REST, RECUPERATION AND RAES
THE UPSIDE CORPORATION PTY LTD ACN 139 233 391 (The Upside) collects personal information that you voluntarily provide when applying or registering for an account with The Upside or making a purchase on The Upside website; www.theupside.com (the Website).
2. USE OF SERVICE BY CHILDREN
Our Services, including but not limited to the registration of an account with us or placing of an order, is not intended to be used by children under the age of 13. When a visitor indicates an age under 13, the registration process for The Upside website cannot be completed, and no personally identifying information is collected in conjunction with that attempted submission except that we retain e-mail addresses of such persons (and record of access attempts) for purposes of denying registration. Otherwise, we do not knowingly collect personally identifiable information from visitors under the age of 13.
The Upside collects, uses and discloses information regarding users aged 13-18 in the same manner as it does for adults.
3. USE OF SERVICES
(a) interfere with or disrupt the use of Services or the website, in any manner including but not limited to the servicers or networks that host the website;
(b) stalk, harass, threaten, intimidate or harm another;
(c) pretend to be anyone, or any entity, you are not, you will not impersonate or misrepresent yourself as another person (including celebrities), entity, a The Upside employee, or a civic or government leader, or otherwise misrepresent your affiliation with a person or entity. The Upside reserves the right to reject or block any user which could be deemed to be an impersonation or misrepresentation of your identity, or a misappropriation of another person's name or identity;
(d) engage in any copyright infringement or other intellectual property infringement, or disclose any trade secret or confidential information in violation of a confidentiality, employment, or non-disclosure agreement or otherwise;
(e) use, distribute, reproduce or commercialise any content from the Website or The Upside service except as permitted by this Policy, by law, and with prior written agreement from The Upside;
(f) transmit any unsolicited advertising, promotional material or other forms of solicitation in connection with your use of the Service without the prior written agreement of The Upside;
(g) forge any TCP-IP packet header or any part of the header information or otherwise putting Information in a header designed to mislead recipients as to the origin of any content transmitted through the Website ("spoofing";);
(h) access (or attempt to access) any part of the Website by any means other than through the interface provided by The Upside;
(i) interfere with or disrupt the Website (including accessing the Website through any automated means, like scripts or web crawlers), or any servers or networks connected to the Website, or breach any policies, requirements or regulations of networks connected to the Website (including gaining unauthorised access to, use or monitoring of data or traffic thereon); or
(j) plan or engage in any potentially fraudulent, illegal or offensive activity.
The Upside takes all reasonable steps to ensure your Personal information is secure and to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage or alternation of your Personal Information. We work with secure data networks protected passwords. We use security measures in order to safeguard your identifying details. We also limit access to personal information to our and our affiliates' employees who we believe reasonably.
Please note however, that no method of electronic transmission or storage is 100% secure and we, cannot guarantee the absolute security of your Personal Information. All Personal Information disclosed to us is at your own risk and we are not liable for any unauthorised access to your Personal Information.
5. COLLECTION OF PERSONAL INFORMATION
We collect Personal Information, as defined in the Privacy Act (including Sensitive Information as defined in the Privacy Act), when you access or use our Services.
5.1. Personal Information provided by you:
We collect information that you provide to us via use of our Services as well as through any other means used to contact us, including when you register to receive The Upside newsletter.
The kinds of Personal Information we collect include your contact information such as your name, date of birth, email address, organisation, address and phone or mobile number, clothing size, exercise habits, as well as demographic information, such as your post code.
We reserve the right to maintain, store and use any information or data where we reasonably believe that such action is required to comply with any legal or regulatory obligations, to prevent criminal or other unlawful activity whether immediate or in the future, or where we have a legitimate business reason to do so, including collection of amounts owed, resolving disputes, enforcing our Terms or for record keeping integrity.
5.2. Automatically collected Personal Information:
We automatically record information from your device and its software when you access our Services, including your IP address, browser and device type, internet service provider, mobile phone carrier, platform type, the website from which you came and the website to which you are going when you leave our Services, date and time stamp and cookies that may uniquely identify your browser or account.
When accessing our Services using a mobile device, we may also receive and collect identification numbers associated with your device, mobile carrier, device type and manufacturer, and, if enabled, geographical location data (including GPS). Please note that some of the information we collect, for example an IP address, can sometimes be used to approximate a device's location.
5.3. Personal Information collected via cookies
Our Services may use small pieces of data called cookies to identify a user who engages with our Services and to compile records of a user’s history of engaging with our Services. Cookies are stored by a users’ browser while the user browses a website. Cookies do not usually contain information that personally identifies a person, but each time the user visits the website, the browser sends the cookie data back to the server to notify the system of the user's previous activity. If you wish to disable cookies, you may do so through your browser settings, however please be aware that if you choose to do this, some functionality of our website will not be available to you.
We also use Google Analytics, which allows us to anonymously track the use of our Services by recording the number of users who have visited, the number of pages viewed, navigation patterns, what systems users have and the date and time of visits through cookies. This information is collected for statistical purposes only and cannot be used to identify you.
6. FOR WHAT PURPOSES DO WE COLLECT AND USE PERSONAL INFORMATION?
(a) for provision of the Services;
(b) for communication with you and to provide messaging and/or communications to you in association with the functions and features of the Services;
(c) for communicating to you any announcements and updates, updated terms, conditions and policies, security alerts, technical notices, support and administrative messages;
(d) for analysis, monitoring, development and improvement of our Services, including other products or services;
(e) for security purposes, including to protect the Services and our property from abuse, fraud, malicious, unauthorised access or potentially illegal activities, and to protect our rights, safety and property and that of our other users;
(f) for sending marketing communications to you, including notifying you of promotional or advertising offers, contests and rewards, upcoming events and other news about products and services offered by us and use of our Services;
(g) to comply with relevant laws and regulations where applicable; and
(h) for the performance of other functions described at the time of collection or as consented to in relation to our Services.
7. HOW DO WE STORE AND PROTECT YOUR INFORMATION?
7.1. Storage of Personal Information:
7.2. Who can access your Personal Information?:
Please note that no method of electronic transmission or storage is 100% secure and we cannot guarantee the absolute security of your Personal Information. Transmission of Personal Information over the Internet is at your own risk and you should only enter, or instruct the entering of, Personal Information to the Services within a secure environment. It is your responsibility to ensure that you keep your Personal Information safe, including keeping your software up to date to prevent security breaches.
We reserve the right to maintain and store any information or data where, we reasonably believe, in our sole discretion, that such action is required to comply with any legal or regulatory obligations, to prevent criminal or other unlawful activity whether immediate or in the future, or where we have a legitimate business reason to do so, including collection of amounts owed, resolving disputes, enforcing our Terms or for record keeping integrity.
If you are a European customer we destroy or de-identify your Personal Information after 3 years where it is no longer needed for the purposes outlined in this Policy. However, we may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.
8. TO WHOM YOUR PERSONAL INFORMATION IS DISCLOSED?
Your Personal Information may be disclosed to individuals and companies, for the purposes described in this Policy, as outlined below:
8.1. The Upside and Related Bodies Corporate
Your Personal Information may be accessed by us, including our directors, employees, officers and contractors. You consent to us providing your Personal Information, including Sensitive Information to our Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)) including The Upside (North America) LLC.
8.2. Parties required by law
Your Personal Information may be disclosed by us to any party to whom we are required by law to provide your Personal Information and to any party to whom disclosure is permitted under the Australian Privacy Principles, or where we reasonably believe that disclosure is required to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your Personal Information.
8.3. Direct marketing
You agree and expressly and indefinitely consent to us using or disclosing Personal Information (other than Sensitive Information) to keep you informed about our products and services and other products and services that we consider may be of interest to you. For this purpose, disclosure may be made to our third-party service providers. We may communicate with you via phone, email, social media, SMS, or regular mail. If you have indicated a preference for a method of communication, we will endeavour to use that method wherever practical to do so.
You can opt-out of direct marketing communication activities undertaken by us at any time by clicking the “unsubscribe” or “opt-out” link on email communications from us, replying ‘Stop’ to a promotional SMS or by contacting us by phone or email.
8.4. Other third parties
We may share your Personal Information with third parties if it is reasonably related to the provision of our Services. The third parties that we may share your Personal Information with includes consultants, contractors, credit agencies, debt collection agencies and other service providers to us that perform services on our behalf. Such services we procure may include identifying and disseminating advertisements, enforcement of our Terms, providing fraud detection and prevention services, processing payments or providing analytics services. We may also share your Personal Information with our business partners who offer goods or services to you jointly with us (for example, contests or promotions).
We may share your Personal Information where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities.
We may also share your Personal Information with third parties with your consent in a separate agreement, in connection with any company transaction (such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business by another company or third party) or in the event of bankruptcy, dissolution, divestiture or any related or similar proceedings.
Note that we reserve the right to share your Personal Information with other third parties where, in our sole discretion, it is required to:
(a) investigate and defend ourselves against any third party claims or allegations;
(b) protect against harm to the rights, property or safety of The Upside, its users or the public as required or permitted by law; and
(c) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.
8.5. Overseas disclosure
Please note that some of the parties listed above to whom your Personal Information may be disclosed, may be located overseas, including countries such as United States of America.
We use reasonable steps to ensure that these parties are either governed by substantially similar, accessible and enforceable laws to the Australian Privacy Principles or adhere to the Australian Privacy Principles, however to the maximum extent permitted by law, we are not liable for the privacy practices of such parties.
Please note that the transfer of your Personal Information to such overseas parties may pose risks to the security of your Personal Information as these countries may not have been issued with an adequacy decision as set out in the GDPR (see paragraph 11) or have appropriate safeguards in place, however by providing your Personal Information to us, you acknowledge and consent to disclosure of Personal Information to such overseas recipients.
9. THIRD PARTY WEBSITES AND SOCIAL MEDIA
Social Media Platforms also allow public access to your public social media profile, which may include your username, age range, country/language, list of friends or other information that you make publicly available and you understand that such information may therefore be accessible by us if you interact with its social media pages.
We may from time to time, have access to statistics regarding the number of views, navigation patterns, posts that you like, comment on or share and any user interactions with our social media pages and may use such information for the purpose of its marketing and promotion strategies.
10. HOW CAN YOU ACCESS OR UPDATE YOUR PERSONAL INFORMATION?
At any time, you may request access to Personal Information we hold about you. We may refuse to provide access if the law allows us to do so, in which case we will provide reasons for our decision as required by law.
We take reasonable steps to keep your Personal Information accurate, complete and up-to-date. If, at any time, you discover that information held about you is incorrect, you may contact us to have the information deleted or corrected.
You may request access to the information we hold about you, or request that we delete, update or correct any Personal Information we hold about you, by setting out your request in writing and sending it to us in accordance with paragraph 10.
The Upside will process your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why.
11. HOW CAN YOU MAKE A COMPLAINT ABOUT OUR PRIVACY PRACTICES?
You may submit a written complaint about how we handle your Personal Information to our Privacy Officer via the details below. If you are not satisfied with our handling of your complaint or we have not replied to you within a reasonable period of time, then you are entitled to make a complaint to the Office of the Australian Information Commissioner or, if you are in the EU, a data protection authority or supervisory authority.
13. CONTACT US
All requests for access or corrections to your Personal Information and complaints should be directed to our Privacy Officer. If submitting a complaint, please provide our Privacy Officer with full details of your complaint and any supporting documentation:
(a) by phone at 61 2 8356 5200;
(b) by e-mail at [email protected]; or
(c) by letter to The Privacy Officer, The Upside Corporation Pty Ltd, 98 Barcom Ave, Darlinghurst NSW 2010 Australia.
If you are not satisfied with our handling of your complaint or we have not replied to you within a reasonable period of time, then you are entitled to make a complaint to the Office of the Australian Information Commissioner.
14. APPLICATION OF GDPR
For the purpose of clarity, data processing of individuals in the European Union (EU) is carried on only occasionally and as such, no EU representative has been designated, however the General Data Protection Regulation (GDPR) (EU) 2016/679 may apply to you if you are resident of, reside in or are located in the EU.
If the GDPR applies, this paragraph applies in addition to the above paragraphs to the extent that we are acting as a “Data Controller” with respect to your Personal Information.
14.1. Consent and right to withdraw consent:
To the extent that our legal basis for processing your Personal Information is consent, you have a right to withdraw consent to the collection of your Personal Information at any time by sending us a written request to do so via the contact details above.
14.2. Legal Basis:
Our legal bases for collecting and processing your Personal Information for the purposes listed above may be:
(a) your express consent;
(b) for our legitimate interests in providing information about the Services to you or providing the Services to you and improving and developing the Services; and/or
(c) in order to perform a contract (whether verbal or written) for you in order to provide paid Services to you.
14.3. Your rights:
We have summarised your rights under the GDPR, but please note that not all of the details of your rights have been included in these summaries. Please ensure to read the relevant laws and guidelines for a full explanation of these rights.
You may exercise these rights by contacting us to notify us of the rectification or provide information to complete your Personal Information.
(a) Right of access:
You have a right to obtain confirmation as to whether or not your Personal Information is being processed and, if so, you may request access to that Personal Information and further information including the purposes of the processing, the categories of Personal Information concerned and the recipients of the Personal Information. The first copy of such information will be provided free of charge, but additional copies may be subject to a reasonable fee.
(b) Right of rectification:
You have the right to obtain the rectification of inaccurate Personal Information concerning you and you have the right to have incomplete Personal Information completed.
(c) Right to erasure:
You have the right to obtain the erasure of your Personal Information without undue delay if:
(i) the Personal Information is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(ii) you withdraw consent to consent-based processing;
(iii) you object to the processing under certain rules of the GDPR; or
(iv) the Personal Information has been unlawfully processed.
However, there are exclusions of the right to erasure such as where processing is necessary to exercise the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
(d) Right to restriction of processing
You have the right to restrict the processing of your Personal Information if:
(i) you contest the accuracy of the Personal Information;
(ii) processing is unlawful but you oppose erasure;
(iii) we no longer need the Personal Information for the purposes of our processing, but you require Personal Information for the establishment, exercise or defence of legal claims; or
(iv) you have objected to processing, pending the verification of that objection.
(e) Right to data portability
To the extent where your Personal Information has been provided based on consent, under a contract, or where processing is carried out by automated means, you have a right to receive Personal Information concerning you in a structured, commonly used and machine-readable format and you have a right to transmit that data to a Data Controller, except where this would adversely affect the rights and freedoms of others.
(f) Right to object
You have the right to object to our processing of your Personal Information for direct marketing purposes. If you make such an objection, we will cease to process your Personal Information for this purpose.
Our primary form of communication to you will be through electronic messaging. You have the option to opt-out of receiving marketing communications from us. If you wish to unsubscribe, you can click on the ‘unsubscribe’ link in each of the electronic messaging, we send to you.