General Policy

YOURKIND - PRIVACY POLICY

YOURKIND

1 PURPOSE OF OUR POLICY

1.1 YourKind Pty Ltd ABN 31 663 959 448 (we, us or our) has adopted this Privacy Policy

to ensure that we have standards in place to protect the Personal Information that we

collect about individuals that is necessary and incidental to:

(a) Providing the system and services that we offer; and

(b) The normal day-to-day operations of our business.

1.2 This Privacy Policy follows the standards of both:

(a) The Australian Privacy Principles set by the Australian Government for the

handling of Personal Information under the Privacy Act 1988 (Cth) (Privacy

Act); and

(b) The regulations and principles set by the European Union’s General Data

Protection Regulation (GDPR) for the handling of Personal Data.

1.3 By publishing this Privacy Policy, we aim to make it easy for our customers and the

public to understand what Personal Information we collect and store, why we do so,

how we receive, obtain, store and/or use that information, and the rights of control an

individual has with respect to their Personal Information in our possession.

2 WHO AND WHAT THIS POLICY APPLIES TO

2.1 Our Privacy Policy deals with how we handle “personal information” and “personal

data” as it is defined in the Privacy Act and the GDPR respectively (Personal

Information).

2.2 We handle Personal Information in our own right and also for and on behalf of our

customers and users.

2.3 Our Privacy Policy does not apply to information we collect about businesses or

companies, however it does apply to information about the people in those businesses

or companies which we store.

2.4 The Privacy Policy applies to all forms of information, physical and digital, whether

collected or stored electronically or in hardcopy.

2.5 If, at any time, an individual provides Personal Information or other information about

someone other than himself or herself, the individual warrants that they have that

person’s consent to provide such information for the purpose specified.

2.6 We consider the protection of privacy of children very important. We do not knowingly

collect personal data from children under the age of 13. If we learn that Personal

Information has been collected on the service from persons under 13 years of age,

then we will take the appropriate steps to delete such information.

3 THE INFORMATION WE COLLECT

3.1 Without limitation, the type of information we may collect includes:

YOURKIND - PRIVACY POLICY

(a) Personal Information. We may collect personal details such as an individual’s

name, mobile number, location, date of birth, gender identity, nationality, family

details and other information defined as “Personal Information” in the Privacy

Act that allows us to identify who the individual is;

(b) Contact Information. We may collect information such as an individual’s

email address, telephone & fax number, third-party usernames, residential,

business and postal address and other information that allows us to contact

the individual;

individual such as any bank or credit card details used to transact with us and

other information that allows us to transact with the individual and/or provide

them with our services;

(d) Statistical Information. We may collect information about an individual’s

online and offline preferences, habits, movements, trends, decisions,

associations, memberships, finances, purchases and other information for

statistical purposes; and

(e) Information an individual sends us. We may collect any personal

correspondence that an individual sends us, or that is sent to us by others

about the individual’s activities.

3.2 We may collect other Personal Information about an individual, which we will maintain

in accordance with this Privacy Policy.

3.3 We may also collect non-Personal Information about an individual such as information

regarding their computer, network and browser. Where non-Personal Information is

collected the Australian Privacy Principles and the GDPR do not apply.

4 HOW INFORMATION IS COLLECTED

4.1 Most information will be collected in association with an individual’s use of our online

social platform and/or marketplace (YourKind) an enquiry about YourKind or generally

dealing with us. However, we may also receive Personal Information from sources

such as advertising, an individual’s own promotions, public records, mailing lists,

contractors, staff, recruitment agencies and our business partners. In particular,

information is likely to be collected as follows:

(a) Registrations/Subscriptions. When an individual registers or subscribes for

a service, account, connection or other process whereby they enter Personal

Information details in order to receive or access something, including a

transaction;

(b) Purchases. When an individual purchases digital products and/or services

from YourKind whereby they enter Personal Information details in order to

complete the order;

(d) Contact. When an individual contacts us in any way;

(e) Access. When an individual accesses us physically we may require them to

provide us with details for us to permit them such access. When an individual

accesses us through the internet we may collect information using cookies (if

relevant – an individual can adjust their browser’s setting to accept or reject

cookies) or analytical services; and/or

YOURKIND - PRIVACY POLICY

(f) Pixel Tags. Pixel tags enable us to send email messages in a format

customers can read and they tell us whether mail has been opened.

4.2 As there are many circumstances in which we may collect information both

electronically and physically, we will endeavour to ensure that an individual is always

aware of when their Personal Information is being collected.

4.3 Where we obtain Personal Information without an individual’s knowledge (such as by

accidental acquisition from a client) we will either delete/destroy the information, or

inform the individual that we hold such information, in accordance with the Australian

Privacy Principles and the GDPR.

5 WHEN PERSONAL INFORMATION IS USED & DISCLOSED

5.1 In general, the primary principle is that we will not use any Personal Information other

than for the purpose for which it was collected other than with the individual’s

permission. The purpose of collection is determined by the circumstances in which the

information was collected and/or submitted.

5.2 We will only process Personal Information when we can identify a lawful basis to do

so. It is always our responsibility to ensure that we can demonstrate which lawful basis

applies to the particular processing purpose.

5.3 The most common lawful bases relied upon are:

(a) Consent: we will only rely upon express, clear and informed consent. Any

consent provided may specify and/or restrict the purpose and can be

withdrawn at any time without penalty. We will keep a record of when and how

we got consent from an individual.

(b) Legitimate interests: we will only rely upon an identifiable legitimate interest

where we can demonstrate that the processing of Personal Information is

necessary to achieve it by balancing it against the individual’s interests, rights

and freedoms. We will keep a record of our legitimate interests’ assessments.

5.4 For avoidance of doubt, where you create, enter, or upload Personal Information,

including from the creation of a profile within YourKind, you are expressly consenting

to our processing of this Personal Information to perform the functions of YourKind and

making it available to other users.

5.5 We will retain Personal Information for the period necessary to fulfil the purposes

outlined in this Privacy Policy unless a longer retention period is required or permitted

by law.

5.6 If it is necessary for us to disclose an individual’s Personal Information to third parties

in a manner compliant with the Australian Privacy Principles and the GDPR in the

course of our business, we will inform you that we intend to do so, or have done so, as

soon as practical.

5.7 Information is used to enable us to operate our business, especially as it relates to an

individual. This may include:

(a) The provision of goods and services between an individual and us;

(b) Verifying an individual’s identity;

YOURKIND - PRIVACY POLICY

i Their relationship with us;

ii Our goods and services;

iii Our own marketing and promotions to customers and prospects;

iv The products and services of third-party service providers;

v Competitions, surveys and questionnaires;

(d) Investigating any complaints about or made by an individual, or if we have

reason to suspect that an individual is in breach of any of our terms and

conditions or that an individual is or has been otherwise engaged in any

unlawful activity; and/or

(e) As required or permitted by any law (including the Privacy Act).

5.8 To confirm, we may send promotional and non-promotional push notifications or alerts

or communications to you about products, services, offers, promotions, and events

offered by us and others, and provide news and information we think will be of interest

to you, which may include paid advertising of third-party service providers.

5.9 The individual shall have the right to object at any time to the processing of their

Personal Information for direct marketing purposes, which includes profiling to the

extent that it is related to such direct marketing. If we receive such a request, we will

stop the processing of Personal Information for direct marketing purposes immediately

without charge or penalty. Alternatively you can deactivate these communications at

any time by changing the notification settings on your mobile device.

5.10 Please note that if you opt out of receiving promotional communications from us, we

may still send you other communications regarding the use of YourKind such as

regarding your account or subscription with us.

5.11 There are some circumstances in which we must disclose an individual’s information:

(a) Where we reasonably believe that an individual may be engaged in fraudulent,

deceptive or unlawful activity that a governmental authority should be made

aware of;

(b) As required by any law (including the Privacy Act); and/or

Information to a new owner).

5.12 We will not disclose an individual’s Personal Information to any entity outside of

Australia that is in a jurisdiction that does not have a similar regime to the Australian

Privacy Principles or an implemented and enforceable privacy policy similar to this

outside of Australia will not be made until that entity has agreed in writing with us to

safeguard Personal Information as we do.

5.13 We may utilise third-party service providers to communicate with an individual and to

store contact details about an individual. These service providers may be located

outside of Australia.

5.14 An individual who uses YourKind from outside of Australia will be sending information

(including Personal Information) to Australia where our servers are located. That

information may then be transferred within Australia or back out of Australia to other

YOURKIND - PRIVACY POLICY

countries outside of the individual’s country of residence, depending on the type of

information and how it is stored by us. These countries may not necessarily have data

protection laws as comprehensive or protective as those in your country of residence,

however our collection, storage and use of Personal Information will at all times

continue to be governed by this Privacy Policy.

6 OPTING “IN” OR “OUT”

6.1 An individual may opt to not have us collect and/or process their Personal Information.

This may prevent us from offering them some or all of our services and may terminate

their access to some or all of the services they access with or through us. They will be

aware of this when:

(a) Opt In. Where relevant, the individual will have the right to choose to have

information collected and/or receive information from us (for clarity, consent

must involve an unambiguous positive action to opt in); or

(b) Opt Out. Where relevant, the individual will have the right to choose to exclude

himself or herself from some or all collection of information and/or receiving

information from us.

6.2 If an individual believes that they have received information from us that they did not

opt in or out to receive, they should contact us using the details as set out in section

11 below.

7 THE SAFETY & SECURITY OF PERSONAL INFORMATION

7.1 We may appoint a Data Protection Officer to oversee the management of this Privacy

Policy and compliance with the Australian Privacy Principles, the Privacy Act and the

GDPR. This officer may have other duties within our business and also be assisted by

internal and external professionals and advisors.

7.2 We will take all reasonable precautions to protect an individual’s Personal Information

from unauthorised access. This includes appropriately securing our physical facilities

and electronic networks.

7.3 We use SSL encryption to store and transfer Personal Information. Despite this, the

security of online transactions and the security of communications sent by electronic

means or by post cannot be guaranteed. Each individual that provides information to

us via the internet or by post does so at their own risk. We cannot accept responsibility

for misuse or loss of, or unauthorised access to, Personal Information where the

security of information is not within our control.

7.4 We are not responsible for the privacy or security practices of any third party (including

third parties that we are permitted to disclose an individual’s Personal Information to in

accordance with this policy or any applicable laws), unless otherwise required by the

Privacy Act and the GDPR. The collection and use of an individual’s information by

such third parties may be subject to separate privacy and security policies.

7.5 If an individual suspects any misuse or loss of, or unauthorised access to, their

Personal Information, they should let us know immediately.

7.6 We are not liable for any loss, damage or claim arising out of another person’s use of

the Personal Information where we were authorised to provide that person with the

Personal Information.

YOURKIND - PRIVACY POLICY

7.7 Where there is a breach of security leading to the accidental or unlawful destruction,

loss, alteration, unauthorised disclosure of, or access to, Personal Information, then:

(a) We will immediately establish the likelihood and severity of the resulting risk to

wider rights and freedoms of natural persons;

(b) If we determine there is a risk from the security breach, then we will

immediately notify the relevant supervisory authority and provide all relevant

information on the particular breach, and by no later than 72 hours after having

first become aware of the breach;

than set for notifying supervisory authorities), we will immediately notify the

affected individuals and provide all relevant information on the particular

breach without undue delay.

7.8 We will document the facts relating to any security breach, its effects and the remedial

action taken, and investigate the cause of the breach and how to prevent similar

situations in the future.

8 HOW TO ACCESS, UPDATE AND/OR REMOVE INFORMATION

8.1 Users of YourKind may update their Personal Information from within their account or

profile at any time to ensure it is accurate and complete.

8.2 Subject to the Australian Privacy Principles and the GDPR, an individual has the right

to request from us the Personal Information that we have about them, and we have an

obligation to provide them with such information as soon as practicable, and by no later

than 28 days of receiving the written request. The individual is free to retain and reuse

their Personal Information for their own purposes. We may be required to transmit the

Personal Information directly to another organisation if this is technically feasible.

8.3 If an individual cannot update their own information, we will correct any errors in the

Personal Information we hold about an individual within 28 days of receiving written

notice from them about those errors, or two months where the request for rectification

is complex.

8.4 It is an individual’s responsibility to provide us with accurate and truthful Personal

Information. We cannot be liable for any information that is provided to us that is

incorrect.

8.5 Where a request to access Personal Information is manifestly unfounded, excessive

and/or repetitive, we may refuse to respond or charge an individual a reasonable fee

for our costs incurred in meeting any of their requests to disclose the Personal

Information we hold about them. Where we refuse to respond to a request, we will

explain why to the individual, informing them of their right to complain to the supervisory

authority and to a judicial remedy without undue delay and at the latest within 28 days.

8.6 We may be required to delete or remove all Personal Information we have on an

individual upon request in the following circumstances:

(a) Where the Personal Information is no longer necessary in relation to the

purpose for which it was originally collected and/or processed;

(b) When the individual withdraws consent;

legitimate interest for continuing the processing;

YOURKIND - PRIVACY POLICY

(d) The processing of the Personal Information was otherwise in breach of the

GDPR;

(e) The Personal Information has to be erased in order to comply with a legal

obligation; and/or

(f) The Personal Information is in relation to a child.

8.7 We may refuse to delete or remove all Personal Information we have on an individual

where the Personal Information was processed for the following reasons:

(a) To exercise the right of freedom of expression and information;

(b) To comply with a legal obligation for the performance of a public interest task

or exercise of official authority.

(d) Archiving purposes in the public interest, scientific research historical research

or statistical purposes; or

(e) The exercise or defence of legal claims.

9 COMPLAINTS AND DISPUTES

9.1 If an individual has a complaint about our handling of their Personal Information, they

should address their complaint in writing to the details below.

9.2 If we have a dispute regarding an individual’s Personal Information, we both should

first attempt to resolve the issue directly between us.

9.3 An individual shall have the right to seek a judicial remedy where he or she considers

that his or her rights under the GDPR have been infringed as a result of the processing

of his or her Personal Information in non-compliance with the GDPR. Any proceedings

should be commenced in New South Wales, Australia, where we are established.

9.4 If we become aware of any unauthorised access to an individual’s Personal Information

we will inform them at the earliest practical opportunity once we have established what

was accessed and how it was accessed.

10 CONTACTING INDIVIDUALS

10.1 From time to time, we may send an individual important notices, such as changes to

our terms, conditions and policies. Where such information is materially important to

the individual’s interaction with us, they may not opt out of receiving these

communications.

11 CONTACTING US

11.1 All correspondence with regards to privacy should be addressed to:

Data Protection Officer

YourKind Pty Ltd

[email protected]

YOURKIND - PRIVACY POLICY

You may contact the Data Protection Offer via email in the first instance.

12 ADDITIONS TO THIS POLICY

12.1 If we decide to change this Privacy Policy, we will post the changes on our webpage

at https://www.yourkind.io/policies. Please refer back to this Privacy Policy to review

any amendments.

12.2 We may do things in addition to what is stated in this Privacy Policy to comply with the

Australian Privacy Principles and the GDPR, and nothing in this Privacy Policy shall

deem us to have not complied with the Australian Privacy Principles and the GDPR.