Affinda Pty Ltd and its related entities (together, “Affinda”, “we”, “our” or “us”) have created this Privacy and Data Protection Policy (the “Policy”) to demonstrate our respect, commitment and vigilance in safeguarding the privacy and data security of the individuals and organizations with whom we deal and to ensure compliance with all applicable privacy and data security laws.
We collect, use and keep information in compliance with the Australian Privacy Principles set out in the Australian Privacy Act 1988 and the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and all relevant regulations.
This Policy aims to give you information on how Affinda collects, processes and uses your personal data, including when you contact us, visit our website, apply for a job, or use our products or services.
Please note that:
The nature of our products and services and the fact we operate in a business-to-business (“B2B”) environment means that we retain very little or none of your personal data, and we continue to strive to ensure that we retain as little personal data as possible of our clients.
The personal data we collect, hold, use or disclose about you depends on the nature of our interactions and the circumstances about its collection. We may collect and process the following data about you:
We may also collect other data you choose to provide to us and details of the interactions that you have with us.
Whenever it is reasonable and practicable to do so we will collect data about you directly from you. We do this in various ways including when:
We may also collect data about you through our business relationships and contacts as well as from third-party sources, including publicly available sources such as Twitter, Facebook pages, LinkedIn profiles, company websites and online directories.
Data about our clients is a critical part of our business and we are not in the business of selling our clients’ personal data.
We collect, hold, use and disclose personal data for a range of purposes, including:
If we are unable to collect your personal data, we may not be able to communicate or respond to you or do business with you or your organisation.
We have set out below, in a table format, a description of the primary ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
To register you as a client or account holder
To perform a contract with you
To manage our relationship with you
(a) To perform of a contract with you (b) To comply with a legal obligation (c) For our legitimate interests (to keep our records updated and to analyse how clients use our products or services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) To comply with a legal obligation (b) For our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
For our legitimate interests (to analyse how clients use our products or services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, client relationships and experiences
For our legitimate interests (to define types of clients for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
To make suggestions and recommendations to you about goods or services that may be of interest to you
For our legitimate interests (to develop our products or services and grow our business)
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates or third parties. The linked sites are not under the control or supervision of Affinda. If you follow a link to any of these websites, please note that these websites have their own privacy policies or notices and that Affinda does not accept any responsibility or liability for these policies or notices. We recommend that you check these policies or notices before you submit any personal data to these websites. These links are provided merely as a convenience, and do not imply any endorsement of the site by Affinda.
You have the right to withdraw consent to marketing at any time by contacting us or by using the opt-out links in our communications.
Where you opt out of receiving these promotional or marketing messages, this will not apply to personal data provided to us as a result of a product or service purchase.
If you are an existing client, we will only contact you by email with information about products and services similar to those that were the subject of a previous sale to you.
We will not sell or rent your personal information to third parties or share your data with third parties for marketing purposes. We may use third party software to send you information for marketing purposes, but such third parties will not have access to or be able to read your personal information.
If you receive an email which claims to come from us but does not use our domain, or if you are suspicious that an email may not be approved by us, then please send a copy of the email to email@example.com so we can investigate.
The security of your personal data is fundamental to the way that we do business and starts with our core infrastructure.
We endeavour to hold all personal data securely in accordance with our internal security procedures, industry standards and applicable law. We update and test our security on an ongoing basis. While we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website through the internet; any such transmission is at your own risk and we ask that you only do so in a secure environment.
We maintain appropriate administrative, physical, technical and organizational measures to protect your personal data received, accessed or processed by us against unauthorized or unlawful processing or accidental loss, destruction, damage or disclosure.
As a global enterprise, we have international sites and users all over the world. When you give us personal data, that data may be used, processed or stored anywhere in the world, including countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. We will take reasonable steps to prevent or stop such processing where we know that a supplier is using or sharing personal data in a way that is contrary to this Policy.
By submitting your personal data, you agree to this transfer, storing or processing of your personal data.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We take all reasonable measures to ensure that all personal data we collect, hold and use is complete, up to date and relevant. You can contact us at any time (using the “Contact Details” below) to request access to or to correct your personal information. Once we have verified your identity, we will generally provide you access to your personal data. However, there may be some instances where we are permitted or required (such as by law or regulation) to deny access or where we may refuse to correct your personal data. In such a situation, we will communicate the reasons for our decision. If we do not allow you to access or correct such data, and you do not agree with our decision, you can make a complaint by following the process below.
GDPR gives you certain rights with respect to your personal data, including the right to access information held about you.
In accordance with the GDPR, you can exercise your right of access by emailing our Data Protection Officer and make one of the following requests:
Our Data Protection Officer is our General Counsel, contactable at firstname.lastname@example.org.
If you have any questions, concerns or complaints about how we have handled your personal information, then you may contact us using our “Contact Details” below. To help us respond to you, please include as much detail as possible about the information that you would like to access or correct and, if applicable, how you’d like to access this information.
Once we have received your message, we will investigate and respond to you as soon as practically possible. We will try to respond to your message or resolve your complaint as quickly as possible, and by no later than thirty (30) days after we receive your message.
If you are not satisfied with our response, you can contact us to further discuss your concerns or exercise your legal rights in the relevant jurisdiction. For example, in Australia, you may lodge a complaint with the Australian Information Commissioner (for more information here, please visit: www.oaic.gov.au).
If you would like more information about our approach to privacy and data protection, or if you wish to contact us regarding the terms in this Policy and how it may apply to you, please contact us: