Your privacy is important to us. It is our policy to respect your privacy regarding any information we may collect from you across our website, https://govisually.com. We are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”) and by the General Data Protection Regulation (2016/679) (“GDPR”) and national laws implementing or supplementing it.

1. Personal Data we collect

“Personal Data” includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your full name and email address. It may also include financial information, including your credit card information. This data is considered “identifying information”, as it can personally identify you.

We only request Personal Data when you interact with our services-like signing up for an account, making use of our platform features, paying for access, or subscribing to our blog. We only use collected Personal Data in the context of providing or improving these services.

2. How we collect information

We collect information by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.

(1) Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. This data is considered “non-identifying information”, as it does not personally identify you on its own. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details. We may also collect data about the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

(2) Registration

We may ask for Personal Data, such as your:

This data is considered “identifying information”, as it can personally identify you.

We do not store your credit card information on our system. We use industry leader Stripe for our payment processing. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.

We only request this information when you interact with our services-like signing up for an account, making use of our platform features, paying for access, or subscribing to our blog. We only use collected Personal Data in the context of providing or improving these services.

(3) Business Data

Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.

3. Use of Information

We may use a combination of identifying and non-identifying information to understand who our visitors are, how they use our services, and how we may improve their experience of our website in future. We also use this information to gain insights into demographics, product and service popularity, and the effectiveness of our marketing activity. We do not disclose the specifics of this information publicly, but may share aggregated and anonymised versions of this information, for example, in website and customer usage trend reports.

We primarily use your Personal Data for the purposes of granting you access to engage with certain areas of our site, to charge you for your subscription, and to notify you of any changes to your account and service.

We may use your Personal Data to contact you with updates about our website and services, along with promotional content that we believe may be of interest to you. If you wish to opt out of receiving promotional content, you can follow the “unsubscribe” instructions provided alongside any promotional correspondence from us.

4. Data Processing and Storage

We use a top-tier data centre that maintains several industry recognized certifications, including SAE16 SOC-1 Type II PCI, and more. Our servers are located in California, USA. We store image data on Amazon’s AWS data centres. They’ve devoted an entire portion of their site to explaining their security measures, which you can find here.

We only retain Personal Data and business data for as long as necessary to provide a service, or to improve our services in future. While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee absolute data security.

If you request your Personal Data to be deleted, or where your Personal Data becomes no longer relevant to our operations, we will erase it from our system within a reasonable timeframe.

5. Third-Party access to Information

We use third-party services for:

These services may access our data solely for the purpose of performing specific tasks on our behalf. We do not share any personally identifying information with them without your explicit consent. We do not give them permission to disclose or use any of our data for any other purpose. We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function. We only work with external agencies whose privacy policies align with ours.

We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.

We do not otherwise share or supply Personal Data to third parties. We do not sell or rent your Personal Data to marketers or third parties.

6. Use of Third-Party Services

In addition to other third-party service providers, we use the following third-party service providers with respect to data processing relating to your use of our services:

(1) Intercom

We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some Personal Data like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyses your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom’s use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, and website URLs to enhance your user experience. For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms. If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.

(2) Hotjar

Hotjar is a web analysis service provided by Hotjar Ltd (“Hotjar”). Hotjar utilizes the data collected to track and examine the use of this application, to prepare reports on its activities. Hotjar uses a variety of services hosted by third parties, such as Google Analytics and Optimizely. These services may collect information sent by your browser as part of a web page request, such as cookies or your IP request.

The information collected can only be accessible by users designated on the client’s Hotjar account. It may also be accessible by Hotjar and Amazon Web Services in certain limited circumstances. Other than explained in this section, Hotjar do not rent, sell or disclose your Personal Data to third parties, for their own use. Hotjar is run by Hotjar Ltd, a European start-up incorporated in and headquartered in Malta. For more details, please visit Hotjar Privacy Policy at this address https://www.hotjar.com/privacy. If you would like to opt out of having this information collected by Hotjar for us, please contact us.

(3) Postmark

Postmark is a third-party communication services which is used by us mainly for transactional emails as part of your interaction with our business. We always provide an option for you to unsubscribe from the email itself in every interaction we have. Postmark captures essential information from you that includes name, email address, IP address and email content to enhance the user experience. For more details, please visit https://wildbit.com/privacy-policy

(4) Mailchimp

Mailchimp is an email marketing sending service provided by The Rocket Science Group LLC. For more information on the privacy practices of Mailchimp, please visit their Privacy policy: https://mailchimp.com/legal/privacy/

(5) Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

(6) Stripe

We use Stripe as a payment processor. We will not store or collect your payment card details. That information is provided directly to Stripe whose use of Your personal information is governed by their Privacy Policy. Stripe adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information. Their Privacy Policy can be viewed at https://stripe.com/us/privacy

7. Limits of our Policy

This privacy policy covers you only if: 

(a) you are a visitor to our website;

(b) you are a customer or you register to use our services (for example, by creating an account); or

(c) we have received your Personal Data in connection with our marketing activities.

We are the controller of your Personal Data to the extent that the above applies to you.

For clarity, this privacy policy does not apply to any data collected by our customers even if it’s processed through our services. With respect to data collected by our customers, the customer is the controller and we are a processor. We may process the data collected by our customers sent to us only in accordance with the instructions of our customers.

Our customers, not us, choose the type of data collected by our customers in using our services, and it is processed, transferred and stored through our customers use of our services. We may process the data collected by our customers only according to the instructions of our customers and our legal obligations with respect to the data collected is set forth in the agreement between us and our customers. The collection of data by our customers through our services is governed by our customers’ privacy policies, and if you have provided data to a customer then you should review the customer’s privacy policy to learn more about the customer’s data handling practices.

While we recognize that an individual has the right to access, delete and amend the data collected about that individual, we do not have a relationship with a person providing data to a customer but rather only with our customers. If you have provided data to a customer in using our services and you would like to access, amend or delete your data, then you need to contact the customer directly and we will respond within a reasonable period of time to any such request by our customer.

We only retain the data collected by our customers that we process on behalf of our customers for as long as necessary to provide our services to our customers or as required to comply with legal obligations, resolve disputes and enforce any agreement.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

8. Transfer of your Personal Data

Your information, including Personal Data, is processed at our operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. For example, some of the data servers used by us and our service providers are located in Australia and the United States.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

9. GDPR Privacy

GDPR compliant logo

9.1 Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

(a) Consent: You have given your consent for processing Personal Data for one or more specific purposes.

(b) Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.

(c) Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which we are subject.

(d) Vital interests: Processing Personal Data is necessary in order to protect your vital interests or of another natural person.

(e) Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in us.

(f) Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by us.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

If you have any questions about this section or would like to sign a DPA (Data Processing Agreement) with us, please contact us at [email protected].

9.2 Your Rights under the GDPR

We undertake to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights.

You have the right under this Privacy Policy, and by law if you are within the EU, to:

(a) Request access to your Personal Data. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. This also enables you to receive a copy of the Personal Data we hold about you.

(b) Request correction of the Personal Data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about You corrected.

(c) Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.

(d) Request erasure of your Personal Data. You have the right to ask us to delete or remove Personal Data when there is no good reason for us to continue processing it.

(e) Request the transfer of your Personal Data. We will provide to you, or to a third-party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

(f) Withdraw your consent. You have the right to withdraw your consent on using your Personal Data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our services.

9.3 Exercising of Your GDPR Data Protection Rights

You may exercise your rights of access, rectification, cancellation and opposition by contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.

You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, if you are in the European Economic Area (“EEA”), please contact your local data protection authority in the EEA.

10. Cookies

We use cookies, web beacons and other tracking technologies to collect certain information about your equipment, browsing actions, and patterns. Below we describe what are cookies and web beacons, why we use cookies and web beacons, the types of cookies and web beacons that we use as well as what you can do in order to manage and delete cookies and web beacons.

10.1 What are cookies and web beacons? 

(a) Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors to their websites. A cookie contains a unique number, which is used to recognize your computer or mobile device when you return to our website. Cookies can remain on your computer or mobile device for different periods of time. The cookies can be either “persistent” cookies or “session” cookies. Persistent cookies are stored by a web browser and remain valid until a set expiration date. Session cookies only exist while your internet browser is open and are automatically deleted once you close your browser.

(b) Web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) are small electronic files contained on pages of websites that permit companies to count users who have visited certain webpages on a website and are used for other related website statistics (e.g., recording the popularity of certain website content and verifying system and server integrity).

10.2 What do we use cookies and web beacons for? 

We use a variety of cookies, web beacons and other tracking technologies for different purposes. Specifically, we use cookies and web beacons to enhance the experience of our visitors to our website (for example, by remembering your preferences and letting you navigate between pages efficiently) and to better understand how our website is used. Cookies may tell us, for example, whether you have visited our website before or whether you are a new visitor.

10.3 What types of cookies and web beacons are used by us? 

We use both first-party and third-party cookies and web beacons. First-party cookies and web beacons are cookies and web beacons that are served directly by us to your computer or mobile device. Third-party cookies and web beacons are served by a third-party service provider on behalf of us. Third-party cookies are most commonly used for advertising and analytics purposes.

There are four categories of cookies and web beacons used by us. Specifically, we use essential, performance, functionality and advertising cookies and web beacons.

(a) Essential cookies, web beacons and other tracking technologies are necessary for the operation of our website. These tracking technologies enable you to move around on our website and use our website’s features. You may not opt-out of these types of cookies because they are required to operate our website.

(b) Performance cookies, web beacons and other tracking technologies collect information about how you have used our website. We use performance cookies, web beacons and other tracking technologies to improve the user experience with our website.

(c) Functionality cookies, web beacons and other tracking technologies allow us to remember how you are logged into our website, when you logged in or out and the actions you have taken while you have been logged into our website.

(d) Advertising cookies, web beacons and other tracking technologies are used by our third-party service providers to deliver advertising to you on other third-party websites as well as help measure the effectiveness of our advertising campaigns. We also use these types of cookies to analyse our website visits and ad conversions from third-party websites.

10.4 What are your choices about cookies?

It is your choice as to whether or not to accept cookies. Most browsers allow you to configure the browser settings so that cookies from websites cannot be placed on your computer or mobile device. If you choose not to accept cookies, then you may be able to continue browsing our website but we may not be able to provide you with certain features. If you would like further information about cookies and how to manage and delete them, please visit www.allaboutcookies.org or www.youronlinechoices.eu.

11. Changes to this Policy

At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If you are a registered user on https://govisually.com, we will notify you using the contact details saved in your account. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and Personal Data.

12. Your Rights and Responsibilities

As our user, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any Personal Data about you, and to request this information be deleted. You may amend your account information at any time, using the tools provided in your account control panel.

You are entitled to restrict or object to our use of your data, while retaining the right to use your Personal Data for your own purposes. You have the right to opt-out of data about you being used in decisions based solely on automated processing.

Feel free to contact us if you have any concerns or questions about how we handle your data and Personal Data.

This policy is effective as of 3 May 2021.

 

GDPR compliant - GDPR Tag