Last updated 23 May 2018 to include a section for European Privacy Law - GDPR
At S-Wave Pty. Ltd. (“DISCO”) we think privacy is important. We are committed to ensuring the privacy and protection of our customers’ personal information, and that of our customers’ business clients.
This Policy reflects both Australian privacy law and DISCO's policies in relation to the use and protection of personal information (which is information that could reasonably be used to identify you). Information relating to your rights under Australian privacy law can be found on The Australian Privacy Commissioners website at www.privacy.gov.au. This policy now includes a section on how we deal with privacy, and your rights, under the European General Data Protection Regulation (GDPR).
This Policy will be available for free access on our website at all times. Let us know if you would like a hard-copy of this Policy sent to you.
DISCO collects personal information from you when completing transactions, when you register to use any of DISCO’s services or through your use of DISCO’s services.
DISCO only holds your personal information for so long as is reasonably necessary and relevant to providing DISCO’s services. This personal information may include:
If you provide us with information about other individuals, you must tell those individuals and let them know where they can find a copy of this Privacy Statement.
DISCO will take reasonable steps to ensure that the personal information we hold about you is accurate, up to date and complete.
From time to time, DISCO may receive information relating to you that we have not requested and which is not otherwise described above (“Unsolicited Information”). If DISCO does receive Unsolicited Information, we will check whether it is reasonably necessary for us to keep it. If it is, we will treat the Unsolicited Information in the same way as the other information described above. If DISCO determines that it is not reasonably necessary for us to keep it, we will, as soon as practicable, destroy or de-identify the relevant Unsolicited Information.
DISCO may hold your personal information in electronic or hard copy form. We will take reasonable steps to destroy or de-identify your personal information once it is no longer needed, unless we are required by Australian law, or a court or tribunal order, to retain it.
The personal information collected by DISCO is used to enable us to provide DISCO’s services to you and to provide you with information about DISCO’s products and services from time to time. Without limiting the foregoing, we will use personal information as follows:
DISCO may need to disclose some personal information about you in certain circumstances to third parties. For example, to service providers we engage to enable us to provide DISCO’s services. We will require these organisations to agree to comply with this Policy and with strict conditions governing how personal information is to be handled.
DISCO will not sell, rent or trade personal information about you to or with third parties without your express permission or as set out in this Policy.
DISCO will only disclose personal information in accordance with this Policy, if required to by law or as permitted under the Privacy Act or the GDPR (see GDPR Section). For example, if we are legally required to do so (such as pursuant to a court or tribunal order or under taxation laws), if there is a serious threat to an individual’s health or safety, there is reasonable suspicion of unlawful activity, for the conducting of surveillance and intelligence gathering by an enforcement body, or to assist in locating a missing person.
You have the right to seek access to information that DISCO holds about you. You also have the right to ask us to correct information about you, which is inaccurate, incomplete or out of date. You may access the information that DISCO may have collected about you by placing your request in writing and sending it to us using the contact details below. Please include your phone number and enclose a copy of a form of identification such as a current driver's license or passport with your request.
DISCO’s policy is to consider any requests for access or correction within 28 days of receipt. If we are unable to correct your information, we will provide to you within a reasonable period a written notice setting out the reason, and the complaint mechanisms available to you.
If you are in the EEA you may have further rights which are set out in our GDPR Section.
DISCO’s Privacy Officer
2/45 Victoria Avenue, Albert Park, Victoria, 3206
If you are not satisfied with how we have handled your personal information, please contact DISCO’s Privacy Officer via the details listed above.
You can also lodge a complaint with the Australian Information Commissioner. For more details on how to do this, please visit www.oaic.gov.au.
DISCO may wish to send you marketing communications about offers that we believe may be of interest to you. We may send these to you via email, telephone, SMS or other electronic means. We may also send you marketing communications in the post.
We will ensure that all electronic marketing communications contain a clearly marked ‘opt-out’ or ‘unsubscribe’ for you to click on.
DISCO will ensure that it takes reasonable commercial steps to keep secure any information that we hold about you. DISCO has security measures, proprietary data protection algorithms, in place to protect the loss, misuse and alteration of the information under our control.
From time to time, we may also need to transfer your information overseas. For example, we may store your personal information in a cloud, or other type of networking electronic storage which is based in a jurisdiction outside Australia. If we do this, DISCO will ensure reasonable steps are taken so that the overseas recipient does not breach the Privacy Act 1988 (Cth), or the Australian Privacy Principles in relation to that information, or adheres to laws substantially similar to Australian privacy laws. DISCO will also take reasonable steps to prevent unauthorised access and reduce the risk of disclosure to unknown entities.
Other matters specific to DISCO’s collection and use of personal information online are set out below.
ii. Social Media. DISCO’s services may contain links to online forums such as Facebook and Twitter. Think carefully before you post or publish any personal information in these forums as it may be publicly available.
iii. Secure Online Transactions. If you engage in a financial transaction through use of DISCO’s services, we will process your credit card details securely over the Internet using an accredited internet payment security system. With the combination of SSL encryption on our payment provider’s website and a secure browser at your end, we take all reasonable measures to ensure that your credit card and personal information are protected when you purchase online. We also recommend that you take appropriate security precautions when accessing the Internet via public Wi-Fi networks or shared computers.
iv. Links to other websites. Sometimes DISCO’s services will contain links to third party websites or services. We recommend that you review the privacy policies of each third party website or services you visit because DISCO is not responsible for privacy practices of that site.
This section applies if you are based in the European Economic Area (EEA) during your interactions with us and sets out the additional information that we are required to provide to you under the GDPR.
Under European data protection law, use of personal information must be based on one of a number of legal grounds and we are required to set out the grounds in respect of each use. We can only process personal data when the processing is permitted by the specific legal ground set out in the law.
In the table below, we have set out the relevant grounds that apply to each purpose of data processing that is mentioned in this Privacy Statement. You can find an explanation of each of the legal grounds for use of personal information below.
|Purposes of the data processing||Use bases|
|to provide DISCO’s services to you and to provide you with information about DISCO’s products and services from time to time.||contract performance, legitimate interests (to allow us to perform our obligations and provide services to you|
|to facilitate your use of the DISCO service and App||contract performance, legitimate interests (to allow us to perform our obligations and provide services to you)|
|to provide you with information about the DISCO service and App||contract performance, legitimate interests (to allow us to perform our obligations and provide services to you)|
|To run DISCO’s internal analytics, improve the DISCO websites and services, including by means of product development and market and behavioural research||contract performance, legitimate interests (to allow us to maintain and improve the quality of our services and products)|
|To provide support services||contract performance, legal obligation, legitimate interests (to allow us to correspond with you in connection with our services)|
|To ensure website content is relevant, including ensuring that content from our websites is presented in the most effective manner for you and for your device.||contract performance, legitimate interests (to allow us to provide and improve our services)|
|For marketing purposes for the purposes of running DISCO’s internal data analytics||consent (which can be withdrawn at any time)|
|We may also combine the information that we collect and hold about you for the purposes of creating insights about you and customer segmentation.||contract performance, legitimate interests (to allow us to perform our obligations and provide services to you)|
|For legal and administrative purposes||contract performance, legal obligation, legal claims, legitimate interest (to allow us to guard against fraud and other unlawful activity)|
If you are based in the EEA during your interactions with us in addition to the rights outlined above, under certain conditions, you may have the right under the GDPR to ask us to:
In addition, under certain conditions, you have the right to:
You can exercise these rights by contacting us.
These rights are subject to certain exemptions to safeguard the public interest and our interests. We will respond to most requests within 30 days.
Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. When personal data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.
Where we transfer personal information from inside the EEA to outside the EEA, we may be required by law to take specific measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals, we will use appropriate safeguards to protect any personal information being transferred, such as EU Commission-approved model contractual clauses or binding corporate rules permitted by applicable legal requirements.
Use of personal information under the GDPR must be justified under one of a number of legal bases or grounds and we set those out here. The principle legal grounds that justify our use of your personal information are as follows: