Legal
person pronoun.
1. Overview
1.1
We understand that your privacy is paramount and are committed to ensuring the safety
and security of your Personal Data. The purpose of this Privacy Policy (“Privacy Policy”) is to
inform you as to how we manage, collect, use and disclose Personal Data.
1.2
You accept this Privacy Policy and consent to us collecting, using or disclosing your
Personal Data in accordance with this Privacy Policy when you provide your Personal Data
to us when signing up for, accessing, or using any products, Services, content, features,
technologies or functions offered by us.
2. Collection of Personal Data
2.1
In this Privacy Policy, “Personal Data” refers to any personal information or data,
whether true or not, about an individual who can be identified, or is reasonably identifiable,
from that data, or from that data and other information to which we have or are likely to have
access, including data in our records as may be updated from time to time.
2.2
The Personal Data that we may collect may include the following:
- Personal Data necessary for us to provide our Services, this includes, but is not
limited to phone numbers, fax numbers, email addresses, mailing addresses, and
information concerning your debit card and/or other accounts; and - Any other Personal Data that may be necessary for us to comply with applicable
legal, regulatory and other compliance requirements of the jurisdictions in which we
operate. - Where possible and permissible under applicable laws, we will allow you to interact
with us anonymously or using a pseudonym. For example, if you contact us with a
general enquiry, we will not ask for your name unless we need it to adequately
handle your enquiry. However, for most of our functions and activities and to comply
with applicable anti-money laundering and counter-terrorism financing laws and
regulations, we usually need your name and contact information.
2.3
Typically, we collect Personal Data from Users when they visit our Website. We also
collect Personal Data from business contacts, business partners, companies that we may
invest in, credit bureaus, independent identity verification services, or any other third parties
that we work with for the purposes of performing our Services, or from publicly available
sources.
3. Use of Personal Data
3.1
We may use the Personal Data we collect:
- To provide our products and/or services
- To respond to, process and handle your queries, feedback, and suggestions;
- For internal audits;
- For security and risk management;
- For identity verification and authentication;
- For legal, regulatory and other compliance requirements (including providing
assistance to law enforcement, judicial, regulatory or other government agencies and
statutory bodies); - for marketing and promotion related activities; and
- if you are seeking employment or any other appointment with us, to:
- process and assess your application;
- perform background checks;
- verify your credentials and qualifications as well as obtaining employment
references; and - carry out other purposes related to the recruitment process
3.2
You may opt out of receiving marketing information by notifying us accordingly (for
example, by calling our customer service hotline or sending us an email), or by using an
unsubscribe facility we provide for that purpose.
3.3
3.3. We will not use Personal Data for any purpose other than those for which we are
permitted under applicable laws and regulations.
4. Disclosure of Personal Data
4.1
We may share and disclose Personal Data with:
- our partners and suppliers in connection with the provision of the Platform and
Services to our Users; - partners, licensors, vendors, agents, contractors or third-party service providers who
provide services to us including but not limited to insurance, consultancy, courier
services, telecommunications, IT, payment, printing, billing, payroll processing,
technical services, training, market research, call centre, security or other such
services to us; - in the event of an actual or prospective business asset or share purchase transaction
(such as any merger, acquisition or asset sale), any business partner, prospective
investor, assignee, or transferee for the purposes of facilitating such a transaction;
and/or - any relevant government regulators, statutory boards or authorities or law
enforcement agencies as required or authorised by any laws, rules, guidelines,
regulations or schemes.
4.2
Otherwise, Personal Data is disclosed only for the purposes set out in clause 3.1 of this
Privacy Policy.
4.3
We may utilise a “captcha query” app that asks visitors to play a puzzle game to access
our site. While visitors interact with the captcha, the app provider may collect data for its risk
engine to identify malicious features. By this way, the app provider distinguishes legitimate
humans with an intuitive interaction for the purpose of anti-robot detection.
4.4
In exceptional circumstances, we may also be required to disclose Personal Data where
there are grounds to believe that disclosure is necessary to prevent a threat to life or health,
or for law enforcement purposes.
4.5
In some cases, we shall encrypt, anonymise or de-identify, or aggregate the information
before sharing it. Anonymising and de-identifying means stripping the information of
personally identifiable features. Aggregating means presenting the information in groups or
segments e.g. age groups.
4.6
We may disclose your Personal Data to a third party referred to above that is located
outside Australia, e.g. Singapore where we are compelled to do so by the relevant
authorities of the jurisdiction that we operate our business (as applicable in the
circumstances). In the event that there is a need for us to transfer your Personal Data to
another country, we will ensure that the standard of data protection in the recipient country is
comparable to that of the country from which the Personal Data is being transferred.
4.7
We will ensure that such third parties located overseas observe strict confidentiality and
data protection obligations, and shall ensure that any Personal Data transferred overseas
will be handled in accordance with applicable law. We achieve this by requiring relevant third
parties to provide us with written confirmation (for example, by signing a non-disclosure
agreement or other commercial agreement) that they will provide adequate protection in
respect of the Personal Data in question.
5. Access to and Autocorrection of Personal Data
5.1
We take reasonable steps to ensure that your Personal Data is accurate, complete, and
up-to-date whenever we collect or use it. If the Personal Data we hold about you is
inaccurate, incomplete, irrelevant or out-of-date, please contact us and we will take
reasonable steps to either correct this information, or if necessary, discuss alternative action
with you.
5.2
You should ensure that all Personal Data submitted to us is complete, accurate, true and
correct. Further, when you provide us with any Personal Data relating to a third party
(including your spouse, children, parents and/or employees), you represent and warrant to
us that you have obtained the consent of the third party to provide us with their Personal
Data.
5.3
We will, on request, provide you with access to the Personal Data we hold about you,
including for the purpose of correcting or updating that information, unless there is an
exception to such disclosure which applies under relevant privacy legislation. If you require
access to your Personal Data, you may contact our Data Protection Officer (whose contact
details are set out below) and we will be happy to help you as best as we can.
5.4
Where permitted under applicable law, if you wish to inquire about the way in which
Personal Data relating to you has been used or disclosed by us in the past year, or wish to
withdraw your consent to our use of such Personal Data, you may contact our Data
Protection Officer (whose contact is set out below) and we will seek to attend to your request
as best as we reasonably can.
5.5
Please note that, for all requests to access your Personal Data:
- You may be required to put your request in writing for security reasons;
- In order for us to provide any Personal Data we will need to verify your identity and
may request further information about your request; - We may refuse access to your Personal Data if it would affect the privacy rights of
other persons or, or if permitted in some jurisdictions, if it breaches any confidentiality
that attaches to that information; - We may also refuse your request where we are legally permitted to do so and give
you reasons for the refusal and inform you of any exceptions relied upon under
applicable law (unless it would be unreasonable to do so); - We may take a reasonable time to process your application for access as we may
need to retrieve information from storage and review the information in order to
determine what information may be provided; and - We may charge you a reasonable administrative fee for retrieving Personal Data
relating to you.
6. Security of Personal Data
6.1
We take appropriate security measures to protect your Personal Data from misuse,
interference or loss, and from unauthorised access, modification or disclosure.
6.2
The security measures that we may take to protect your Personal Data include but are
not limited to the following measures:
- Physical measures: Physical records of your Personal Data will be stored in a
properly locked place. - Electronic measures: Computer data which contain your Personal Data will be stored
in computer systems and storage media subject to strict login restrictions. - Management measures: only staff members duly authorized by us can access your
Personal Data, and these staff members shall comply with our internal code
concerning Personal Data confidentiality. - Technical measures: encryption techniques, such as Secure Socket Layer
Encryption, may be used to convey your Personal Data. - Other measures: our network servers are protected by appropriate firewall(s).
6.3
Notwithstanding the above, please note that we will not be held liable or responsible for
any loss, misuse or alteration of Personal Data that may be caused by third parties.
6.4
Sometimes our Website contains links to other websites. When you access a website
other than our Website, we are not responsible for the privacy practices of that site. We
recommend that you review the privacy policies of each website you visit.
7. Retention of Personal Data
7.1
We will only retain Personal Data for only as long as there is a business or legal need. In
the event that retention of Personal Data is no longer necessary for any business or legal
purposes or when the purpose for which the Personal Data was collected is no longer being
served by the retention of the Personal Data, we will remove, destroy or anonymise / de-
identify the Personal Data.
8. Collection of Cookies
8.1
When you visit our Website, please note that we will use Google stats via cookies to
record our performance and check the effectiveness of online advertising. Cookies are a
small amount of data that is sent to your browser and stored on your computer hard drive.
Only when you use your computer to access our Website can the cookies be sent to your
computer hard drive.
8.2
Cookies are usually used to record the habits and preferences of visitors in browsing the
items on our Website. The information collected by cookies is non-registered and collective
statistical data and does not include Personal Data.
8.3
Cookies, which enable the Website or service provider system to recognise your
browser and capture and recall information, cannot be used to obtain data on your hard drive
or your Personal Data. Most browsers are designed to accept cookies. You can opt to set
your browser to reject cookies, or to notify you as soon as possible if you are loaded on
cookies. However, please note that if you set your browser to disable cookies, it is possible
that you may not be able to launch or use some functions of our Website.
9. Privacy Complaints
9.1
If you believe that we have breached this Privacy Policy, or any other applicable privacy
or data protection laws or regulations which may apply to us, please contact our Data
Protection Officer at support@ontoro.com
9.2
If you make a complaint, we will endeavor to respond to it as soon as possible. If you
are dissatisfied with our response, you may have the right to make a complaint to the Office
of the Australian Information Commissioner by phoning 1300 363 992 or by email
at enquiries@oaic.gov.au.
10. How to Contact us
10.1
If you have any questions about our Privacy Policy or concerns about our commitment
to your privacy, or otherwise would like to contact us, please feel free to email or write to the
Data Protection Officer at support@ontoro.com.
11. Modifications to the Privacy Policy
11.1
We may modify and update this Privacy Policy from time to time. Any such
amendments will be effective upon notice to you by publication or other means of
communication, electronic or otherwise.
11.2
We will display a notice on our Website for a reasonable period after any such
amendments have been made. We will keep the then-current version of this Privacy Policy
on our website.
11.3
Unless you object to amendments to this Privacy Policy by manifesting an intention to
terminate your service agreement in writing, your continued use of our Website and Services
will be taken as acceptance by you of the amendments.