- What is a Privacy Policy?
1.1 This Privacy Policy (Policy) sets out, in accordance with the Australian Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and the New Zealand Privacy Act 2020 (NZ Privacy Act) (if applicable) the way in which Damasca Pty Ltd (ACN 641 281 307) trading as Localcoin (collectively, our, us, or we) may collect, store, use, disclose, manage and protect your Personal Information.
1.2 Website: when we refer to our Website it includes localcoin.com.au, localcoin.com.nz and all sub-domains.
1.3 By:
(a) using and engaging our services generally;
(b) accessing, subscribing to, downloading or using content or functions of the Website and its services;
(c) requesting information on, enquiring about, using, receiving or providing feedback in relation to our services (online, in writing, by telephone or in person); or
(d) otherwise providing, or consenting to the collection of, Personal Information by us or our agents or employees,
after this Policy has been brought to your attention, you acknowledge and consent to the use, collection, storage or disclosure of your Personal Information by us in accordance with this Policy and the Privacy Act and NZ Privacy Act (as applicable).
1.4 If you do not agree to us handling your Personal Information in the manner set out in this Policy we will not be able to provide our services to you and you should not provide us with any Personal Information.
- What is Personal Information?
2.1 We apply the Privacy Act definition of Personal Information:
“Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.”
- What kinds of Personal Information might we collect and hold?
The Personal Information we may collect, hold and process about you depends upon your relationship with us, the service you have requested from us and how you interact with us, for example, as a customer, job applicants, volunteer or visitor to our Website. This information may vary depending on our specific needs.
We may collect Personal Information about other individuals who are not our customers, such as members of the public who participate in events we are involved with, service providers and contractors to support, and other individuals who interact with us on a commercial basis. The kinds of Personal Information we collect will depend on the capacity in which you are dealing with us. Generally, it would include your name, contact details, and information about our interactions with you.
3.1 Customers and prospective customers
When you enquire about our services or when you become a client, a record is made which includes your Personal Information. We may collect the following kinds of Personal Information:
(a) personal and contact details which include your name, address, email address, telephone number and other identification information;
(b) socio-demographic information such as age, date of birth, occupation, nationality and marital status;
(c) Australian and/or New Zealand government identifiers such as Medicare card details;
(d) identity documents such as driver's licence, birth certificate and passport;
(e) information about how you interact with us, such as details of when you call us, use our services, make an enquiry, provide feedback or make a complaint;
(f) digital information including information such as location information (if enabled on your devices), IP address, details of the device and software used to access our websites and digital services;
(g) call records when you contact us (we will let you know at the start of each phone call if the call is being recorded);
(h) information relating to how you use our service such as transactions and transfers within our service;
(i) information required to provide a service or information you have requested; and
(j) any other information relating to you that you provide to us directly.
In some circumstances, we may be required to collect and hold Sensitive Information. Sensitive Information includes but is not limited to Personal Information, health, racial or ethnic origin, political opinions, membership of a political association, professional or trade association or trade union, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices, criminal record and biometric information when used for certain purposes.
We limit the collection of Sensitive Information to when the information is reasonably necessary for, and directly related to, our services and activities and is always subject to your consent. Sensitive Information that we collect may include health and medical information (including an individual’s disability). We will treat your Sensitive Information appropriately and with utmost confidentiality and respect.
We will only keep your Sensitive Information if you consent to us doing so, or if we are required or permitted to by law. If you want us to destroy or de-identify your Sensitive Information, you may request we do so in writing and unless we are legally required to retain it or it is needed to protect our legal rights, we will do so promptly. This may limit our ability to provide services to you.
3.2 Prospective employees, volunteers or applicants
We collect Personal Information when recruiting staff or volunteers, including your name, contact details, qualifications and employment history. Generally, we will collect this information directly from you.
We may also collect Personal Information from third parties in ways which you may reasonably expect (for example, from referees you have nominated or recruitment agencies). Before offering you a position, we may collect additional details such as your tax file number (TFN) or IRD Number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions (for example, positions which involve working with children).
We will manage your TFN (if recorded) in accordance with the Privacy (Tax File Number) Rule 2015 and the Taxation Administration Act 1953.
3.3 Market Research, Marketing and Visitors to our website
You may visit our website without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), your Personal Information will be managed in accordance with this Policy.
- How do we collect Personal Information?
4.1 We collect Personal Information:
(a) directly from you, for example, when you provide that information to us, we contact you or when you contact us;
(b) when providing our services;
(c) when you participate in our services, including marketing or promotional activities;
(d) from third parties who you have authorised to provide us with information; and
(e) from publicly available sources such as the internet and social media.
- How do we hold and secure your Personal Information?
5.1 We may store your Personal Information digitally and in hard copy.
5.2 Digital Personal Information is secured using password-protected computers and databases. Any digital transfer of Personal Information is via secure channels any databases we manage are only accessible through a local network connection. All confidential documents are securely shredded by a third-party provider after storage is no longer necessary or required for our purposes.
5.3 Where we provide you with a service in Australia or New Zealand, we will primarily use data storage providers located inside Australia such as Google Cloud services. Where appropriate, we have agreements with our storage providers to keep all Personal Information they store secure, using reasonable and appropriate security methods.
5.4 However, as an international organisation, we may hold information relating to our services outside Australia. Where this occurs, any information is likely to be held in our office in Canada. For individuals who reside in New Zealand, if we disclose your Personal Information to a foreign entity outside of New Zealand, we will comply with our obligations under the NZ Privacy Act in respect of that offshore disclosure of Personal Information.
5.5 We destroy or de-identify Personal Information in a secure manner when we no longer need it. For example, we generally destroy a record about a complaint after 7 years from when the complaint was resolved.
5.6 We conduct regular audits of our compliance with this Policy and the Privacy Act and NZ Privacy Act to ensure that our privacy framework is in line with industry best practices.
- Why do we collect, hold, use and disclose Personal Information?
6.1 We collect Personal Information for a number of reasons, including:
(a) providing you or a third party with our services or information about our services;
(b) sending communications you request or contacting you and responding to your enquiries;
(c) providing third parties with information about you and your activities for the purpose of providing you our products and/or services (for instance a third party identity verification service provider, or courier/package postal service or our manufacturer);
(d) verifying your identity and complying with our legal and regulatory obligations, including under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009;
(e) ensuring consistency of service across our business and other internal business purposes;
(f) developing or refining our services as well as tailoring our services;
(g) notifying you about changes to our website, services, or activities we offer or provide via our website;
(h) internal business purposes;
(i) providing you with marketing material or contacting you in relation to our business, networking or promotional activities;
(j)publishing testimonials you provide us; and
(k) internal corporate purposes, corporate governance, auditing and record keeping.
6.2 Our use of Personal Information may extend beyond the uses described but will be restricted to purposes related to our functions and activities and only where we are permitted by law to do so. For example, we may disclose your Personal Information as part of a corporate restructure or sale of our business – see paragraph 14.
6.3 We do not collect your Personal Information for the purpose of selling or providing it to third parties to directly market their services to you.
- What do we do with your Personal Information?
7.1 If we collect Personal Information, we may:
(a) use that information for the purposes stated in this Policy and directly related purposes;
(b) store that information in accordance with this Policy;
(c) pass that information amongst entities we work with, our members, associated organisations, business partners or affiliates for the purposes stated in this Policy and directly related purposes;
(d) pass that information to third parties who provide products or services to us (including our accountants, auditors, lawyers, IT contractors, and other service providers); and
(e) provide that information to third parties as required or allowed by law, such as regulators or law enforcement agencies.
- Do you use my information for Direct Marketing?
8.1 We may use your Personal Information to communicate directly with you to promote our Services.
8.2 We use direct marketing to provide you with information about our Services that we believe you may be interested in.
8.3 If you receive direct marketing material from us, and do not wish to continue receiving it, please contact us by any of the methods stated in this Policy, asking to be removed from all future direct marketing programs or by clicking the unsubscribe function included in our electronic direct marketing communications. Once we have received your opt-out request, we will remove you from our direct marketing programs as soon as reasonably practicable.
- What about Cookies, pixels and analytics?
9.1 When you access our website or social media channels, or when you use our services and products, we may receive information about you via automated methods, including (but not limited to) use of a ‘cookie’, a ‘pixel’ or from other analytics software.
9.2 These are tools that our web server may direct your traffic to, send to your computer, or embed on a website, when you visit our website. These tools help us provide services and Products to you, and to recognise when you re-visit the website, show you customised content and to optimise your experience.
9.3 We generally don’t collect Personal Information through these tools, though we may be able to access your IP address and information about your computer.
9.4 You may be able to change the settings of your browser so that Cookies are not accepted generally or so that you are provided with options to accept or reject them as they are sent to your browser.
- Do we ever send your information overseas?
10.1 As an organisation located internationally, your information will be stored in cloud servers (such as Google Suite of products) which may be located overseas, most likely in the United States of America and Canada. For more details, please refer to paragraph 5.3.
10.2 We may upload images and / or footage to our social media accounts or website. The social media accounts and website may be hosted on an overseas server. Where applicable, in the event that your information is sent overseas, we will comply with all applicable laws in relation to such transfer and use our best endeavours to ensure that any overseas supplier will keep all Personal Information secure.
- Can you access your Personal Information or request it be corrected?
11.1 You may request access to the Personal Information that we hold about you by contacting us.
11.2 We will not provide you with access to Personal Information if we cannot verify your identity. An administrative fee may be charged to cover our costs in providing you with access to your Personal Information. This fee will be explained to you before it is incurred.
11.3 We will respond to your access request within a reasonable time and no later than 20 working days after the date we receive your request by:
(a) providing you with access to your Personal Information;
(b) rejecting your access request, and providing you reasons for this rejection in accordance with our obligations under applicable law.
11.4 Access requests may be denied where permitted by applicable law, including for example:
(a) we believe your request is frivolous or vexatious;
(b) we are unable to verify your identity; or
(c) you have not paid the administrative fee (if any).
11.5 If you believe that the Personal Information that we hold is inaccurate or otherwise requires correction, you may send us a correction request by contacting us. We will review your Personal Information and respond to the request within a reasonable period of time and no later than 20 working days after the date we receive your request. If we are not willing to correct errors that you have identified in your Personal Information, you may request that we take reasonable steps to attach a statement to the Personal Information noting the correction sought.
- What happens if you want to deal with us anonymously or using a pseudonym?
You can contact us anonymously or use a pseudonym. If you do so, or otherwise choose not to provide us with your Personal Information on request, we may not be able to provide you with accurate or useful information, and you may not be able to access the full range of our services and we may not be able to investigate incidents or complaints you have made because we don’t know who you are.
- Sale or transfer of business
If we sell or negotiate the sale of our business to a buyer or prospective buyer we may share your Personal Information with a buyer or prospective buyer. We will ensure the confidentiality of your Personal Information is maintained in accordance with this Privacy Policy.
If your Personal Information is transferred to the buyer or becomes subject to a different Privacy Policy, we will give notice to you by:
(a) notice posted on our website;
(b) notice posted to our social media;
(c) by electronic means, either email, text message or other similar method; or
(d) by ordinary pre-paid post.
You consent to us issuing that notice via such methods.
- Can this Policy change?
From time to time, we may make changes to this Policy. When we do, we will highlight those changes in yellow highlight for a period of 14 days. Please make sure you review the Privacy Policy each time you visit our website to keep up to date on any changes. If we make any significant changes, we will endeavour to provide you with reasonable notice of such changes through the Website, or via other means such as email.
- What happens if you have a question or complaint about how we have handled your Personal Information?
16.1 If you have a question or complaint, you can raise it with us by:
Email: [email protected]
16.2 We take all complaints seriously and will respond to you within a reasonable period, usually 30 days unless we consider your complaint to be frivolous or vexatious or if we are unable to verify your identity.
16.3 If you are not satisfied with the way we have handled your complaint, you can make a complaint to the Office of the Australian Information Commissioner at http://oaic.gov.au, or if you reside in New Zealand, the Office of the New Zealand Privacy Commissioner at https://www.privacy.org.nz/.