01.
Introduction
Spotcha Technology is committed to protecting our customer's privacy. Please take the time to read this Privacy Policy which explains what information we collect about you, how we use it, and your rights. Spotcha Technology (“we” or “us” “our”) is the data controller of the personal data collected via or in connection with the Spotcha Platform www.tryspotcha.com and the Spotcha Mobile Application (Collectively. the Spotcha Platform and the Spotcha Mobile Application hereby referred to as the “Platform”). We understand that data protection is of importance to you. We are committed to complying with the Privacy laws of Australia. The use of the Platform is not possible without collecting your personal data. The collection, use, disclosure, and holding of Personal Information by Platform is in accordance to the Australian Data protection laws, primarily the Data Privacy Act, 1988.
This document contains insights into our practice concerning collection, use, disclosure, and holding of Personal Data, which is according to the Data Privacy Act, 1988. This Privacy Policy sets out the basis on which any personal data we collect from you or that you provide to us will be used.
You can read this Privacy Policy to familiarise yourself with the rights available to you concerning the protection of your personal data.
The Platform deploys state-of-the-art technology and adheres to Australian privacy principle 11, which prescribes security measures an organisation shall take to protect your personal data. The Platform ensures where a third party is involved in storage or transmission of the data that the third party mentioned thereof adheres to the best industry practices concerning data management and protection. Although internet-based technology is vulnerable to cyberattacks, therefore we cannot guarantee absolute protection.
02.
What personal data do we collect about you?
We collect personal data from you when you provide it to us directly and through your use of the Platform. This information may include:
2.1Information you provide to us when you use our Platform (e.g. your name, e-mail, address, date of birth, gender, and mobile phone number, documents related to your parking spaces and other documents such as 100 points of ID, Drivers licence or passport as well as valid and legal proof of address, utility bills, details of your cars and any information which you add to your account profile).
2.2Transaction and billing information, if you make any bookings on the Platform (e.g. credit/debit card details and delivery information).
2.3Records of your interactions with us (e.g. if you contact our customer service team, interact with us on social media).
2.4Information you provide us when you enter a competition or participate in a survey.
2.5GPS location.
2.6Geographic location (city).
2.7Information collected automatically, using cookies and other tracking technologies (e.g. which pages you viewed and whether you clicked on a link in one of our e-mail updates). We may also collect information about the device you use to access our Platform.
2.8Other information necessary to provide the Platform, for example we may access your location if you give us your consent.
03.
Personal data use
Depending on how you use our Platform, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:
3.1.1 To make bookings and maintain your online account.
3.1.2 To manage and respond to any queries or complaints to our customer service team.
3.1.3 To personalise the Platform to you and show you content we think you will be most interested in, based on your account information, your purchase history and your browsing activity.
3.1.4 To improve and maintain the Platform and monitor its usage.
3.1.5 For market research, e.g. we may contact you for feedback about our products.
3.1.6 To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so.
3.1.7 For security purposes, to investigate fraud and where necessary to protect ourselves and third parties.
3.1.8 To comply with our legal and regulatory obligations.
We rely on the following legal basis, under data protection law, to process your personal data:
3.2.1 Because the processing is necessary to perform a contract with you or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use your personal data to process the payment and fulfil your order).
3.2.2 Because we have obtained your consent (e.g. where you contact us with a query, where you add optional information to your account profile, or if you consent to receive marketing from us).
3.2.3 We use information about you to tailor your view of the Platform, to make it more interesting and relevant in respect of the services and offers on view
Government-related identifiers shall only be used or disclosed where necessary for verification and to provide services to you.
04.
Marketing
Depending upon your marketing preferences, we may use your personal data to send you marketing messages by e-mail, phone or post. Some of these messages may be tailored to you, based on your previous browsing or purchase activity, and other information we hold about you.
If you no longer want to receive marketing communications from us (or would like to opt back in) you can change your preferences at any time. You can contact us or click on the ‘unsubscribe’ link in any e-mail, or update your settings in your account. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (e.g. order and delivery confirmations, and information about your legal rights).
You may also see ads for our Platform on third party websites, including on social media. These ads may be tailored to you using cookies (which track your web activity, to enable us to serve ads to customers who have visited our Platform). Where you see an ad on social media, this may be because we have engaged the social network to show ads to our customers, or users who match the demographic profile of our customers. In some cases, this may involve sharing your e-mail address with the social network. If you no longer want to see tailored ads, you can change your cookie and privacy settings on your browser and these third-party websites.
05.
Who do we share this personal data with?
We share customer’s personal data with third parties in the following circumstances:
5.1 With other companies as necessary to operate the Platform.
5.2 With our suppliers and service providers working for us, e.g. payment processors and delivery companies.
5.3 With our professional and legal advisors.
5.4 With third parties engaged in fraud prevention and detection.
5.5 We may also disclose your personal data if required to do so by law or in a good faith belief that such access, preservation, or disclosure is reasonably necessary for under the Data Privacy Act, 1988.
If we sell any business assets, the personal data of our customers may be disclosed to a potential buyer. In this event, we will make reasonable attempts to ensure the buyer will be bound by the terms of this Privacy Policy. Otherwise where we have your consent or are otherwise legally permitted to do so.
06.
Where do we store the collected information?
We store the collected information in GoDaddy servers who is our partner third-party service provider. However, there may be a scenario wherein we may have to transmit your personal data we collect to the third-party service provider. Such sharing of personal data with third parties shall be solely for the purposes mentioned in this Privacy Policy. Sharing of your personal data shall be essential for providing services to you according to the terms and conditions of our Platform. In the situation above, we shall ensure that the third party complies with the principles stated in the Data Privacy Act, 1988, or the Australian Privacy Principles.
By sending a request to info@tryspotcha.com the User shall access the details regarding such appropriate safeguards.
07.
How secure is the information?
7.1 We work to protect the security of your information during transmission by using
7.2 We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information (including sensitive personal information). Our security procedures mean that We may occasionally request proof of identity before We disclose personal information to you.
7.3 We believe in state-of-the-art security technology for protecting our Platform from any cyber-attacks or similar scenarios. Therefore, We deploy advanced technology to our Platform for providing products through the Platform so that our users can use without any consternations regarding cybersecurity issues.
7.4 However, the internet is not bereft of cyber-attacks, which have collapsed the best of technologies. We try our best to ensure the data you transmit through the Platform is secured, and no unauthorised access could be made to the data we store. We do not warrant and represent that your data is unbreachable.
08.
Storage and retention
We will keep your personal data for as long as we need it for the purposes set out above, and so this period will vary depending on your interactions with us. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. We may also keep a record of correspondence with you (for example if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Where we no longer have a need to keep your information, we will delete it. Please note that where you unsubscribe from our marketing communications, we will keep a record of your e-mail address to ensure we do not send you marketing e-mails in future.
09.
Rights concerning information collected
9.1 You have the right to access your personal data, which is held by us subject to exceptions permitted by law.
9.2 Such a request shall be in writing for record purposes and be sent to our e-mail provided below. We reserve the right to charge a fee for searching for and providing access to, your information on a per request basis.
9.3 You may request the correction of your inaccurate personal data or other information you provide us by placing a request using the contact details provided below.
10.
What choices do I have?
10.1 You have the option of not providing us with your personal data, although this may lead to you not being able to access the Platform.
10.2 You can opt-out of the e-mail communications vis-à-vis promotional or advertisement e-mail we occasionally send to you. If you do not want to receive email or other mail from us, please place a request with us using the contact information provided below. It is your responsibility to review our terms and Privacy Policy to keep yourself updated of any amendments to these documents.
10.3 We may engage third parties for providing services through the Platform to you. It may entail disclosing information, which includes personal data.
11.
Payment method: data protection provisions about the use of third-party payment processors
12.
Data protection provisions about the application and use of [third party application]
13.
Website hosting partner godaddy
We use GoDaddy, a third-party server, to host our Platform. You can locate GoDaddy’s privacy policy here . Your personal data is stored onto GoDaddy servers. Our Platform automatically logs the IP address you use to access our Platform. As the GoDaddy server is located in the US, your information is transferred outside of the European Economic Area (EAA).
14.
Data protection provisions about the application and use of linkedin
The controller has integrated components of the LinkedIn Corporation on this Platform. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.
The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.
With each call-up to one of the individual pages of this Platform, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn.Further information about the LinkedIn plug-in may be accessed under plugins.During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our Platform was visited by the data subject.
If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our Platform by the data subject—and for the entire duration of their stay on our Platform—which specific sub-page of our Platform page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our Platform, then LinkedIn assigns this information to the personal LinkedIn user account of the data subjectand stores the personal data.
LinkedIn receives information via the LinkedIn component that the data subject has visited our Platform, provided that the data subject is logged in at LinkedIn at the time of the call-up to our Platform. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our Platform is made.
LinkedIn provides under guest-controls the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. The setting of such cookies may be denied under cookie-policy . The applicable privacy policy for LinkedIn is available under privacy-policy.
15.
Data protection provisions about the application and use of twitter
On this Platform, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 280 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.
With each call-up to one of the individual pages of this Platform, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter.
Further information about the Twitter buttons is available under buttons .
During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our Platform was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this Platform to allow our users to introduce this Platform page to the digital world and increase our visitor numbers.
If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our Platform by the data subject and for the entire duration of their stay on our Platform which specific sub-page of our Platform page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our Platform, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.
Twitter receives information via the Twitter component that the data subject has visited our Platform, provided that the data subject is logged in on Twitter at the time of the call-up to our Platform. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our Platform is made.
The applicable data protection provisions of Twitter may be accessed under privacy.
16.
Data protection provisions about the application and use of instagram
On this Platform, the controller has integrated components of the service Instagram. Instagram is a service that may be qualified as an audio-visual platform, which allows users to share photos and videos, as well as disseminate such data in other social networks. The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, UNITED STATES.
With each call-up to one of the individual pages of this Platform, which is operated by the controller and on which an Instagram component (Instagram button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our Platform was visited by the data subject.
If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our Platform by the data subject—and for the entire duration of their stay on our Platform—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our Platform, then Instagram matches this
information with the personal Instagram user account of the data subject and stores the personal data.
Instagram receives information via the Instagram component that the data subject has visited our Platform provided that the data subject is logged in at Instagram at the time of the call to our Platform. This occurs regardless of whether the person clicks on the Instagram button or not. If such transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our Platform is made.
Further information and the applicable data protection provisions of Instagram may be retrieved under www.instagram.com and privacy/.
17.
Data protection provisions about the application and use of facebook
On this Platform, the controller has integrated components of the enterprise Facebook. Facebook is a social network.
A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Platform, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under plugins . During the course of this technical procedure, Facebook is made aware of what specific sub-site of our Platform was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Platform page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our Platform, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our Platform by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our Platform. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our Platform is made.
The data protection guideline published by Facebook, which is available at facebook/ , provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook, e.g. the Facebook blocker of the provider Webgraph, which may be obtained under facebookblocker. These applications may be used by the data subject to eliminate a data transmission to Facebook.
18.
Data protection provisions about the application and use of google analytics (with anonymisation function)
On this Platform, the controller has integrated the component of Google Analytics (with the anonymiser function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimisation of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics the controller uses the application “_gat. _anonymize”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our Platform and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Platform for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyse the use of our Platform. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google
Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our Platform by the data subject. With each visit to our Platform, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this Platform, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link gaoptout and install it.
This browser add-on tells Google Analytics through a JavaScript that any data and information about the visits of Website may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com and under terms. Google Analytics is further explained under the following Link analytics.
19.
Children
Our Platform is not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18.
20.
Cookies
Our Platform uses cookies and similar technologies to provide certain functionality to the Platform, to understand and measure its performance, and to deliver targeted advertising.
21.
Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.
22.
Provision of personal data as statutory or contractual requirement; requirement necessary to enter into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when we sign a contract with him or her.
The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact our Data Protection Officer. Our Data Protection Officer clarifies to the data subject whether the provision of the personal data is required by law, contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
23.
Contact us
If you have any queries on any aspect of our Privacy Policy, please contact our Data Protection Officer at info@tryspotcha.com .