+61 3 7018 3136 Melbourne Sydney
 

Privacy Policy

Effective date: 20 November 2018

This Privacy Policy applies to all the entities within the Touch Projects group, including Touch Projects Limited, it’s preceding and owning entities, and any related legal entities or trusts.

In this document, we are collectively referred to as “Touch Projects” (or “us”, “we”, “our”, or “TPL”).

Introduction

We respect your privacy and understand that your privacy and personal data is important to you.

This Privacy Policy explains how we collect, store, use, and disclose your Personal Data.

If you have any questions regarding this Policy, you should contact the Touch Projects Privacy Officer (see ‘Contact us’).

While different jurisdictions have different privacy laws and standards, our global privacy and data protection arrangements are based on compliance with:

  • Australian Privacy Principles and the Privacy Act 1988 (Australian Cth.); and
  • European Union (‘EU’) General Data Protection Regulation (‘GDPR’).

Collectively, we consider the above legislation to be “Privacy Legislation”.

Given the nomenclature of GDPR legislation is more specific, we have mirrored that language in this Privacy Policy.

Definitions

First, let’s define some key terms to help us explain how we manage your privacy and data…

Controller”: the natural person or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes of and means for the Processing of Personal data.

Data Subject”: the natural person to whom the Personal Data relates.

Personal Data”: any information relating to an identified or identifiable natural person (‘Data Subject’) that is processed in the context of the Main Agreement; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data Breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Processing”: any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Processor”: a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of a Controller.

Collecting your Personal Data

We will only collect Personal Data about you if you provide it to us knowingly or otherwise in accordance with this Privacy Policy. Generally, you control the amount and type of information that you provide to us.

We will never collect more Personal Data than the minimum we need in order to conduct core business operations.

We collect your Personal Data to allow us to conduct our business functions and to market and sell our products and services, as well as the specific purposes set out in the section entitled “Using your Personal Data” below.

Be aware that if you do not provide certain Personal Data, we may not be able to provide certain services to you.

When you register with us, re-register with us, amend your existing details, acquire services, visit our website(s) (see below), visit affiliated websites worldwide, request information about us or our products, or otherwise contact us (via our website(s) or otherwise), we may collect Personal Data about you including (but not limited to) your full name, email address, telephone number, country of residence, and date of birth.

Websites, cookies, IP addresses, log files, and third-party sites

We may keep a record of visits to our website, using “cookies” and “log files” to store your preferences, record session information and collect information on how you visit and access our web pages. This information is collected automatically whenever you use the website. A cookie is a small amount of data (which may include information about a user’s identity, browser type or website visiting patterns) that is sent to your Internet web browser from our web server and stored on your computer. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them. If you disable the use of cookies on your web browser or remove or reject specific cookies from our website or linked sites then you may not be able to gain access to all of the content and facilities in those websites.

We may also log IP addresses (i.e. the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users’ movements on the website, and gather broad demographic information for aggregate use for advertising and business purposes.

We may also collect information on our websites that cannot be used by itself to identify you personally. In certain cases, especially when combined with other data, this information can nonetheless be considered Personal Data as defined in the GDPR. We may also collect information on our websites that does not allow us to identify you, either directly or indirectly; this includes, for example, aggregated information about all users of this website.

Our websites may contain links to other sites. We are not responsible for the privacy policies of such sites. We recommend that you examine the privacy policy for all third-party websites you visit, or third-party affiliated entertainment sites worldwide, to understand their procedures for collecting, using, and disclosing Personal Data.

Using your Personal Data

In compliance with data protection regulations, we process your Personal Data only if permitted by law or if you have given explicit consent. This also applies to our processing of Personal Data for advertising and marketing purposes.

We use your Personal Data to:

  • enable us to provide our products and services to you
  • assist you by providing you with information and support, and managing and administering your relationship with us
  • administer our websites and any related back-office systems (such as Google Analytics)
  • conduct research for the purposes of improving existing products or services or creating new products or services,
  • comply with legal and regulatory obligations,
  • communicate with you to provide you information, on, for example, special offers and products and services that may be of interest to you,
  • for other purposes required or authorised by law, including other purposes for which you have provided your express consent,
  • allow us to provide advertising material to you regarding us, our related entities, and our business partners.

You consent to us using your Personal Data in the above ways.

We may not collect or use your Personal Data for purposes not listed above. If we do, we will advise you at the time and delete that information permanently.

We will not use Personal Data in a manner inconsistent with Privacy Legislation.

Disclosing your Personal Data

Within the Touch Projects Group of companies

We will keep your Personal Data strictly confidential, and it will only be shared internally within the Touch Projects team, as well as with our related bodies for the purpose of running, managing, administering, improving, and upgrading our services.

Within the Touch projects group we ensure that Personal Data is strictly ‘compartmentalised’, and is only shared between entities, teams, systems, and services where there is a legitimate need consistent with the data and the consent provided for its use and disclosure.

Third-parties

We will not provide your Personal Data to any third-party unless we absolutely have to, and we have a practical and legal basis to do so.

We may provide your Personal Data on a confidential basis to third parties on an “as needed” basis, in the course of delivering products and services to you and to achieve the purposes specified in “Using your Personal Data”.

These parties may include:

  • our third parties that provide products and services to us or through us,
  • other third parties such as regulatory or government authorities,
  • any authorised representatives on your account (for example a parent or guardian where you are a minor), and
  • representatives, agents or contractors who are appointed by us in the ordinary operation, administration or promotion of our business (such as for data storage or processing, printing, mailing, marketing, planning and product or service development).

We may also disclose your Personal Data to our website host(s) or information technology service providers in certain limited circumstances, for example when our website experiences a technical problem or to ensure that it operates in an effective and secure manner.

We’ll only disclose your Personal Data to third-parties:

  • for the purposes set out in this Privacy Policy or any other agreement you enter into with us,
  • in circumstances permitted by Privacy Legislation,
  • if we are otherwise required or authorised by law,
  • if the disclosure is made with your express consent.

Notwithstanding the above, it is our firm commitment that your Personal Data will be kept, to the maximum extent reasonably possible, strictly confidential.

Overseas disclosures

Some of your Personal Data may be processed or stored overseas by us or by our third-party service providers acting on our behalf.

In particular, as at the date of this Policy, your Personal Data may be stored on a Microsoft Office365 SharePoint cloud service. We take all reasonable precautions (inc. stringent access and permissions management, and multi-factor authentication (‘MFA’) to secure and safeguard this data).

We note both that our internal data storage arrangements with Microsoft include rigorous privacy and confidentiality provisions, and that Microsoft also has its own Privacy Policy and stringent legislative and regulatory privacy and confidentiality requirements.

Marketing

You consent to us using your Personal Data from time to time to send you information regarding special offers or promotions about us or our products and services, as well as the products and services of our related entities and our business partners.

You also consent to us sending you such information by means of direct mail, telemarketing, email, and SMS messages.

We will only do this if we believe this will be of interest to you.

If you do not want us to send you any of this material or if you want to stop receiving direct marketing, you can let us know by using the ‘Contact us’ information specified below.

Additionally, wherever possible, any contact from us will come with an “opt out” or “unsubscribe” option.

Safeguarding your Personal Data

We will take all reasonable steps to preserve the security and confidentiality of your Personal Data and other information or data collected by us or on our behalf.

This includes technological, organisational, and contractual steps designed to maximise security and minimise risk.

Breaches

In the event of a Personal Data Breach we will notify you by email or telephone as soon as possible (and within the notification requirements required by legislation, inc. the GDPR).

Accessing and updating your Personal Data

You are entitled to access all the Personal Data that we hold on you.

If you request access to your Personal Data, we will give you full access as quickly as we can.

If you believe that some or all of the Personal Data we hold about you is incorrect, incomplete or inaccurate, then you may request amendment of it, and we will process that as quickly as we can.

How long will my data be saved?

In principle, we store your Personal Data as long as we have a legitimate interest in its storage, and we do not consider our importance to outweigh your interests in the non-continuation of the storage.

Even without a legitimate interest, we can continue to store the data if we are legally obligated to do so (for example, to fulfil record-keeping obligations).

We also delete your Personal Data without your involvement as soon as its retention is no longer necessary to fulfil the purpose for which it was processed, or in cases where storing your data is otherwise legally inadmissible.

Any Personal Data we need to keep in order to fulfil our retention obligations will be kept until the end of the respective retention obligation.

Any Personal Data kept solely for the purpose of fulfilling retention requirements are generally blocked so that they can only be accessed (if necessary) with respect to the purpose of the retention obligation.

Your rights

You have the right to object

You have the right, at any time, to object to our processing of your Personal Data.

In the event of your objection, we will no longer process the Personal Data concerning you, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or if the processing is for the purpose of asserting, exercising, or defending legal claims.

If we process Personal Data relating to you for the purpose of direct marketing, you have the right to object at any time. If you object to the processing for purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.

Revocation of consent

If you have given us consent (for example, in connection with information by email), you may revoke such consent at any time with future effect.

In marketing communications, we always provide a link to “opt-out” or “unsubscribe”.

Further rights

As the Data Subject, you have the right:

  • to information about what personal data has been collected and saved,
  • to correction of incorrect or incomplete data,
  • to the deletion of Personal Data,
  • to the restriction of processing, and
  • to data portability.

To exercise these rights, you may contact us at any time (see ‘Contact us’ at the end of this Privacy Policy).

Changes

We reserve the right to modify this Privacy Policy from time to time.

We may change this Privacy Policy by posting an updated version to the Touch Project website.

Contact us

If you would like to access the Personal Data that we hold about you, have a query or complaint, or would like further information about this Privacy Policy, you can contact us by emailing info@touchprojects.com.au.

We will investigate your queries and complaints as quickly as possible and within a reasonable period of time and will notify you of the outcome of our investigation.