BONDI LABS - Privacy Policy

Welcome to Bondi Labs!

Thanks for visiting our Website and/or accessing or using one of our products (collectively and individually "Software Service"). The Software Service is provided by Bondi Labs Technologies Pty Ltd (ABN 91 614 986 274), of New Farm, Brisbane 4005 Australia ("Bondi Labs", "we", "us" or "our").

By visiting, accessing or using our Software Service, you ("you") are agreeing to this privacy policy ("Privacy Policy").

There are many different ways you can use our Software Services - to share information, to communicate with other people, or to create new content.

When you share information with us, for example by creating an account with us, we can make those Software Services even better - to help you connect with people or to make sharing with others quicker and easier. As you use our Software Services, we want you to be clear how we're using information and the ways in which you can protect your privacy.

Where our processing of your information is covered by the EU General Data Protection Regulation 2016/679 ("GDPR"), the sections of this Privacy Policy in Appendix 1 – the "GDPR Appendix" - apply to you.

This Privacy Policy explains what information we collect from and about you from our Software Service (collectively, "Your Information") and how we use it.

Please read this Privacy Policy carefully – it is the baseline for how we handle Your Information. Remember that your use of the Software Service may be subject to other terms of use in addition to this Privacy Policy. This Privacy Policy covers our treatment of Your Information, but does not apply to the practices of companies we don't own or control, or people that we don't manage. If you have concerns about our data collection and use practices, as explained below, please do not use the Software Service. If you do not agree with the terms of this Privacy Policy stop using and uninstall the Software Service immediately.

What information does the Software Service obtain and how is it used?

Information We Collect Directly From You

Some of our Software Service requires that you create an account with us. We collect some information from you when you create an account, including your name, company name, username, password and email address. Bondi Labs stores this information to help identify you when you login and help you communicate with other users.

Information Collected Automatically

We receive some information automatically when you login to the Software Service. This includes information about the device, browser and operating system you use when accessing our Software Service, your IP address, the user identification number we assign you when you open your account and the date and time of each login and use.

Our Software Service is hosted at Amazon Web Service, so some information may also be automatically collected by them to provide hosting services to us. You can read their privacy policy here: https://aws.amazon.com/privacy

Use of Cookies

Cookies are another way we automatically collect data about you.

When you login to the Software Service Bondi Labs will place a cookie for the purpose of creating the session and knowing when you're logged in. We also use third-party cookies from our partners (such as Amazon Web Service).

How We Use or Disclose Your Information

Your Information is used where necessary to provide access to our Software Service. In addition, if we engage with other companies and people to perform tasks on our behalf, we may share Your Information with them as needed to provide the Software Service to you. Unless we tell you differently, our partners do not have any right to use any personal information we share with them beyond what is necessary to assist us.

We may use or share Your Information when necessary to keep the Software Service running and prevent abuse.

We also collect some information to make sure the Software Service works properly and to improve user experience. This may include using Your Information internally for analytical purposes. We may contact you with specific questions about your user experience or how we can serve you better.

Except as otherwise described in this Privacy Policy, we will only share Your Information with your informed consent, letting you know what information will be shared and with who we’re sharing it with.

We do not use You Information to create profiles for direct marketing purposes.

As detailed in our product Terms of Use we use your account registration profile to send you notices and material from us regarding upgrades, updates, new content and product features associated with the Software Service that become available from time-to-time.

We do not sell Your Information to any third party.

We may create new, de-identified and aggregated data sets from Your Information. We may share this aggregated information and de-identified information with third parties for industry research, analysis, and other similar purposes.

Your Information we Share

We do not share Your Information with companies, organisations and individuals outside of Bondi Labs unless one of the following circumstances apply:

We will share Your Information with companies, organisations or individuals outside of Bondi Labs when we have your consent to do so.

With account administrators:

If your account is managed for you by an organisation administrator then your organisation’s Administrator User and resellers who provide user support to your organisation will have access to Your Information (including your email and other data). Your account administrator may be able to:

  • view statistics regarding your account;

  • change your account password;

  • suspend or terminate your account access;
  • access or retain information stored as part of your account;
  • receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request;
  • restrict your ability to delete or edit information.

Please refer to your account administrator's privacy policy for more information.

Third Party Service Providers:

We may disclose Your Information to:

  • third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, and payment systems operators;

  • our existing or potential agents or business partners;

  • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you.

Our current third-party service providers (as updated from time to time) are listed in Appendix 2.

Fraud, security, technical issues:

We will share Your Information with trusted third parties where necessary to detect, prevent or otherwise address fraud, security or technical issues.

Business Acquisition or Merger:

If we are acquired by a third party as a result of a transaction such as a merger, acquisition, sale, or if our assets are acquired by a third party in the event that we go out of business or enter bankruptcy, some or all of our assets, including Your Information, may be disclosed or transferred to a third party or parties in connection with the transaction.

Law Enforcement:

We will cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose Your Information to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to comply with law, regulation or valid legal process (including orders and subpoenas); or (ii) to protect our property, rights, and safety, and the property, rights, and safety of a third party or the public in general. If we are going to release Your Information, our policy is to provide you with notice unless we are prohibited from doing so by law or court order.

Information Security

Bondi Labs will use reasonable efforts to secure information submitted to us by our users. However, no data transmission over the internet is completely secure, so we cannot guarantee the absolute security of this data. You use the Software Service at your own risk, and are responsible for taking reasonable measures to secure your account (such as keeping your password secret).

Retention of Personal Data

We will retain your personal information for the time necessary to provide the Software Services we perform for you, or to achieve other purposes outlined in this Privacy Policy, and you can always request that we stop processing or delete your personal information.

We’re required to keep some of your information for certain periods of time under law. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.

We may need to retain certain personal information after we cease providing you with Software Services to enforce our terms, for fraud prevention, to identify, issue or resolve legal claims and/or for proper record keeping.

Children Under 13

Bondi Labs Software Service is not directed to people under the age of 13. If you are under 13, you may not create an account with or submit any personal information to Bondi Labs. If we become aware that we have collected personal information from a child under 13, we will delete that information.

International Transfer

Your Information may be transferred to, and maintained on, computers located outside of your state, country or other governmental jurisdiction where the privacy laws may not be the same as those in your jurisdiction. If you are located outside Australia and choose to provide Your Information to us, we may transfer Your Information to Australia and process it there.

We may disclose personal information outside of Australia to third parties as listed in Appendix 2 – Third Party Service Providers.

By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia. Where we disclose your personal information to third parties, we will take reasonable care to ensure that any overseas recipient will deal with such information in a way that is consistent with the Australian Privacy Principles.

Enforcement

We regularly review our compliance with our Privacy Policy. We also adhere to several self-regulatory frameworks. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

Restrict

You may choose to restrict the collection or use of Your Information. If you have previously agreed to us using Your Information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access

You may request details of Your Information that we hold about you. An administrative fee may be payable for the provision of such information. In certain circumstances, as set out in the Privacy Act 1988 (Cth), we may refuse to provide you with Your Information that we hold about you.

Correction

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Complaints

If you believe that we have breached the Australian Privacy Principles and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint.

Changes to This Privacy Policy

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here. You are advised to consult this Privacy Policy regularly for any changes, as continued access and use of our Software Service is deemed approval of all changes.

Contact us

If you have any questions regarding privacy while using the Software Service, or have questions about our practices, please contact us via email at info@bondilabs.com.

Congratulations! You’ve reached the end. Thanks for taking the time to learn about our Privacy Policy; we trust our Software Service will assist you to enhance your decision making and improve your skills and competency.

Appendix 1 – GDPR Appendix

For the purpose of this Privacy Policy the controller of personal data is Bondi Labs Technologies Pty Ltd or one of its subsidiaries ("Bondi Labs") and our contact details are set out in the Contact section above.

The Legal Basis for Processing your Information

Under GDPR, the main grounds that we rely upon in order to process personal data collected via our websites and services are the following:

(a) Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;

(b) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;

(c) Necessary for the purposes of legitimate interests - either we, or a third party, will need to process your personal data for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website, applications and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;

(d) Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.

Third Party Service Providers

As mentioned above, we will share your personal information with trusted third parties where we have retained them to provide services that you or our clients have requested, and to perform maintenance or respond to technical incidents affecting our services. Our current third-party service providers are listed in Appendix 2.

Where we disclose personal information to third parties, we require minimum standards of confidentiality and data protection from such third parties.

Processing Outside of the European Economic Area ("EEA")

To the extent that any personal information is provided to third parties outside the EEA, or who will access the information from outside the EEA, we will ensure that approved safeguards are in place to ensure that we comply with GDPR, such as the standard contractual clauses approved by the European Commission or the EU/US Privacy Shield.

Bondi Labs processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live, including outside the EEA. The primary location of user data and data uploaded to Kuube and Core is a datacentre in Australia operated by our third-party cloud hosting provider, Amazon Web Services ("AWS"). AWS is a participant in the EU/US Privacy Shield, under which transfers of personal data to Australia are authorised.

Retention of Personal Data

We will retain your personal information for the time necessary to provide the services we perform for you, or to achieve other purposes outlined in this Privacy Policy, and you can always request that we stop processing or delete your personal information (see the section below regarding your rights).

Your rights in respect of information we hold about you

You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.

Right of Access

You have the right at any time to ask us for a copy of the personal information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.

Right of Correction or Completion

If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us at info@bondilabs.com.

Right of Erasure

In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.

Right to Object to or Restrict Processing

In certain circumstances, you have the right to object to our processing of your personal information by contacting us at info@bondilabs.com. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes.

You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.

Right of Data Portability

In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that information to you or directly to a third party organisation.

The above right exists only in respect of personal information that:

  • you have provided to us previously; and
  • is processed by us using automated means.

While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation's systems. We are also unable to comply with requests that relate to personal information of others without their consent.

You can exercise any of the above rights by contacting us using any of the methods in the Contact section above.

Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.

To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details in the Contact section above.

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. It is specifically regulated under GDPR where such decisions are taken which have legal or other significant effects on individuals. It is permitted in the following circumstances:

  • Where it is necessary to enter into or perform our contract with you and appropriate measures are in place to safeguard your rights.

  • In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated processing, unless we have a lawful basis for doing so, we have notified you and given you a right to challenge the decision or to require that the decision be taken by a person.

Complaints

If you are unhappy about our use of your personal information, you can contact us using the details in the Contact section below. You are also entitled to lodge a complaint with the UK Information Commissioner's Office using any of the below contact methods:

Telephone:

+44303 123 1113

Website:

https://ico.org.uk/concerns/

Post:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you live or work outside the UK or you have a complaint concerning our activities outside the UK, you may prefer to lodge a complaint with a different supervisory authority. A list of relevant authorities in the EEA and the European Free Trade Area can be accessed here.

Appendix 2 - Third Party Service Providers (as updated from time to time)

Third Party Service/ Vendor Purpose Entity Country
AWS Amazon Data hosting United States of America
Pipedrive Customer relationship management United States of America
Hubspot Customer relationship management United States of America
Microsoft OneDrive Document Management United States of America
Mail Chimp Email Campaign Manager United States of America
Type Form Survey Management United States of America