Last Updated: May 2018
yesheis.com (the “Website”) and yesHEis mobile application (collectively referred to as “YHI”) is operated by CV Digital Pty Ltd ACN 169 709 808, an Australian registered company (“CV”, “we”, “our”, “us”).
CV is committed to protecting privacy. We understand that visitors and users of YHI are concerned about their privacy, and the confidentiality and security of any Personal Data that is provided.
Our contact details are:
Name: CV Digital Pty Ltd ACN 169 709 808
Address: PO Box 6361, Maroochydore BC, QLD 4558, Australia
Phone: +61 7 5477 1555
For Privacy Issues Email:email@example.com
For Customer Service Email: support@yesHEis.com
If You are based in the European Union, you can contact our European Union representative as follows:
Name: The Data Protection Officer, Christian Vision
Address: The Rock, International Drive, Solihull, B90 4WA, United Kingdom
Phone: +44 1675 435 500
1.3 Your Consent
2. Collection of Data
2.1 All Users
Whenever users (including non-member users) visit the Website, our servers automatically record information for statistical purposes about Your usage of the Website such as:
- the type of browser used;
- the referring URL;
- the number and type of pages viewed;
- the date and time of visits; and
- the exit URL.
This information we collect about You is not Personal Data and, in any event, remains anonymous. We do not link the anonymous information to any other Personal Data unless you have either registered as a member or logged in as a member at the time of use. Accordingly, if you have not identified yourself on the Website, such as by registering or logging in, we will not link a record of your usage of our Website to you personally.
Upon your registration as a member we collect information about You in order to provide You with access to resources and YHI platform available through the Website. We collect non-identifying information as well as Personal Data from You directly when You first register and also from time to time thereafter if You provide us with additional information.
Personal Data which we may collect includes:
- Your full name;
- Your email address;
- Your IP address;
- Your age;
- Your geographic location;
- A photograph of You.
Information which we may also collect and which may be deemed as constituting Special Category Personal data includes, without limitation:
- Your racial or ethnic origin;
- Your religious beliefs or affiliations;
- Your philosophical beliefs
To improve Your experience on our Website, we may use ‘cookies’. Cookies are an industry standard and most major websites use them. A cookie is a small text file that our site may place on Your computer as a tool to remember Your preferences.
- DoubleClick Platform integrations;
- Demographic and Interest Reporting;
- Display Advertising including Remarketing and Google Display Network Impression Reporting to advertise our services online;
- Optimizing and personalizing ad services based on Your past visits to our Website;
- Reporting the use of ad services and interactions with ad impressions and how they are related to visits to our site.
You can customize or opt out of Google Analytics for Display Advertising using the Ads Settings for Your Google account.
2.4 Third Parties
We may allow third parties, including authorized service providers, advertising companies, data management platforms and ad networks to serve advertisements on our sites. These companies may use tracking technologies, such as cookies or web beacons, to collect information about users who view or interact with their advertisements. Any information that these third-parties collect via cookies is completely anonymous and is non-identifiable.
You may refuse the use of third party data collection by selecting the appropriate settings on Your browser.
2.5 Use of Google Analytics & Social Media
- Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate Your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and web page usage. To avoid personal data being collected through IP addresses, we use Google Analytics ad-on “anonymized”.
2.6 Promotion to You
In order to promote our products and services to You, we may provide a hash of Your email address (and no other Personal Data) to third parties, such as Facebook, in order to better target our advertising to You by using products such as Facebook’s Custom Audiences.
A comparison of Your hashed email address will only be for the purpose of promoting our goods and services to You, and will not be used by that third party for any other purpose. The comparison of the hash of Your email address will not be used to identify You or Your email address, and no further information about You will be provided by us to that third party.
2.7 Use of Pseudonym
Where practical to do so and permitted by law, you have the option of not identifying yourself or using a pseudonym, when dealing with CV in relation to a particular matter.
3. Purposes for which CV Collects, Holds, Uses And Discloses Personal Data
3.1 Collect from You only
Where it is reasonable or practical to do so, we will endeavor to only collect Personal Data about You from You.
3.2 Purpose of Collecting Personal Data
We will only collect Personal Data that is reasonably necessary for:
- enabling us to process Your application for membership and enabling us to provide services to You;
- our internal research and statistical purposes;
- enabling us to forward to You other information or material which we believe may be of interest to You;
(the “Primary Purpose”).
3.3 Holding of Personal Data
We take reasonable steps to protect Personal Data that we hold from misuse, interference, loss, unauthorised access, modification or disclosure.
In the unlikely event that there is a serious data breach that is likely to result in a risk to Your rights and freedoms we shall, without undue delay, notify the appropriate supervisory authority. Where there is a high risk that a serious data breach will impact upon Your rights and freedoms, we will also notify You without undue delay of such a breach.
3.4 Use and disclosure of Personal Data
We will only use or disclose Personal Data for the Primary Purpose where it is reasonably necessary. We will only use or disclose Personal Data about You for a purpose other than the Primary Purpose (the “Secondary Purpose”) where the following apply:
- the Secondary Purpose is related to the Primary Purpose and, if the Personal Data is Special Category Personal Data, the Secondary Purpose is directly related to the Primary Purpose; and
- You would reasonably expect us to use or disclose the Personal Data for the Secondary Purpose; or
- You have consented to the use or disclosure for the Secondary Purpose; or
- the use or disclosure of the Personal Data is required or authorized under the GDPR, an Australian law, other applicable law or a court/tribunal order.
You may withdraw Your consent to our use of Your Personal Data for the Primary and Secondary Purposes at any time by contacting us using the contact information contained in clause 1 of this Policy. However, this may affect or limit Your ability to use YHI and CV’s services.
3.5 Destruction of Personal Data
We will keep your information only for as long as we need it for legitimate business purposes and as permitted by applicable legal requirements. If:
- we hold Personal Data about You; and
- we no longer need the Personal Data for any purpose for which the information may be processed or disclosed by us under this Policy, the General Data Protection Regulation or Privacy Act 1988 (Cth) or other applicable law; and
- we are not required by or under a law of the European Union, an Australian law, this Policy, other applicable law, or a court/tribunal order, to retain the information,
3.6 Disclosure to Third Party Country Recipients and International Organizations
Any profile information that You have provided to us will be publicly viewable on Your profile, irrespective of the location of the viewer. By creating a profile You acknowledge that overseas recipients will be able to view Your profile.
In order to provide customer support, perform back office functions, fraud prevention tasks or provide services to You we may need to allow our staff or suppliers (who may be located or whose resources may be located other than Your country of residence) to access Your profile information or other Personal Data that You have supplied.
By providing your Personal Data and Special Category Personal Data You are explicitly consenting to the international transfer and processing of such data in accordance with this Policy, in full and informed knowledge of the risks associated with such transfers and processing.
You may withdraw Your consent at any time by contacting us using the contact information contained in clause 1 of this Policy. However, this may affect or limit Your ability to use YHI and CV’s services.
In all other circumstances we will only disclose Personal Data to a Third Party Country recipient or international organization if the disclosure of the information is required or authorized by or under a law of the EU, an Australian law, other applicable law or a court/tribunal order.
3.7 Unsolicited Information
If we collect Personal Data which we have not sought or requested, and if we determine that we are otherwise permitted to collect that information in compliance with the GDPR, Australian Privacy Principles or other applicable law, that information will be dealt with in accordance with the terms of this Policy. If however, we determine that the collection of Your Personal Data is not permitted under the terms of the GDPR, Australian Privacy Principles or other applicable law, then we will destroy or de-identify that information as soon as practicable, where it is lawful and reasonable to do so.
We reserve the right to send electronic mail to You regarding CV’s charitable purposes, notification alerts of activity such as interest alerts or email alerts, for promotions or offers, changes or additions to our services, or any products and services of our affiliated businesses. Where you are a member you may manage Your contact preferences within YHI to customize what type of communications You wish to receive.
4 Access, Correction & Portability
4.1 Access to Personal Data
We will provide You with access upon request to the Personal Data held by us in relation to You except to the extent that:
- giving access would be unlawful; or
- denying access is required or authorized by or under a law of the European Union, an Australian law, other applicable law or a court/tribunal order.
4.2 Requests for Access
To request access to the Personal Data held by us about You, You must contact us using the contact details provided in clause 1. Following Your request we will contact You within a reasonable time and by no later than within one (1) month from the date of receipt of Your request. We will either provide You with the requested Personal Data or notify You when we will provide You with the Personal Data. In any event, the Personal Data requested will be provided within one month of our receipt of Your request, unless we decide not to provide You with access to the Personal Data. Where we have decided not to provide You with access to the Personal Data, we will advise You of the reasons for our decision.
4.3 Data Portability
Insofar as it does not adversely affect the rights and freedoms of others and where You have communicated a request to us using the contact information in clause 1:
- where we have employed an automated means to process Your Personal Data after receiving Your written request, we will provide You such Personal Data that we have collected in a structured, commonly used and machine-readable format.
- after receiving Your request, where technically feasible, we will transmit Your Personal Data directly to another data holder.
4.4 Commercially Sensitive Information
Where providing You access to Your Personal Data would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process we will give You an explanation for the commercially sensitive decision rather than direct access to the Personal Data.
4.5 Use of Intermediaries
Where we are not required to provide You with access to the Personal Data then we will, if it is reasonable to do so, give consideration to whether the use of mutually agreed intermediaries would allow sufficient access to meet our respective needs.
4.6 Correction and Erasure of Personal Data
- It is Your responsibility to ensure that the information You provide to us is accurate and to update Your Personal Data as necessary.
- If for any reason You are unable to correct any Personal Data or Personal Information held by us, please contact us using the contact details provided in clause 1 and we will take reasonable steps to correct Your Personal Data.
- If we elect not to correct Your information, we will notify You within one month of the reason of our refusal and the mechanisms available to You to object to our refusal.
- If we correct or erase Personal Data about You that we previously disclosed to another entity we will take reasonable steps in the circumstances to give that notification, unless it is impracticable or unlawful to do so.
4.7 Refusal to Correct or Erase
If at any time we refuse or deny You access to Your Personal Data, or refuse to correct or erase Your Personal Data, we will provide You with reasons for such denial or refusal.
4.8 Restriction of Processing
You may request that we limit or restrict the manner in which we deal with and process Your Personal Data. Where we are satisfied grounds for restriction exist, we will only process Your Personal Data: with Your consent; for the establishment, exercise or defense of legal claims against Us; or for the protection of the rights of another natural or legal person.
Access to, erasure and rectification of Your Personal Data, including any communications related thereto, will generally be provided free of charge. Where Your requests are manifestly unfounded or excessive in nature (particularly due to repetitiveness) we may elect to charge You a reasonable fee taking into account the administrative costs of providing the information or communication, or taking the action requested. Where Your requests are manifestly unfounded or excessive in nature we may also refuse Your request.
5. Specific Objection Rights
If it becomes necessary for us to process Your Personal Data without Your consent for reasons of:
- performing a task in the public interest;
- the exercise of an official authority that has been vested in us; or
- where it is in our legitimate interests or the legitimate interests of a third party to do so,
You will have the right to object to such use.
If You object to certain uses of Your Personal Data, we will refrain from processing Your Personal Data unless compelling legitimate grounds exist for the processing which otherwise override Your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
6.1 Making a Complaint
If You believe that we have used or disclosed Your Personal Data in a manner which is contrary to this Policy or otherwise breaches an applicable law, then You should email us at firstname.lastname@example.org.
You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. If You are unsure who your relevant supervisory authority may be, please contact us so that we may provide You with assistance.
6.2 Our Response
Complaints will be dealt with in confidence. Within 30 days of receipt of your complaint we will notify You in writing as to what action we propose to take in relation to Your complaint and will provide You with details of what further action you can take if you are not satisfied with our response.
“Collection” means the acquisition of Your Personal Data.
“General Data Protection Regulation” and “GDPR” means Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 9S/46/EC.
“International Organization” means an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.
“Third Party Country” means a country that is not a member of the European Union.
“Personal Data” means any information relating to an identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes Special Category Personal Data.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Purposes” means the Primary and Secondary purposes.
“Special Category Personal Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic and biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning Your sex life or sexual orientation.
“Third Party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“Related Website” means any other website owned, operated or controlled by CV Digital Pty Ltd ACN 169 709 808.
“You” means the individual about whom we are collecting information.