Privacy Policy

Verimus Pty Ltd ABN 95 627 419 345 (“we”, “our”, “us” and “Verimus”) is committed to protecting the personal information that we collect and hold about you. This Privacy Policy (“Policy”) sets out how we collect, use and share your personal information and how to contact us with any queries and concerns based on the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) (“Privacy Act”).

By voluntarily supplying us with your personal information you are agreeing to be bound by this Policy. While we may update our Policy from time to time, the most recent version of this Policy will always be available on our website. If we change the Policy in any material way we will post a notice on our website along with the updated Policy. We may also contact you via your contact information on file, for example by email, notification or some other equivalent measure.

If you reside outside of Australia, you may have rights under the European Union’s General Data Protection Regulations (EU Regulation 2016/679) (“GDPR”), the United Kingdom’s Data Protection Act 2018 (UK) (“UK GDPR”) and New Zealand’s Privacy Act 2020 (NZ) (collectively, ”Overseas Privacy Laws”). For the purposes of the GDPR and UK GDPR, Verimus is a Data Controller.

A reference to ‘personal information’ in this Policy is to be read as a reference to ‘personal data’ as defined by the GDPR and UK GDPR.

If you have any queries, concerns or complaints about how we handle your personal information, please contact out Privacy Officer in the first instance:

By Email:

Privacy Officer Contact: Kate Lawson, General Manager

Phone: +61 417 778 461

Email: hello@verimus.com.au

By Mail:

Attention: Privacy Officer

Level 9

63 Pirie Street

ADELAIDE SA 5000

Our website contains links to other websites. When a user clicks on a link to another site they are no longer subject to this Policy.

PART A – WHAT TYPES OF INFORMATION DO WE COLLECT AND WHY?

In the course of providing our services, we collect personal and other information about our clients, employees, suppliers, contractors and affiliates. We collect personal information through a number of mechanisms, including:

1. Collection from you: we collect and store information you provide directly to us (either in person, by email, by phone, or by any other direct means) in order to deliver our services. This includes:

1.1 Contact information: such as your name, address, email address, telephone number;

1.2 Personal information: such as date of birth, driver’s licence details and passport details;

1.3 Financial and credit information: such as your payment information (credit card, bank account, etc);

1.4 Business details: such as your Australian Business Number, Director Identification Number, and other information about your business including information about other directors and responsible persons; and/or

1.5 Credit information: such as consumer credit liability information, type and amount of credit sought, default information, repayment history information, payment information relating to overdue payments.

We may also collect personal information or instructions from agents or those authorised to act on your behalf including, but not limited to, accountants, business advisers, and lawyers.

2 Automatic: we use cookies (small text files stored on your devices that provide us with information such as your internet protocol (IP) address, server information, internet service provider, and information on how you interact with our website) and other services that allow us to understand how you use our online media. This information is not linked to you personally.

We use third party analytics services such as Google Analytics to understand how you interact with our website. These services do not provide us with personal information.

If you opt-out of third party tracking technologies or elect to prevent the use of cookies, this may limit, restrict, delay or otherwise affect the way in which our website or digital services operates.

3 Digital communications: when you communicate with us, we collect information such as your contact details (e.g. email address or phone number). We also engage third party services that provide us with information about how you interact with the communications we distribute. You can elect to not receive communications from us by contacting our Privacy Officer.

4 Digital platforms: if you engage with us through our social media channels (such as Facebook, LinkedIn or Twitter) we collect information about you from those platforms including your name and contact details. Any information we collect from social media or other online platforms is collected in accordance with that platform’s terms and conditions.

5 Through other sources: where necessary, we also collect personal information from publicly available records. This can include information relating to an individual’s credit worthiness (subject to any relevant legal restrictions). Where appropriate and necessary to do so, we collect information from public records such as those maintained by the Australian Securities and Investments Commission, Australian Financial Security Authority, and land titles offices in each state and territory. We may do this where authorised by you or where it is unreasonable or impractical to collect this information directly from you.

If you have previously applied for a position with us we may have received your personal information from third parties such as recruiters or external websites. We use the information we receive to contact you about any potential opportunities or to evaluate your candidacy.

6 Sensitive Information: in the course of providing our services to you, we may collect information classified as sensitive information under the Privacy Act. Depending on the services we are providing, we may collect information about an individual’s:

6.1 racial or ethnic origin;

6.2 political opinions;

6.3 membership of a political association;

6.4 religious beliefs or affiliations;

6.5 philosophical beliefs;

6.6 membership of a professional or trade association;

6.7 membership of a trade union;

6.8 sexual orientation or practices;

6.9 criminal record; or

6.10 health information.

We will only collect this information directly from you, from those authorised by law to disclose this information, or where we have consent to collect the information from a third party.

You have the option of not identifying yourself or interacting with us using a pseudonym. However, this may not be practicable when engaging our services or where we are required to verify your identity prior to providing you with our services.

PART B – HOW DO WE USE YOUR INFORMATION?

We will only use your information for the purposes for which it was collected (primary purpose) or a purpose related to that primary purpose if it would be reasonably expected by you or where we have separately obtained your consent.

We use personal information for the primary purpose of providing you with compliance and commercial services.

How we use the information we collect depends, in part, on which services you use, how you use them, any preferences you have communicated to us and how you instruct us to act. If you would like to restrict how your personal information is handled beyond what is outlined in this Policy, please contact our Privacy Officer.

1 Related party transfers

We may transfer your personal information to related parties in order to provide our services to you. This transfer of information is compliant with s 13B of the Privacy Act.

2 Disclosure of personal information to third parties

In the course of providing our services to you, we may disclose your personal information to third parties including:

• courts, regulators and registers;
• information service providers;
• technology service companies in order to provide digital solutions and services; and
• other third parties where we have obtained consent or been instructed to disclose personal information by you.

We will also disclose your personal information to third parties who provide us with important services including:

• management and enhancement of our client databases;
• data management and document retention services;
• information technology services (including electronic communication systems);
• management solutions to assist us in providing our services to you;
• professional service providers; and
• marketing and research services.

In most circumstances, we will continue to exercise control over the information involved in these disclosures.

When providing you with certain services we will make regular disclosures of personal information to:

• Cowell Clarke Pty Ltd (Cowell Clarke) when providing our toolkit products and other digital products (together ‘Product Related Services’) where Cowell Clarke is the partner and/or provider of legal support for the Product Related Services (Cowell Clarke Privacy Policy)
• Kwela Solutions Pty Ltd (Kwela) when providing our digital solution products (Kwela Privacy Policy);
• HubSpot as a CRM (HubSpot Privacy Policy);
• Squarespace, Inc. (Squarespace) when providing our toolkit products (Squarespace Privacy Policy); and
• Stripe, Inc. (Stripe) as a payment terminal (Stripe Privacy Policy).

We may also be required to disclose your personal information to third parties in accordance with our obligations at law.

We do not sell or license your information to third parties.

PART C – DISCLOSURE OF CREDIT INFORMATION TO THIRD PARTIES

We do not disclose your credit information to any credit reporting bodies.

1 How will we process your personal information?

We collect, store and process personal data where we have a lawful basis to do so. The lawful basis for which we collect your personal data depends on the data we collect and how we use it. The lawful bases that may apply to our processing activities are:

1.1 Consent – you have given clear consent for us to process your personal data for a specific purpose.

1.2 Contract – the processing of your personal data is necessary for the performance of an agreement with you to provide our products and/or services.

1.3 Legal obligation – the processing of your personal data is necessary for us to comply with the law (not including contractual obligations).

1.4 Legitimate interests – the processing of your personal data is necessary for our legitimate interests or the legitimate interests of a third party except where such interests are overridden by your prevailing legitimate interests and rights.

In the absence of one of the above bases for processing, we will not process your personal information.

2 How do we store and secure the information we collect?

We store your personal and credit information in both physical files and on electronic databases.

2.1 Security and management of personal information

We will take reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure. We do this by:

• putting in place physical, electronic and procedural safeguards in line with industry standards;
• requiring any third party providers to have acceptable security measures to keep personal information secure;
• limiting access to the information we collect about you to those employees who require access to that information;
• imposing confidentiality requirements on our employees; and
• only providing access to personal information once proper identification has been given.

In the unlikely event a notifiable data breach occurs, we will notify you in accordance with our obligations under the Privacy Act and Overseas Privacy Laws.

If we no longer require your personal information, and are not legally required to retain it, we will take reasonable steps to destroy or de-identify the personal information.

2.2 Sending information overseas

Personal information is sent overseas in limited circumstances. We send personal information overseas:

• if you have instructed us to, in the course of providing our services to you; and
• to external service providers that assist us with our operations (including training, website hosting or cloud storage), market research, and the distribution of newsletters and other publications.

We take all steps reasonable in the circumstances to ensure that when we disclose personal information to overseas entities to protect your information. This includes using contractual arrangements to control how third parties use and handle personal information overseas.

2.3 Export of personal information out of the EU and UK

We process all personal information in Australia. If you are based in a jurisdiction outside of Australia, we are required to import your personal information into Australia. To provide you with our services, we may also be required to export personal information from Australia into other countries.

When importing and exporting personal information, we take steps as are reasonable in the circumstances to ensure that the transfer of Personal Information is undertaken in a secure manner. As part of this process, we may enter into binding contractual arrangements with third parties to ensure the protection of personal information.

PART D – HOW TO ACCESS AND CONTROL YOUR INFORMATION?

1 Accessing the information we hold about you

Under the APPs and Overseas Privacy Laws you may have a right to obtain a copy of the personal information that we hold about you. To make a request to access this information please contact our Privacy Officer in writing. We will require you to verify your identify and specify what information you wish to access. If eligible, we will grant you access to the information within 30 days.

Insofar as permitted by law, we may charge a fee to cover the costs of verifying your application, and retrieving, reviewing and copying any material requested.

2 Updating your personal information

We endeavour to ensure that the personal information we hold about you is accurate, complete and up-to-date. Please contact us at the details above if you believe that the personal information we hold about you requires correction or is out of date.

We endeavour to process any request within 30 days and will provide written reasons if your request is rejected, as well as providing details for making a complaint about the refusal if necessary.

For corrections to credit information we will provide, where practicable, written notice of the correction to any entity we have disclosed this information to previously.

PART E – COMPLAINTS

If you are concerned that we have not complied with the applicable privacy laws, contact our Privacy Officer in the first instance. Please contact our Privacy Officer (contact details above) with a thorough description of your concerns and a response will be provided within a reasonable period. All complaints must be in writing.

When processing a complaint, we will require you to provide us with information to confirm your identity before processing a request related to information we may hold about you.

We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the Office of the Australian Information Commissioner as follows:

Director of Compliance Office of the Australian Information Commissioner

GPO Box 5218

Sydney NSW 2001

For more information on privacy see the Australian Information Commissioner’s website.

You may also have a right to contact the relevant supervisory authority in your jurisdiction. If you are unsure about who the relevant supervisory authority may be, please contact our Privacy Officer.