UPOLLO PRIVACY POLICY

Upollo Pty Ltd (ABN 89 649 311 124) (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us when providing our website, APIs, client libraries, platform, fraud monitoring and detection services or customer insights services (Services) or when otherwise interacting with you.

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

The types of personal information we may collect include:

  • your name;
  • your contact details, including email address, street address and/or telephone number;
  • your employer and job title;
  • your credit card or other payment details (through our third party payment processor);
  • your preferences and/or opinions;
  • information you provide to us, including through feedback, surveys or otherwise;
  • details of products and services we have provided to you and/or that you have enquired about, and our response to you;
  • support requests submitted to us and our response to you;
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  • additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
  • any other personal information requested by us and/or provided by you or a third party.

Sensitive information: is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law.

How we collect personal information

In relation to fraud and abuse monitoring, prevention, detection and compliance activities for Upollo, its customers and end users, we collect personal information in a variety of ways, including:

  • from you (including through your devices (such as your IP address) or your requests to us) related to you;
  • from users about themselves and their customers in connection with our Services; or
  • from third party providers and publicly available sources.

This personal information allows us to confirm identities to assist with our fraud monitoring and detection services.

In relation to our Services, we automatically collect personal information in a variety of ways (such as the use of cookies and other technologies), including your:

  • browser and device data (such as IP Address, device type or operating system);
  • usage data (such as the time spent on websites, pages visited or links clicked); or
  • online activities (such as activities on websites and across third-party websites or other online services).

We collect information when you engage with our clients' marketing messages and when you click on links included in ads for our clients' products.

Why we collect, hold, use and disclose personal information

Personal information: We may collect, hold, use and disclose personal information for the following purposes:

  • to enable you to access and use our Services, including to provide you with a login;
  • to enable you to access and use our associated applications;
  • to contact and communicate with you about our Services, including in response to any support requests you lodge with us or other enquiries you make with us;
  • for fraud and abuse monitoring, prevention and detection;
  • for internal record keeping, administrative, invoicing and billing purposes;
  • for analytics, market research and business development, including to operate and improve our Services, associated applications;
  • for advertising and marketing, including to send you relevant marketing information about how end users may engage with your products and services and other information that we consider may be of interest to you;
  • to comply with our legal obligations and resolve any disputes that we may have; and
  • if otherwise required or authorised by law.

Our disclosures of personal information to third parties

We may disclose personal information to:

  • third party service providers for the purpose of enabling them to provide their services, to us, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, couriers, maintenance or problem-solving providers, professional advisors and payment systems operators;
  • third parties to obtain information for fraud and abuse monitoring, prevention and detection, or to improve our Services for our clients;
  • our employees, contractors and/or related entities;
  • our existing or potential agents or business partners;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

End user personal information

Our clients provide us with access to end user personal information to allow our clients access to our customer insight Services. The types of end user personal information that our clients provide us access to and we may collect include:

  • name, physical address, date of birth and profile images;
  • contact details, including your work email address and/or telephone number;
  • the organisation you work for including job title;
  • account activity information including user ID and type, login attempts and failures, password reset attempts and other information about your behaviour on our customers site, app or platform;
  • credit card, transaction or other payment details including items you've purchased from our customer, billing and invoice details;
  • preferences and/or opinions that you've provided to our client;
  • details of products, subscriptions and services your customers have purchased, or that they have enquired about, and their response;
  • attendance at customer events and referral information;
  • communication information including feedback, messaging, reviews or images you may provide on our clients' site, app or platform;
  • device information including your browser session, IP address, web authentication credentials and geo-location data, device and network information, statistics on customer page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • device, local network and user interaction fingerprints;
  • dispute related information including any dispute case numbers, status, chargeback information and/or order cancellations that you may provide to our customer; and
  • additional personal information that you provide to our customer, directly or indirectly, through your use of their Services, associated applications, associated social media platforms and/or accounts from which you permit our customer to collect information.

How we collect personal information

We always require our clients and third parties to comply with the relevant privacy laws and any consents or requirements to obtain end user personal information. We collect and access end user personal information from clients and third parties through our application programming interface (APIs) and client libraries.

Why we collect, hold, use and disclose personal information

We may collect, hold, use and disclose end user personal information for the following purposes:

  • to process your data made accessible by our clients for the purpose of sharing customer insights (including marketing and security insights) with our clients through our APIs and client libraries;
  • to enable our clients to access and use our security and marketing customer insight Services;
  • for fraud and abuse monitoring, prevention and detection;
  • for analytics, market research and business development, including to operate and improve our Services;
  • for advertising and marketing, including to provide relevant marketing information about how end users may engage with products and services to our clients;
  • to comply with our legal obligations and resolve any disputes that we may have; and
  • if otherwise required or authorised by law.

Our disclosures of end user personal information to third parties

We may disclose end user personal information:

  • where our client has your consent: between clients for the purpose of using the security and marketing customer insights provided through our APIs and client libraries to make business decisions;
  • where our client has your consent: between clients to better understand our client end user identities (such as confirming emails and contact numbers);
  • third party service providers for the purpose of enabling them to provide their services, to us, including (without limitation) IT service providers, data storage, web-hosting and server providers and professional advisors;
  • third parties to obtain information for fraud and abuse monitoring, prevention and detection, or to improve their product experience;
  • our employees, contractors and/or related entities;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Overseas disclosure

We may store personal information overseas. Where we disclose your personal information to the third parties listed above, these third parties may also store, transfer or access personal information outside of Australia.

Unless we seek and receive your consent to an overseas disclosure of your personal information, we will only disclose your personal information to countries with laws which protect your personal information in a way which is substantially similar to the Australian Privacy Principles and/or we will take such steps as are reasonable in the circumstances to require that overseas recipients protect your personal information in accordance with the Australian Privacy Principles.

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person's consent to provide the personal information to us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you also have the right to contact the Office of the Australian Information Commissioner.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

Cookies and similar tracking technologies

We may use cookies and similar tracking technologies (such as device fingerprinting) on our website from time to time. Cookies are text files placed in your computer\'s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Links to other websites

Our website may contain links to other party's websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Personal information from third party accounts

If you connect your account with us to a third party account (such as Google, Microsoft or Github), we will collect your personal information from your third party account. We will do this in accordance with the privacy settings you have chosen on your third party account.

The personal information that we may receive includes your name, email and profile picture and any other personal information you choose to share.

We use the personal information we receive from your third party account to create a profile for you on our platform.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact us at:

Upollo Pty Ltd ABN 89 649 311 124

Email: privacy@upollo.ai

Last update: 3 August 2022