Privacy Policy

1. Introduction

Here at Mashr Lab Pty Ltd (ABN 74 091 282 227) (a division of the Merchantwise Group Pty Ltd), we appreciate that you are trusting us with information that is important to you, and we want to be transparent about how we use it. In this policy, we describe the privacy practices for our website(s) (www.mashrlab.com) and (www.mashranalytics.com) ("Website") and for our digital marketing and analytics products and services (the “Services”). You will learn about the data we collect, process, how and for what purposes we use it, the controls we give you over your information, and the measures we take to keep it safe.

We also explain with how we handle Personal Information (which, for the purpose of this Privacy Policy, includes “Personal Data” as defined in the European Union Data Protection Laws and “Personal Information” as defined in the Australian Privacy Laws) and other information about individuals that we may collect as part of our business). By using the Website and any content, products or services we offer via the Website, you are agreeing to be unconditionally bound by this policy in respect of the information collected about you via this Website. When you use our Website you may provide us with information. Some information may be personal (‘Personal Information’).

If you have any queries about the policy, please contact us and we will do our best to answer your questions. Please read this privacy policy carefully.

2. What Personal Information do we collect?

We only collect Personal Information about you that is reasonably necessary for us to provide you with and improve our products or services and to keep you informed about our products or services. We collect different information depending on our relationship with you, which we will make clear to you at the time we collect that information.

We may also collect the following additional, specific Personal Information from you:

(a) Mailing list Information:
    When you access the Website, you may provide information that could be Personal Information such as your name, email address, position, industry, company and company address.
(b) User Content and Supplied Information, including survey information:
    We may ask you to answer surveys. When you provide such information, we keep that data indefinitely, even after you cease use of the Website. As long as we don’t share your Personal Information with third parties, we may continue to disclose other content to third parties as described in this Privacy Policy.
(c) IP Address/ Cookies:
    We also collect details of the IP address of the computer(s) you use to access this website. This is a security measure designed to assist in protecting us, you and other users from unlawful use of our website or other unlawful activity related to our website. When you visit our Website, social media pages or mobile applications or click on our advertisements on the online media of other companies, we may collect information about you using technology which is not apparent to you, for example “cookies”. We may monitor the IP address of your computer or place a cookie in the browser files of your computer to provide you with better access to any automated features of the Website.
(d) Aggregate Information:
    We may collect statistical information about how both unregistered and registered users, collectively, use the services, and we may also collect de-identified analytics results derived from users of the services, which removes any personal information which could identify the user (“Aggregate Information”). Some of this Aggregate Information is derived from Personal Information. However, statistical and analytics results information is non-Personal Information and can’t be tied back to you or your web browser. Certain non-Personal Information could become Personal Information if it is aggregated with other pieces of data in a way that enables you to be identifiable. We may at times combine non-Personal Information with Personal Information to better deliver the products or services and special offers and ads to you and also to better understand how our Website and the products or services are used. In the event that such data is combined, it will not be shared with third parties.

3. Third-Party Websites and Apps.

We don’t own or control other third party websites, content, services or applications (“Third Party services”), so you should review their privacy policies and terms. This policy only applies to our Website and Services. We are not responsible for the privacy practices or disclosures of third parties that use or access our Website or Services. In addition, the Website or Service may contain links to third-party websites and apps. Any access to and use of such linked websites or apps is not governed by this Policy, but instead is governed by the privacy policies of those third parties. We are not responsible for the information practices of such third parties.

4. How do we use and hold Personal Information?

We will only use your Personal Information for the reasons we collected it. It will be reasonably apparent to you when you provide us with Personal Information how we may use that information and whom it may be disclosed to. Generally, we will use and hold Personal Information in order to:

    (a) to learn of your likely preferences so that we may promote our goods or services to you in a way which may be of most interest to you;
    (b) make general improvements to our Website and the products and services we offer;
    (c) analyse how users are making use of the Website and the products and services we offer;
    (d) notify you of certain offers, promotions and new products or services (subject to your right to unsubscribe or opt-out);
    (e) to contact you for the purpose of research, product development, or customer service;
    (f) to assist in investigating your complaints and enquiries;
    (g) market and advertise relevant products and services. This may include us and our affiliates and/or partners sending you information about products and services that will be relevant to you, by email, mobile messaging, postal mail or direct telephone contact. All of the above are subject to your stated preferences; we and our content partners will always make it clear how you can prevent i.e. opt-out of these uses. When marketing to you, your Personal Information is only ever used or disclosed for our own purposes.

5. Why do we disclose Personal Information?

We may use or disclose or process Personal Information you provide us:

    (a) for the purpose it was collected – for example, to supply our products or services to you, respond to you and to operate our businesses;
    (b) if we sell all or part of our business(es) and the buyer also requires your Personal Information;
    (c) to enforce our legal rights or those of others;
    (d) to prevent actual or potential fraud or illegal activity;
    (e) to known third parties who provide Services to us ranging from technology, data storage, website hosting, marketing or operations; or
    (f) if we are required or permitted to do so by law (including the EU Data Protection Laws); and/or
    (g) investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity.

We will only use or disclose your Personal Information as required by law or permitted by the Australian Privacy Principles, the Privacy Act 1988 (Cth) and EU Data Protection Laws.

If you are a resident in the EU, then our legal basis for collecting and using Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, where we are processing your Personal Information for our own purposes we normally rely on our legitimate interest to collect Personal Information from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our (or our customer’s) legitimate interests to process your Personal Information, they include the interests described above.

In some cases, we may have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person. If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided under the “Contact Us” heading below.

6. Why do we process Personal Information?

It may be necessary for us to process an individual’s Personal Information to third parties in a manner compliant with the EU Data Protection Laws and our Terms and Conditions of Use, including:

    (a) to a managed service partner to ensure its authorised personnel can access a client account to perform the tasks agreed between the client and the managed service partner;
    (b) to a client so that it can appropriately manage its account;
    (c) to a third-party payment processor to securely perform online capture and processing of credit/debit card transactions;
    (d) to other third-party providers (such as our Web Application Firewall provider, or our Cloud computing platform provider) to communicate with an individual and to store contact details about an individual;
    (e) to a governmental agency or a supervising authority where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental agency or a supervising authority should be made aware of, or when required to do so by law (including any Data Protection Laws);
    (f) to a prospective transferee as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, however, we will inform the individual accordingly (to the extent that we are permitted to do so under the relevant applicable law) and we will take all reasonable steps to ensure that their Personal Information continue to be protected;
    (g) to infer your geographic location based on your IP address; to track behavior at the aggregate/anonymous level to identify and understand trends in usage and the various interactions with our Websites and marketing content; determining the effectiveness of our marketing; and to conduct internal business analysis based on meta-data about usage, feature adoption and forecasting to improve our Websites and Services;
    (h) to administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, and statistical purposes; to understand how our Website is used and to improve our Website to ensure that content is presented in the most effective manner for you and your computer; and as a part of our efforts to keep our Website safe and secure; or
    (i) to comply with and enforce applicable legal requirements, agreements and policies.

7. How to we store your Personal Information

Your Personal Information may be stored by us in various forms, including both electronic and hardcopy. You should be aware that there are inherent risks associated with the transmission of Personal Information via the internet, however, we will take reasonable steps to maintain the integrity and security of any Personal Information we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such Personal Information.

It is important that you protect your privacy by ensuring that no one obtains your Personal Information and you must contact us if your details change. If you do not wish to use the internet to transmit Personal Information you can mail or phone the Privacy Officer. If we no longer require your Personal Information for the purposes stated in this Privacy Policy or we have received it inadvertently, we will take reasonable steps to securely destroy or de-identify it as soon as practicable, as long as it is lawful to do so.

8. How can you access or enquire about your Personal Information?

We have appointed a Privacy and Data Protection Officer. We will provide you with access to any of your Personal Information we hold (except in limited circumstances recognised by law). If you wish to access your Personal Information or have an enquiry about privacy, please contact our Privacy and Data Protection Officer at: hello@mashrlab.com or by calling us on +61 3 9520 1000. Alternatively, you can write to us at: Privacy and Data Protection Officer, Mashr Lab Pty Ltd of Level 1, 266 Chapel St, Prahran, VIC, 3181, Australia or if you are in the EU, you may contact our EU Data Protection Officer located at 97 Rue Oberkampf – 75011 Paris, France.

In accordance with Data Protection Laws, an individual has the right to request from us the Personal Information that we have about them, and we must provide them with such information within 28 days of receiving their written request. If an individual cannot update its own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.

9. How can you complain about our management of Personal Information?

If you wish to complain about a breach of the privacy rules that bind us, you may contact our Privacy and Data Protection Officer at one of the above contact points. We may ask you to put your complaint in writing and to provide details about it.

We may discuss your complaint with our personnel and our service providers and others as appropriate. Our Privacy and Data Protection Officer will investigate the matter and attempt to resolve it in a timely way. Our Privacy and Data Protection Officer will inform you in writing about the outcome of the investigation.

If our Privacy and Data Protection Officer does not resolve your complaint to your satisfaction and no other complaint resolution procedures are agreed or required by law, our Privacy and Data Protection Officer will inform you that your complaint may be referred to the Privacy Commissioner for further investigation and will provide you with the Commissioner’s contact details.

10. How secure is your Personal Information?

We understand how sensitive your Personal Information is and how important it is to keep it secure. We take reasonable precautions to secure your Personal Information both within our computer systems and their physical premises.

We will take all reasonable precautions and appropriate technical and organisational measures to protect an individual’s Personal Information against accidental or unlawful destruction or accidental loss, alternation, unauthorised disclosure or access. This includes appropriately securing our physical facilities and electronic networks.

We use SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed.

Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.

We are not responsible for the privacy or security practices of any third party (including third parties to whom we are permitted to disclose an individual’s Personal Information to in accordance with this Privacy Policy, our Terms and Conditions of Use or any applicable Data Protection Laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.

If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately. We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.

11. Notifiable Data Breaches

In the event of any loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will investigate and notify you and the Office of the Australian Information Commissioner (“OAIC”) as soon as practicable within 72 hours of discovery, in accordance with the Privacy Act 1988 and the EU’s GDPR as further described in clause 11 below.

12. Data Protection Rights (GDPR)

If you are a resident of the European Union for the purposes of the EU Data Protection Laws, then in addition to what is set out above, the following applies to you.

“EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR.

“GDPR” means the General Data Protection Regulation, being Regulation 2016/679 of the European Parliament and of the Council.

We are a data controller and data processor for the purposes of the GDPR and by your consenting to this Privacy Policy, we are able to processes your Personal Data in accordance with this Privacy Policy.

In providing our services, we may make use of a number of automated processes using your Personal Data and your activity on our Website as tracked by us, in order to provide more tailored and relevant services to you through email communication, and on the Website.

In addition to your rights set out above, you may:

    (i) update or rectify any of the Personal Data that we hold about you, in the manner described in the “How can you access or enquire about your Personal Information” in clause 7 above.
    (ii) withdraw your consent to our use of your Personal Information as described in this Privacy Policy by deleting your account. This will also delete all the Personal Data about you which we hold.
    (iii) request that we provides you with a copy of the Personal Data we hold about you in a portable and machine readable form or share your Personal Data with a nominated third party;
    (iv) access, review, change, update or delete your Personal Information at any time by contacting us at hello@mashrlab.com.
    (v) request removal of your Personal Information from our blog or community forum, contact us at hello@mashrlab.com.In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.
    (vi) object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. To exercise these rights email hello@mashrlab.com.

If we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.

You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Should you have any concerns in relation to our collection and/or processing of your Personal Data, then in addition to the process set out in the “Complaints” section 9 set out above (including the right to complain to the Office of the Australian Information Commissioner), you have the right to complain to a supervisory authority (within the meaning of the EU Data Protection laws).

Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, you will need to provide us with some additional information to enable us to identify the Personal Information we hold about you and ensure that accurately fulfil your request. You may also be required to provide ID.

13. Choices

Opt in / out - An individual may opt to not have us collect their Personal Information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:

    (i) Opt In - Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
    (ii) Opt Out - Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.

14. Changing Personal Information

If you wish to edit, update or delete your Personal Information which we hold, you can do so by logging into your online account through the Website and updating your details or by contacting us. We may need to verify your identify before completing any requests. We may charge a reasonable fee for giving access to your Personal Information if your request requires substantial effort on our part. If you need to correct your Personal Information, please contact our Privacy or Data Protection Officer at one of the above contact details.

If you delete certain types of information you may be prevented from accessing some Website features or services. Activity generated prior to deletion may still remain stored by us and may be made publicly available. At your request we will delete you from our mailing lists. If you no longer wish to receive communications from us, please unsubscribe or contact our Privacy and Data Protection Officer.

15. Changes to Privacy Policy

This Privacy Policy is current as at 12th June 2018 and includes GDPR updates pursuant to EU Data Protection laws which came into effect on 25th May 2018. We may amend this Privacy Policy from time to time. Information we collect is subject to the policy at the time of collection. If we make any changes, we’ll notify you by email or posting a notice on the Website. If you use the services after the posting date, then you’re bound by the new Privacy Policy. In order to comply with our obligations under the Data Protection Laws, we may do other things in addition to what is stated in this Privacy Policy, nothing in this Privacy Policy shall deem us to be in breach of any Data Protection Laws.

16. Further questions and more information

If at any time you would like to contact us with your views about our privacy practices, any misuse of your information or with any enquiry relating to your Personal Information, you can do so by emailing: hello@mashrlab.com. More information about privacy law and privacy principles is available from the Privacy Commissioner. The Privacy Commissioner may be contacted at www.oaic.gov.au (email: enquiries@oaic.gov.au).

SIGN UP TO OUR NEWSLETTER FOR TIPS & SPECIAL OFFERS