Jack Fund Jill Pty Ltd (ABN 37 162 012 875) (“JackFundJill”, “we”, “us” or “our”) is an online crowdfunding platform that allows users to post fundraising projects to receive monetary donations and, if they choose to do so, also offer rewards in return for donations (Services).
What is personal information?
When used in this Policy, “personal information” means any information or opinion relating to an identified or identifiable individual.
In general terms, it is information that can be used to personally identify you such as your name, address, telephone number, email address, profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
When used in this Policy, “sensitive information” refers to a sub-set of personal information that is afforded a higher level of privacy protection under the law because of its sensitive nature. In general terms, sensitive information includes information about your racial or ethnic origin, political opinions, religious and philosophical beliefs, sexual preferences and criminal history as well as information about your health or genetics. Unless required by law, we will only collect sensitive information with your consent.
What personal information do we collect?
As an account holder in JackFundJill, certain personal information will be required to establish and maintain your account, and to provide services to you. We may collect the following types of personal information relating to you:
- identification information such as your full name, date of birth, contact phone details, residential, postal and email addresses, gender, your next of kin, guardian, power of attorney, emergency contacts, your occupation and if you are an Australian resident;
- financial information such as your billing address, credit card number and expiration date, and bank account details to help manage your fundraising project and verify your full name, addresses and other contact information;
- demographic information and unique identifiers in order to provide you with a more personalised experience or to verify your passwords;
- information about persons who have been designated by you to act on your behalf such as your guardian or family members;
- information about your registration to JackFundJill through other websites, websites providing a service to JackFundJill and websites that help facilitate your activity on JackFundJill;
- messages that you post and messages that other users post about you on JackFundJill;
- information about the website you accessed JackFundJill from, the website you go to next from JackFundJill, which web browser you are using and your IP address;
- any personal communication you or third parties send us about your activity on JackFundJill; and
- any other personal information that you choose to import or upload into your JackFundJill account.
The choice of how much information you provide to us is yours, but if you want to register as a member of, or have a user account on our websites, we require certain information from you in order to provide those services.
Where possible, you have the option of interacting with us anonymously (for example, as a visitor of the website).
Children under 18 years of age are not eligible to use our services unsupervised and are therefore asked not to submit any personal information to JackFundJill. If you are under 18 years of age, you can use JackFundJill only in conjunction with and under the supervision of your eligible family members or guardians.
All payment information is transmitted securely through a secure third party payment gateway. JackFundJill does not store your payment information on its servers or databases.
How do we collect personal information?
Where possible we will collect personal information directly from you, however in certain circumstances it may be necessary to collect information about you from third parties. If we receive information about you from someone else, we will take reasonable steps to make you aware of the facts and circumstances of that collection.
We may collect your personal information in several ways, including:
- when you email, phone or write to us;
- have contact with us in person;
- when you enter, import or upload data into your JackFundJill account;
- when you connect a device and JackFundJill directly communicates with that device;
- when you complete a survey or an assessment through JackFundJill;
- from your carer, guardian, holders of your power of attorney, or from anyone else that you have given consent to manage your account;
- from your parent, guardian or responsible person if you are under the age of 18 years and you don’t have your own account;
- participate in public or closed surveys, questionnaires or conference events;
- register for face-to-face or digital events (such as webinars); and
- interact with us online, including through our websites, email, webchats, mobile applications and social media channels (such as Facebook, Twitter, YouTube, Instagram or LinkedIn – these social media channels will also handle your personal information for their own purposes and have their own privacy policies).
Collecting personal information through our websites
What happens if we receive unsolicited personal information?
Why do we collect your personal information?
We may collect, hold, use and/or disclose your personal information for the following purposes:
- to provide you with our products and services;
- to identify you or verify your authority to act on behalf of another account holder;
- to establish and maintain your account;
- to confirm your eligibility for JackFundJill;
- to update our records and keep contact details up to date;
- to provide you with services and information appropriate to your needs;
- to answer your enquiries and to provide information to you about our services;
- to provide effective risk management and to protect against fraud and unauthorised access to your account;
- to provide analysis of information for product development and marketing purposes;
- to develop and improve our products and services;
- to perform administrative functions and for other internal purposes;
- for information technology maintenance and development;
- to investigate and resolve complaints relating to services provided by/or on behalf of JackFundJill;
- to comply with any law or legislative requirements;
- to keep you informed about your JackFundJill account and other relevant information relating to JackFundJill;
- for any purpose required or authorised by law; and
- for any other purpose for which you have given your consent.
Do we use your personal information for direct marketing?
We may use your personal information to send you direct marketing communication and information about our services and products, and other related services and products if we have your permission or a legitimate interest in doing so. If at any time you no longer wish to receive this information, you can request to “opt out” from receiving this information by contacting email@example.com. We will never sell your personal information to anyone for direct marketing purposes or otherwise.
Disclosure of personal information
The information JackFundJill collects from you will be kept strictly confidential and secure at all times. Where your personal information is disclosed, it will be disclosed in a manner that is consistent with applicable privacy laws and regulations and only for a purpose consistent with the purpose for which the information was originally collected.
Your personal information will only be disclosed to third parties in the following circumstances:
- where you would reasonably expect us to disclose it in order to provide the service in respect of which the information was originally collected;
- where you have authorised us to do so;
- where we are legally required to do so, for example, in response to a subpoena, court order or other legal process;
- to our commercial partners, where your eligibility to access JackFundJill is based on your membership of, or relationship with, that commercial partner;
- to your family, carer, legal representative, guardians and attorneys as required or authorised by law. We require a written authority from you, or from an authorised representative (such as an attorney under a power of attorney) if you would like someone to manage your JackFundJill account on your behalf;
- where our agents or contractors who assist us in providing our products and services require such information in order to perform a core business function on behalf of JackFundJill but only where the relevant agent or contractor has a confidentiality agreement in place with JackFundJill. Our agents and contractors will only use your information to the extent necessary to perform their functions;
- where all, or most, of the assets of JackFundJill or any single business unit within JackFundJill are merged or acquired by a third party, or we expand or re-organise our business, in which case your personal information may form part of the transferred or merged assets;
- for compliance reasons to ensure compliance with relevant laws and regulations;
- for operational reasons for maintaining, reviewing and developing our business systems, procedures and infrastructure including testing or upgrading our products or our computer systems in order to securely and efficiently deliver our services to you and others;
- in exceptional circumstances, where there are grounds to believe that the disclosure is necessary to prevent a threat to an individual’s health and safety, for law enforcement purposes or to protect public health and safety; and
- when it is otherwise required or authorised by law.
Users that create a fundraising project on JackFundJill may have limited access to other user’s personal information, such as, but not limited to; full names, email addresses and other contact information. This access allows users to view this information only to provide the service in respect of which the information was originally collected, for example, the offer of rewards in return for donations. Users are strictly not permitted to disclose this information to any third parties, unless it is used for the purposes it was originally collected, without JackFundJill and the user’s consent, and this includes mailing lists. In all cases users must be given an opportunity to remove their information from your database and review what information you have collected about them.
You acknowledge that we may use your personal information in de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. We may also provide de-identified information in aggregated form to third parties for research, marketing and other purposes. When your personal information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.
Cross-border disclosure of personal information
JackFundJill is based in and operated out of Australia. JackFundJill will, wherever possible, store your personal information on a secure server located within Australia. If you are accessing JackFundJill from outside Australia then you acknowledge that your personal information will be disclosed to our employees and agents in Australia for the purposes of providing you with JackFundJill and related services. We may disclose personal information outside of Australia but only to contracted service providers that are engaged by us to act on our behalf and assist with our business functions and delivery of JackFundJill and related services. If we transfer your information to a contracted service provider outside Australia, we will take steps to ensure that your privacy rights continue to be protected to ensure that these contracted service providers are either covered by data privacy laws substantially similar to those in Australia or the relevant contracted service provider adheres to data privacy standards substantially similar to those in Australia.
Your rights in relation to your personal information
You may request access to your personal information collected by us and ask that we correct that personal information. You may also ask us to delete your personal information, restrict the processing of your personal information or transfer a machine-readable copy of your personal information to you or a third-party of your choosing. We will need to verify your identity before we are able to action your request.
We may refuse to action your request where actioning the request would:
- pose a serious threat to the life or health of an individual;
- have an unreasonable impact on the privacy of others;
- be unlawful;
- prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security or negotiations with you;
- jeopardise the conduct of existing or anticipated legal proceedings.
We may also refuse to action your request where we are authorised to do so by law. You can make a request in relation to the handling of your personal information by emailing us at firstname.lastname@example.org and we will respond within 30 days. If we refuse to action your request, we will notify you in writing setting out the reasons.
How is your personal information protected and how long is it kept?
JackFundJill takes the security of your personal information very seriously and takes reasonable steps to protect it from misuse and loss, unauthorised access, modification or disclosure. The methods we use to ensure this includes the implementation or existence of the following measures:
- all JackFundJill employees, agents and contractors are bound by confidentiality agreements and procedures have been implemented so that only those people with a genuine need to know have access to your personal information;
- electronic and physical data and document storage security policies;
- policies and procedures governing the retention, use and access of documents and data;
- internal system access security policies including authenticated access of employees and contractors;
- verification procedures to identify an individual before personal information is disclosed;
- access control for our buildings and data hubs; and
- the use of data encryption, firewalls and other security systems for our computer systems and cloud-based services.
Your information is kept while we need it to provide the services that you have requested from us and where applicable, we are required to keep it to comply with statutory requirements. Where JackFundJill determines it is no longer necessary to hold your personal information we will securely destroy, delete or permanently de-identify that information, wherever possible. In the unlikely event that the security of your personal information is compromised, we will immediately take steps to confirm if a data breach has occurred. If a breach is confirmed, and we form the view that the breach is likely to result in serious harm to you, we will notify you and provide you with a description of the breach, the kinds of information involved, and any recommended actions you could take to protect yourself against the consequences of the data breach. In accordance with our obligations under the Privacy Act 1988 (Cth) and the Australian Notifiable Data Breaches Scheme we will also notify the Office of the Australian Information Commissioner (OAIC) of any data breach that we consider is likely to result in serious harm to any of the individuals to whom the information relates.
Complaints about your privacy
JackFundJill will make every attempt to ensure that your privacy is not breached, however, if you believe that your privacy has been breached or you wish to make a complaint about the way we have handled your personal information, you can contact us at email@example.com.
We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. However, if you believe that we have not resolved the issue you may refer the matter to the OAIC, or if accessing JackFundJill from outside Australia, the relevant privacy and data protection authority in your country of origin.
Effective Date: 17 April 2021