Slay Tail recognises the importance of protecting the privacy and rights of individuals in relation to their personal information. This document is a formal declaration of our commitment to comply with applicable privacy laws and regulations, including but not limited to those protecting the personal information of Users who interact with our Services.
For Users located within the European Union (EU), additional rights and protections under the General Data Protection Regulation (GDPR) are applicable. The specific rights pertaining to such Users and the manner in which these rights can be exercised are detailed towards the end of this document.
- Collection of Personal Information
2.1 Purpose of Collection
The Company collects personal information primarily to facilitate the efficient and lawful operation of its business activities and to deliver the highest standard of service to its clients. The collection of personal information is fundamental to our ability to provide personalized services and support and comply with legal and regulatory obligations.
2.2 Types of Personal Information Collected
The range of personal information that the Company may collect includes, but is not limited to, the following:
Identifying and contact information such as names, addresses, email addresses, and phone numbers.
Financial information pertinent to the provision of services, including credit card numbers, and transaction history.
2.3 Methods of Collection
The Company employs various methods for collecting personal information, ensuring at all times that such collection is conducted in a lawful and non-intrusive manner. These methods include:
Direct collection from clients through application forms, agreements, and other communication channels such as email and phone conversations.
Indirect collection via third parties, such as publicly available sources, where necessary and with the consent of the individual.
2.4 Legal Basis for Collection
Collection of personal information by the Company is grounded on several legal bases:
Consent: Wherever feasible, the Company seeks explicit consent from individuals before collecting personal information.
Contractual Necessity: In instances where personal information is required to enter into or perform a contract with an individual.
Legal Obligation: When collection is necessary for compliance with legal obligations to which the Company is subject.
Legitimate Interests: Where the collection is necessary for the legitimate interests pursued by the Company, except where such interests are overridden by the rights and freedoms of the individual.
2.5 Sensitive Information
The Company does not generally seek to collect sensitive information (as defined under applicable law) unless required by law or with explicit consent. Where sensitive information is collected, it is treated with the utmost security and confidentiality.
- Use of Personal Information
3.1 Purpose of Usage
The Company uses personal information solely for purposes that are directly related to its business operations and the services it offers to its clients. These purposes include, but are not limited to:
The administration and management of client accounts.
The processing of transactions and execution of client instructions.
Compliance with legal and regulatory obligations.
Internal record keeping, business processing, and improvement of our services.
3.2 Legal Basis for Use
The use of personal information by the Company is underpinned by the following legal bases:
Consent: Where individuals have provided explicit consent for the use of their personal information for specified purposes.
Contractual Obligation: Where the use of personal information is necessary to fulfill the terms of a contract with the individual.
Legal Obligation: Where the use is necessary for compliance with a legal obligation to which the Company is subject.
Legitimate Interests: Where the use is necessary for the purposes of the legitimate interests pursued by the Company, provided such interests are not overridden by the rights and freedoms of the individual.
3.3 Processing and Analysis
The Company may process and analyze the personal information collected for various purposes, including market analysis, and enhancement of client services. Such processing is done with the utmost regard for the privacy and security of client data.
3.4 Marketing and Communication
Subject to obtaining the necessary consents, the Company may use personal information to inform clients of new products, services, or opportunities that may be of interest. Clients have the right to opt-out of receiving such communications at any time.
3.5 Data Minimization and Limitation
The Company is committed to data minimization principles, ensuring that only the personal information necessary for the specified purposes is used. The use of personal information is limited to the purposes for which it was collected, as informed to the individuals at the time of collection, unless otherwise authorized by law or the individual.
- Collection Methods of Personal Information
The Company employs various methods for the collection of personal information, in compliance with legal and ethical standards. This section outlines the primary means by which the Company collects personal information from its clients and other relevant parties.
4.2 Direct Collection from Individuals
The Company primarily collects personal information directly from individuals through the following means:
Completion of application forms.
Interactions during phone calls, and email communications.
Client responses to surveys or feedback requests initiated by the Company.
Voluntary registration for newsletters, webinars, or other events hosted by the Company.
In each case, the Company takes reasonable steps to ensure that individuals are aware of the purpose of the collection and any potential disclosures of their personal information.
4.3 Indirect Collection from Third Parties
Occasionally, the Company may collect personal information about individuals from third-party sources, including:
Publicly available sources such as public registers or social media platforms.
Referrals from existing clients or professional advisors, subject to obtaining the individual’s consent.
When collecting personal information from third parties, the Company ensures that such information is collected in a fair, lawful, and transparent manner, consistent with the individual’s expectations and consent.
4.4 Collection Through Technology
The Company utilizes technology to enhance user experience and collect data, which includes:
Automated systems for logging client interactions with the Company’s online platforms for service improvement and security purposes.
In these instances, the Company ensures that individuals are informed about the use of such technologies and have the ability to control their personal settings and preferences.
4.5 Consent and Voluntary Provision
At all times, the collection of personal information by the Company is predicated on the principle of consent. Individuals are provided with clear, understandable choices regarding the collection of their personal information.
4.6 Compliance with Laws and Regulations
In collecting personal information, the Company adheres to all applicable laws and regulations, ensuring that such collection is justifiable, necessary, and conducted with respect and consideration for the privacy and rights of individuals.
- Cookies and Digital Identifiers
The Company employs cookies and other digital identifiers on its websites and digital platforms. These tools are used to enhance the user experience, gather analytics, and facilitate effective service delivery.
5.2 Definition and Purpose
A cookie is a small text file placed on a user’s device when visiting a website. Digital identifiers are similar in function and include various forms of data collection technologies. The primary purposes of these tools are to:
Improve website functionality and user navigation.
Collect data regarding website usage and visitor preferences.
Assist in the delivery of targeted advertising and marketing communications.
Enable the efficient operation of online services and features.
5.3 Types of Cookies Used
The Company utilizes several types of cookies, including:
Session cookies: Temporary cookies that remain on the device until the browser is closed.
Persistent cookies: Remain on the user’s device for a pre-defined period and are activated each time the user visits the Company’s website.
Third-party cookies: Placed by service providers or partners of the Company, used for cross-site tracking, retargeting, and ad-serving.
5.4 User Consent and Control
5.5 Analytics and Third-Party Cookies
For analytical purposes, the Company may use third-party services that deploy cookies to collect information about website usage. This information helps the Company understand user behavior and improve website and service offerings. These third-party cookies are subject to the respective privacy policies of the third-party providers.
5.6 Data Security and Privacy
Information collected through cookies and digital identifiers is treated with the utmost care and security. The Company employs appropriate technical and organizational measures to protect data from unauthorized access and misuse.
5.7 Amendments to Cookie Use
- Disclosure of Personal Information
6.1 General Principles of Disclosure
The Company adheres to strict principles regarding the disclosure of personal information collected from its clients and other relevant parties. The Company is committed to ensuring that such disclosures are conducted in compliance with applicable privacy laws and regulations, and only for legitimate business purposes.
6.2 Purposes of Disclosure
The Company may disclose personal information under the following circumstances:
To third-party service providers who perform operations or work on behalf of the Company, under confidentiality agreements. These services may include, but are not limited to, payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts.
To comply with legal obligations, such as responding to subpoenas, court orders, or other lawful requests by public authorities.
To protect the rights, property, or safety of the Company, its clients, or the public as required or permitted by law.
In connection with a merger, acquisition, or sale of all or a portion of the Company’s assets, in which case users will be notified via email and/or a prominent notice on the Company’s website of any change in ownership or uses of their personal information, as well as any choices they may have regarding their personal information.
Except as provided in this policy, the Company will not disclose personal information without obtaining prior consent from the individual, except where such consent may be inferred from the circumstances.
6.4 Cross-Border Disclosure
In cases where the Company engages in cross-border disclosure of personal information, such activities will be conducted in compliance with the relevant privacy legislation, ensuring adequate protection of the information regardless of geographic location.
6.5 Disclosure to Overseas Recipients
Where the Company discloses personal information to recipients located outside Australia, it will take reasonable steps to ensure that the recipients do not breach privacy obligations relating to the personal information.
6.6 Third-Party Practices
The Company is not responsible for the collection, use, and disclosure practices of third parties that are not directly controlled by the Company. This includes third-party websites, services, or applications that may be linked to or from the Company’s services.
6.7 Review and Amendments
The Company regularly reviews its policies and practices regarding the disclosure of personal information and may amend this policy from time to time. Users are encouraged to review this policy periodically to stay informed about how the Company protects their personal information.
- International Transfer of Information
7.1 Scope of International Transfers
The Company acknowledges that, in the course of its business operations, it may be necessary to transfer personal information across international borders. Such transfers would primarily be for the purposes of data processing or storage.
7.2 Compliance with Legal Frameworks
The Company is committed to complying with all applicable laws and regulations governing international data transfers. This includes adherence to principles and frameworks such as the General Data Protection Regulation (GDPR) for transfers involving data subjects in the European Union, and other relevant international data protection laws.
7.3 Safeguarding Transferred Data
To ensure the protection of personal information during international transfers, the Company implements the following safeguards:
Ensuring that the countries to which data is transferred have adequate data protection laws, as per the standards set forth by relevant regulatory authorities.
Utilizing standard contractual clauses approved by regulatory authorities for data transfer agreements, which obligate overseas recipients to protect the data to the same standard required in the country of origin.
Implementing robust data security measures, including encryption and secure data handling protocols, to protect the data during transit and storage in foreign jurisdictions.
7.4 Consent and Notification
Where applicable, the Company will seek explicit consent from individuals prior to the international transfer of their personal information. In addition, the Company will inform individuals about the purposes for which their data is being transferred, the destinations of such transfers, and the security measures in place to protect their data.
7.5 Regular Review of Transfer Practices
The Company will regularly review its international data transfer practices to ensure ongoing compliance with changing legal requirements and best practices in data protection. This includes monitoring the data protection standards in countries to which data is transferred and updating transfer mechanisms as necessary.
7.6 Third-Party Transfers
Where third parties are involved in the processing or handling of personal data across borders on behalf of the Company, the Company will ensure that such third parties adhere to similar standards of data protection and confidentiality as prescribed by the Company’s policies and applicable laws.
- Security Measures for Protection of Personal Information
8.1 Commitment to Data Security
The Company is committed to safeguarding the personal information it holds. Recognizing the importance of data security, the Company has instituted measures to prevent unauthorized access, disclosure, alteration, and destruction of personal information.
8.2 Implementation of Security Measures
The security measures employed by the Company include, but are not limited to, the following:
Technological Security: The Company employs advanced technological solutions to ensure the secure processing of personal information. This includes the use of firewalls, encryption technologies, secure servers, and SSL (Secure Socket Layer) protocols for transactions and data transmission over the Internet.
Organizational Measures: The Company maintains internal policies and procedures designed to protect personal information from unauthorized access. These include limiting access to personal information to only those employees who require it to perform their job duties.
Regular Audits and Reviews: The Company conducts regular audits and reviews of its security measures to ensure their effectiveness and compliance with current best practices and regulatory requirements.
8.3 Data Breach Response Plan
In the event of a data breach, the Company has a response plan to swiftly and effectively manage the situation. This plan includes immediate measures to secure and restore the integrity of our systems, notification to affected individuals and regulatory bodies where applicable, and a thorough investigation to prevent future occurrences.
8.4 Third-Party Service Providers
When engaging third-party service providers, the Company ensures that they are compliant with relevant data protection laws and maintain equivalent security measures. Contracts with such providers include clauses that mandate the protection and confidentiality of any shared personal information.
8.5 User Responsibility
While the Company endeavors to protect personal information, the security of data transmission over the Internet cannot be guaranteed. Users are encouraged to take their own precautions, such as keeping passwords confidential and using secure networks when transmitting personal information to the Company.
8.6 Continuous Improvement
Recognizing that threats to data security are constantly evolving, the Company is committed to the ongoing evaluation and improvement of its security measures. This includes staying abreast of developments in technology and data protection best practices.
- Retention of Personal Information
9.1 Principles of Data Retention
The Company adheres to principled and lawful data retention practices. The Company retains personal information for as long as necessary to fulfil the purposes for which it was collected, in accordance with its legal obligations, regulatory requirements, and for business purposes.
9.2 Duration of Retention
The specific duration for which the Company retains personal information varies depending on the nature of the information and the reasons for its collection. The criteria used to determine the retention periods include:
Legal and regulatory requirements to retain data for a certain period.
The duration necessary for the Company to carry out its business and contractual obligations.
Statute of limitations under applicable law.
Whether the individual has consented to a longer retention period.
9.3 Data Minimization
Consistent with data minimization principles, the Company ensures that personal information is only retained for as long as it is needed for its intended purpose or as required by law. Data that is no longer necessary or relevant is securely disposed of or anonymized.
9.4 Secure Disposal of Data
Upon the expiry of the retention period, the Company securely disposes of or anonymizes personal information so that it can no longer be associated with an individual. The disposal methods are designed to prevent any unauthorized access to or recovery of the data.
9.5 Review of Retention Policies
The Company regularly reviews its data retention policies and practices to ensure compliance with applicable laws and relevance to its current operations. This includes adjusting retention periods as necessary in response to changes in legal requirements or business practices.
9.6 Access and Correction during Retention Period
Throughout the retention period, individuals have the right to access and request correction of their personal information held by the Company. Requests for access and correction are addressed promptly in accordance with the Company’s data access and correction policies.
9.7 Notification of Changes in Retention Policy
- Accuracy and Access to Personal Information
10.1 Commitment to Data Accuracy
The Company is committed to maintaining the accuracy, completeness, and relevance of the personal information it holds. The Company understands that accurate data is essential for providing high-quality services and complying with legal obligations.
10.2 Procedures for Ensuring Accuracy
To ensure data accuracy, the Company:
Regularly reviews and updates personal information.
Provides individuals with the opportunity to review and update their information regularly, especially when there are changes to their personal circumstances.
Utilizes reliable sources and methods for data collection and processing.
10.3 Individual’s Right to Access
In accordance with applicable privacy laws, individuals have the right to request access to the personal information that the Company holds about them. The Company facilitates this right by:
Providing a clear and accessible process for individuals to request access to their personal information.
Responding to access requests in a timely and efficient manner, subject to any limitations imposed by law.
10.4 Correction of Personal Information
Individuals have the right to request the correction of inaccurate or incomplete personal information held by the Company. Upon receiving such a request, the Company will:
Review and investigate the accuracy of the information in question.
Update the information as required, and inform the individual of the corrections made.
If the correction is not made, provide a reason for the decision and record the individual’s request with the information.
10.5 Handling of Access and Correction Requests
The Company ensures that requests for access and correction are handled in accordance with the following principles:
No undue delay in processing requests.
Minimal or no cost to the individual, except where allowed by law.
Verification of the identity of the requesting individual to safeguard against unauthorized access.
10.6 Limitations to Access and Correction
Access and correction of personal information may be subject to certain legal and regulatory limitations. In such cases, the Company will provide the reasons for any refusal to grant access or make corrections.
10.7 Notification of Changes to Personal Information
The Company encourages individuals to inform it of any changes to their personal information to ensure the data remains accurate and up to date.
- Complaints and Contact Information
11.1 Privacy Complaints Handling
The Company is committed to resolving any complaints regarding its handling of personal information in a fair, efficient, and timely manner. The Company acknowledges the importance of privacy and is dedicated to adhering to privacy laws and regulations.
11.2 Procedure for Making a Complaint
Individuals who believe that the Company has breached its privacy obligations or mishandled their personal information are encouraged to raise their concerns by:
Contacting the Company’s designated Privacy Officer or relevant department using the contact information provided below.
Providing a detailed description of the complaint, including any relevant dates, documentation, and other information to support the claim.
11.3 Complaints Resolution Process
Upon receiving a privacy complaint, the Company will:
Acknowledge receipt of the complaint promptly.
Review the complaint, conduct an investigation, and may seek additional information from the complainant as necessary.
Strive to resolve the complaint within a reasonable timeframe, typically within 30 days of receipt of the complaint.
Inform the complainant of the outcome of the investigation and any actions taken or proposed to be taken by the Company in response to the complaint.
11.4 Escalation of Unresolved Complaints
If the complainant is not satisfied with the Company’s response, they may escalate their complaint to an external dispute resolution scheme or the relevant regulatory authority. The Company will provide information on these avenues upon request.
11.5 Changes to Contact Information
11.6 Contact Details
Individuals may contact The Company regarding privacy issues or complaints through the following means:
Privacy Officer Contact Information:
- Specific Provisions for EU Residents
12.1 Application of GDPR
The Company acknowledges that the General Data Protection Regulation (GDPR) provides specific rights to individuals located within the European Union (EU). The Company commits to complying with the GDPR in relation to the personal information of EU residents.
12.2 Rights of EU Data Subjects
Under the GDPR, EU residents have the following rights concerning their personal information:
Right of Access: Individuals have the right to access their personal information held by the Company.
Right to Rectification: Individuals have the right to request the correction of inaccurate or incomplete personal information.
Right to Erasure (‘Right to be Forgotten’): Individuals may request the deletion of their personal information under certain circumstances.
Right to Restriction of Processing: Individuals have the right to request a halt on the processing of their personal information.
Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format.
Right to Object: Individuals have the right to object to certain types of processing of their personal information.
Rights in relation to Automated Decision Making and Profiling: Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them.
12.3 Exercising GDPR Rights
To exercise any of the GDPR rights, EU residents should submit a request to the Company’s Privacy Officer using the contact details provided. The Company will respond to such requests in accordance with the GDPR requirements.
12.4 Data Protection Officer
The Company has appointed a Data Protection Officer (DPO) to oversee compliance with the GDPR. The DPO can be contacted for any issues relating to the processing of personal information of EU residents.
Data Protection Officer Contact Information:
12.5 Transfers of Personal Information outside the EU
In cases where personal information of EU residents is transferred outside the EU, the Company ensures such transfers are performed in compliance with the GDPR. This includes implementing appropriate safeguards like standard contractual clauses or transferring to countries that provide adequate data protection.
12.6 GDPR Complaints
EU residents who believe their GDPR rights have been infringed can lodge a complaint with a supervisory authority in the EU member state of their residence.
13.1 Policy Review and Updates
13.2 Notification of Changes
Posting a notice on the Company’s website.
Any other method deemed appropriate to ensure that clients and users are informed of the changes.
13.3 Date of Last Revision
13.4 User’s Acknowledgment of Changes
13.5 Historical Versions
13.6 Contact Information for Policy Inquiries
Privacy Officer Contact Information:
14.2 Importance of Privacy
The Company recognizes the importance of privacy and the trust placed in it by clients and users. It is the Company’s ongoing commitment to ensure that personal information is handled in a secure, confidential, and responsible manner.
14.3 Encouragement for Feedback
14.4 Commitment to Compliance
The Company is committed to continually improving its privacy practices and complying with applicable privacy laws and regulations. It is dedicated to upholding the highest standards of data protection and ensuring the privacy and security of the personal information it manages.
14.5 Final Acknowledgment
The Company appreciates the opportunity to serve its clients and manage their personal information. It is dedicated to maintaining the trust and confidence of its clients and users through transparent, responsible, and ethical information handling practices.
Last Updated 12/12/2023