Effective date: 24/11/2022
DebtCol Software Pty Ltd (ABN 60 600 267 534) and each of its global subsidiaries and affiliates (collectively, “DEBTCOL”, “we”, “us” or “our”) respect your privacy and are committed to processing your personal information in accordance with applicable law.
This Policy explains how we collect, use, maintain and disclose information collected about you, including when you visit or use our Services, attend a DEBTCOL event, or otherwise interact with us.
If you use our Services as part of an entity or organisation that has an agreement with DEBTCOL (such as your employer), the terms of that organisation’s contract for your use of our Services may restrict our collection or use of your personal information further to what is described in this Policy.
Please read this Policy carefully to understand how we will collect, use, maintain and disclose your personal information. This Policy also describes your choices regarding use, access and correction of your personal information. By using our Services, you acknowledge and agree to the processing of your personal information as set out in this Policy.
Changes to this Policy
This Policy may be updated from time to time for reasons such as operational or regulatory changes. If we make any changes, we will notify you by posting the revised Policy on this page, revising the “Effective Date” at the top of this Policy and, in some cases, we may provide you with additional notice (such as adding a notice to our Services prior to the change becoming effective, or by sending you an email notification). We encourage you to periodically review our Policy for the latest information on our privacy practices and the ways you can help protect your privacy.
For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”) and other applicable laws globally, the DEBTCOL entity that is responsible for your personal information (the “data controller”) is the DEBTCOL entity in the jurisdiction where your personal information is collected. For more information about your data controller ask your DEBTCOL business contact, consult our list of locations here https://debtcol.com.au, or contact us using the details below.
If you have questions about this Policy, or the manner in which DEBTCOL collects, uses or otherwise processes your personal information, including the transfer or onward transfer of your personal information outside your jurisdiction of residence, please contact us at:
Privacy Officer, DebtCol
For Australia: 1300 765 609
Level 11, 207 Kent Street Sydney
NSW, Australia 2000
What personal information do we collect?
When you use or access our Services or otherwise interact with us, we may collect a variety of information about you and others, as described below. Such information includes, but is not limited to, information about you which is in a form that permits us to identify you either on its own or in combination with other available information (your “personal information”).
Information you provide to us.
We collect information that you provide to us, or that someone on your behalf (such as your employer or account administrator) provides to us. For example, when you contact us about our Services, complete our “Request Demo” (or similar) online form, request our marketing materials, create a user account on our Services, access and use our Services, send an email via our Services, request customer support or technical assistance, attend an event, apply for a job with us, or communicate with us by phone, email, via third-party social media sites or otherwise. The types of information may include:
• Contact data, such as your name, employer, job title, department, username or similar identifier, postal address, email address and telephone numbers.
• Credentials, such as passwords, password hints or similar security information used for authentication and account access.
• Marketing data, such as your preferences in receiving marketing from us, or information about your use of our products or services.
• Event data, such as your contact data and a record of your participation in our events as an attendee or presenter.
• Financial data, such as invoice information, bank account and payment card details to process payments.
• Authentication data, such as information to complete know-your-client and/or anti-money laundering checks and property transactions; and
• Candidate data, such as employment history, qualifications, academic qualifications and education records, and any other information that you provide to us when applying for a job with us, for example in your curriculum vitae, a covering letter, on an application form or during an interview, or that we have received from a recruitment agency or background check provider.
DEBTCOL will take all reasonable precautions to ensure the personal information it has collected remains correct and accurate. You can choose not to provide your personal information to DEBTCOL, however it may mean that we are unable to provide you with the Service required.
Information we collect automatically. When you use or access our Services, we may also collect certain information through automated means, including but not limited to some or all of the following:
• Device data, such as information about your computer and about your visits to and use of our Services, including your IP address, inferred geographical location, browser type and version, operating system, and referral source. We also may collect any telephone number from which you contact us.
• Log data, including information associated with your activities on our Services, including information about the way you interact with our Services, statistics regarding your page views and traffic to and from our Services, and the number of bytes transferred, hyperlinks clicked, and other actions you take.
Cookies and similar tracking technologies. As with most websites and other digital services, we employ cookies, pixel tags, web beacons, and similar technologies to collect and store certain information about visitors to our Services. We use this information to improve our Services, and to help us remember you and your preferences when you next visit our Services. We may allow selected third parties to place cookies through the website to provide us with better insights into the use of the website or user demographics or to provide relevant advertising to you. These third parties may collect information about a user’s online activities over time and across different websites when he or she uses our website. For more information about our practices in this area, please see our Cookie Notice debtcol.com.au .
Information we collect from other sources. When using our Services, you may upload documents containing personal information (including sensitive personal information) relating to third parties. Our Services also involve storage of your appointments and sending emails on your behalf. These may include confidential or proprietary information about a company, or personal information relating to individuals. DEBTCOL will not access these documents or view their content in the normal course, unless instructed by the relevant customer or where required as part of our Services, such as to provide maintenance services or troubleshooting, etc. We process any personal information contained therein as a “service provider” or “data processor” (as defined by applicable law) on behalf of, and pursuant to the instructions of, our customers.
To the extent permitted by applicable law, we may also collect information about you from third party suppliers and government database services. We will process such information in line with this Policy and applicable law.
How do we use personal information?
We process your personal information for the purposes set out in this Policy only where we have a valid legal ground for doing so under applicable data protection law. The legal ground will depend on the purpose for which we process your personal information and the data protection law that applies with respect to DEBTCOL’s activities in your jurisdiction.
We will use your personal information for the following purposes as is necessary for the performance of our obligations under our customer terms, or to answer questions or take steps at your request prior to entering those terms:
• to create and maintain your user account;
• to enable your use of our Services;
• to supply you with Services purchased;
• to send technical alerts, updates, security notifications, and administrative communications;
• to send statements and invoices to you, and to process payments;
• to assist with the resolution of technical support issues or other issues relating to our Services;
• to verify your identity, investigate and prevent fraudulent activities, unauthorised access to our Services, and other illegal activities;
• to manage registration, payments and your attendance to our events; and
• to provide personal information to third parties as set out in this Policy.
We may use special category or “sensitive” personal information, such as health data, to provide you with specialised services, such as disabled access to our events, where you have given your consent to the extent required by applicable law (such consent can be withdrawn at any time, subject to restrictions permitted by such law).
We use your personal information for the following purposes as is necessary for certain legitimate interests, or where you have given your consent to such processing to the extent required by applicable law (such consent can be withdrawn at any time):
• for internal administrative and technical operations to keep our Services, network and information systems updated, patched and secure;
• to improve your browsing experience by personalising our websites;
• to notify you of new or changed services offered in relation to DEBTCOL;
• to confirm, update and improve our records, and to analyse and develop our relationship with you;
• to promote our business and send you marketing communications relating to our Services or carefully selected third parties which we think may be of interest to you where you have given opt-in consent, where required by applicable law;
• marketing emails and request form used to gather leads;
• to deal with enquiries and complaints made by or about you relating to the Services;
• to seek your views or comments on our Services;
• to carry out training relating to our Services;
• to continually improve our Services, including adding new features or capabilities, and to develop new products and services; and
• to (i) comply with legal obligations, (ii) respond to requests from competent authorities; (iii) protect our interests; (iv) protect our rights, safety or property, and/or that of our partners, you or others; and (v) enforce or defend our legal rights.
If you apply to work for DEBTCOL, we will use your personal information in the following ways as necessary in our legitimate interests, or where you have given your consent to such processing to the extent required by applicable law (such consent can be withdrawn at any time, subject to restrictions permitted by such law) and to decide whether to enter into a contract with you:
• to assess your skills, qualifications, and suitability for the role you have applied for;
• to carry out background and reference checks, where applicable;
• to communicate with you about the recruitment process;
• to keep records related to our hiring processes; and
• to comply with legal or regulatory requirements.
We may process your personal information to protect your vital interests or the vital interests of another person (for example, lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety).
Where permitted by applicable law and our contract obligations to customers, DEBTCOL may aggregate your non-personally identifiable data. This data will in no way identify you or any other individual. DEBTCOL may use this aggregated non-personally identifiable data to:
• assist us to better understand how our customers are using our Services;
• provide existing and potential customers with further information regarding the uses and benefits of the Services; and
• otherwise to improve the Services.
When DEBTCOL is acting as a data processor or service provider, DEBTCOL will process personal information in compliance with the instructions of its customers, who act as data controllers in respect of such data and will be responsible for ensuring that the personal information is appropriate and only processed for limited purposes.
Who do we disclose personal information to?
There are circumstances where we wish to share or are compelled to disclose your personal information to third parties. This will only take place in accordance with the applicable law and for the purposes listed in this Policy.
To the extent permitted by applicable law, we may share your personal information with the following third parties for the purposes listed in this Policy:
• Our affiliated companies and offices, which are generally located in the United States, Canada, United Kingdom, Ireland, Poland, Australia and New Zealand.
• Our professional advisors, such as our auditors, accountants and lawyers.
• Trusted third-party service providers who perform services on our behalf in connection with our Services. The services provided by such third parties include services in the following categories: processing payments on our behalf, sending marketing communications on our behalf, authenticating identities on our behalf, helping us to create or maintain our databases, helping us to research or analyse visitors to our Services and maintaining the security of our cloud-hosting services, backend support services, data analysis and visualisation support services, insurance services, and commissioned mailing house services.
• Another legal entity, on a temporary or permanent basis, as required for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event.
• A successor organisation or other legal entity, in the case of a merger, financing, acquisition or dissolution, transition, or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. Except to the extent required by applicable law, we do not guarantee that any entity receiving your information in connection with one of these transactions will comply with all of the terms of this Policy following such transaction.
• Any other third party where you have provided your consent.
We may disclose personal information to public authorities and other third parties, to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce other agreements you may have with DEBTCOL, to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a reporting agency for fraud protection) or as otherwise permitted by applicable law. Except to the extent prohibited by applicable law, we reserve the right to disclose information that we collect to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate.
We may also share aggregated or anonymous information that cannot identify you with third parties. For example, we may share the number of visitors to our Services and what features were used.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Children's Online Privacy Protection
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from individuals under the age of 18. If you become aware that an individual has provided us with personal information, please contact us using the contact details contained in the “Contact us” section at the beginning of this Policy. If we become aware that an individual under the age of 18 has provided us with personal information, we will take steps to delete such information.
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures designed to safeguard and secure personal information we process. Some examples of the measures we take to help protect your personal information include:
• the use of suitable password protection measures and access privileges to monitor and control access to our IT systems;
• imposing restrictions on physical access to paper files;
• requiring any third parties engaged by DEBTCOL to provide appropriate assurances to handle personal information in a manner consistent with applicable law; and
• taking reasonable steps to securely destroy or de-identify personal information after we no longer need it for our business or to comply with the law.
However, the internet is not in itself a secure environment and we cannot give an absolute assurance that personal information submitted online will be secure at all times. Transmission of information over the internet is at your own risk and you should only enter, or instruct the entering of, information to the Service within a secure environment.
We recommend you take every precaution in protecting your personal information when you are on the Internet. For example, change your passwords at least once a year. Passwords should not include your name, date of birth or other personal data. A combination of upper and lower-case letters, numbers and symbols is recommended for less than 12 characters long passwords. Make sure you use a current antivirus and an up-to-date operating system and Internet browser. It is your responsibility to keep your password to our Services safe. You should notify us as soon as possible using the “Contact us” section at the beginning of this Policy if you become aware of any misuse of your password, and immediately change your password within the Services.
Storage of personal information
We will store your personal information in a form which permits your identification for no longer than is necessary for the purpose for which such personal information is processed. Please note, however, that we may retain and use your personal information as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements and rights, or if it is not technically and/or reasonably feasible to remove it. Consistent with these requirements, and to the extent required or permitted (as the case may be) by applicable law, we will try to delete your personal information quickly upon request.
When DEBTCOL is acting as a data processor or service provider, when the provision of our Services to a customer cease, we will, as agreed with the customer, return or securely delete personal information processed on behalf of that customer, unless we are required to retain the personal information by applicable law.
Where we process your personal information on behalf of a DEBTCOL customer as a service provider or data processor, we will retain such information in line with our customer’s instructions and our contractual obligations. You may have the right to ask the controller of your personal information to delete, block or correct such personal information in line with applicable data protection law.
Our Service is hosted and operated in the United States, the United Kingdom, Ireland, Australia, Canada and New Zealand through DEBTCOL and its service providers. By using our Services you acknowledge that your personal information may be accessed by us or transferred to us in those jurisdictions, and accessed by or transferred to our personnel, affiliates, partners, and service providers who are located around the world.
Where required by applicable laws, we will take appropriate measures to ensure adequate protection of your personal information when transferred internationally and, if necessary, seek your prior consent. Such measures may include use of data transfer agreements or official transfer mechanisms such as data authority approved contractual clauses. For instance, if you are located in the European Economic Area (“EEA”), we may store your personal information as described in this policy outside the EEA. Where we transfer EEA personal information to a third party located in a country not recognised by the European Commission, or another relevant body, as ensuring an adequate level of protection, we will take appropriate steps, such as implementing Standard Contractual Clauses recognised by the European Commission, to safeguard such personal information.
Please note that your personal information may be subject to the laws of the jurisdiction in which it is situated.
Links to other websites or third party applications
Our websites may contain links to other websites of interest. You should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question.
Your rights in relation to your personal information
You can always opt not to disclose information to us, but keep in mind some information may be needed to create a user account or to take advantage of some of the features of our Services, and other information about you may be collected automatically in connection with your use of our Services.
For personal information that we process on behalf of our customers, we are not responsible for and have no control over the privacy and data security practices of those customers, which may differ from those explained in this Policy. Except where the Privacy Act 1988 (Cth) (the “Australian Privacy Act”) applies, the data protection rights listed below do not apply to DEBTCOL where we process personal information as a service provider or processor on behalf of a customer. If we process your personal information as a service provider or processor on behalf of a customer, and you wish to exercise any data protection rights you may have under applicable data protection laws, please inquire with the customer directly. Where the Australian Privacy Act applies to your personal information, you will have certain data protection rights regardless of whether DEBTCOL is a data controller or data processor.
Marketing communications. You can opt-out of receiving certain marketing communications from us at any time, by clicking the unsubscribe link in the email communications we send, or by contacting us using the details contained in the “Contact us” section at the beginning of this Policy. We may continue to send you non-promotional communications, such as service-related emails, billing information, and certain product updates via email.
“Do Not Track” signals. At this time, our Services do not support “do not track” signals (“DNT”) that may be available in your browser for letting websites know that you do not want them collecting certain kinds of information. If you turn on the DNT setting on your browser, our Services are not currently capable of following whatever DNT preferences you set. For more information about DNT, visit www.donottrack.us.
Data protection rights. In certain circumstances you may have rights under data protection laws in relation to your personal information that we hold about you – specifically:
• Request access to your personal information. You may have the right to request information regarding our processing of your personal information and access to the personal information which we hold about you;
• Request correction of your personal information. You may have the right to request that we correct your personal information if it is inaccurate or incomplete;
• Request erasure of your personal information. You may have the right to request the deletion of your personal information in certain circumstances.
• Request restriction of processing your personal information. Your may have the right to object to, and requesting that we restrict, our processing of your personal information in certain circumstances.
• Request transfer of your personal information. You may have the right to request transfer of your personal information directly to a third party where this is technically feasible.
These rights may differ depending on where you live or where your personal information is collected or held. For example, where the Australian Privacy Act applies, you will have the right to request access to and/or correction of your personal information, but not the other rights listed above.
We will grant your request to exercise the above-mentioned rights to the extent required or permitted (as the case may be) by applicable law and in accordance with the timeframes (if any) prescribed by that applicable law. You can submit a request to exercise the above-mentioned rights, or raise a question, comment or complaint, by contacting us using the contact details contained in the “Contact us” section at the beginning of this Policy. We reserve the right to request the provision of additional information necessary to confirm the identity of the enquirer. Subject to applicable law, you may also have a right to make a complaint to the authority responsible for data protection in your country.
Subject to applicable laws, you may exercise the above data subject rights through a legal representative or delegated person, in which case we will verify whether the requesting party is a duly authorised representative. We may reject such request if there is justifiable reason for rejection under applicable laws.
How to make a complaint
If you believe that we have not complied with our obligations under this Policy or applicable data protection law, we ask that you contact us in the first instance to see if we can resolve the issue. We will investigate the complaint and determine whether a breach has occurred and what action, if any, to take. We will take any privacy complaint seriously and will aim to resolve any such complaint in a timely and efficient manner. However, you may have the right to make a complaint to an authority responsible for data protection in your country (or the country in which your information is collected and/or held). For example, if you are a resident of:
• Australia, or your personal information is collected or held by us in Australia when we do business in Australia, we suggest you contact the Office of the Australian Information Commissioner at www.oaic.gov.au to make a formal compliant or for guidance on alternative courses of action which may be available to you. We are subject to the operation of the Australian Privacy Act in respect of personal information collected, used and disclosed in Australia, and will handle such personal information in accordance with this Policy so as to ensure we meet our obligations under the Australian Privacy Act.
• Canada, you have the right to lodge a complaint with the privacy authority responsible for the privacy law in effect in your province of residence:
a. Alberta: The Information and Privacy Commissioner of Alberta at www.oipc.ab.ca.
b. British Columbia: The Information and Privacy Commissioner for British Columbia at www.oipc.bc.ca.
c. Québec: la Commission d’accès à l’information du Québec at www.cai.gouv.qc.ca/english/.
d. All other provinces and territories: The Privacy Commissioner of Canada at www.priv.gc.ca/en.
• European Union, you have the right to lodge a complaint with the Supervisory Authority of the EU Member State in which you live or work, or where the alleged infringement took place should you prefer.
• New Zealand, you have a right to make a compliant to the Office of the Privacy Commissioner (New Zealand) at www.privacy.org.nz.
• United Kingdom, you have the right to make a complaint to the UK Information Commissioner’s Office at www.ico.org.uk.