MyGuestlist Pty Limited, ACN145 671 709 of 51 Victoria Crescent, Abbotsford Victoria, Australia 3067 and its affiliates (“we“, “us“, “our” or “MyGuestlist“) is responsible for your personal information and we understand that the privacy of your personal information is important to you. We also understand that providing your personal information to us is an act of trust. We take meeting that trust very seriously.
We provide a range of marketing and promotion tools to our customers and partners, which involve the collection and storage of your personal information. These tools include an online marketing platform which enables our customers and partners to target-market their products and services to you.
For the purposes of relevant data protection laws (including the EU General Data Protection Regulation (GDPR)), the MyGuestlist entity with whom you primarily do business (for example, if you are a supplier, the MyGuestlist entity to whom you provide services, or if you are a website visitor, the MyGuestlist entity operating the relevant website) will be the primary data controller of your personal information.
This Policy explains how we collect, use and share personal information in the course of our business activities, including:
- COVID Check-in App
- What personal information does MyGuestList collect and hold
- How does MyGuestlist collect personal information
- For which purposes does MyGuestlist collect, hold, use and disclose personal information
- Direct Marketing and opting out of direct marketing
- Who does MyGuestlist disclose or share personal information with
- Does MyGuestlist disclose personal information to overseas recipients
- Security and storage of personal information
- How can you access and correct the personal information MyGuestlist holds about you
- How can you make a complaint or contact us?
- About this policy and changes to this Policy
We may amend this Policy from time to time to keep it up to date with legal requirements and the way we operate our business, and will place any updates on this webpage. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this Policy, we will seek to inform you by notice on our website or email.
THIRD PARTY WEBSITES
PERSONS WE COLLECT INFORMATION FROM
Primarily, we collect personal information from you if you are:
- an individual representative (employee, director, member etc.) of any one of the companies, firms or other organisations who are our prospective and current customers (Customers), our prospective and current suppliers (Suppliers), and our prospective and current partners (Partners);
- a visitor and users of our sites, including our website(s), computer or mobile software applications and our social media pages that link this Policy to our website(s);
- a subscriber to our newsletters or other online communications;
- [an attendee at any of our events or programs, if applicable];
The Policy applies to your personal information collected on our marketing platform and website in order to contribute to our marketing platform, as well as personal information provided to us by our data suppliers, and provided by our Customers and Partners to enable us to provide our services to them and so that they can market their services to you (known as third-party provided information).
WHAT PERSONAL INFORMATION DOES MYGUESTLIST COLLECT AND PROCESS?
The kinds of personal information that we collect is generally categorised as follows:
- typically, includes your full name(first, last and middle name, where applicable), contact information (for example, phone number, email address, mailing address) and any personal information which you may provide directly or voluntarily to resolve any enquiry, application for services, or complaint (for example, if you are a representative at one of our Customers, Suppliers or Partners);
- behavior and usage data, including how you use our website and services, browsing patterns and information on how long you might spend on one of our webpages, what you look at and for on our website, your click stream such as advertisements clicked or viewed, websites and content areas, date and time of these activities, or the web search used to locate and navigate to a website;
- technical ID data (such as IP addresses, browser type and versions, other technology on the device you use to access our website or derived from IP addresses, mobile device identifier, cookies ID etc); and
- demographic attributes, when tied to other information that identifies you;
- marketing and communications data – including your preferences for receiving marketing and communications from us.
Aggregated Data Analytics: We routinely analyse information in our various systems and databases to help improve the way we run our business, to provide a better service and to enhance the accuracy of our products and services. We therefore collect, use and share data for analytics purposes aggregated and anonmyised data (“Aggregated Data’) including statistical or demographic data for any purpose. Aggregated Data may be derived from your customer personal data but is not considered personal data in law as this data does not directly or indirectly identify you or reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine Aggregated Data with your personal data such that we identify you or your identity is revealed, we will treat this combined data as person data to be used in accordance always with this Policy.
COOKIES, WEB BEACONS AND OTHER TRACKING TECHNOLOGIES
FOR WHICH PURPOSES DOES MYGUESTLIST COLLECT AND PROCESS PERSONAL INFORMATION?
We use and process personal information for the following purposes:
- to enable our Customers and Partners to market products and services to you using our marketing tools and platform(s). For example, this may include to enable our Customers and Partners to personalize their products and services, including website optimisation, personalised emails and optimize their dynamic marketing and advertising strategies.
For example: If you have previously indicated that your birthday is in the month of May, when you visit a hotel or travel package online, the hotel or online travel company can send you a birthday offer of their services with specialised discounts.
- For our Customers and Partners to capture patron contact details in accordance with Government Guideline so that patrons can enter their venues during the COVID-19 pandemic
- to manage the security of our sites, platform(s), networks and systems, including to prevent cyber-attacks, fraudulent use of our sites and platforms and to detect malicious actors;
- to carry out usual anti-money laundering (AML) compliance, credit checks and other legal compliance requirements for new and existing customers; and
- to ensure the integrity of the data that we collect and hold;
- to analyze, develop, improve, and optimize the use, function and performance of our products and services (for example, we may process your personal information for our own research and development purposes, including to enhance data quality and statistical analyses); and
- to comply with applicable laws and regulations and to operate our business (e.g. to comply with audits, archiving, insurance purposes or in response to a legally binding request for information).
COVID Check in App Legal Basis for using your personal information
FOR EU/UK INDIVIDUALS – LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION
For information collected about you in the European Union or United Kingdom, which is subject to the EU General Data Protection Regulation (GDPR), we will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
- we need to use your personal information to support the legitimate interests that we have as a business to provide products and services to our Customers and Partners, (for example, to provide measurement analytics on the performance of a marketing campaign) and to analyse, develop, improve and optimize our sites, products, and services and to maintain the security of our sites, networks, and systems. Where we do so, we will look after your information at all times in a way that is proportionate and respects your privacy rights. In certain cases, you have a right to object to processing of your information in the manner set out in this Policy as further explained in the Legal Rights section below;
- in some circumstances we may rely on your consent to enable our Customers and Partners to market their product and services to you and to develop and improve our products and services. Your consent may be obtained by our Customers and Partners from you directly on our behalf, or by our data providers as set out in our Cookies Policy. You have the right to withdraw or amend your consent in certain cases as further explained in the Legal Rights section below; or
- we need to use your personal information to comply with a relevant legal or regulatory obligation that we have.
If you would like to find out more about the legal basis for which we process personal information please contact us for more information.
DIRECT MARKETING BY MYGUESTLIST AND HOW DO I OPT OUT OF DIRECT MARKETING
In addition to the services we provide on behalf of our Customers and Partners we may also use your personal information to let you know about our products, offers, services and competitions that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
We will only engage in direct marketing in accordance with the laws of the relevant country or jurisdiction you are located in.
To protect privacy rights and to ensure you have control over how we manage marketing with you:
- we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you based on the products and services which you have purchased or have registered your interest in purchasing to date;
- you can ask us to stop direct marketing at any time ‑ you can ask us to stop sending email marketing, by following the “unsubscribe” link you will find on all the email marketing messages we send you. Alternatively, you can contact us or email email@example.com. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email); and
- you can change the way your browser manages cookies, which may be used to deliver online advertising by us or our Customers and Partners as further described above, by following the settings on your browser as explained in the Cookies Policy
We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.
WHEN AND HOW WE CARRY OUT PROFILING
We may use profiling for security purposes to assess if your [online] account with us may be fraudulent, a spam account or suspect in any way. We may also associate your personal information with interest segments or profiles as part of the provision of our online marketing platform services to our Customers and Partners. Interest segments mean a subgroup of specific consumers or individuals who share a common behavior or preference used for direct marketing by our Customers and/or Partners. Profiling means processing information about a specific consumer or device, or a set of multiple consumers or devices sharing common attributes used for marketing by our Customers and/or Partners. In certain cases, you have a right to object to processing of your information used for profiling as further explained in the Legal Rights section below.
WHO DOES MYGUESTLIST DISCOLSE OR SHARE PERSONAL INFORMATION WITH?
We share your personal information in the manner and for the purposes described below:
- with third parties and our Suppliers who help us manage our business and deliver our services. These third parties and Suppliers have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us and in accordance with the law. These include IT service providers who help manage our IT and back office systems including the hosting and storage of personal data;
- our Customers and Partners, including digital marketers, ad agencies, affiliates, web publishers, demand side platforms, data management platforms, supply-side platforms and social media networks;
- with government organisations and agencies, law enforcement, regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
- in aggregate, statistical form, non‑personal information regarding the visitors to our website, traffic patterns, and website usage with our Customers and Partners;
- professional advisors and consultants – including our lawyers, insurers to manage risks and legal claims; and
- if, in the future, we sell, transfer, reorganise or assign some or all of our business or assets or stock to a third party (including with any insolvency or similar proceedings) , we may disclose information (including personal information) to a potential or actual third party purchaser of our business or assets.
DOES MYGUESTLIST DISCLOSE PERSONAL INFORMATION TO OVERSEAS RECIPIENTS?
We disclose personal information to recipients located overseas. For instance, we store all of the personal information we hold on our servers, which are hosted in Canada, and all data that is backed up to mitigate risks associated with hardware failure is stored on AWS servers located in the United States of America (USA).
We take reasonable steps to ensure that the personal information stored offshore is handled in accordance with strict privacy safeguards.
For information collected about you in the European Union or United Kingdom, which is subject to the GDPR you should note that countries such as the USA and Canada are subject to different standards of data protection.
We will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
- where we transfer your personal information overseas to third parties who help provide our services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the EU ‑ US Privacy Shield for the protection of personal information transferred from within the EU to the United States and/or the use of EU approached Standard Contractual Clauses (‘EU Model Clauses’) for controller to controller and /or controller to processor transfers from the EU /UK to jurisdictions, such as Australia and the US who do not have an adequacy finding from the EU Commission; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
SECURITY AND STORAGE OF PERSONAL INFORMATION
We take all reasonable steps and measures to ensure that the personal information we hold about you is kept secure at all times.
For information collected about you in the European Union or United Kingdom, which is subject to the GDPR, you should not that some of the measures we take include:
- placing confidentiality requirements on our staff members and service providers;
- destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
- following strict security procedures in the storage and disclosure of your personal information to prevent unauthorised access to it; and
- using secure communication transmission software (known as “secure sockets layer” or “SSL”) that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol and this ensure that the information is reasonably protected against unauthorized interception.
As the security of information depends in part on the security of the computer or device you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.
You acknowledge that the internet is not a completely secure medium for communications, and accordingly, we cannot guarantee the security of any information you send to us (or we send to you) or you place on our website or via the internet. We are not responsible for any damages which you or others may suffer as a result of the loss of confidentiality of such information.
STORING YOUR PERSONAL INFORMATION
To determine the appropriate retention periods, we consider the amount, nature and sensitivity of the personal data potential risk of harm from unauthorised use or disclosures the purposes for which we process your personal information and whether we can achieve those purposes through other means and the applicable legal requirements. In some circumstances we may store your personal information for longer periods of time than others; for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. .
Data collected for the sole purpose of regulatory compliance to COVID-19 pandemic venue attendance will be deleted as per Government Guidelines in a secure manner.
HOW CAN YOU ACCESS AND CORRECT THE PERSONAL INFORMATION MYGUESTLIST HOLDS ABOUT YOU?
You may access or request correction of the personal information that we hold about you by contacting us. We will respond to your request within a reasonable timeframe. There are some circumstances in which we are not required to give you access to your personal information.
As we also provides a service for our Customers and Partners to securely store their data, depending upon the nature of your request, we may need to direct your enquiry to our relevant Customer or Partner to provide you with access to the information you request.
If you reside in Australia then, in accordance with the provisions of the Australian Privacy Act 1988 (Cth), we can make your personal information accessible to you by providing you with a copy of the relevant information (ordinarily in the form of an electronic print out or photocopy). Please note that we may charge you a fee for the reasonable cost of providing such access.
We will take reasonable steps to ensure that information we have about you is accurate, complete, relevant and up to date when we collect and use it. To this end, we may, from time to time, contact you in regards to keeping this data accurate and up to date.
FOR EU / UK INDIVIDUALS – LEGAL RIGHTS
For information collected about you in the European Union or United Kingdom, which is subject to the GDPR, there are additional rights available to you. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Click on the links below to learn more about each right you may have:
- To access personal information;
- To rectify / erase personal information;
- To restrict the processing of your personal information;
- To transfer your personal information;
- To object to the processing of personal information;
- To object to how we use your personal information for direct marketing purposes;
- To obtain a copy of personal information safeguards used for transfers outside your jurisdiction; and
- To lodge a complaint with your local supervisory authority.
If you wish to access any of the above mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
RIGHT TO ACCESS PERSONAL INFORMATION
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
RIGHT TO RECTIFY OR ERASE PERSONAL INFORMATION
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
You can also request that we erase your personal information in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see right to object); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which MyGuestlist is subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims.
RIGHT TO RESTRICT THE PROCESSING OF YOUR PERSONAL INFORMATION
You can ask us to restrict your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
RIGHT TO TRANSFER YOUR PERSONAL INFORMATION
You can ask us to provide your personal information to you in a structured, commonly used, machine‑readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL INFORMATION
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
RIGHT TO OBJECT TO HOW WE USE YOUR PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
You can request that we change any manner in which we contact you for marketing purposes.
You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
RIGHT TO OBTAIN A COPY OF PERSONAL INFORMATION SAFEGUARDS USED FOR TRANSFERS OUTSIDE YOUR JURISDICTION
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
RIGHT TO LODGE A COMPLAINT WITH YOUR LOCAL SUPERVISORY AUTHORITY
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your regulator / supervisory authority at any time.
HOW CAN YOU MAKE A COMPLAINT OR CONTACT US?
You have the right to make a complaint about the way we handle your personal information. If you wish to make a complaint, please set it out in writing and send it to firstname.lastname@example.org.
If you have any questions, concerns or complaints regarding our compliance with this Policy, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact us at the above email address.
We will deal with all complaints within a reasonable timeframe.
If you are not satisfied with our response, you have a right to lodge a complaint with your local regulator including, if you are in the EU / UK, your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement)
If you are located in Australia, you can contact the Office of the Australian Information Commissioner at www.oaic.gov.au .
Last updated: 24 June 2020.