Last updated July 28, 2019. In effect as of July 28, 2019.
Looking for information about the European Union General Data Protection Regulation (GDPR)?
You will find information on GDPR and how to sign our Data Processing Agreement in our Terms of service.
1. We respect your privacy
Gram Genius respects your right to privacy and this policy sets out how we collect and treat your personal information.
“Personal information” is information we hold which is identifiable as being about you.
This policy applies to our processing of personal information in relation to the provision of any of our products, including when you:
- request information from us;
- subscribe to our newsletter;
- use our services;
- use our website; and
- otherwise interact with us.
By visiting our website and using our products, you acknowledge the terms of this policy and the use and disclosure of your personal information as set out in this policy.
2. How we collect your personal information
We collect personal information about you in the following ways when you use our services.
2.1. Personal information we collect directly from you
We generally collect your personal information directly from you online via one of our websites, or via our app. When you sign up to use our products, you will be asked to provide personal information. This information is likely to include the following:
- email address
- information about the products you have requested
- information from enquiries you have made
- communications between us
- credit card information
- information about contacting you if requested, such as your phone number
- information about the Instagram account(s) you add
- information about the post(s) you wish to make to your added account(s)
We may also collect personal information from you when you subscribe to our newsletter, make an enquiry, or use the live chat function on our website.
Depending on the type of personal information in question and the grounds on which we may be processing it, should you decline to provide us with such information, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship. We will inform you if your failure to provide any requested personal information is going to result in these consequences.
For details of the legal bases that we rely on to be able to use and process your personal information, please see section 9 below.
2.2. Personal information we collect indirectly from you
We may collect certain information from you indirectly as a result of your online behaviour including:
- Technical information such as the internet protocol (known as IP) address used to connect your device to the internet, your log-in information, time of access, date of access, time zone setting, web page(s) visited, software crash reports, type and version of browser used, browser plug-in types and versions used, and operating system and platform to ensure the security of your account and to verify that the person operating your account is you;
- Your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page; and
- Information about your computer or device allowing us to analyse trends, administer our online services and track your web navigation
3. Use of your personal information
We use your personal information for the following non-exhaustive list of purposes.
3.1. Providing our services
We use your personal information to provide our services to you, including:
- to carry out our obligations as a result of any contract entered into between you and us and to provide you with the information and services that you request from us;
- to provide you with marketing communications about our products and service offering;
- to notify you about changes to the services that we offer and to directly market these services to you;
- to administer our website and app for internal operations, including troubleshooting, information analysis, testing, research, statistical and survey purposes;
- as part of our efforts to keep our services safe and secure;
- to measure or understand the effectiveness of our advertising and marketing;
- for statistical and research purposes (including market research, marketing and information analysis purposes);
- to ensure the effective operation of software and IT services procured by us (including disaster recovery); and
- for other reasons with your consent.
We may contact you for direct marketing purposes via social and direct messages, post, and email. We do not provide your personal information to third parties for other marketing purposes.
This marketing may relate to:
- Information about other products and services we offer that are similar to those that you have already used or enquired about; and
- Upcoming events, promotions and new products or other opportunities.
If you no longer wish to receive marketing communications from us, you may contact us, or click on the unsubscribe link on any marketing communication that you receive from us.
4. Disclosure of your personal information to third parties
We may share your personal information with the following categories of recipients:
4.1. Service providers
We may disclose your personal information to third party service providers who require access to such information for the purpose of providing specific services to us. These third parties will generally only be able to access your information in order to provide us with their services and will not be able to use it for their own purposes.
4.2. Professional advisors and auditors
We may disclose your personal information to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.
4.3. Replacement providers
In the event that we sell or buy any business assets, we may disclose your personal information to the prospective seller or buyer of such business or assets.
If Gram Genius or substantially all of its assets are acquired by a third party, personal information held by us about our clients will be one of the transferred assets.
5. Disclosure of your personal information overseas
Our principal operations are in Australia, but our customers are based all over the world. The information that we collect from you may be transferred to, and stored at, destinations both within and outside Australia. In particular, it may be transferred to the United States and the United Kingdom.
In compliance with data protection laws, we want to make sure that your personal information is stored and transferred in a way which is secure. We will therefore only transfer information overseas where it is compliant with data protection laws and the means of transfer provides adequate safeguards in relation to your information.
6. Security of your personal information
We will take all reasonable precautions necessary to protect your personal information from misuse, interference and loss, and unauthorised access, modification or disclosure.
This includes, for example, the protection of passwords using industry standard encryption, measures to preserve system security and prevent unauthorised access and back-up systems to prevent accidental or malicious loss of information. We may use third party information storage providers to store personal information electronically. We take reasonable steps to ensure this information is held as securely as information stored on our own equipment.
Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted over the internet and we do not warrant the security of any information, including personal information, which you transmit to us over the internet.
7. Access to your personal information and your other rights
In accordance with data protection laws, you may have various rights in relation to the information which we hold about you. We have described these below.
To get in touch with us about any of these rights, please contact us.
We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
For those individuals in the European Union who engage with us, under the General Data Protection Regulation (“GDPR“) you have the following rights in relation to your personal information:
7.1. Right to object
This right enables you to object to us processing your personal information where we do so for one of the following reasons:
- because it is in our legitimate interests to do so (for further information please see section 9 below);
- to enable us to perform a task in the public interest or exercise official authority;
- to send you direct marketing materials; or
- for scientific, historical, research, or statistical purposes.
7.2. Right to withdraw consent
Where we have obtained your consent to process your personal information for certain activities, you may withdraw this consent at any time and we will cease to use your information for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your information for this purpose, in which case we will inform you of this condition.
7.3. Data Subject Access Requests
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
7.4. Right to erasure
You have the right to request that we “erase” your personal information in certain circumstances. Normally, this right exists where:
- The information are no longer necessary;
- You have withdrawn your consent to us using your information, and there is no other valid reason for us to continue;
- The information has been processed unlawfully;
- It is necessary for the information to be erased in order for us to comply with our obligations under law; or
- You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request for the erasure of information we will take all reasonably practicable steps to delete the relevant information.
7.5. Right to restrict processing
You have the right to request that we restrict our processing of your personal information in certain circumstances, for example if you dispute the accuracy of the personal information that we hold about you or you object to our processing of your personal information for our legitimate interests. If we have shared your personal information with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal information.
7.6. Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal information that we hold about you. If we have shared this personal information with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal information to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
7.7. Right of information portability
If you wish, you have the right to transfer your personal information between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your information in a commonly used machine-readable format so that you can transfer the information. Alternatively, we may directly transfer the information for you.
7.8. Right to complain
You have the right to lodge a complaint with your local data protection authority.
Information on how to contact any European data protection authority can be found on the European Commission website.
8. Retention of your personal information
We will not keep your personal information for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.
In general, we will retain your personal information for as long as we provide services to you and, following that period, we will only retain your personal information for as long as is reasonably necessary in the circumstances.
When it is no longer necessary to retain your personal information, we will delete the personal information that we hold about you from our systems. While we will endeavour to permanently erase your personal information once it reaches the end of its retention period, some of your personal information may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
9. Legal conditions for processing your personal information
Where applicable under the GDPR, there are a number of different ways that we are lawfully able to process your personal information. We have set these out below.
9.1. Where using your information is in our legitimate interests
We are allowed to use your personal information where it is in our interests to do so, and those interests aren’t outweighed by any potential prejudice to you.
We believe that our use of your personal information is within a number of our legitimate interests, including but not limited to:
- To enable us to provide our services to our customers;
- To provide you with marketing communications about our products and services;
- To help us understand our customers better and provide better, more relevant products to them; and
- To help us keep our systems secure and prevent unauthorised access or cyber-attacks.
9.2. Where you give us your consent to use your personal information
We are allowed to use your personal information where you have specifically consented. In order for your consent to be valid:
- It has to be given freely, without us putting you under any type of pressure;
- You have to know what you are consenting to – so we’ll make sure we give you enough information;
- You should only be asked to consent to one thing at a time – we therefore avoid “bundling” consents together so that you don’t know exactly what you’re agreeing to; and
- You need to take positive and affirmative action in giving us your consent – we’re likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
As part of our relationship with you, we may ask you for specific consents to allow us to use your information in certain ways. If we require your consent, we will provide you with sufficient information so that you can decide whether or not you wish to consent.
You have the right to withdraw your consent at any time. We have set out details regarding how you can go about this in section 7 above.
9.3. Where using your personal information is necessary for us to carry out our obligations under our contract with you
We are allowed to use your personal information when it is necessary to do so for the performance of our contract with you. For example, we need to collect your payment details in order to be able to process payments for our services.
9.4. Where processing your personal information is necessary for us to carry out our legal obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your personal information when we need to in order to comply with those other legal obligations.
You can set your browser to accept or reject all cookies, or notify you when a cookie is sent. If you reject cookies or delete our cookies, you may still use our websites, but you may have reduced functionality and access to certain areas of our websites or your account.
11. Third party websites
Our site has links to other websites not owned or controlled by us. We are not responsible for these sites or the consequences of you going on to those sites.