Privacy Policy

WHO WE ARE

FaceCard® is a global organization. FaceCard®’s head office is located in Melbourne, Australia.

The related entities of FaceCard® include:

FaceCard® is committed to protecting the privacy of its customers’ personal data and to the responsible use of personal data in accordance with the relevant laws which govern our use and handling of such information. We have developed this Privacy Policy to explain how we collect, store, use, process and disclose your personal data.

This Privacy Policy sets out information on:

• the general categories of personal data we collect;
• why we collect an individual’s personal data;
• how it will be used, and who it will be disclosed to;
• the legal basis of our processing of personal data;
• your rights in relation to the personal data we collect; and
• your rights and interests that will be affected if you elect not to provide your personal data.

 

WHAT TYPE OF DATA IS COLLECTED

FaceCard® will collect, store, use, process and disclose personal data (including sensitive information) only in a manner permitted by law.

Personal data is any information or an opinion about an identified or identifiable natural person (data subject). The personal data that we may collect and hold in connection with your use of our website, software and services may include your:

• name;
• date of birth;
• gender;
• phone number;

• the location from which you have come to the site and the pages you have visited; and
• technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system.

When you apply for and we facilitate the provision of a specific product or service, we may also collect information from you related to that product or service.

 

HOW DOES FACECARD® COLLECT YOUR PERSONAL DATA

FaceCard® may collect personal data from individuals [and from third parties, including but not limited to FaceCard®’s partners, agents and resellers].

FaceCard® may collect your personal data in various ways, such as when you use the FaceCard® app, via email or through a written application.

When ordering or registering on our app, you may be asked to enter personal data such as your name or mobile number. We may also ask for further personal data including your mailing address, phone number, contact preferences and credit card information. FaceCard® does not store credit card information as payments are processed through third parties using external payment gateways.

In particular, your personal data will be collected by FaceCard® when you participate in the following:

• registering for a calling card;
• Contacting FaceCard® in relation to a query;
• Participating in an online survey and/or user testing activities; and
• FaceCard® marketing/promotional activities.

We have processes in place to ensure that our records remain accurate, complete and up to date, including by verifying information with you each time you use our services or from other sources.

If you provide another person’s personal data to FaceCard®, you are responsible for telling the other person that you have provided their personal data to FaceCard®. You must also refer them to this Privacy Policy. By providing another person’s personal data to FaceCard®, you represent and guarantee that you are legally authorised to provide such personal data, and FaceCard® will not be responsible for verifying any such authorisation.

Can I choose to remain anonymous?

You can always choose to deal with us anonymously or by using a pseudonym. You may also choose not to give us your personal data. However, please note that if you choose not to provide us with your personal data or to deal with us anonymously, this may affect your ability to access or use certain functions of our website, software, products or services, and we may not be able to respond to your queries.

[If you wish to remain anonymous when dealing with us via a telephone call, please advise the call operator assisting you. Providing your personal details enables us to provide you with a contact record reference number which allows you, and other authorised persons, to retrieve information about that call at a later date.]

 

HOW YOUR PERSONAL DATA MAY BE USED BY FACECARD®

FaceCard®  has a legitimate business interest in operating and improving its business and the services it offers. FaceCard® may only collect, store, use, process and disclose your personal data, and you consent to us doing so, for the following purposes:

• to enable you to access and use our app;
• to provide you with the information, products and services that you request from us;
• to operate, improve and optimise the FaceCard® website to better serve you and other users;
• to send support and administrative messages, reminders, technical notices, billing, updates, security alerts, and information to you;
• to enable FaceCard® to respond promptly to your customer service requests;
• to facilitate payment transactions;
• to review FaceCard® services or products;
• to communicate with you and respond to queries via live chat, email or phone;
• to provide the service(s), information or products you have requested or to carry out the transaction(s) you have authorised (or we may disclose this information to authorised FaceCard® partners to undertake this activity on our behalf);
• for research and development in order to improve FaceCard®’s product offerings and solutions;
• to send marketing and promotional messages to you and other information that has been requested or which may be of interest;
• to investigate, prevent, or take action regarding illegal activities or suspected fraud; and
• to facilitate recruitment by FaceCard®.

 

RETAINING YOUR PERSONAL DATA

We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy. In most cases, it is generally not possible for us to specify in advance the exact periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the period required by applicable law.

If your personal data is no longer required by us for the purpose for which it was collected and is no longer required by law to be retained by us, we will destroy or de-identify the information.

 

THIRD PARTIES TO WHOM FACECARD® MAY DISCLOSE YOUR PERSONAL DATA

We may disclose your personal data to third parties for the purposes listed above, and so that they may perform services for us or on our behalf.

FaceCard® may need to disclose your personal data to third parties including:

• FaceCard®’s suppliers, subcontractors, agents, professional advisers, government regulatory bodies, tribunals, courts of law, debt collection agents, insurers and to their respective related entities and partners;
• Third parties engaged by FaceCard® (who will be bound by confidentiality obligations) in your geographic region or able to communicate in your language, to ensure that you are better serviced;
• Third parties engaged by FaceCard® to conduct customer satisfaction surveys (only with your prior consent);
• A third-party event management platform such as Eventbrite to register FaceCard® hosted events, workshops, eWorkshops and webinars. Eventbrite has its own privacy policy and may be a data controller in its own right in relation to the personal data we disclose to Eventbrite;
• In the event of a re-organisation, merger, or sale we may transfer your personal data to a third party (who will be bound by confidentiality obligations) during the due diligence process;
• Payment services providers in relation to financial transactions relating to our services, including processing payments; and
• In relation to disclosure necessary for compliance with a legal obligation applicable to FaceCard®, we may also disclose your personal data in circumstances where necessary in legal proceedings, whether in or out of court.

Except as provided in this Privacy Policy, FaceCard® will not disclose your personal data to a third party unless you have consented to the disclosure, the disclosure is required or authorised by law, in an emergency or in the event of an investigation of suspected criminal activity such as fraud.

When we disclose personal information to third parties, we make all reasonable efforts to ensure that we disclose only relevant information and that it is accurate, complete and up to date and that the third party will comply with relevant privacy laws in relation to that information.

 

HOW DOES FACECARD® KEEP YOUR PERSONAL DATA SECURE?

FaceCard® has implemented security measures to protect your personal data from misuse, loss, and from unauthorised access, modification and disclosure.

The following security measures are in place:

• FaceCard® uses malware scanning. FaceCard®’s website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to FaceCard®’s website as safe as possible.
• Your personal data is contained behind secured networks and is only accessible to a limited number of persons duly authorised by FaceCard® who are required to keep the information confidential.
• If you make an online application or undertake a payment transaction using FaceCard®’s website, FaceCard® takes additional steps to protect the security of your personal data. Your personal data is encrypted via a Secure Socket Layer (SSL) technology (in your web browser, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of the browser).
• All payment transactions are processed through a gateway provider and are not stored or processed on our servers.
• Our staff are trained in how to keep your information safe and secure.
• We store your hard copy and electronic records in secure systems.
• We use trusted contracted service providers (including cloud storage providers).
• To help protect your privacy and maintain security, we may take steps to verify your identity before we can action your request.

Notwithstanding the security measures implemented by FaceCard®, we advise that there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties. While FaceCard® takes reasonable measures to protect your personal data, we cannot warrant the security of any information transmitted to FaceCard® online and users of our website do so at their own risk.

If you have security concerns or wish to provide personal information by other means (e.g. by telephone or paper), you may contact us using the contact details set out at the bottom of this Privacy Policy.

 

INTERNATIONAL TRANSFERS OF PERSONAL DATA

In certain circumstances we may need to transfer your personal data to countries outside the country in which the data was collected (or, in the case of personal data collected within the European Economic Area (“EEA”), to countries outside the EEA).

International transfers of your personal data are protected by appropriate safeguards, such as the standard data protection model clauses adopted by the European Commission or any other supervisory authority, which we will incorporate into our agreements with such transferees of personal data.

As a customer or website user of FaceCard®, you consent to FaceCard® transferring or granting access to your personal data to companies in the FaceCard® Group. All data is transferred or accessed using either a secure transport layer or encrypted algorithm. A majority of the data collected is then centralised and imported into a central customer relationship management system and housed within secure data centre facilities. This is available to staff across all regions within the FaceCard® Group by way of an encrypted secure transport layer and individual staff authentication is required.

 

CLOUD STORAGE OF PERSONAL DATA

We may store data on remote servers operated by a cloud service provider, rather than storing it on our own servers. Regardless of the location from which you use our online services or provide information to us, your data may be transferred to and maintained on servers located outside the country in which the data was collected (or, in the case of personal data collected within the EEA, to countries outside the EEA). By providing any data through our online services, you hereby expressly consent to the transferring and processing of your data in such other countries.

Transfers of personal data to servers operated by cloud service providers outside the EEA will be protected by appropriate safeguards, namely the standard data protection clauses adopted by the European Commission or other supervisory authority, which we will incorporate into our agreements with such cloud service providers.

All data is stored with secure methods, and with limited/restricted access to persons duly authorised by FaceCard®. Customer data stored in the cloud components of FaceCard® products is stored in regional data centres used by FaceCard®. These data centres are located in [Insert]. The data centre geographically closest to the customer will be chosen as the default location.

 

YOUR RIGHTS

If you are a “data subject” under applicable data protection law in the EU or United Kingdom, you will have the following rights in relation to your personal data held by FaceCard®:

Right to Access: you may request confirmation from FaceCard® as to whether we process your personal data, and if so, you may request a copy of that personal data. However, it may not be possible to give you a copy of the information if it was provided anonymously or if it may lead to harm being done to another person;

Right to Rectification: you have the right to request that we rectify or update any personal data that is inaccurate, incomplete or outdated without undue delay;

Right to Erasure: you have the right to request that we erase your personal data without undue delay in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;

Right to Restriction of Processing: you have the right request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;

Right to Withdraw Consent: where you have given us consent to process your personal data, you have the right to withdraw your consent; and

Right to Data Portability: you have the right to request that we provide a you with a copy of your personal data in a structured, commonly used and machine-readable format in certain circumstances.

Similarly, if you reside in Australia, you have the ‘Right of Access’ and the ‘Right of Rectification’ set out above. If we refuse to provide you with access to your personal data or to update your data in the way you request, we will provide you with written reasons. If we refuse to correct or update your information, you may request that we make a note on your record that you are of the opinion that the information is inaccurate, incomplete, out of date, irrelevant or misleading, as the case may be.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material). You will be notified of any likely costs before your request is processed.

To exercise your rights as set out above, please contact our Data Protection Officer (DPO) using the contact details set out at the bottom of this Privacy Policy.

 

LINKS TO THIRD PARTY SALES

The FaceCard® website may provide links to other websites for your convenience and information. These websites may be owned and operated by companies other than FaceCard®. FaceCard® is not responsible for these sites or any consequence of a person’s use of those sites. In particular, we are not responsible for the privacy policies or practices of the operators of other websites. We recommend that you review the privacy policies of those external websites before using them.

 

DIRECT MARKETING

We do not sell, trade, or otherwise transfer to third parties (other than as set out in this Privacy Policy) your personal data for the purposes of direct marketing. However, we may provide non-personally identifiable user data to third parties for marketing, advertising, or other uses.

For marketing and profiling purposes, we will only process your personal data with your specific consent. You have the right to withdraw your consent at any time by following the opt-out instructions provided in the communication or by letting us know using the contact details set out at the bottom of this Privacy Policy. Your decision to provide your data for such purposes is optional and will have no impact on your ability to use our products or benefit from our services.

 

UNSUBSCRIBE FROM EMAILS

If at any time you would like to unsubscribe from receiving emails from FaceCard®, you can email us at hello@hooga.com.au and we will promptly action you request.

 

CHILDREN

FaceCard® considers a child to be anyone under the age of 18. We do not knowingly seek or collect personal data from a child without the consent of a parent or guardian. If FaceCard® becomes aware that personal data that has been submitted relates to a child without the consent of a parent or guardian, FaceCard® will use reasonable efforts to delete that personal data from its files as soon as possible. If deletion is not possible, FaceCard® will ensure that the personal data is not used further for any purpose.

 

HOW TO CONTACT US

If you have any questions, complaints or concerns about how we handle your personal information or think that your privacy has been affected, please contact our DPO for an examination of your complaint or concern. Our DPO is responsible for all matters relating to privacy and data protection and can be contacted at hello@hooga.com.au.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the relevant data privacy regulator:

For Australian residents, this is the Office of the Australian Information Commissioner;

For UK residents, this is the Information Commissioner’s Office;

For residents of the European Economic Area, this is the data protection authority in your country of residence. A list of EU national data protection authorities can be found on the European Commission website at: https://ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection_en