Privacy Policy
V4.0 - last updated 18 August 2024
1. About this Privacy Policy
This Privacy Policy describes how StoreConnect Pty Ltd [ABN 43647990725] of Level 22, Sydney Place, 180 George Street, Sydney, NSW 2000 Australia (“we”, “us” and “our”) manages personal information about visitors to our website at https://getstoreconnect.com/, our subscribers (“StoreConnect Subscribers”), their personnel who contact us for technical support or account enquiries; and the individuals whose data is processed by or on behalf of StoreConnect Subscribers using the StoreConnect platform (“StoreConnect”). All such individuals are referred to in this Privacy Policy as “data subjects”.
We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (“Privacy Act”), the United Kingdom Data Protection Act 2018, the European Union General Data Protection Regulation 2016/679 (GDPR), and applicable state privacy laws in the United States (each of which are deemed applicable laws for the purpose of this Privacy Policy).
If we decide to change this Privacy Policy, we will post the updated version on this webpage. Our policy is to be completely transparent about our privacy practices.
With respect to personal information in StoreConnect’s possession, we play a few different roles under global data privacy laws. In order to understand your and our obligations, it’s important to understand the difference between StoreConnect Controlled PI and StoreConnect Subscriber Controlled PI.
- “StoreConnect Controlled PI” means personal information for which StoreConnect determines the purposes and means of processing. This Privacy Policy only addresses StoreConnect Controlled PI.
- “StoreConnect Subscriber Controlled PI” means personal information for which a StoreConnect Subscribers determines the purposes and means of processing. For StoreConnect Subscriber Controlled PI, StoreConnect acts as a data processor, service provider or similar term under applicable law. StoreConnect Subscriber Controlled PI includes user content and end users’ personal information that we host or otherwise process on behalf of our StoreConnect Subscribers. StoreConnect Subscribers tell us what to do with StoreConnect Subscriber Controlled PI. StoreConnect Subscribers are responsible for ensuring that their collection and processing of StoreConnect Subscriber Controlled PI complies with applicable law.
If you are an end user of one of our StoreConnect Subscriber’s sites and want to know how a StoreConnect Subscriber handles your information, you should check the StoreConnect Subscriber site’s privacy policy, as applicable.
2. Summary of Key Points
Our identity and contact details
StoreConnect is operated by StoreConnect Pty Ltd [ACN 647 990 725]. Our contact details are set out at the end of this Privacy Policy.
Personal information that we process
- Subscription/registration, payment and e-commerce transaction data;
- Data entered into and/or uploaded into StoreConnect by our StoreConnect Subscribers when accessing StoreConnect services;
- Direct identifiers and contact information, including your name, postal/mailing address, phone number, or email address;
- Account registration information, such as your username and password;
- Data relating to communications between us and our StoreConnect Subscribers;
- Analytics data;
- Cookies data;
- user information including IP addresses, email addresses, network information, user access logs, usernames, passwords, statistical data and information included by our customers in technical support tickets, telephone calls to our support team and error messages.
The purposes for the processing
We collect personal information to perform our contracts with StoreConnect Subscribers, to provide, support, maintain and improve StoreConnect, to operate and grow our businesses, to provide StoreConnect services (including implementation, hosting, support and maintenance services), to comply with our legal obligations, for internal business purposes such as billing and invoicing, to identify, contact and communicate with our customers, for marketing purposes, to improve StoreConnect, to enforce our legal rights, and for other reasons set out in this Privacy Policy. We collect personal information when a person voluntarily provides it to us via StoreConnect, via online forms on our website, in phone calls and/or emails with us) and when we collect it from third parties and public searches including Google, Facebook and other social network platforms.
3. Personal information
Personal information is generally defined as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person, consumer or household.
4. Principles relating to the collection of personal information
We rely on StoreConnect Subscribers to obtain all applicable and relevant privacy consents and authorisations from visitors to their websites and others, as required by law, in order for the personal information that is entered into StoreConnect to be collected, disclosed and otherwise processed by us. We also rely on StoreConnect Subscribers to ensure that all personal information of their customers held by us is accurate, up to date, complete, relevant and not misleading.
Our policy is to minimise the amount of personal information we collect. Accordingly, we only collect personal information that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
We collect personal information that you give us, whether by email, telephone, in person, via application forms or otherwise. In addition, we may obtain personal information from public sources, where available. However, if it is reasonable and practicable to do so, we will collect personal information about an individual only from that individual.
We encourage StoreConnect Subscribers to ensure that their customers (and other applicable data subjects) are familiar with their privacy policies so that their customers and other applicable data subjects understand how they will collect, use and otherwise process personal information about them, via their eCommerce store.
We will not collect personal information unless the information is reasonably necessary for one or more of our entity’s functions or activities.
StoreConnect Subscribers are responsible for the collection of explicit consents from their eCommerce customers and other applicable data subjects, where required by applicable law. With respect to any such consents where required by applicable law, StoreConnect Subscribers must ensure that all eCommerce customers and other applicable data subjects have the capacity to consent and that any consents obtained from any individual under the age of 16 (or such other age as per applicable law) are authorised by a parent or guardian. With respect to any such consents required by applicable law, StoreConnect Subscribers must notify us if StoreConnect has collected personal information from an eCommerce customer or other data subject who is unable to provide explicit consent for the purposes of applicable law or if an eCommerce customer or other data subject withdraws their consent.
We do not wish to process any data that is personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. StoreConnect is not designed to capture those types of personal information. Please do not enter any such personal information into StoreConnect.
5. Personal information that we collect and how we use it
Our policy is to minimise the amount of personal information we collect. Accordingly, we only collect personal information that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
The personal information that we collect and how we use it is as follows:
a. Payment Data and other data entered into and/or uploaded into StoreConnect by StoreConnect Subscribers when accessing the StoreConnect: If you are a StoreConnect Subscriber who has registered or subscribed to StoreConnect, we will collect and otherwise process the following categories of personal information about your staff: names, telephone numbers, mobile numbers, email addresses, credit card details, bank account details, postal addresses, residential addresses, business addresses and social media accounts. We will process this personal information in order to administer our StoreConnect Subscriber subscriptions, registrations and accounts on the StoreConnect, for the purposes of providing you, as a StoreConnect Subscriber, with access to and use of StoreConnect, to enforce your obligations to pay Service Charges to us and to otherwise enforce compliance with our Terms & Conditions and the contractual obligations that you, as a StoreConnect Subscriber, owe to us. We will also process this personal information in order to provide you with information and assistance about StoreConnect, and to communicate with you in connection with any maintenance notices (that we may issue when the StoreConnect is unavailable), renewal notices and service status updates for the purposes of keeping you informed and up to date about the service status of StoreConnect or where required to provide you with any technical support in connection with StoreConnect. b. Data relating to communications: When our StoreConnect Subscribers contact us, we will collect and process personal information which is the name of the StoreConnect Subscriber, the IP address of the StoreConnect Subscriber and any other personal information that the StoreConnect Subscriber provides to us during the communications. For example, a StoreConnect Subscriber may contact us to ask questions about StoreConnect, seek technical support or advice and to express their interest in upgrading or modifying their accounts on StoreConnect. We will process this personal information in order to provide our StoreConnect Subscribers with information and assistance about StoreConnect, and to communicate with them in connection with any breach, expiry, termination or suspension of StoreConnect. c. Cookies: We only use analytics and essential cookies on StoreConnect. However, if applicable, we will not use analytics cookies without express consent, unless the cookies are strictly required in order for us to provide StoreConnect. Cookies are pieces of information that a web site transfers to a computer’s hard disk for record-keeping purposes. This helps us tailor and improve the information we present to you, promoting higher end user satisfaction when you visit our site. The use of cookies is common in the Internet industry, and many major web sites use them to provide useful features to their end users. A cookie may be used to tell when your computer or device has accessed StoreConnect. Cookies may also be used to personalize your experience with us. Where we request your consent for a cookie we will explain to you what the cookie is proposed to be used for, what information it collects, and give you an opportunity to withdraw your consent to the placement of the cookie on your machine or device if you do consent. You may configure your web browser on your computer or device to reject or block cookies if you wish. If we request your consent to a cookie and you consent to our use of the cookie, you may withdraw your consent to our use of the cookie on your computer or device at any time by contacting us. For further information about our use of cookies, please see our Cookies Policy at https://getstoreconnect.com/cookie-policy. d. Analytics data: We collect and process de-identified information known as analytics data for statistical and analytical purposes, designed to measure and monitor how StoreConnect is being used and to highlight any areas for improvement, optimization and enhancement, which is user location, IP addresses, cookie data, information about devices accessing StoreConnect (IP address, the type of device used to access StoreConnect and the operating system), the amount of time a user spent on StoreConnect and in which parts of StoreConnect, and the path they navigated through StoreConnect. We will process this personal information in order to monitor and detect unauthorized use of StoreConnect and to establish how StoreConnect is used and to highlight areas for potential improvement of StoreConnect. This information is not personal information.
7. Who we disclose personal information to
We only disclose personal information to third parties who perform services for us or where required to provide StoreConnect Services in accordance with applicable law. We will not sell personal information to third parties (other than if we decide to sell or merge StoreConnect or the shares in our company or in the event of a restructure of our corporate group). We will also disclose and/or transfer your personal information to our personnel, contractors, professional advisors and insurer and as otherwise required by law. We may disclose personal information that we collect to third parties for all or any of the following purposes:
- To our affiliates and related entities for business purposes- in which case we disclose your personal information to our affiliates and related entities.
- To procure hosting of StoreConnect – in which case we disclose your personal information to our upstream hosting supplier who hosts StoreConnect (Heroku and Salesforce) and the personal information that you enter into and/or upload into StoreConnect. Our hosting suppliers host that personal information on their computer servers;
- As required to provide StoreConnect Services – which may require us to disclose personal information, such as when we disclose transaction data to Salesforce that the StoreConnect Services are designed to disclose in order to maintain database records in Salesforce concerning StoreConnect eCommerce store transactions;
- Handling claims and complaints – in which case we may disclose your personal information to our lawyers and insurers;
- **Sending out newsletters and other relevant marketing material to StoreConnect Subscribers ** – in which case we may disclose your personal information to our email, marketing and newsletter service providers for such purposes;
- In order to record billing details – in which case we provide your bank account and credit card details to our bank and merchant facility providers;
- For professional advice - when providing information to our legal, accounting or financial advisors/representatives or debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
- If we sell the whole or part of our business of StoreConnect or the shares in our company or merge with another entity **or in the event of a corporate restructure **– in which case we will provide to the purchaser or other entity the personal information that is the subject of the sale, merger or restructure;
- Where required by law.
We may also provide your personal information to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:
- For the purposes of obtaining professional advice;
- To obtain or maintain insurance;
- The prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
- To protect or enforce our rights or defend claims;
- Enforcement of our claims against you or third parties;
- The enforcement of laws relating to the confiscation of the proceeds of crime;
- The protection of the public revenue;
- The prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
- The preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of the court or tribunal.
- Where disclosure is required to protect the safety or vital interests of employees, eCommerce customers or property.
8. Third party platforms
StoreConnect may include links to, or interface with third party websites and platforms. Our linking to those websites and platforms does not mean that we endorse or recommend them. We do not warrant or represent that any third party website or platform operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party websites and platforms prior to sending your personal information to them.
You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on StoreConnect. These widgets and tools may collect your IP address and other personal information. Your interaction with such widgets and tools, and any single sign-on services such as Open ID is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal information.
9. Security
We take our privacy obligations very seriously. Accordingly, we take reasonable measures to protect the personal information that we hold against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures. However, please be advised that when information is transmitted over the internet, it cannot be guaranteed to be completely secure. For information about our security processes, please see our Trust Center at https://trust.getstoreconnect.com/.
10. Retention
How long we retain your personal information depends on the context in which, and purposes for which, we collected it. We generally retain personal information for as long as necessary for achieving the purposes for which it was collected or processed, unless a different retention period is required by applicable law.
11. If you refuse to provide us with personal information
You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about StoreConnect, but not if you subscribe to StoreConnect and contact us about your account.
12. Spam email
We do not send “junk” or unsolicited e-mail in contravention of the Spam Act 2003 (Cth) or any other applicable laws. We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact StoreConnect Subscribers. These transaction-based e-mails are automatically generated. Anytime a StoreConnect Subscriber receives e-mail it does not want from us they can request that we not send further e-mail by contacting us via email. Upon receipt of any such request, we will remove the person from our database to ensure that they cease to receive automated emails from us.
13. Contractors and offshore providers
Subject to the provisions of the Australian Privacy Principle 8 (Cross-border disclosure of personal information) and other applicable laws that limit the cross-border disclosure of personal information, we may transfer your personal information to our hosting providers who host the StoreConnect and the data stored in it. Our hosting providers are located in Australia, the United States and the European Union, and we will transfer personal information processed by the StoreConnect platform to those hosting providers except to the extent that we specifically agree in writing with a StoreConnect Subscriber that personal information must be hosted from a specific location, in which case we will ensure that the information is hosted with the relevant hosting provider from that location only. We also comply with certain legal frameworks relating to the cross-border transfer of personal information by implementing appropriate contractual or other measures, including but not limited to, the European Union or United Kingdom Standard Contractual Clauses, where required.
14. Your privacy rights
Depending on where you live, you may have certain rights with respect to your personal information. You may have the following rights, subject to certain exceptions:
- Right to Rectification. We rely on you to update and correct your personal information. You may modify your account profile by logging into your account. Some personal information can also be changed by contacting us.
- Right to Erasure/ Deletion (i.e., the right to be forgotten). Subject to certain exceptions, you may request that we delete your personal information. All requests must be directed to the contact listed in this Privacy Policy. We may also decide to delete your personal information if we believe your data is incomplete, inaccurate or that our continued use and storage are contrary to our obligations to other individuals or third parties. When we delete personal information it will be removed from our active database; it may take up to 30 days to remove you from certain databases and lists but may only be kept for so long as we have a permissible purpose for processing it. Personal information may remain in archives where it is not practical or possible to delete it. In addition, we may keep your personal information as needed to communicate with you in connection with servicing your account, fulfilling your requests, administering any promotion or program in which you have elected to participate and have not withdrawn your consent, or as needed to comply with our legal obligations, resolve disputes, and/or enforce any of our agreements.
- Right of Access. Subject to certain exceptions, you have the right to know whether your personal information is being processed, and, where that is the case, to request access to, including a copy of, the personal information undergoing processing.
- Right to Data Portability. You have the right to request that we provide the personal information which you provided to us in a structured, commonly used and machine-readable format; and you have the right to transmit such personal information to another entity.
- Right to Restriction of Processing. You have the right to request that we restrict the processing of your personal information.
- Right to Object. You have the right to object to our processing of your personal information.
- Right to Un-Subscribe from Email. If you decide that you do not want to receive commercial emails from us, you can “opt out” from receiving such emails by clicking on the “unsubscribe” link provided at the bottom of every commercial email. Please note that if you choose to opt out, we will still send you emails relating to specific products or services that you purchase, or emails that we believe are pertinent to any communication that you have sent to us, or the relationship that you may have with us. If you decide at a later time that you would like to receive commercial emails from us, you can opt back into our communication list.
If you choose to assert any of these rights under applicable laws, we will respond within the time period prescribed by applicable law. Please note that many of the above rights are subject to exceptions and limitations. If we are not able to provide the requested information or make the change you requested, you will be provided with the reasons for such decisions. Under local law, you may be entitled to lodge a complaint with your local data-protection authority.
15. Notifiable data breaches
We will comply with all applicable privacy law that may apply in the event of a relevant data breach.
16. Our contact details
StoreConnect is operated by StoreConnect Pty Ltd [ACN 647 990 725]. If you wish to contact us for any reason regarding our privacy practices or the personal information that we hold about you, please contact us at the following address:
Privacy Officer StoreConnect Pty Ltd 180 George Street Sydney, NSW 2000 Australia privacy@getstoreconnect.com
We will use our best endeavours to resolve any privacy complaint within 10 business days following receipt of your complaint. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution.
If you are not satisfied with the outcome of a complaint you make refer the complaint to the OAIC who can be contacted using the following details:
Call: 1300 363 992 Email: enquiries@oaic.gov.au Address: GPO Box 5218, Sydney NSW 2001
17. European Economic Area and United Kingdom residents
In addition to the aforementioned information, the following information applies to any individual located in the European Economic Area (“EEA“) or in the United Kingdom (“UK“).
For the purposes of this section, any defined terms have the meaning under the European Union’s General Data Protection Regulation (“GDPR“) or the UK General Data Protection Regulation as applicable.
If you are a resident of the EEA or UK, you have certain rights and protections under the law regarding the processing of your Personal Data.
Data Controller StoreConnect Pty Ltd Level 22, Sydney Place 180 George Street Sydney, NSW 2000 Australia
Data Protection Officer / Representative: privacy@getstoreconnect.com StoreConnect may also act as a data processor on behalf of third-party data controllers and may receive Personal Data from such data controllers. Personal Data received by StoreConnect as a processor will be governed by the privacy policies and contracts with the applicable data controller.
Our EU Representative: Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is: Instant EU GDPR Representative Ltd. Adam Brogden contact@gdprlocal.com Tel +35315549700 INSTANT EU GDPR REPRESENTATIVE LTD Office 2, 12A Lower Main Street, Lucan Co. Dublin K78 X5P8 Ireland
Our UK Representative: Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd. Adam Brogden contact@gdprlocal.com Tel +44 1772 217800 1st Floor Front Suite 27-29 North Street, Brighton England
Lawful basis for processing If you are a resident of the EEA or the UK, we primarily rely on the following bases to process your Personal Data lawfully.
- First, it is necessary for us to process your Personal Data in certain ways in order to provide StoreConnect services to you.
- Second, where you have given us valid consent to use your Personal Data in certain ways, we will rely on your consent. For example, this includes situations where we will obtain your consent prior to sending you information about our products and services.
- Third, in certain cases we may process your Personal Data where necessary to further our legitimate interests, where those legitimate interests are not overridden by your rights or interests. This includes usage statistics, analytics and internal analyses we run to better understand how to use our services so that we can improve our services and also provide you with recommendations on how to get the most out of our services. This also includes information we process and disclose to detect, prevent, and address fraudulent and illegal activities on our services.
- Fourth, in some cases we may process your Personal Data where necessary to satisfy our legal obligations. This includes records containing your Personal Data that we may be required to retain for a period of time or may be legally required to disclose to a government authority or third party.
Data subject rights requests We are a processor for StoreConnect Subscribers who act as data controllers; thus, if you are a customer of a StoreConnect Subscriber and wish to exercise your rights, you must contact your StoreConnect Subscriber, not StoreConnect (except in respect of Personal Data that we collect in our capacity as a controller, being all personal information as noted above in this Privacy Policy that is not about a StoreConnect Subscriber customer entered into the StoreConnect Subscriber’s eCommerce site). However, you have the following rights related to the information that we maintain about you when you use our website and the StoreConnect Platform:
- The right to be informed about how your information is used. This is the reason we provide this Privacy Policy to you.
- The right to access the information we hold about you.
- The right to request the correction of inaccurate information we hold about you.
- In some circumstances, the right to request that we delete your information, or stop processing it or collecting it.
- The right to stop direct marketing messages, which you can do by clicking on any “unsubscribe” link in any marketing email you receive from us. You also have the right to withdraw your consent for other processing activities for which you have given us your consent.
- The right to request that we transfer your information either to you or a third party.
- The right to complain to your data protection regulator.
If you want to exercise your rights, please complete a UK/EU Data Subject Request Form.
If you have any questions or concerns, please reach out to us using the contact information in this Privacy Policy.
Transfers outside of the EEA and the UK StoreConnect is headquartered in Australia. StoreConnect may transfer or provide access to your Personal Data to affiliates, service providers or collaborators in countries that do not provide the same level of protection as your own region, including the EU and UK. StoreConnect is committed to complying with this Privacy Policy and EU and UK privacy laws with regard to information transferred from those jurisdictions. We rely on safeguards contained in model form contracts approved by regulators in the EU and UK for these transfers, or other approved transfer mechanisms.
Questions or complaints If you are a resident of the EU/EEA or the UK and have a concern about our processing of your Personal Data that we are not able to resolve, you have the right to lodge a complaint with the data protection authority where you reside. For contact details of your local Data Protection Authority, please see the links below:
For individuals in the EEA or the UK:
http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
18. Updates to this Privacy Policy
We reserve the right to modify this Privacy Policy from time to time. We encourage you to periodically review this page for the latest information on our privacy practices.