Privacy Policy

V3.0 - last updated 6 October 2021

1. About this Privacy Policy

This Privacy Policy describes how StoreConnect Pty Ltd [ABN 43647990725] of Level 25, 100 Mount Street, North Sydney NSW 2060 (“we”, “us” and “our”) manages personal information about our subscribers and the individuals whose data is processed by or on their behalf using StoreConnect (“StoreConnect”). All such individuals are referred to in this Privacy Policy as “data subjects”.

We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (“Privacy Act”), the United Kingdom Data Protection Act 2018 and the European Union General Data Protection Regulation 2016/679 (GDPR) (each of which are deemed applicable laws for the purpose of this policy).

If we decide to change this Privacy Policy, we will post the updated version on this webpage. Our policy is to be completely transparent about our privacy practices.

This Privacy Policy sets out our policy on the collection, use and disclosure of personal data of StoreConnect Subscribers (“StoreConnect Subscribers”) and their customers (“eCommerce customers”) in accordance with our statutory obligations under the Privacy Act.

2. Summary of Key Points

Our identity and contact details

StoreConnect is owned and operated by StoreConnect Pty Ltd [ACN 647 990 725]. Our contact details are set out at the end of this Privacy Policy.

Personal data that we process

Subscription/registration, payment and e-commerce transaction data;
Data entered into and/or uploaded into StoreConnect by our StoreConnect Subscribers when accessing the StoreConnect and/or their eCommerce customers when accessing a StoreConnect Subscriber’s eCommerce store set up on StoreConnect;
Data relating to communications between us and our StoreConnect Subscribers;
Analytics data;
Cookies data;
user information including IP addresses, email addresses, network information, user access logs, usernames, passwords, statistical data and information included by our customers in technical support tickets, telephone calls to our support team and error messages.

The purposes for the processing

We collect personal information to perform our contracts with our subscribers, to provide, support, maintain and improve StoreConnect, to operate and grow our businesses, to provide StoreConnect Services, to comply with our legal obligations, for internal business purposes such as billing and invoicing, to identify, contact and communicate with our customers, for marketing purposes, to carry out research on de-identified personal information, to enforce our legal rights, to comply with our legal obligations, and for other reasons set out in our Privacy Policy. We collect personal information when a person voluntarily provides it to us via StoreConnect, via online forms on our website, in phone calls and/or emails with us) and when we collect it from third parties and public searches including Google, Facebook and other social network platforms.

Who we disclose personal data to

We only disclose personal data to hosting providers who perform hosting services on our behalf to the extent necessary for them to perform those services. We will not sell personal data to third parties (other than if we decide to sell or merge StoreConnect or the shares in our company). We also disclose personal data to Salesforce as part of providing StoreConnect Services.

Security

We take our privacy obligations very seriously. Accordingly, we only process personal data in a manner that ensures appropriate security of the personal data, including by protecting the personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures. This Privacy Policy provides detailed information about the security measures that we take to protect personal data.

Transfer of data to other countries

We may transfer your personal data to our hosting providers located in Australia, the United States of America or the European Union unless you are a StoreConnect customer and you and we agree otherwise. Such transfer shall be carried out in order for them to host StoreConnect and data stored in StoreConnect. We comply with applicable law when we transfer personal data overseas. We require any overseas hosting provider that we transfer personal data to, to contractually agree to comply with applicable law in processing that data.

Cookies

We use cookies on StoreConnect where strictly necessary to provide you with StoreConnect Services. If we request your consent and you consent to our use of a cookie, you may withdraw your consent to our use of those cookies at any time.

Your rights

If we collect personal data about you, you may have rights under the Privacy Act in relation to your personal data. These rights are described in this Privacy Policy and the Privacy Act.

How long we store personal data for

In relation to personal data that we collect through StoreConnect, we only retain this personal data 30 days after the relevant StoreConnect Subscriber’s subscription expires or terminates or earlier upon request by the StoreConnect Subscriber. We will destroy (or de-identify the personal data where we are entitled to do so) or return it to the relevant data subject.

If we decide to change this Privacy Policy, we will post the updated version on this webpage so that you will always know what personal data we gather, how we might use that information, and whether we will disclose it to anyone. If you are a StoreConnect Subscriber, we will notify you of any changes to our Privacy Policy by sending an email to you using the email address that you provide to us when subscribing to StoreConnect or any new email address that you specify in your StoreConnect Account, but only if we have that contact information about you. nal data overseas.

3. Personal data

The Privacy Act defines “personal information” as information or an opinion about an identified individual, or an individual who is reasonably identifiable:

a. whether the information or opinion is true or not; and
b. whether the information or opinion is recorded in a material form or not.

In this Privacy Policy, “personal data” has the meaning given to “personal information” in the Privacy Act, with respect to personal information governed by the Privacy Act.

4. Principles relating to the collection of personal data

We rely on our subscribers to obtain all relevant privacy consents and authorisations from eCommerce customers required by law, in order for the personal information that is entered into our platforms to be collected, disclosed and otherwise processed by us. We also rely on our subscribers to ensure that all personal information of their eCommerce customers held by us is accurate, up to date, complete, relevant and not misleading.

Our policy is to minimise the amount of personal data we collect. Accordingly, we only collect personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

We collect personal data that you give us, whether by email, telephone, in person, via application forms or otherwise. In addition, we may obtain personal data from public sources, where available. However, if it is reasonable and practicable to do so, we will collect personal data about an individual only from that individual.

We encourage StoreConnect Subscribers to ensure that their data subjects are familiar with their privacy policies so that their eCommerce customers understand how they will collect, use and otherwise process personal information about them, via their eCommerce store.

We will not collect personal data unless the information is reasonably necessary for one or more of our entity’s functions or activities.

StoreConnect Subscribers are responsible for the collection of explicit consents from their eCommerce customers, where required by applicable law. With respect to any such consents where required by applicable law, StoreConnect Subscribers must ensure that all eCommerce customers have the capacity to consent and that any consents obtained from any individual under the age of 16 are authorised by a parent or guardian. With respect to any such consents required by applicable law, StoreConnect Subscribers must notify us if StoreConnect has collected personal information from an eCommerce customer who is unable to provide us with explicit consent for the purposes of applicable law or if an eCommerce customer withdraws their consent.

We do not wish to process any data that is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. StoreConnect is not designed to capture those types of personal data. Please do not enter any such personal data into StoreConnect.

5. Personal data that we collect and how we use it

The personal data that we collect and how we use it is as follows:

a. Payment Data and other data entered into and/or uploaded into StoreConnect by StoreConnect Subscribers when accessing the StoreConnect: If you are a StoreConnect Subscriber who has registered or subscribed to StoreConnect, we will collect and otherwise process the following categories of personal data about your staff: names, telephone numbers, mobile numbers, email addresses, credit card details, bank account details, postal addresses, residential addresses, business addresses and social media accounts. We will process this personal data in order to administer our StoreConnect Subscriber subscriptions, registrations and accounts on the StoreConnect, for the purposes of providing you, as a StoreConnect Subscriber, with access to and use of StoreConnect, to enforce your obligations to pay Service Charges to us and to otherwise enforce compliance with our Terms & Conditions and the contractual obligations that you, as a StoreConnect Subscriber, owe to us. We will also process this personal data in order to provide you with information and assistance about StoreConnect, and to communicate with you in connection with any maintenance notices (that we may issue when the StoreConnect is unavailable), renewal notices and service status updates for the purposes of keeping you informed and up to date about the service status of StoreConnect.
b. Data entered into and/or uploaded into StoreConnect by StoreConnect Subscriber eCommerce customers: We collect and process any personal data that eCommerce customers upload or enter into eCommerce stores setup by StoreConnect Subscribers using StoreConnect. This data is contact, payment and store transaction data and any other fields set out in the StoreConnect documentation. We will process this personal data on behalf of our StoreConnect Subscribers and eCommerce customers in order to provide our StoreConnect Subscribers with the functionality provided by StoreConnect. We will also process this personal data to monitor compliance with our Terms & Conditions, to maintain backups of our databases and to detect unauthorised use and faults with StoreConnect (such as, by examining log files and error messages). The personal data will also be used to provide our StoreConnect Subscribers with technical support and training with respect to StoreConnect if and where we agree to do so.
c. Data relating to communications: When our StoreConnect Subscribers contact us, we will collect and process personal data which is the name of the StoreConnect Subscriber, the IP address of the StoreConnect Subscriber and any other personal data that the StoreConnect Subscriber provides to us during the communications. For example, a StoreConnect Subscriber may contact us to ask questions about StoreConnect, seek technical support or advice and to express their interest in upgrading or modifying their accounts on StoreConnect. We will process this personal data in order to provide our StoreConnect Subscribers with information and assistance about StoreConnect, and to communicate with them in connection with any breach, expiry, termination or suspension of StoreConnect.
d. Analytics data: We collect and process personal data known as analytics data for statistical and analytical purposes, designed to measure and monitor how StoreConnect is being used and to highlight any areas for improvement, optimisation and enhancement, which is user location, IP addresses, cookie data, information about devices accessing StoreConnect (IP address, the type of device used to access StoreConnect and the operating system), the amount of time a user spent on StoreConnect and in which parts of StoreConnect, and the path they navigated through StoreConnect. We will process this personal data in order to monitor and detect unauthorised use of StoreConnect and to establish how StoreConnect is used and to highlight areas for potential improvement of StoreConnect. We often aggregate this data with other data. However, where the data is classified as personal information (or in the case of GDPR Data, personal data) we treat it in accordance with this Privacy Policy.
e. Cookies: We use cookies on StoreConnect. However, we will not use cookies without express consent, unless the cookies are strictly required in order for us to provide StoreConnect. Cookies are pieces of information that a web site transfers to a computer’s hard disk for record-keeping purposes. This helps us tailor and improve the information we present to you, promoting higher end user satisfaction when you visit our site. The use of cookies is common in the Internet industry, and many major web sites use them to provide useful features to their end users. A cookie may be used to tell when your computer or device has accessed StoreConnect. Cookies may also be used to personalise your experience with us. Where we request your consent for a cookie we will explain to you what the cookie is proposed to be used for, what information it collects, and give you an opportunity to withdraw your consent to the placement of the cookie on your machine or device if you do consent. You may configure your web browser on your computer or device to reject or block cookies if you wish. If we request your consent to a cookie and you consent to our use of the cookie, you may withdraw your consent to our use of the cookie on your computer or device at any time by contacting us.

We only disclose personal data to third parties who perform services for us or where required to provide StoreConnect Services in accordance with applicable law. We will not sell personal data to third parties (other than if we decide to sell or merge StoreConnect or the shares in our company) and we only disclose the minimum amount of personal data required. We will also disclose and/or transfer your personal information to our personnel, contractors, professional advisors and insurer and as otherwise required by law. We may disclose personal data that we collect to third parties for all or any of the following purposes:

To procure hosting of StoreConnect – in which case we disclose your personal data to our upstream hosting supplier who hosts StoreConnect (Heroku and Salesforce) and the personal data that you enter into and/or upload in to the StoreConnect. Our hosting suppliers host that personal data on their computer servers;
As required to provide StoreConnect Services – which may require us to disclose personal data, such as when we disclose transaction data to Salesforce that the StoreConnect Services are designed to disclose in order to maintain database records in Salesforce concerning StoreConnect eCommerce store transactions;
Handling claims and complaints – in which case we may disclose your personal data to our lawyers and insurers;
Sending out newsletters and other relevant marketing material to StoreConnect Subscribers (if you have expressed an interest in our products) – in which case we may disclose your personal data to our email, marketing and newsletter service providers for such purposes;
In order to record billing details – in which case we provide your bank account and credit card details to our bank and merchant facility providers;
For professional advice - when providing information to our legal, accounting or financial advisors/representatives or debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
If we sell the whole or part of our business of StoreConnect or the shares in our company or merge with another entity – in which case we will provide to the purchaser or other entity the personal data that is the subject of the sale or merger;
Where required by law.

We may also provide your personal data to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:

For the purposes of obtaining professional advice;
To obtain or maintain insurance;
The prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
To protect or enforce our rights or defend claims;
Enforcement of our claims against you or third parties;
The enforcement of laws relating to the confiscation of the proceeds of crime;
The protection of the public revenue;
The prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
The preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of the court or tribunal.
Where disclosure is required to protect the safety or vital interests of employees, eCommerce customers or property.

7. Third party platforms

StoreConnect may include links to, or interface with third party websites and platforms. Our linking to those websites and platforms does not mean that we endorse or recommend them. We do not warrant or represent that any third party website or platform operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party websites and platforms prior to sending your personal data to them.

You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on StoreConnect. These widgets and tools may collect your IP address and other personal data. Your interaction with such widgets and tools, and any single sign-on services such as Open ID is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal data.

8. Security

The technical and organisational measures that we have implemented are as follows:

We maintain physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and alarms.
We have data backup processes in place;
We have anti-virus and security controls for email and other applicable computer software and systems in place;
We maintain electronic (e-security) measures for the purposes of securing personal information, such as passwords and anti-virus management;
We implement https encryption protocols, passwords and access control procedures into our computer systems; and
We and/or our hosting providers have processes in place to ensure integrity and resilience of systems, servers and personal data.

9. If you refuse to provide us with personal data

When you subscribe to StoreConnect, we need to collect personal data from you in order to identify you and setup an account for you on StoreConnect. We will also collect personal data from you when you use StoreConnect, when you enter the personal data into StoreConnect, when you contact us for technical support and assistance with your account and for the other purposes set out above in the Privacy Policy. You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about StoreConnect, but not if you subscribe to StoreConnect and contact us about your account.

10. Spam email

We do not send “junk” or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact StoreConnect Subscribers. These transaction-based e-mails are automatically generated. Anytime a StoreConnect Subscriber receives e-mail it does not want from us they can request that we not send further e-mail by contacting us via email. Upon receipt of any such request, we will remove the person from our database to ensure that they cease to receive automated emails from us.

11. Contractors and offshore providers

Subject to the provisions of the Australian Privacy Principle 8 (Cross-border disclosure of personal information), we may transfer your personal data to our hosting providers who host the StoreConnect and the data stored in it. Our hosting providers are located in Australia, the United States and the European Union, and we will only transfer personal data processed by the StoreConnect platform to those hosting providers except where specifically agreed in writing by us and a customer that personal data must be hosted from a specific location.

12. How to access and correct personal data held by us

Please contact us if you wish to access your personal data that we hold about you, using the details set out at the end of this Privacy Policy. We will handle your request for access to your personal data in accordance with our statutory obligations. To ensure that we only obtain, collect, use and disclose accurate, complete and up to date personal data, we invite you to contact us and inform us if any of your personal details we hold change or if any of the personal data held by us is otherwise incorrect or erroneous. In exchange for your payment to us of a reasonable fee, we will provide you with a copy of the personal data they we hold about you.

13. Notifiable data breaches

Since 22 February 2018, data breaches that are likely to result in serious harm must be reported to affected individuals and the Office of the Australian Information Commissioner, except where limited exceptions apply. We will notify you of any data breach that may affect you where we are required to do so in accordance with our legal obligations.

Our contact details

StoreConnect is owned and operated by StoreConnect Pty Ltd [ACN 647 990 725]. If you wish to contact us for any reason regarding our privacy practices or the personal data that we hold about you, please contact us at the following address:

Privacy Officer

StoreConnect Pty Ltd

Level 25, 100 Mount Street, North Sydney NSW 2060 Australia

We will use our best endeavours to resolve any privacy complaint within 10 business days following receipt of your complaint. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution.

If you are not satisfied with the outcome of a complaint you make refer the complaint to the OAIC who can be contacted using the following details:

Call: 1300 363 992

Email: enquiries@oaic.gov.au

Address: GPO Box 5218, Sydney NSW 2001