Application of privacy laws
From 12 March 2014, most private sector organisations in Australia must by law comply with the Australian Privacy Principles (APPs) arising from the Privacy Amendment (Enhancing Privacy Protection) Act 2012. We are bound by the APPs.
From 25 May 2018, we are also bound by the European Union’s (EU) General Data Protection Regulation (GDPR) if and when we collect personal information from individuals located in the EU.
For the purposes of the GDPR, Carthona Capital Pty Ltd atf the Carthona Capital Ventures Trust is the “data controller” of all personal information that is collected by the Carthona Group.
Collecting personal information
We only collect personal information that is necessary for our legitimate purposes, which includes performing our functions, developing and promoting our services and complying with our legal and regulatory obligations.
Generally, we collect personal information you voluntarily provide to us when you visit our website, call us, inquire about our services, apply to become an investor, or otherwise engage our services. The personal information we collect depends on the nature of your interactions with us and our website. For example, we may collect personal information such as your name, address, and contact details when you submit an online inquiry about our services, call us, or send us an email. We may collect additional personal information if you request a service that requires us to collect, for example, your financial details such as tax file numbers and credit related information. We do not collect sensitive information.
If you create an account on our website, we will collect your login credentials, including your password, password hint and similar security information used in the login process.
We may also collect personal information about individuals seeking employment with Carthona. This may include name, address, contact details, curriculum vitae and tax file numbers. If you are unsuccessful in your application, your personal information provided in conjunction with your job application interest will be destroyed immediately. However, interview notes of unsuccessful candidates are held for 12 months and then subsequently destroyed.
We may automatically collect certain information when you visit, use or navigate our website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our website and other technical information. This information is primarily needed to maintain the security and operation of our website, and for our internal analytics and reporting purposes.
We may also collect your personal information indirectly from third parties or other sources like public databases, or marketing partners, for legitimate purposes, including for the purpose of providing our services to you. These third parties may include:
- Financial planners;
- Lawyers; and
- Other Australian Financial Services Licence (AFSL) holders.
While we take great care to protect your personal information on our website or sent via email, unfortunately no data transmission over the internet can be guaranteed to be 100 per cent secure. Accordingly, we cannot ensure or warrant the security of any information you send to us or receive from us online. This is particularly true for information you send to us via email. We have no way of guaranteeing that information is protected in transit. Once we receive your information, we make our best effort to ensure its security in our possession. If you are concerned about providing personal or confidential information online, you may prefer to contact us by telephone or mail.
Your rights and preferences
In certain circumstances, and to the extent that the GDPR applies to you, you have the following rights in relation to your personal information:
- Right of Access – you have the right to be informed of and request access to a copy of the personal information we collect, hold, use, process, or disclose about you. In most circumstances, we will not charge you a fee to access your personal information. If you make excessive or unfounded requests however, we may charge you a reasonable fee;
- Right to Rectification – you have the right to request that we amend or update your personal information if it is inaccurate or incomplete;
- Right to Erasure – you have the right to ask that we delete your personal information where there is no good reason for us continuing to process it;
- Right to Restrict – you have the right to ask that we stop or suspend processing all or some of your personal information;
- General Right to Object – where we collect, store, use, process, or disclose your information for our legitimate interests (that is, to carry out our business), you have the right to object to us processing your personal information if something about your particular situation gives rise to the objection;
- Right to Object to Direct Marketing – you have the right to object at any time to your personal information being collected, used, stored, processed, or disclosed for direct marketing purposes;
- Right to Data Portability – you have the right to request a copy of your personal information in electronic format and can transmit that personal information to someone else;
- Right not to be subject to automated decision-making – you have the right to not be subject to a decision based solely on automated decision making, including profiling;
- Right to Withdraw Consent – if you have provided your consent for our collection, storage, use, processing, or disclosure of your personal information for a particular purpose, you may withdraw your consent at any time; and
- Right to Lodge a Complaint – if you are unhappy with the way we are using your personal data you can also contact, and are free to lodge a complaint with, the Office of the Australian Information Commissioner or with a supervisory authority in the relevant Member State of the European Union of your habitual residence, place of work or place of the alleged infringement, as appropriate.
If you want to exercise any of these rights, please contact us in writing on the contact details below.
You may unsubscribe from our marketing email list at any time by following the instructions in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list. However, we may still need to send you service or administrative related emails that are necessary for the administration and use of our services or your account.
Like many websites, when you visit our website our server may attach a small data file known as a “cookie” to your hard drive.
Use of personal information
We use personal information we collect for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests (“Business Purposes”), in order to enter into or perform a contract with you (“Contractual Reasons”), with your consent (“Consent”), and/or for compliance with our legal obligations (“Legal Reasons”). We indicate the specific processing grounds we rely on next to each purpose listed below.
- To send you marketing and promotional communications [for Business Purposes and/or with your Consent]. We and/or our third party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time (see the ‘Your rights and preferences’ above).
- To send administrative information to you [for Business Purposes, Legal Reasons and/or Contractual Reasons]. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
- To provide services you have requested [for Contractual Reasons]. We may use your information to provide services to you.
- Deliver targeted advertising to you [for our Business Purposes and/or with your Consent]. We may use your information to develop and display content and advertising (and work with third parties who do so) tailored to your interests and/or location and to measure its effectiveness. For more information, see the section entitled ‘Cookies’ above.
- Request Feedback [for our Business Purposes and/or with your Consent]. We may use your information to request feedback and to contact you about your use of our websites or services.
- To protect our website and online platform [for Business Purposes and/or Legal Reasons]. We may use your information as part of our efforts to keep our website and the Carthona platform safe and secure (for example, for fraud monitoring and prevention).
- To enable user-to-user communications [with your Consent]. We may use your information in order to enable user-to-user communications with each user’s consent.
- To enforce our terms, conditions and policies [for Business Purposes, Legal Reasons and/or possibly Contractual Reasons].
- To respond to legal requests and prevent harm [for Legal Reasons]. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
For other Business Purposes. We may use your information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our website, products, services, marketing and your experience.
Disclosure of Personal Information
To make sure we can meet your specific needs and for the purposes described in ‘Use of personal information’, we may need to share your personal information with others. We may share your information with other organisations for any purposes for which we use your information.
We may share and disclose your information in the following situations:
- Other AFSL holders. We may disclose your information to other AFSL holders that act as a trustee or custodian, or are a responsible entity in respect of our transaction.
- Compliance with Laws. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests and Legal Rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Third-Party Advertisers. We may use third-party advertising companies to serve ads when you visit the website. These companies may use information about your visits to our website and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you.
- Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.
With your Consent. We may disclose your personal information for any other purpose with your consent.
International transfers of your information
We may disclose and store your personal information with our database provider, which hosts our information in the US. In those circumstances we will ensure that the transfer of your personal information is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place to ensure that any third party is committed to protecting your privacy and complying with a law or scheme which has the same or similar effect as the APPs or the GDPR.
Security, accuracy and storage of your personal information
Irrespective of whether personal information is stored electronically or in hard copy form, we follow strict procedures to protect the personal information we hold from misuse and loss and from unauthorized access, modification or disclosure.
It is important that we use only your correct information, as such we would ask that if you find our information to be out-of-date or inaccurate could you please advise us, using the contact details set out below, so that corrections can be made.
We keep your personal information only as long as is necessary to provide you with our services, or for other legitimate purposes, like making data-driven business decisions, complying with our legal obligations, and resolving disputes.
When we no longer require your information we will either securely delete or destroy it, or will anonymise it.
Other websites linked to our site
From time to time our website may provide links to third party websites or third party websites may link to our website. These linked sites are not under our control and we are not responsible for the conduct of companies linked to our website. Before disclosing your personal information to any other website, you should examine the terms and conditions for using these websites and the privacy policies applicable.
Personal information of minors
We do not knowingly solicit data from or market to children under 18 years of age. By using the website, you represent that you are at least 18 years old or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the website or our services. If we learn that personal information from users less than 18 years of age has been collected, we will take reasonable measures to promptly delete such data from our records and deactivate any account that has been created using that information. If you become aware of any data we have collected from children under age 18, please contact us using the contact details below.
Feedback, Queries and Complaints
Carthona have established an internal process for handling customer feedback, queries and complaints (including matters involving compliance with privacy laws). This resolution mechanism is designed to be fair and timely to all parties and is free of charge. If you have a query about Carthona’s handling of your personal information, you should submit it in writing to the address specified below. You will typically receive a letter or email from us within seven days which sets out an overview of how your query will be responded to. We aim to resolve your query within 28 days of receipt.
If you have any questions or feedback about privacy, or the way in which we handle your personal information or if you wish to access any personal information you may contact us in the following way:
The Privacy Officer
Level 13, 88 Phillip Street
Sydney NSW 2000
Telephone: 02 8072 0621
Carthona Capital Pty Ltd atf Carthona Capital Ventures Trust
ABN: 68 418 945 959