a Court, a relevant law or decision of a regulatory authority, we may disclose your personal data for the purposes of complying with that order, law or decision. However, regardless of which class of user you fall under, at no time will we ever sell to a third party (being a party other than the Individual Users) your personal data.
As a Service Provider, Service Recipient or Individual User we collect your Establishment and Service Information, Feedback and Computer, Mobile Device, Cookie and Similar Tech Info, both to fulfil our contractual obligations to deliver our services to you and for our legitimate interests.
We use your Establishment and Service Information and any Feedback to respond to your enquiries, provide our services to you and, provided you do not opt-out, to send you marketing and promotional information. We will also use Establishment and Service Information to bill you for our services, provide you with customer support and contact you about our services. You can opt out of direct marketing and promotional communications at any time by unsubscribing through the links in any communications you receive. We will use Computer, Mobile Device, Cookie and Similar Tech Info to: ensure our services are fully functional and operating at an optimal performance level; allow us to measure the performance of marketing campaigns; identify and fix functionality errors; monitor illegal, abusive or undesirable behaviour; track the success of our integrations; and enforce our agreements and comply with other lawful requirements.
You can object to any of the above uses of your data - however, this will impact upon our ability to effectively deliver you our services.
Where you have provided it to us, we will collect your contact information, which may include your name, email address, telephone number or any other information that you provide us in an enquiry, online form, RSVP, business card or otherwise. We use this information to get in contact with you to respond to queries and provide you with information regarding our services. This may include direct marketing and promotional information. If we have sent you marketing and promotional information, you will be able to opt-out at any time. We may also collect “Computer, Mobile Device, Cookie and Similar Tech Info” and “Feedback”. We collect this information to: allow us to improve our services and the security systems and technology that we implement; prevent illegal (including fraud), abusive and detrimental activity; help us determine the nature in which you have used our services or, if you haven’t, how you may wish to use our services in the future; allow us to assess the success of marketing campaigns; and track the success of our integrations and referral processes.
Many of our services let you share information with other integrations. Where you are a Service Provider, remember, you hold the keys to the personal data of numerous persons. Therefore, you also have a responsibility to them. No user should ever share their password or access to any account they have established to access our services with any other person. We can provide you with the ability to share and delete your personal data through our services, however, we cannot delete or control data that you have shared outside our services.
Our services and platform involve a number of third-party integrations. These third-party integrations will have access to the personal data of Individual Users, Services Providers and Service Recipients that has been provided to us for the purposes of enabling us to deliver our services. We utilise third-party integrations to: facilitate your access to our services including optimising user experience; track and report on marketing metrics; and provide payment facilities.
The current third-party service providers with which we integrate include: Amazon AWS, Xero, FuseSign EDGE, TinyMCE, Zendesk, Google Analytics, Stripe & Hotjar.
All third parties that are engaged are required to comply with the same data security and privacy standards that we impose, and that are otherwise imposed by law.
We have implemented security measures to protect the security of your personal data. However, as with any transfer of data, there are still risks of data breaches. There may be instances where your personal data is transferred to third party countries and international organisations, some of which may not comply with privacy standards comparable with those in Australia. Such transfers are necessary in order for us to perform our contractual obligations and also to deliver the services.
The parties to which we currently allow access to such information include:
FuseSign;
Xero; and
Stripe.
These parties may change in the future and we will update this Privacy Policy when such changes take place.
You may withdraw your consent at any time by contacting us using the contact information contained in this policy. However, this may affect or limit your ability to use our services. In all other circumstances we will only disclose personal data to a third-party country or international organization if the disclosure of the information is required or authorized by or under a law or a court/tribunal order.
We have implemented comprehensive security systems to protect your personal data. We use administrative, technical and physical safeguards to ensure your personal data is stored and used securely. In addition, all our staff that handle your personal data are trained in appropriate administrative steps to reduce risk of loss, misuse, unauthorized access, disclosure and alteration of your data. Our onsite premises are secured to ensure no loss of hardware or physical records which store personal data.
We regularly review security and privacy practices to ensure our systems are best practice. While we cannot guarantee that loss, misuse or alteration of data will not occur, we use all reasonable efforts to prevent this.
It is also important for you to guard against unauthorized access to your personal data by maintaining strong passwords and protecting against the unauthorized use of your own computer or device.
We keep a record of your data whilst we provide our services to you. We also retain your data following our provision of our services to you to optimise your experience should you request our services again in the future. We review our personal data records periodically and, once we determine personal data is no longer relevant or required for our legitimate business purposes, we delete such personal data. We make our assessment of whether personal data remains relevant based on the period of time that has elapsed since your last interaction with us.We also provide functionality within our platform for Service Providers and Individual Users to amend, update or delete certain personal data that they have provided.
You have a number of rights in regard to the personal data that we process. However, please note that if you are a Service Recipient and a Service Provider has provided us with your personal data, you may need to reach out to the Service Provider to organise the access to, correction, restriction or erasure of your personal data. We will provide you with all reasonable assistance in this regard.
If you are a General Contact and want to exercise any of the following rights, please contact us directly.
We will respond to all requests to exercise the above rights within a reasonable time (and in all cases within 30 days of receiving a request).
Upon request to your personal data.
Even after it has been provided, you may withdraw your consent to our processing of your data at any time by contacting us.
The ability to restrict the manner in which we use your data. You may request restriction on processing for specific actions that we are undertaking, whilst not restricting our processing of other kinds of your data.
If you feel that the data we are storing about you is incorrect, please contact us to notify us of the error, or alternatively amend your data through your account.
Where possible and feasible to do so, we are happy to provide you with a copy of the data that we hold about you, in an electronic format that you may provide to other processors or controllers.
You may contact us directly requesting that we delete any of your personal data that we are processing.
The right to object to processing or restrict processing – even after you have provided your consent, you may object to our use of your personal data for certain processes.
If you are concerned that we have misused your personal data, we want to hear from you. Please contact us using the information contained in this Policy.
We commit to responding to all complaints within 30 days of receipt and will notify you in writing as to what action we propose to take in relation to your complaint. We will also provide you with details of what further action you can take if you are not satisfied with our response.
You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction, which in Australia is the Office of the Australian Information Commissioner. If you are not in Australia and are unsure who your relevant supervisory authority may be, please contact us so that we may provide you with assistance.
.png)
