General Chee Hoo Pty Ltd ACN 617 349 998 (we, us or our) want you to have confidence that we afford your personal information an appropriate level of privacy, consistent with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act), the Spam Act 2003 (Cth) and the European Union General Data Protection Regulation (GDPR). If you use any service provided by us or you provide voluntarily any personal information to us then you specifically represent to us that you have read, understood and consented to the collection, use and storage of your personal information.
What is personal information? Personal information is information in any recorded form that identifies an individual or from which an individual's identity can reasonably be ascertained, or is information relating to an identified or identifiable natural person. Examples include an individual's name, address, contact number and email address.
Why do we collect personal information? We collect personal information for a range of purposes, including to:
(b) create a Service unique and relevant to you, by using your connections, preferences, interests, activities and schedules to learn about you and how you interact with other people, places or things;
(c) respond to queries that you may have about the Services that we offer;
(d) supply products and services;
(e) facilitate payment for products and services; and
(f) arrange for Services to be supplied to you by third parties where appropriate.
How do we use your personal information? We also use your personal information to:
(a) analyse your profile and that of other users to recommend meaningful connections;
(b)analyse your schedule and location to recommend tasks or activities you can accomplish;
(c)develop, test and improve the Services;
(d)promote safety, integrity and security by verifying accounts and activity, combatting harmful conducts, and detecting and preventing other bad experiences;
(e)communicate with you about our Services and send you marketing communications;
(f)respond to complaints;
(g)analyse your needs and develop strategies to enhance your user experience;
(h)maintain records for accounting and administration purposes;
(i)meet legal and regulatory requirements.
We also use location related information, such as your current location, where you live, the places you go and the business and people you’re near, to provide, personalise and improve our Services.
What sort of personal information do we collect and how is it collected? The type of personal information that we collect will depend on the circumstances of collection. For example, we may collect your name, date of birth, address, telephone number, email address and identification details. We may also collect details of other interactions that you have with us, together with any other information that you choose to provide us with. We collect the content, communications and other information you provide when you use our Services, including when you sign up for an account, create or share content and message or communicate with others. This can include information in or about the content that you provide (e.g. metadata), such as the location of a photo or the date a file was created. It can also include where you are at any given time, so we can do things such as suggest you contact someone in your tribe that is close by. We can collect your precise geolocation (latitude and longitude) through various means, depending on the Service and device you’re using, including GPS, Bluetooth or Wi-Fi connections. The collection of your geolocation may occur in the background even when you aren’t using the Services if the permission you gave us expressly permits such collection. If you decline permission for us to collect your geolocation, we will not collect it. We also collect:
(a) information about the people, accounts, groups that you are connected to and how you interact with them;
(b) information about how you use our Services, such as the types of content that you view or engage with, the features you use, the actions you take, the people or accounts you interact with and the time, frequency and duration of your activities;
(c) content, communications and information that other people provide when they use our Services. This can include information about you, such as when others connect with you via social media or email, or when you sync or import your contact information; and
(d) debit and credit card information which may be processed by a third party engaged by us to validate such credit and debit card information. We do not store such information as that information is passed through to the debit and credit card validator.
The collection of sensitive information (for example, racial origin, religious beliefs and health information) is restricted by the Privacy Act. We will not collect sensitive information about you unless this is necessary for one of our functions or activities and you have consented to that collection, or we are otherwise required or authorised by or under law to do so. By choosing to provide this information, you consent to our processing and use of that information to deliver the Services. In addition to information you provide us directly (as above), we may also collect personal information about you from third parties (such as applications you have integrated with your CheeHoo account).
When do we disclose personal information to third parties? In providing you with products or services, we may disclose personal information to:
(a) other users;
(b) our service providers, partners and affiliates;
(c) government authorities;
(d) financial institutions;
(e) our independent contractors (Independent Contractors), including, without limitation website designers and information technology service providers and marketing and communications agencies.
We may disclose personal information to an Independent Contractor and the Independent Contractor may in turn provide us with personal information collected from you in the course of providing the relevant products or services. We take steps to help ensure that our Independent Contractors comply with the Australian Privacy Principals when they collect and handle your personal information. We may share with third parties—such as advertisers—aggregated, non-personally identifiable, or de-identified information, which cannot reasonably be identified as you. If we become involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes. However, we undertake not to sell, rent or trade your personal information. We will not disclose information about you unless the disclosure is:
(a) required by law (e.g. the Australian Tax Office);
(b) is authorised by law (e.g. to protect our interests or where we have a duty to make such disclosure); or
(c) you have consented for us to disclose the information about you.
Spam We will not send you any commercial electronic messages such as SMS or email without your consent. Any commercial electronic message that we send will identify us as the sender. The message will also provide an unsubscribe facility. If you do not wish to receive commercial electronic messages from us, please use the unsubscribe facility or contact us.
Security of personal information The security of information is important to us and we take precautions to protect the personal information that we hold from misuse, loss, unauthorised access, modification or disclosure. Some of the ways we protect personal information include:
(a) external and internal premises security;
(b) conducting training to ensure that staff are aware that they must only access, use and disclose personal information for appropriate purposes;
(c) requiring staff who have access to personal information to agree to protect the privacy of that information;
(d) maintaining technology products to prevent unauthorised computer access, including identifiers and passwords; and
(e) maintaining physical security over paper records.
(a) a resident of a jurisdiction that is a member of the European Union and the GDPR applies to your personal information then we will without undue delay after we become aware of a Data Breach and where feasible within 72 hours after becoming aware of the Data Breach notify the Office of the Australian Information Commissioner in writing of the Data Breach unless the Data Breach is unlikely to result in risk to your rights and freedoms. Further we will attempt to notify you within a reasonable time after becoming aware of the Data Breach if the Data Breach involves your personal information;
(b) not a resident of a jurisdiction that is a member of the European Union and the GDPR does not apply to your personal information then we will without undue delay after we become aware of a Data Breach notify the Office of the Australian Information Commissioner if the Data Breach involves your personal information and such breach is likely to result in serious harm to you. Further we will attempt to notify you within a reasonable time after becoming aware of the Data Breach if the Data Breach involves your personal information.
How long do we keep personal information? We will take reasonable steps to destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Privacy Act or the GDPR.
Right to be forgotten If you are a resident of a jurisdiction that is a member of the European Union and the GDPR applies to your personal information, then:
(a) you may by email to us advise us that your consent is withdrawn; and
(b) we will subject to the requirements of the GDPR and subject to any binding laws upon us to the contrary and subject to validating your request use all reasonable efforts to remove any personal information about you within a reasonable time commencing on the date that you advise us that your consent concerning the collection, storage and usage of your personal information is withdrawn.
Nothing in this clause requires us to breach any law in Australia that requires us to keep your personal information such as taxation laws.
Transfer of personal information If we transfer your personal information outside Australia, we will comply with requirements of the Privacy Act that relate to transborder data flows. Please note that some of our Independent Contractors who help us to develop and improve our Services, are located in India. As a result, personal information collected and held by them may be securely accessed from overseas (in particular, India). We will not transfer your personal information to other parties unless you are fully informed prior to such transfer and you have agreed to that transfer, unless we are required by law to transfer the information to an authorised organisation.
Ensuring personal information is up-to-date It is our goal to ensure that your personal information is correct, accurate, relevant, timely and secure. We also rely on the personal information we hold in conducting our business. We take reasonable steps to ensure that the personal information we hold is accurate, complete and up-to-date. If there is any change to any of the details you have provided to us, please promptly advise us so that we can continue to provide the services that we have agreed. Further, if it comes to your attention that we possess certain information about you that is not correct, accurate, complete or up-to-date, then contact us and we will use all reasonable efforts to correct the information we have about you.
Access to your personal information Please contact us if you would like to access or correct the personal information that we hold about you. We will generally provide you with access to your personal information in a structured, commonly used, machine-readable format within 30 days of your request, or earlier if required under the GDPR. Depending on the amount of information requested, we may charge an access fee to cover the cost of retrieving the information and supplying it to you. If required under the GDPR, we will transfer any personal information you give us to a third party where that information is processed electronically and by automated means, and based on your consent. You can ask us to correct or update any information about you and we will try to do so in 30 days. If we’ve given the information to another party, you can ask us to let them know it’s incorrect. If we can’t, we’ll let you know why it’s taking longer and agree on a new timeframe with you. We’ll also tell you when we’ve corrected the information. If we deny or restrict your access, we will explain why. Similarly, in some limited circumstances we may not make requested corrections to personal information, in which case we will provide you with reasons for this decision.
Job applicants and employees Any personal information provided to us in connection with job applications may be used to consider the applicant for current and future employment and may be disclosed to our third party advisors to assist us in the selection and recruitment process. If your application for employment is successful, we will rely on the exemption in the Privacy Act relating to employee records where applicable.
Resolving concerns If you have any concerns about the way your personal information is managed by us, or believe that a breach of your privacy has occurred, please let us know by contacting us. We will respond to your concerns as soon as possible. If you’re not satisfied with how we manage your complaint after you’ve been through our internal complaints process, you can contact the Office of the Australian Information Commissioner (an external and free complain body) using the following details: Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001 Phone 1300 363 992 Visit oaic.gov.au