In Australia, we are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act). For individuals located within the European Economic Area (EEA), we also comply with the General Data Protection Regulation (EEA) 2016/679 (GDPR). Our representative within the EEA is 3C Capital, The Harley Building, 79 New Cavendish St, Marylebone, London, United Kingdom, W1W 6XB. In the United States, we are subject to the California Consumer Privacy Act which applies only to California residents. See CA Civil Code 1798.1000, et seq.
What personal information do we collect?
We may collect the following types of personal information:
- mailing or street address;
- email address;
- telephone number and other contact details;
- details from your employer (if we are dealing with you as a representative of the business that employs you);
- age or date of birth;
- identification number;
- demographic information including household income and family composition information;
- your device ID, your device type, the number of devices which access your account, Internet browser and device operating system details, geo-location information (including country and suburb name based on this), computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information, and your device’s sensor data such as gyroscope, accelerometer, orientation and light intensity;
- details of the products and services we have provided to you (or the entity or business that employs or engages you as a contractor) or that you have enquired about, including any additional information necessary to deliver those products and services and responses to your enquiries;
- any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys; or
- any other personal information that may be required in order to facilitate your dealings with us.
We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:
- register on our website or app;
- communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites; or
- invest in our business or enquire as to a potential purchase from our business.
Personal information relating to employees, applicants and contractors
In addition, when you apply for a job or position with us, we may collect certain personal information from you (including your name, contact details, working history and relevant records checks) as part of the application process. We may also collect these types of information about you from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or to engage you under a contract.
Why do we collect, use, process and disclose personal information?
We will collect, hold, use, process and disclose your personal information for the purposes set out in the table below. If you are located within the European Economic Area (EEA) and/or United States, the lawful basis for our collection, holding, use, processing and disclosure of your personal information is also set out in this table.
We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.
Do we use your personal information for direct marketing?
We and/or our carefully selected business partners may send you direct marketing communications and information about our products and service if you have consented to receiving these communications. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act, in the UK the Privacy and Electronic Communications (EC Directive) Regulations 2003 and in the U.S., the CAN-SPAM Act. You may opt-out of receiving marketing materials from us by contacting us using the contact method set out here - firstname.lastname@example.org - or by using the opt-out facilities provided in the communication.
To whom do we disclose your personal information?
- third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
- professional advisers, dealers and agents;
- payment systems operators (e.g. merchants receiving credit/debit/bank card payments);
- our existing or potential agents, business partners or partners;
- our sponsors or promoters of any competition that we conduct via our services;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
Websites and cookies
We may collect personal information about you when you use and access our website (https://convo.ink).
While we do not use browsing information to identify you personally, we may record certain information about your use of these websites, such as which pages you visit, the time and date of your visit and the internet protocol (IP) address assigned to your computer or other device. We record your IP address in order to assist us to protect our systems from malicious activities, including denial of service attacks, brute force attempts to access our systems and fraud detection and prevention. We store IP addresses for this purpose for 30 days in order to detect and analyse previous attacks on our systems.
We (or a third party acting on our behalf) may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. Cookies are small pieces of instruction stored on your hard drive or device, not on Our Site. Right now, there are two basic types of cookies. One is a session cookie which terminates when the user’s session ends. The second is a persistent cookie, which is a text file that stays stored on your device for a period of time. Cookies enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
Storage of personal data
We will store your personal data for up to 5 years after we have completed providing our services to you (or to the business that employs or engages you as a contractor, if applicable). After this time:
- we will continue to store your personal data only to the extent required by any law applicable to our business or for compliance and risk management purposes; and
- we will delete or de-identify your personal data when it is no longer necessary or required to be kept.
If you are located in the EEA or the United States, we do not store images or videos of your face for any period of time; this information is processed locally on your own device and is not retained by us.
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and/or loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. However, if you become aware of a security breach, please notify us immediately at email@example.com
Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the contact information provided through the website or using the contact details set out below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us using the details set out below and we will take reasonable steps to ensure that it is corrected.
Advertising content delivery
Our content delivery platform collects anonymous performance data relating to the advertising creative. This includes metrics such as time spent in view, user interactions (e.g. click, swipe), and video plays.
The hosts relating to this are:
- render.convo.ink - Creative HTML content delivery
- magpie.convo.ink - Endpoints for receiving metric data.
The purpose of this data collection is to assist with internally generated reports relating to campaign performance. Additionally, we use this data to refine and improve advertising creative formats in our product suite.
The lawful basis for this data collection is considered to be: For our legitimate interests in operating our business efficiently and effectively.
Additional rights under GDPR for individuals within the EEA
If you are located within the European Economic Area (EEA), then you also have the following additional rights under the GDPR. We will comply with all of our obligations under the GDPR in respect of these rights.
Where we process any personal information about you on the basis of any consent given by you, you have the right to withdraw your consent at any time by giving notice to us (which you can do using our contact details set out below). We will give effect to your withdrawal of consent promptly and will cease any processing that you no longer consent to, unless we have another lawful basis for that processing. The withdrawal of your consent will not affect the lawfulness of any processing that occurred prior to the date that you notified us that you were withdrawing your consent.
You have a right to information portability, which is the right in certain circumstances to request a copy of your personal information in a structured, commonly used and machine-readable format and to transmit this information to another data controller. You may also request that we erase any personal information that we hold about you which is no longer necessary for any of the purposes that we collected it for, which you have withdrawn your consent in respect of processing, which you are allowed under the GDPR to object to. We will comply with such requests unless we are permitted or required by law to retain that information.
You also have the right to object to our processing of personal information in certain circumstances, including where we process personal information based on our legitimate interests. You can also request that we restrict our processing activities in some circumstances. If you make such a request then we will continue to store your personal information but will not otherwise process your personal information without your consent or as otherwise permitted by law.
Making a complaint
If you think we have breached the Privacy Act (if you are located in Australia) or the GDPR (if you are located within the EEA) or the CCPA (if you are in the United States), or you wish to make a complaint about the way we have handled your personal information, you can contact us at firstname.lastname@example.org. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within the time required by law (if applicable) or otherwise within a reasonable period of time, typically within 30 days. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
Convo Ink is involved with the following organisations:
- A member of IAB Australia and Europe
- Registered as a vendor in the IAB Europe Transparency & Consent Framework (https://iabeurope.eu/vendor-list-tcf-v2-0/)
For the purposes of the GDPR, our representative within the European Economic Area is:
The Harley Building,
79 New Cavendish St, Marylebone,
London, United Kingdom, W1W 6XB
As our core activities do not consist of processing operations that require regular and systematic monitoring of data subjects on a large scale, we are not required under GDPR to appoint a data protection officer.
Adam Crampton - CTO
Level 5, 157 Walker Street
North Sydney, NSW 2060
Effective: 3 August 2022