Inzone Tech Pty Ltd (“us,” “we,” or “our”) provides the Hey Jude mobile application through which services and products may be provided (the “Programme”).
We understand that when you use the Hey Jude Programme you are placing your trust in us to handle your data appropriately and that is why we take a no-nonsense approach to data protection. We are committed to strong and transparent privacy practices.
Where “Personal Information” is used as a term in this Policy document, it is intended to mean information relating to you as a Member (for purposes of the GDPR, this is specifically limited to natural persons only), including but not limited to
(i) views or opinions of another individual about the Member; and
(ii) information relating to such Member’s –
a) race, sex, gender, sexual orientation, pregnancy, marital status, nationality, ethnic or social origin, colour, age, physical or mental health, well-being, disability, religion, conscience, belief, cultural affiliation, language and birth;
b) education, medical, financial, criminal or employment history;
c) names, identity number and/or any other personal identifier, including any number(s), which may uniquely identify a Member, account or client number, password, pin code, customer or Member code or number, numeric, alpha, or alpha-numeric design or configuration of any nature, symbol, email address, domain name or IP address, physical address, cellular phone number, telephone number or other particular assignment;
d) blood type, fingerprint or any other biometric information;
e) personal opinions, views or preferences;
f) correspondence that is implicitly or expressly of a personal, private, or confidential nature (or further correspondence that would reveal the contents of the original correspondence); and
g) corporate structure, composition, and business operations (in circumstances where the Member is a juristic person) irrespective of whether such information is in the public domain or not;
Part of our no-nonsense approach is to provide you with as much information about how we process your Personal Information in connection with your use of our service and to enable you to make informed decisions about your Personal Information when using Hey Jude.
When we refer to Process or Processing of Personal Information, we mean any operation or activity or any set of operations, whether by automatic means, concerning Personal Information, including –
a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
b) dissemination by means of transmission, distribution or making available in any other form by electronic communications or other means; or
c) merging, linking, blocking, degradation, erasure, or destruction.
i) What Personal Data we collect and why we collect it
ii) How we use Personal Data
iii) Who we share Personal Data with
iv) The choices we offer, including how to access, update, and remove Personal Data
1. INFORMATION COLLECTION AND USE
Hey Jude collects Personal Data about you when you provide it directly to us, when we feel it necessary to capture key information to help our agents in future service requests, or when Personal Data about you is automatically collected in connection with your use of the Programme.
We use this Personal Data to:
a. provide, administer, and improve the Programme;
b. better understand your needs and interests;
c. fulfil requests you make;
d. personalise your experience;
e. provide service announcements;
f. provide you with information and offers from Hey Jude, Hey Jude affiliates, and our business partners;
g. protect, investigate, and deter against fraudulent, harmful, unauthorised, or illegal activity and
h. comply with legal obligations.
2. HOW WE USE YOUR INFORMATION
We use information held about you (and information about others that you have provided us with) in the following ways:
2.1 Contact Information:
This is information we collect to identify or contact you, we collect typical “business card information” such as your first and last name, physical address, email address, telephone number. This is the basic information that we collect when you register for our service on the Programme.
2.2 Task Information
This is information related to any Tasks that you generate and the fulfilment therein by any party including any Service Provider/s, whereby behavioural or preference analytics can be determined. This information is solely used to efficiently serve you and or to provide alternative options while using the Programme.
2.3 Transaction Information:
This is information related to transactions you conduct on the Programme.
2.4 Member Account Information:
This is information that identifies you as a Member of the Programme, such as your user name, email address, password, and IP address. For example, we use this information to authenticate you when you log in to the Programme, and use the IP address to help agents efficiently locate you while using the Programme and to provide a better, more efficient service.
2.5 Member Content:
From time to time, we will collect Personal Data as part of such content, images, comments, and other content, information such as important addresses and basic family information and user preferences such as “Client likes independent coffee shops.” This information is solely used to efficiently serve you and or to provide alternative options while using the Programme.
2.6 Technical Information:
We collect information about your mobile device, including where available, your IP address, operating system, and browser type, for system administration and analytical purposes; information showing us from which App Store you downloaded our App.
2.7 Information we receive from other sources:
When using the Programme, we may be in contact with third parties who may, subject to the provisions of clause 3, provide us with certain information about you in order to enable your use of the Programme.
2.8 Cookies or similar technologies to analyse trends:
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioural advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our products do not support Do Not Track requests at this time, which means that we collect information about your online activity, both while you are using the products and after you leave our site.
2.9 Crash data:
This will include your device information, details of the incident experienced, your screen resolution and any comments that you add to the incident. This information is processed by a third party that is GDPR compliant.
3. JUSTIFICATION OF USE
We will only use your Personal Data if we have a lawful basis for doing so. Use of Personal Information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:
3.1 Consent: where you have consented to our use of your information (you provide explicit, informed, freely given consent, in relation to any such use and you may withdraw your consent in the circumstance detailed below by notifying us);
3.2 Contract performance: where your information is necessary to enter into or perform our contract with you;
3.3 Legal obligation: where we need to use your information to comply with our legal obligations;
3.4 Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights; and
3.5 Legal claims: where your information if necessary for us to defend, prosecute or make a claim against you or a third party.
4. WHERE WE STORE YOUR PERSONAL INFORMATION
The personal data that we collect from you is generally processed in the European Economic Area (“EEA”), United Kingdom and Switzerland and stored on Amazon Web Services (Ireland) cloud servers. Your personal data may however need to be processed by staff operating in countries that are outside of the EEA, United Kingdom and Switzerland, If your personal data is transferred to a country or territory other than the aforementioned, such transfers will only take place if: (a) the country ensures an adequate level of data protection; (b) one of the conditions listed in Article 46 of the GDPR (or its equivalent under any successor legislation) is satisfied; or ( c) the personal data is transferred on the basis that the data processing party has appropriate safeguards in place for the transfer and processing of such personal data.
Your passwords are stored on our servers in encrypted form. We do not disclose your account details. It is your responsibility to keep your password secure. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our mobile app, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorised access.
5. HOW LONG WE STORE YOUR CUSTOMER ACCOUNT DATA
We will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask us to delete specific Personal Information from your Customer Account, we will honour this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
Customer Account Data stored in our system(s) is generally stored up to 7 years following closure of your account unless there is a specific need or obligation to retain your information longer (like in the case of an open investigation, audit, or other legal matter).
Invoice records, including their digital equivalent, may be retained in identifying form by us for longer periods for accounting, tax, and audit purposes depending on and in accordance with applicable tax law.
6. DISCLOSURE OF YOUR INFORMATION
We do not share, sell, or otherwise publicise our Member’s’ Personal Information.
We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:
We do not accept responsibility for email correspondence, or any other interaction resulting from email correspondence, sent in error due to incorrect contact information provided by a client or participant.
Please be aware that some organisations monitor employees’ internet traffic, including encrypted web traffic. We cannot conceal your responses or identity from such monitoring systems. We recommend that you familiarise yourself with the network monitoring policy of your organisation.
We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. We use commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of Personal Data and applicable processing activity, such as data encryption in transit, and enforcement of least privilege and need-to-know principles. To the extent the Programme requires you to provide any Financial Account Information, such as when you purchase subscriptions to the Programme, that information will be collected and processed by third-party PCI-compliant service providers. We do not store Financial Account Information transmitted through the Programme, provided that we do store (or our payment processor on our behalf will store) just the last four digits of your credit card number, if you provide this to us, to comply with credit card processing requirements of authorizations, charges, and chargebacks.
8. INTERACTIONS WITH OTHERS
9. WHAT RIGHTS AND CHOICES DO YOU HAVE REGARDING YOUR PERSONAL DATA?
Under Protection of Personal Information Act 4 of 2013 (POPIA) and the General Data Protection Regulation (EU) 2017/676, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at email@example.com
You have certain rights with respect to your Personal Data, and we want to help you review and update your information to ensure it is accurate and up-to-date. We may limit or reject your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardises the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question. In some cases, we may also need you to provide us with additional information, which may include Personal Data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days (or less!). You can also contact us directly at firstname.lastname@example.org if you have any additional requests or questions:
9.1 Right to rectification:
If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
9.2 Right to erasure / ‘Right to be forgotten’:
You can request that we erase some or all of your Personal Data from our systems. Please note that if you request the deletion of information required to provide the Programme to you, your Member Account will be deactivated, and you will lose access to the Programme.
9.3 Right to data portability:
You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible. For the following, please email us at email@example.com
9.4 Right to restriction of processing / Withdrawal of consent:
If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilise some or all of the Programme. You can ask us to restrict further processing of your Personal Data. You also have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
9.5 Right to complain:
You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for marketing purposes.
9.6 Closing Your Account, Deletion of Personal Information and Retention:
You may close an account, and upon termination of your Member Account, we will take reasonable steps to provide, modify, or delete your Personal Data as soon as is practicable. However, we may nevertheless retain your Personal Data to protect our business interests, our affiliates, vendors, and other users, and some information may remain in archived/backup copies for our records or as otherwise required by law. Those interests include without limitation the completion of transactions, maintaining records for financial reporting purposes, complying with our legal obligations, resolving disputes, and enforcing agreements.
We will not retain Personal Information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved. This prohibition will not apply in the following circumstances –
a) where the retention of the record is required or authorised by law;
b) we require the record to fulfil its lawful functions or activities;
c) retention of the record is required by a contract between the parties thereto;
d) the member has consented to such longer retention; or
e) the record is retained for historical, research or statistical purposes provided safeguards are put in place to prevent use for any other purpose.
Accordingly, we will, subject to the exceptions noted herein, retain Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and/or as permitted or required by applicable law.
Where we retain Personal Information for longer periods for statistical, historical or research purposes, we will ensure that appropriate safeguards have been put in place to ensure that all recorded Personal Information will continue to be Processed in accordance with this Policy and the applicable laws.
Once the purpose for which the Personal Information was initially collected and Processed no longer applies or becomes obsolete, we will ensure that the Personal
Information is deleted, destroyed or de-identified sufficiently so that a person cannot re-identify such Personal Information.
In instances where we de-identify your Personal Information, we may use such de-identified information indefinitely.
We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive, or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use the Programme, or at least those aspects of the Programme which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Programme.
10. ENFORCEMENT AND RECOURSE
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
12. WHAT IF YOU HAVE QUESTIONS REGARDING YOUR PERSONAL DATA?
Inzone Tech Pty Ltd
Attention: Privacy Officer
P.O Box 2629