Privacy Policy

This website (vnt.io), the application and website development products and services (collectively, products and services) are created, operated and controlled by Virtual Novated Technologies Pty Ltd (ACN 689 848 084) (VNT, we, us or our).

We are committed to ensuring your personal information is protected. We manage your personal information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act) and the General Data Protection Regulation (EU 2016/679) (GDPR), which applies across the European Union (collectively, Privacy Laws).

By accessing and using and continuing to use our website, products or services you agree to this Privacy Policy.

This Privacy Policy outlines how and when we collect, process, use, share, store, disclose, retrieve, alter and destroy your personal information or personal data (as defined in the Privacy Laws) (collectively, Personal Information) and how you may make a privacy complaint.

We will only collect and hold Personal Information about you that is reasonably necessary to undertake our business activities and functions, make our website available to you, deliver our products and services to you, or as otherwise permitted by law.

The type of Personal Information that we collect and use depends on the type of dealings that you have with us and includes the following:

• contact details (for example, full name, address, mobile and telephone numbers and email address);
• business details (for example, business name, business address, work mobile and office telephone numbers and work email address);
• information relating to your dealings, or enquiries you have made, with us, including information about the products or services you have ordered;
• payment and billing information;
• information regarding your access and use of our website, including location information, IP address, unique device identifier, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on our website, dates and times of visits to our website and other usage statistics;
• other information that you provide to us or that we may collect in the course of our relationship with you; and
• information provided by or on behalf of applicants for employment.

We do not collect your sensitive information or sensitive personal data (as defined by the Privacy Laws) (collectively, Sensitive Information).

However, some of our services are automated and we may not recognise that you have accidentally provided us with Sensitive Information. If you have accidentally sent us Sensitive Information, please contact us using the contact details set out in section 13 below.

We will collect Personal Information about you in a number of different ways. We may collect Personal Information directly from you or in the course of our dealings with you. For example, when you:

• contact and correspond with us (for example, when you participate in a promotion, competition, or survey, or when you complete online forms for our products or services or subscribe to our publications, alerts and newsletters, or information you provide to us when you send us an email);
• use or order our products or services;
• visit our website (including via cookies), contact us online or via telephone with a query or request or make a comment on our social media sites;
• provide your Personal Information to third parties (including to our related bodies corporate, business partners and service providers, credit reporting bodies, credit providers, government agencies, public registries, search agencies, regulatory and licensing bodies, parties to whom you refer us, recruitment agencies and from publicly available sources of information);
• apply for a position of employment with us; or
• when otherwise legally authorised or required to do so.

When we collect Personal Information directly from you, we will take reasonable steps to notify you (using a collection notice) at, before, or as soon as practicable after, the time of collection.

We may also collect Personal Information about you from publicly available sources and third parties, including:

• from third parties (including our related bodies corporate, business partners and service providers, credit reporting bodies and credit providers, government agencies);
• if you use our social media sites or applications, pages or plugins; or
• third party products or services that interact with our products, services or website.

If you provide us with Personal Information about another individual (as their authorised representative), we rely on you to inform them that you are providing their Personal Information to us and advise them that they can contact us for further information.

For the purposes of the GDPR, you appoint us as your Processor (as defined in the GDPR), and/or to the extent that we are a Controller (as defined in the GDPR), to collect, process, use, share, store, disclose, retrieve, alter and destroy your Personal Information in accordance with this Privacy Policy.

We must establish a lawful basis for processing your Personal Information. The legal basis for which we collect your Personal Information depends on the data that we collect and how we use it, such as:

• where you have freely and expressly consented to the collection, use, storage, processing and disclosure of your Personal Information for a specific purpose;
• where the collection, use, storage, processing and disclosure of your Personal Information is necessary for the performance of a contract to which you are a party;
• for our legitimate business interests, including providing, operating and improving our products, services or website; marketing new promotions and services; managing and developing our relationship with you; and responding to your queries or complaints; and
• where there is a legal obligation to collect, use, store, process or disclose your Personal Information.

We rely on several legal bases under the GDPR to collect, process, store, use and disclose the Personal Information of individuals residing in the European Union (EU), including:

• where you have freely and expressly consented to the collection, use, storage, processing and disclosure of your Personal Information for a specific purpose. You may withdraw your consent at any time by contacting us using the details below;
• where the collection, use, storage, processing and disclosure of your Personal Information is necessary for the performance of a contract to which you are a party;
• for our legitimate business interests, including providing, operating and improving our products, services or website; marketing new promotions and services; managing and developing our relationship with you; and responding to your queries or complaints; and
• where there is a legal obligation to collect, use, store, process or disclose your Personal Information.

We only use, process and disclose your Personal Information for the purposes for which it is collected. In particular, we use, process and disclose your Personal Information to:

• provide or deliver our products and services to you, including to provide you with access to our website;
• assist with, or respond to, your queries;
• inform you about our website, products and services, offers, competitions, promotions, events or other matters which we believe are of interest to you;
• share with our Authorised Affiliates;
• administer, improve and manage our website, products and services and our relationship with you;
• charge and bill you for the use of our products and services;
• verify your identity;
• for internal record keeping;
• for direct marketing purposes (see section 6 below); and
• comply with our legal and regulatory obligations.

In the event of a merger, acquisition or sale of the whole or part of our business or assets, we reserve the right to transfer your Personal Information as part of the transaction.

In order to make our website available to you, and/or provide or deliver our products and services to you we may disclose your Personal Information to:

• our related bodies corporate, business partners, service providers, third party contractors, agents or suppliers;
• authorised external service providers who perform functions on our behalf, such as third party payment processors, internet and technology services providers, hosting companies, marketing and advertising agencies, IT security service providers, fulfilment companies, credit reporting agents, debt collection agents, market research and recruitment service providers;
• external business advisors, such as auditors, lawyers, insurers and financiers (collectively, Authorised Affiliates).

We may also disclose your Personal Information to any other party with your consent and direction, to law enforcement bodies or regulatory authorities as required or authorised by law, or where we consider it necessary to comply with any applicable law, regulation, legal process or governmental request.

Our Authorised Affiliates may be located in or outside Australia, the European Union, and other countries from time to time. Where we do transfer your Personal Information to our overseas Authorised Affiliate, we take steps reasonably necessary to ensure that there is a legal basis for the transfer and that your Personal Information is treated securely.

By accessing or using our website and/or products and services, or providing your Personal Information to us, you explicitly and freely consent to the transfer of your Personal Information to our overseas Authorised Affiliates.

We will not disclose your Personal Information to any third party (other than our Authorised Affiliates) without your written consent, unless we are otherwise required by the relevant Privacy Laws, permitted to under this policy, or such disclosure is reasonably necessary to protect our rights or property, avoid injury to any person or ensure the proper functioning of the website.

At the time of accessing, or using, our website and/or products and services, or from time to time, we may seek your express consent for us to send you marketing, advertising or promotional materials and other information relating to our products, services, content or events that we consider may interest or benefit you.

Where we have obtained your prior consent or are otherwise permitted under the GDPR, we may use your Personal Information to send you information about the promotions, deals, competitions, products or services we offer, and any other information that we consider may be relevant to you.

We may send this information to you via the communication channels specified at the time you provide your consent. These communication channels may include mail, email, SMS, telephone, social media or by customising online content and displaying advertising on our website.

You can opt out of receiving these communications by:

• contacting us using the details below; or
• using the unsubscribe function in the email or SMS.

You may re-subscribe at any time by re-registering via the website.

In the event of any loss, or unauthorised access or disclosure of your Personal Information that is likely to result in serious harm to you, we will investigate and notify you and the Australian Information Commissioner as soon as practicable, in accordance with the notifiable data breach scheme contained in Part IIIC of the Privacy Act.

We take reasonable steps in the circumstances to keep your Personal Information safe. We use a combination of technical, administrative, and physical controls to protect and maintain the security of your personal information. Our officers, employees, agents and third-party contractors are expected to observe the confidentiality of your Personal Information.

The transmission of information via the internet is not completely secure. While we do our best to protect your Personal Information, we cannot guarantee the security of any Personal Information transmitted on, or via, the website or by email to us. You provide your Personal Information to us at your own risk.

We will destroy or de-identify Personal Information in circumstances where it is no longer required, unless we are required or authorised by law to retain the information.

In the event of any loss, or unauthorised access or disclosure of your Personal Information that is likely to result in serious harm to you, we will investigate, prevent, mitigate and notify you and:

• (Australia) the Office of the Australian Information Commissioner; or
• (EU only) the supervisory authority in the country in which you reside which has responsibility for privacy and data protection.

The website may contain hyperlinks or banner advertising to or from third-party websites. We do not endorse any of these third parties, their products or services, or the content on these websites. These websites are not subject to our privacy standards, policies and procedures. Therefore, we recommend that you make your own enquiries about their privacy practices. We are in no way responsible for the privacy practices or content of these third-party websites.

We may collect information when you access and use the website by utilising features and technologies of your internet browser, including cookies, pixel tags, web beacons, embedded web links and similar technologies. A cookie is a piece of data that enables us to track and target your preferences.

The type of information we collect may include statistical information, details of your operating system, location, your internet protocol (IP) address, the date and time of your visit, the pages that you have accessed, the links which you have clicked and the type of browser that you were using.

We may use cookies and similar technologies to:

• enable us to identify you as a return user and personalise and enhance your experience and use of the website; and
• help us improve our service to you when you access the website and to ensure that the website remains easy to use and navigate.

Most browsers are initially set up to accept cookies. However, you can reset your browser to refuse all cookies or warn you before accepting cookies. If you reject our cookies or similar technologies, you may still use the website but may only have limited functionality.

Your IP address and other personal information may be used for credit fraud protection and risk reduction.

Under the GDPR, you have a number of important rights. Subject to certain exceptions, you have the right to:

• fair and transparent processing of your Personal Information and processing in accordance with the GDPR;
• require us to rectify or correct any Personal Information we hold about you that is inaccurate or incomplete;
• require us to erase your Personal Information in certain situations;
• obtain a copy of your Personal Information in a commonly used electronic format so that you can manage and move it, or request we send it to a third party;
• object or withdraw your consent at any time to the collection, use, processing or disclosure of your Personal Information (including for direct marketing purposes);
• object to decisions being made by automated means which produce legal effects concerning you or significantly affecting you; or
• otherwise restrict our collection, use, processing or disclosure of your Personal Information in certain circumstances.

You can exercise any of these rights by contacting us using the details below.

We will use our reasonable endeavours to keep your Personal Information accurate, up-to-date and complete. You have the right to access any Personal Information we hold about you, subject to some exceptions provided by relevant Privacy Laws.

You can access, or request that we correct, your Personal Information by writing to us using the details below. We may require proof of identity. If we do not allow you to access any part of your Personal Information, we will tell you why in writing.

We will not charge you for requesting access to your Personal Information but may charge you for our reasonable costs in supplying you with access to this information. We will endeavour to respond to your request for access or correction within 1 month from your request.

We do not knowingly seek, collect or process personal information from or about persons under the age of 16 years of age (Children) without the consent of a parent or guardian.

If we become aware that any personal information relating to a Child has been provided without the consent of a parent or guardian, we will use reasonable endeavours to delete the personal information from all relevant files as soon as possible, or ensure that the personal information is not used further for any purpose.

Any parent or guardian with queries regarding our collection, use, processing or disclosure of personal information relating to their Child should contact us using the details below.

If you have any complaints or issues you wish to raise with us regarding the way we have handled your Personal Information, or would like to discuss any issues about our Privacy Policy, please contact us directly by email to enquiries@novatechsystems.com.au. Please provide us with full details of your complaint and any supporting documentation.

We will review your complaint, respond to you within a reasonable period of time to acknowledge your complaint, and inform you of the next steps we will take in resolving your complaint. At all times, we will treat your privacy complaint seriously and in a confidential manner.

If you are unhappy with a response that you have received from us, you may direct your complaint to the Office of the Australian Information Commissioner. If however, you reside in the European Union, you may make a complaint to the supervisory authority in the country in which you reside which has responsibility for privacy and data protection.

From time to time it may be necessary for us to review and revise our Privacy Policy. We may notify you about changes to this Privacy Policy by posting an updated version on our website. We encourage you to check our website from time to time to ensure you are familiar with our latest Privacy Policy.