SECOLVE PRIVACY POLICY
Last updated in September 2025
Secolve is committed to respecting and protecting your privacy. This Privacy Policy describes the types of Personal Information (as defined below) we collect, the purposes for which we collect and use it, who we may share it with, and the measures we take to protect it. It also provides information about your rights in relation to your Personal Information and how you can contact us. Please read it carefully.
This Privacy Policy may be changed from time to time. All changes will be communicated by publishing a copy of the updated Privacy Policy on our website.
1. Introduction and scope
1.1 We are Secolve Pty Ltd ACN 641 376 927, operating as the trustee for Secolve 20 Unit Trust, together with our related entities and affiliates (collectively, “Secolve”). In this Privacy Policy, references to “we”, “us”, and “our” mean one or more members of the Secolve group of companies.
1.2 Secolve provides consulting services as well as e-learning materials relating to cyber security awareness training. Secolve maintains a website (the “Site”) which includes information about Secolve and the services it provides. The Site may also include general resources about cyber security awareness training including, but not limited to, white papers, case studies, data sheets, press releases, videos and webinars.
1.3 For those who purchase or otherwise interact with our products/services and/or our e-learning materials, all visitors to the Site, and all other individuals with whom we communicate in the course of running our business (each referred to as “you” and “your”), we are the controller of your Personal Information. This means that we decide which information and Personal Information we collect, and how to use it. The measures and rights set out in this Privacy Policy apply only where we are the controller of your Personal Information.
1.4 However, in some cases we act as a processor. For example, where we provide services to our corporate clients for their employees, we process learner data only on behalf of, and in accordance with the instructions of, those clients.
1.5 Our services are not directed to or intended for children. We do not knowingly collect Personal Information relating to children under 13 (or under 16 where applicable data protection laws require a higher age).
1.6 We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
1.6.1 United Kingdom (UK)
1.6.2 European Union (EU)
1.7 Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter, or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/16633505665. Please add the following subject to all correspondence: Secolve Pty Ltd ATF Secolve20 Unit Trust (16633505665).
1.8 Legal requirements relating to data vary by country. Whilst we adopt a global approach to data compliance as far as possible, certain sections of this Privacy Policy will only apply to residents of certain jurisdictions. Where this is the case, it is indicated clearly below.
2 Meaning of Personal Information
2.1 Under the Australian Privacy Act 1988 (Cth) (“APA”), “Personal Information” means “Information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.”
2.2 Under the General Data Protection Regulation (EU) 2016/679) (“GDPR”), and the retained version of the same regulation in the UK (“UK GDPR”), “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.3 Under the California Consumer Privacy Act of 2018 (“CCPA”), “Personal information” is defined as information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.
2.4 For the purposes of this Privacy Policy, we use the term “Personal Information” to refer to:
2.4.1 Personal Information as defined in the APA;
2.4.2 Personal Data as defined in the GDPR and the UK GDPR; and
2.4.3 Personal Information as defined in the CCPA.
If you are a resident of the UK or the EEA, your rights will be applicable only in respect of Personal Data, as defined above. If you are a resident of California, your rights will be applicable only in respect of Personal Information as defined in the CCPA.
3 What we collect, how we collect it, and what we do with it
3.1 The Personal Information we collect from you, and how we collect it, will depend on the service you are purchasing and the way you interact with us.
3.2 The table below sets out what we collect, how we collect it and what we do with it. We may state a more specific additional purpose when we collect your Personal Information.
3.3 In some jurisdictions (in particular the UK and EEA), we are required to identify a legal justification (also known as a “Lawful Basis”) for collecting and using your Personal Information, in addition to describing the purpose. There are six Lawful Bases that organisations can rely on. The most relevant of these to us are where we use your Personal Information to:
3.3.1 Fulfil a contract that we have with you as an individual (“Contract”);
3.3.2 Comply with our legal obligations (“Legal Obligation”);
3.3.3 Pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (“Legitimate Interests”); or
3.3.4 Do something for which you have given your consent (“Consent”).
3.4 Where we use your information for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms.
3.5 We may collect, use, store and transfer different kinds of Personal Information about you which we have grouped together as follows:
3.5.1 ‘Identity Data’ includes first name, last name, title, job title, company, location;
3.5.2 ‘Contact Data’ includes billing address, email address and telephone numbers;
3.5.3 ‘Financial Data’ includes bank account and payment card details (through our third-party payment processor, Stripe);
3.5.4 ‘Transaction Data’ includes details about payments to and from you, and other details of products and services you have purchased from us;
3.5.5 ‘Technical Data’ includes internet protocol (IP) address, your login data for our services, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, browser session data, webpage from which you came, webpage(s) or content you accessed, navigational and log data, information about your access and use of our Site and services, including through the use of internet cookies, time zone settings and geolocation, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Site;
3.5.6 ‘Profile Data’ includes your username or similar identifier, password, your interests, preferences, feedback;
3.5.7 ‘Usage Data’ includes information about how you use our Site, products and services including session times, login and logout times, content accessed, course completion progress, quiz results;
3.5.8 ‘Project Data’ includes any personal data contained within data, documents, files, communications, transaction records, stored files, analytics data, metrics, or other materials that you (or your authorised users) submit, upload, store, transmit, create, generate, or otherwise process when using our services; and
3.5.9 ‘Marketing and Communications Data’ includes your preferences in receiving marketing from us and our third parties and your communication preferences
3.6 The table below includes the Lawful Basis we rely on when we process your Personal Information, which will be appliable only to UK and EEU Data Subjects.
PURPOSE OF USE / DISCLOSURE | PERSONAL DATA CATEGORIES | LEGAL BASIS FOR PROCESSING UNDER THE GDPR |
● To register you as a new customer either directly or via our trusted partners and resellers, including to communicate with you when you book a free trial | ● Identity Data ● Contact Data ● Profile Data | ● Performance of a contract with you ● To comply with a legal obligation with our partners and resellers |
● To contact and communicate with you, including managing our relationship, providing support, responding to enquiries, recording your preferences, and keeping you informed about changes, updates, events, and other relevant matters. | ● Identity Data ● Contact Data ● Profile Data ● Usage Data ● Project Data ● Marketing and Communications Data | ● Performance of a contract with you ● Legitimate interests: to ensure we provide the best client experience (for example, to communicate transactional messages), maintain engagement and improve our services |
● For internal record-keeping and administrative purposes, including invoicing, billing, maintaining our business records, and updating your account details. | ● Identity Data ● Contact Data ● Financial Data ● Profile Data ● Transaction Data ● Usage Data ● Project Data ● Marketing and Communications Data | ● Performance of a contract with you ● To comply with a legal obligation ● Legitimate interests: to recover debts, manage terms of business, and ensure the effective administration of our services (for example, to keep our records updated, to study how customers use our products or services, to recover debts, manage terms of business, and handle other administrative matters) |
● To manage your account and subscription or access to our e-learning materials, enable logging in to our services, and customize your use of our services | ● Identity Data ● Contact Data ● Profile Data ● Transaction Data ● Usage Data ● Marketing and Communications Data | ● Performance of a contract with you ● Legitimate interests: to facilitate engagement with our business and services |
● To administer and protect our business and our platform (including troubleshooting, data analysis, testing, system maintenance, validating against fraudulent transactions, support, reporting and hosting of data) | ● Identity Data ● Contact Data ● Technical Data | ● Necessary for our legitimate interests (for example, running our business, providing and administering IT services, and preventing fraud) ● Necessary to comply with our legal obligations |
● To deliver relevant Site content to you and measure or understand the effectiveness of our content | ● Identity Data ● Contact Data ● Marketing and Communications Data | ● Necessary for our legitimate interests (for example, to study how customers use our products or services, to develop them, grow our business, and inform our marketing strategy) |
● To provide and deliver our products and services in accordance with your instructions, including (i) hosting and delivering e-learning materials to you or your authorised users; and (ii) providing consulting services to you, including undertaking security analysis, fraud prevention and testing | ● Identity Data ● Contact Data ● Usage Data ● Project Data | ● Performance of a contract with you ● Legitimate interests: to operate, maintain and improve our services ● To comply with a legal obligation (where applicable, e.g. lawful disclosure requests) |
● To use data analytics to improve our website, platform and other products or services, marketing, customer relationships and experiences | ● Technical Data ● Usage Data ● Project Data ● Marketing and Communications Data | ● Necessary for our legitimate interests (for example, to define types of customers for our products/services, to keep our website updated and relevant, to develop our business and e-learning materials) |
● To comply with our legal obligations, resolve any disputes or if otherwise required or authorised by law. | ● All relevant Personal Information | ● To comply with a legal obligation |
3.8.3 where we retain information to enable us to bring or defend legal claims; and/or
3.8.4 where we are required to assist government and law enforcement agencies or regulators, including in relation to any eligible data breach declarations by any of them.
4 Anonymised and aggregated data
4.1 We may anonymise the Personal Information we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users responded to a specific survey). Data protection laws do not govern the use of aggregated data and the various rights described below do not apply to it.
5 Use of cookies
5.1 Cookies are small text files that we store on your browser, or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer’s hard drive.
5.2 We use our own cookies to keep track of your use of our Site, designed to provide a better user experience for you. We also use third party cookies. The following cookies are used on our Website:
5.2.1 Necessary cookies. These are cookies that are required for the operation of the Site. These essential cookies are always enabled because the Site will not work properly without them. They include, for example, cookies that enable certain security functions.
5.2.2 Preference cookies. These enable us to recognise you when you return to the Site, to personalise our content for you and remember your preferences.
5.2.3 Statistics cookies. These help us to understand how visitors interact with the Site. They include cookies that tell us how long people spend on the Site and the number of times they visit.
5.2.4 Marketing cookies. These are used to record your visit to the Site, to make the Site more relevant to your interests.
6 Security measures
6.1 We hold Personal Information electronically in the cloud, and may also hold Personal Information locally, including but not limited to on desktop computers, laptops and back-up hard drives.
6.2 We take all reasonable steps to ensure that your Personal Information is secure from any unauthorised access, misuse or disclosure. However, the transmission of information via the internet is not completely secure and we do not guarantee that Personal Information cannot be accessed by an unauthorised person or that unauthorised disclosure will not occur.
6.3 Our security measures include:
6.3.1 access controls and user authentication (including multi-factor authentication)
6.3.2 internal IT and network security
6.3.3 regular testing and review of our security measures
6.3.4 staff policies and training
6.3.5 incident and breach reporting processes
6.3.6 business continuity and disaster recovery processes
6.3.7 other industry standard safeguards
6.4 If there is an incident that has affected your Personal Information, we will notify the regulator and keep you informed (where required under applicable data protection law).
7 How long we keep your Personal Information
7.1 We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for.
7.2 To decide how long to keep Personal Information (also known as its retention period), we consider the volume, nature, and sensitivity of the Personal Information , the potential risk of harm to you if an incident were to happen, whether we require the Personal Information to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records for tax authorities).
7.3 We may keep identity data and certain other data (including any exchanges between us by email or any other means) for up to seven years after the end of our contractual relationship with you.
7.4 If you have asked for information from us or you have subscribed to our mail-out list, we keep your details until you ask us to stop contacting you.
8 Who we share your Personal Information with
8.1 We may share your Personal Information with the organisations listed below, for the specified reasons.
8.2 When we share your Personal Information with third parties to process your Personal Information on our behalf, we ensure that an appropriate Data Processing Agreement is in place, where required under applicable data protection laws.
Category of third party | Reason for sharing your Personal Information |
Service providers such as hosting providers and marketing agencies | We rely on these providers to conduct our business |
Contractors | To provide support for projects in our business |
Any authorised government or regulatory or self-regulatory authority or enforcement agency | If we are under a duty to disclose your Personal Information in order to comply with any legal obligation, or to protect the rights, property or safety of Secolve, its clients or others |
Professional advisers or contractors, such as our auditors, accountants, or lawyers or other professional consultants | To obtain relevant advice in running our business |
As part of or in connection with a sale of our business, or a merger, reorganisation, investment, change in control, transfer of substantial corporate assets, liquidation or similar transaction | For the purposes of the relevant transaction |
Affiliates and related companies | To provide the services |
9 Direct marketing
9.1 Where your active consent to receive marketing messages is required by applicable data protection laws, we will obtain such consent for this purpose. Otherwise, by providing us with your Personal Information, you consent to us using it to make contact with you on an ongoing basis to provide you with current information about our products and services, special offers you may find of interest, or new products or services being offered by us or one of our associated companies. This may be by telephone, mail, email, SMS and social media.
9.2 You may at any time decline to receive such information by contacting us as referred to in paragraph 2 below.
10 Contacting us and complaints
10.1 If you have questions, requests or concerns about your Personal Information or this Privacy Policy, please email us at [email protected]. We will take such steps as are reasonable to investigate any issues within a reasonable time of receipt. We will give you written notice of the investigations which have been carried out and the outcome.
10.2 Whilst you are entitled to submit a complaint to your local protection authority (in applicable jurisdictions) with any concerns, we would encourage you to contact us first so that we can try to address your concerns.
ADDITIONAL CLAUSES APPLICABLE TO RESIDENTS OF AUSTRALIA
10.3 If there is any inconsistency between this “Additional Clauses Applicable to Residents of Australia” section and the rest of the Privacy Policy, this section shall prevail.
11 Transfers of Personal Information out of Australia
11.1 Your Personal Information may be transferred overseas or stored overseas for a variety of reasons. We take reasonable steps to ensure that the terms of service with our overseas recipients recognise that we are bound by privacy obligations and that they will not do anything that would lead to a breach of those obligations.
11.2 However, if we transfer your Personal Information to a recipient in a country with data protection laws which are at least substantially similar to the Australian Privacy Principles (“APP”), and where there are mechanisms available to you to enforce protection of your Personal Information under that overseas law, we will not be liable for a breach of the APP if your Personal Information is mishandled in that jurisdiction.
12 Notifiable Data Breach Scheme (NDBS) pursuant to the APA
12.1 If there is a data breach and we are required to comply with the NDBS, we will take all reasonable steps to contain the suspected or known breach where possible and follow the process set out in this clause.
12.2 If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow all guidance published by the Office of the Australian Information Commissioner (“OAIC”) (if available) in making this assessment. If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved, or that any remedial action we take is effective in preventing serious harm from becoming likely, then we will not notify the affected individuals or the OAIC.
13 Your rights under the APP and the APA
13.1 If you are a resident of Australia, your data protection rights include:
13.1.1 Access to Personal Information.
(a) You can request access to your Personal Information, subject to certain exceptions. For example, we may, in accordance with the APP, refuse to provide you with access if, for instance, granting you such access would have a negative impact on the privacy of another person.
(b) We will endeavour to provide access in the manner requested by you if it is reasonable and practicable to do so, otherwise we will take such steps as are reasonable to provide access in a way that meets both your and our needs.
(c) We may charge you for providing access to your Personal Information. You will be advised of the relevant charge and asked to make payment prior to access being provided.
(d) If we refuse your request for access on any ground permitted by law, we will give you written notice in accordance with the APA, setting out the ground/s of the refusal (except to the extent that it would be unreasonable to do so) and the mechanisms to complain about the refusal.
13.1.2 Correction of Personal Information
(a) You can request corrections to any inaccurate, outdated, incomplete or misleading information regarding your Personal Information. If you request correction, we will address it within a reasonable timeframe and notify you of the outcome.
(b) Where Personal Information which has previously been disclosed to another organisation in accordance with the APA and this Privacy Policy has been corrected you may ask us to notify the other organisation of the correction. We will take such steps as are reasonable to give that notification unless it is impracticable or unlawful to do so.
(c) If we refuse your request to correct your Personal Information we will give you written notice in accordance with the APA, setting out the ground/s of the refusal (except to the extent that it would be unreasonable to do so) and the mechanisms to complain about the refusal.
(d) If we refuse your request to correct your Personal Information, you may request that we associate with your Personal Information in a statement that in your view the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will take such steps as are reasonable to associate the statement with your Personal Information in such a way that the statement will be apparent to users of the information.
(e) We have an independent obligation to take reasonable steps to correct Personal Information that is inaccurate, out-of-date, incomplete, irrelevant or misleading.
13.1.3 You can ask us to delete or de-identify your Personal Information if there is no good reason for us to continue holding it.
13.1.4 You can ask to have your Personal Information, where technically feasible, sent to another organisation, where we hold this Personal Information with your consent or for the performance of a contract with you.
13.1.5 You can ask us not to send you any marketing materials. However, we may still send you newsletters and updates about your account, if you are a business contact.
13.1.6 If you are unhappy with the way we collect and use your Personal Information , you can complain to the OAIC, but we would encourage you to contact us first so that we can try to address your concerns.
13.2 To contact us or submit requests in relation to any of the above, please email [email protected]. Please note that we may ask you to verify your identity before responding to such requests. If your request is particularly complex or requires a detailed search, we may charge you for dealing with it. Any such charge will be fair and reasonable, and we will let you know in advance what it is.
14 Automated decision making
14.1 Our Learning Management System (“LMS”) includes automated functions such as scoring and progress tracking. These do not have significant effects on you. Our systems and services do not impact contractual rights, legislative benefits, or access to essential services. These decisions do not create, alter, or deny any rights or entitlements. As such, they do not reach the threshold of significantly affecting individuals, and we do not provide additional disclosures related to automated decision-making.
15 Secondary purposes
15.1 The APP permits use of Personal Information for secondary purposes when those secondary purposes are related to the primary purpose of providing services to you.
15.2 Where permitted under the APP, we will use and share Personal Information we hold about you for the following secondary purposes:
15.2.1 Adding your details to our mail-out list to inform you of products and services which may affect or interest you;
15.2.2 Notifying you of any changes to our business or other news which may be relevant to your circumstances; and
15.2.3 Contacting you for sales purposes.
15.3 You can opt out of marketing and sales communications at any time by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. Otherwise, or to opt-out of other forms of marketing, please contact us at [email protected].
ADDITIONAL CLAUSES APPLICABLE TO RESIDENTS OF THE UK, THE EEA OR SWITZERLAND
16 Meaning of Personal Information
16.1 For ease of reference, the information set out in paragraph 2 of this Privacy Policy is repeated in this clause 16.1: under the General Data Protection Regulation (EU) 2016/679) (“GDPR”), and the retained version of the same regulation in the UK (“UK GDPR”), “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
16.2 For the purposes of this Privacy Policy, we use the term “Personal Information” to refer to Personal Data as defined in the GDPR. If you are a resident of the UK or the EEA, your rights will be applicable only in respect of Personal Data, as defined above.
16.3 If there is any inconsistency between this “Additional Clauses Applicable to Residents of the UK, the EEA Or Switzerland” section and the rest of the Privacy Policy, this section shall prevail.
17 International data transfers
17.1 We only transfer your Personal Information overseas where we are able to comply with applicable data protection laws. If you are located in the UK, the EEA or Switzerland (the “GDPR Area”), and we transfer your Personal Information outside of the EEA, UK or Switzerland, we will take appropriate measures to ensure that the recipient protects your Personal Information adequately in accordance with this Privacy Policy and all applicable UK, EU and Swiss data protection laws. These measures may include:
17.1.1 Ensuring that there is an adequacy decision in respect of the country to which the Personal Information is being transferred, which means that the applicable authority of the GDPR Area has concluded that the laws and practices of the destination country provide adequate protection for Personal Information;
17.1.2 The use of standard model contractual arrangements with the recipient of Personal Information which have been approved by the UK Information Commissioner, the European Commission or the Swiss Supervisory Authority, as appropriate (“SCCs”); and
17.1.3 The EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework.
18 Your rights regarding Personal Information
18.1 If you are a resident of the GDPR Area, your data protection rights are as follows:
18.1.1 You can request access of your Personal Information.
18.1.2 You can ask us to correct your Personal Information if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.
18.1.3 You can ask us to delete or remove your Personal Information if there is no good reason for us to continuing holding it or if you have asked us to stop using it. If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
18.1.4 You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information . If we think there is a good reason for us to keep using the information or for not complying with your request, we will let you know and explain our decision.
18.1.5You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. Otherwise, or to opt-out of other forms of marketing, please contact us using the email address below.
18.1.6 If you are unhappy with the way we collect and use your Personal Information, you can complain to the Information Commissioner’s Office, but we would encourage you to contact us first so that we can try to address your concerns.
18.2 To contact us or submit requests in relation to any of the above, please email [email protected]. As mentioned above, if you are located in the UK or the EU, our privacy representative is Prighter Group with its local partners. You can submit any privacy requests or concerns by visiting the following website: https://app.prighter.com/portal/16633505665. Please add the following subject to all correspondence: Secolve Pty Ltd ATF Secolve20 Unit Trust (16633505665).
18.3 If we have collected your Personal Information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on a Lawful Basis other than consent.
ADDITIONAL CLAUSES APPLICABLE TO RESIDENTS OF CALIFORNIA
19 Meaning of Personal Information
19.1 For ease of reference, the information set out in paragraph 3 of this Privacy Policy is repeated in this clause 19.1: Under the California Consumer Privacy Act of 2018 (“CCPA”), “Personal information” is defined as information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.
19.2 For the purposes of this Privacy Policy, we use the term “Personal Information” to refer to Personal Information as defined in the CCPA. Your rights will be applicable only in respect of Personal Information as defined in the CCPA.
19.3 The CCPA (as amended) provides consumers (California residents) with specific rights regarding the processing of their Personal Information. If you are a California resident, you may be subject to the following provisions. If there is any inconsistency between this “Additional Clauses Applicable to Residents of California” section and the rest of the Privacy Policy, this section shall prevail.
20 Categories of Personal Information collected
20.1 In the preceding 12 months we may have collected the following categories of Personal Information (as defined by the CCPA) about you. We may have collected this Personal Information directly from you, from third parties, and from your interactions with our services, software or applications, as outlined in this Privacy Policy:
20.1.1 Identifiers such as name, email address, address, and phone number;
20.1.2 Commercial information such as records of products or services purchased, and other transactional data;
20.1.3 Biometric information;
20.1.4 Internet or other similar network, browsing, or search activity such as technical data about your use of the Site or applications;
20.1.5 Geolocation data such as your approximate location based on IP address;
20.1.6 Audio, electric, visual, thermal, olfactory, or similar information such as such as photographs;
20.1.7 Professional or employment-related information;
20.1.8 Sensitive personal information, including:
(a) government identifiers (social security, driver’s license, state identification card, or passport number);
(b) complete account access credentials (usernames, account numbers, or card numbers combined with required access/security code or password);
(c) precise geolocation;
(d) racial or ethnic origin, religious or philosophical beliefs, or union membership;
(e) citizenship or immigration status (starting January 1, 2024);
(f) genetic data;
(g) mail, email, or text messages contents;
(h) unique identifying biometric information;
(i) health information; and/or
(j) sex life or sexual orientation information.
21 Purposes for collection
21.1 For details of the purposes for which we use the categories of Personal Information outlined above, please see the table in paragraph 3 of this Privacy Policy.
22 Who we share or have shared your Personal Information with, including for cross-context behavioural advertising
22.1 In the preceding 12 months, we may have disclosed the above categories of Personal Information to the categories of recipients listed in this Privacy Policy in line with the applicable purposes as described above.
22.2 We may also, in the preceding 12 months, have disclosed the above categories of Personal Information to third-party advertising partners, such as in connection with our use of tracking technologies, for cross-context behavioural advertising (so that we can display advertisements for products and services online), or by providing such advertising partners with lists of email addresses for potential customers. This may be considered “sharing” or a “sale” under the CCPA.
23 Sensitive Personal Information
23.1 In the preceding 12 months we have not collected, shared, or sold any sensitive Personal Information as described in the CCPA.
24 Your rights under the CCPA
24.1 If you are a resident of California and are entitled to protection under the CCPA, your data protection rights are as follows:
24.1.1 You have the right to know what Personal Information we collect, use, disclose, share and sell about you.
24.1.2 You have the right to request that we correct Personal Information we collect and maintain about you, if such Personal Information is inaccurate.
24.1.3 You have the right to request that we delete Personal Information we collect and maintain about you.
24.1.4 You have the right to opt-out of the sale or sharing of your Personal Information. We share Personal Information as described above, which may be considered a “sale” of Personal Information under the CCPA.
24.1.5 You have the right to limit the use or disclosure of your sensitive Personal Information. We do not collect, share, or sell sensitive Personal Information.
24.1.6 You have the right not to receive discriminatory treatment from us for exercising your privacy rights under the CCPA.
24.1.7 You have the right to designate an authorised agent to make a request on your behalf when exercising your privacy rights under the CCPA.
24.2 To contact us or submit requests in relation to any of the above, please email [email protected]. You can also click on the “unsubscribe” or “opt-out” link in any marketing e-mails we send you.
24.3 If you are an authorised agent making a request on behalf of a California consumer, please email your request to [email protected] and provide us the first name, last name, and email address of the California consumer you are making the request for. If you do not provide the requested information, we may not be able to identify the California consumer and process the request. The information you provide will be used only to help verify and process the request. We reserve the right to request that you demonstrate evidence of your authorisation, either by providing us with a signed permission form or a copy of your power-of-attorney document granting you such authority.
