Contact
0432307066

Privacy Policy

Last updated: 24 June 2024

1.          General

  • This website (Site) is operated by CADFLOW Pty Ltd (ACN 677 413 106) (we, us or our).
  • Your privacy is important to us and we are committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Privacy Act) and the General Data Protection Regulation (EU 2016/679) (GDPR), which applies across the European Union (collectively, Privacy Laws).
  • This policy outlines how and when we collect, process, use, share, store, disclose, alter and destroy your personal information and applies to all personal information we collect through:
    • the Site; and
    • our products and services.
  • If you have any questions about this policy, you can contact us using the details below.

2.          What personal information we collect

  • Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not the information is true or recorded in a material form.
  • This may include:
    • your name, telephone number and email address;
    • information about the products or services you order or enquire about, including how the products or services are used; and
    • any other information relating to you that you provide to us, including the information you provide by email or telephone.
  • We collect and use personal information from customers, authorised users or visitors of the Site, staff (actual or prospective), purchasers of our products or services, and any other individual who interacts with us.

2.2         Sensitive information

  • We do not intend to collect your sensitive information (as defined by the Privacy Laws). However, some of our services are automated and we may not recognise that you have accidentally provided us with sensitive information.
  • If you have accidentally sent us sensitive information, please contact us using the details below.

3.          Collection

3.1         Methods of collection

  • We collect your personal information in several ways, including:
    • through your use, or orders, of our products or services (and our records of these);
    • when you visit the Site or submit information through the Site, contact us, or complete any forms or documents for our products or services;
    • when you participate in our surveys, competitions, promotions, questionnaires or other promotional activities we may run from time to time;
    • from third parties (which we discuss further in clause 5.2 of this policy); and
    • from publicly available sources of information.
  • The personal information we collect will track and enhance your use of the Site or our products or services, and assist us in providing a better service to you.
  • We will only collect personal information that is necessary for one or more of our functions or for a purpose outlined in this policy or otherwise disclosed to you.
  • By providing your personal information to us, you acknowledge that you are authorised to provide such information to us.

3.2         Collection from you

When we collect personal information directly from you, we will take reasonable steps to notify you at, before, or as soon as practicable after, the time of collection.

3.3         Collection from an authorised representative

  • When we collect your personal information from your authorised representative, we will take reasonable steps to make sure you are aware of the collection.
  • If you provide us with personal information about another individual (as their authorised representative), we rely on you to:
    • inform them that you are providing their personal information to us; and
    • advise them that they can contact us for further information.
  • You must take reasonable steps to ensure the individual is aware of, and consents to, the matters outlined in this policy, including that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to access that information, and who we are and how to contact us.
  • Upon our request, you must also assist us with any requests by the individual to access or update the personal information you have collected from them and provided to us.

4.          Legal basis for processing personal information (EU Only)

We rely on several legal bases under the GDPR to collect, process, store, use and disclose the personal information of individuals residing in the European Union (EU), including:

  • consent – where you have freely and expressly consented to the collection, use, storage, processing and disclosure of your personal information for a specific purpose. The provision of personal information to us is voluntary. However, if you do not provide your personal information to us, we may not be able to provide you with access to, and use of, our products, services or Site. You may withdraw your consent at any time by contacting us using the details below;
  • contract performance – where the collection, use, storage, processing and disclosure of your personal information is necessary for the performance of a contract to which you are a party. For example, when collection and use is necessary to fulfil our obligations to provide you with access to, and use of, our products, services or Site;
  • our legitimate business interests – where we need to do so for legitimate business interests, including:
    • providing, operating and improving our products, services or Site;
    • marketing new promotions, deals, offers, competitions, products, services provided by us or our Authorised Affiliates that we consider may interest or benefit you;
    • managing, analysing, understanding and developing our relationship with you; and
    • responding to your queries or complaints; and
  • compliance with legal obligations – where there is a legal obligation to collect, use, store, process or disclose your personal information. For example, we may be obliged to disclose your personal information by reason of any applicable law, regulation or court order and/or to protect our interests and legal rights.

5.          How we use your personal information

5.1         Purposes of use and disclosure

  • We only use, process and disclose your personal information for the purposes for which it is collected and any other purposes permitted by law. 
  • In particular, we use and process your personal information to:
    • provide you with our products or services, or the Site;
    • improve, develop and manage our products, services and the Site;
    • operate, maintain, test and upgrade our systems;
    • notify you of important changes to our Site; and
    • notify you of opportunities and promotions we think you might be interested in, including new product or service offerings.
  • We may also use and process your personal information: 
    • to customise the advertising and content on our Site;
    • to communicate with you and provide information that we think may interest or benefit you, including information about our products or services and the Site;
    • to charge and bill you for our products and services;
    • to verify your identity;
    • to conduct fraud, risk reduction and creditworthiness checks;
    • to perform research and analysis about our products, services and the Site;
    • to comply with regulatory or other legal requirements,
    • for any purpose to which you have consented; and
    • for any other purpose notified to you at the time of collection.
  • In the event of a merger, acquisition or sale of the whole or part of our business or assets, we reserve the right to transfer your personal information as part of the transaction, without your consent or notice to you.

5.2         Disclosure to third parties

  • With your consent, we may provide your personal information to:
    • our employees, related entities, business partners, third party contractors, suppliers and agents from time to time for the purpose of delivering, providing and administering our products, services or Site; and
    • third party service providers who process or use your personal information for the purpose of performing functions on our behalf, but may not process or use such information for any other purpose.
  • Examples of these third party service providers include marketing and analysis organisations, financial and credit card institutions to process payments, billing providers and payment gateways, hosting companies, web developers, internet service providers, customer service providers, customer support specialists, fulfilment and delivery companies, external business advisors (including auditors and lawyers), our insurer, and research and data analysis firms, (collectively, Authorised Affiliates).
  • When we disclose your personal information to any of our Authorised Affiliates, we will use reasonable endeavours to ensure that they undertake to protect your privacy. These Authorised Affiliates are not permitted to use the information for any purpose other than the purpose for which they have been given access. 
  • Our Authorised Affiliates may also provide us with personal information collected from you. If you disclose personal information to an Authorised Affiliate, we rely on you to provide the Authorised Affiliate with consent for us to collect, store, use, process and disclose your personal information.
  • We may also disclose any personal information we consider necessary to comply with any applicable law, regulation, legal process, governmental request or industry code or standard.

5.3         Disclaimer

  • We will not disclose your personal information to any third party (other than our Authorised Affiliates) without your written consent, unless:
    • we are required or authorised by the relevant Privacy Laws;
    • we are permitted to under this policy; or
    • such disclosure is, in our opinion, reasonably necessary to protect our rights or property, avoid injury to any person or ensure the proper functioning of the Site. 
  • This policy only covers the use and disclosure of information we collect from you. The use of your personal information by any third party is governed by their privacy policies and is not within our control. 
  • If we collect any information that is not referred to or contemplated in this policy, we will give you notification of the collection at the time that we or one of our services collects the information.

6.          Storage and security

6.1         Protecting your personal information

  • We take reasonable steps in the circumstances to keep your personal information safe and secure. We use a combination of technical, administrative, and physical controls to protect and maintain the security of your personal information.
  • Our officers, employees, agents and third party contractors are expected to observe the confidentiality of your personal information.
  • Wherever possible, we procure that Authorised Affiliates who have access to your personal information take reasonable steps to:
    • protect and maintain the security of your personal information; and
    • comply with the relevant APPs when accessing and using your personal information.

6.2         No guarantee

  • The transmission of information via the internet is not completely secure. While we do our best to protect your personal information, we cannot guarantee the security of any personal information transmitted through the Site.
  • You provide your personal information to us at your own risk and, to the extent permitted by law, we are not responsible for any unauthorised access to, and disclosure of, your personal information.

6.3         Destruction of personal information

  • We will destroy or de-identify personal information where it is no longer required, unless we are required or authorised by law to retain the information.
  • To ensure we do not keep your personal information for longer than necessary, we consider several criteria, including:
    • the purpose for which we are holding your personal information;
    • legal or regulatory obligations in relation to your personal information (eg financial reporting obligations);
    • whether we have an ongoing relationship (eg you have an account with us or our brands, you receive ongoing marketing communications or regularly visit or use our products, services or Site);
    • any specific requests you have made regarding the deletion of your personal information; and
    • our legitimate business interests (eg defending claims, statistical analysis or research).

6.4         Access to personal information

  • You can access, change or delete your personal information at any time by contacting us at info@cadflow.com.au and we will help you access or change your personal information.
  • Under some circumstances you can:
    • request the restriction of processing relating to your personal information;
    • object to the processing of your personal information; or
    • request to receive a portable copy of your personal information.

To exercise any of these rights, please contact us at info@cadflow.com.au.

  • We may ask you for further information to be able to verify your identity or the reasons for your request. Provided we have received all necessary information from you, we will endeavour to provide you with an answer within 30 days of receipt of your request.

6.5         Storage of your information

The information you provide to us will be stored by us for no longer than legally required following your information request or following the closure of your account.

6.6         Suspected data security

  • We will notify you as soon as practicable if we:
    • discover or suspect that your personal information has been lost, accessed by, or disclosed to, any unauthorised person or in any unauthorised manner;
    • believe that you are likely to suffer serious harm as a result; and
    • are unable to prevent the likely risk of harm.
  • If you would like more information, please contact us using the details below.

7.          Direct marketing

7.1         Your consent

  • At the time of accessing, or using, our products, services, Site or otherwise from time to time, we may seek your express consent, by requesting that you tick the appropriate check box when providing us with your personal information, for us to send you marketing or promotional materials and other information.
  • Where we have obtained your prior consent or are otherwise permitted under the GDPR, we may, from time to time, use your personal information to send you information about the promotions, deals, competitions, products or services we offer, and any other information that we consider may be relevant to you.
  • These communications may continue, even after you stop using our products or services.

7.2         Communication channels

  • We may send this information to you via the communication channels specified at the time you provide your consent.
  • These communication channels may include mail, email, SMS telephone, social media or by customising online content and displaying advertising on our Site.

7.3         Opting-out

  • You can opt out of receiving these communications by: 
    • contacting us using the details below; or
    • using the unsubscribe function in the email or SMS.
  • You may re-subscribe at any time by re-registering.

8.          Links to other sites from our Site

  • Our Site may contain hyperlinks or banner advertising to or from third party websites.
  • We do not endorse any of these third parties, their products or services, or the content on these websites.
  • These websites are not subject to our privacy standards, policies and procedures. Therefore, we recommend that you make your own enquires about their privacy practices. 
  • We are in no way responsible for the privacy practices or content of these third party websites.

9.          Cookies and other technologies

  • We may collect information when you access and use our Site by utilising features and technologies of your internet browser, including cookies, pixel tags, web beacons, embedded web links and similar technologies. A cookie is a piece of data that enables us to track and target your preferences.
  • The type of information we collect may include statistical information, details of your operating system, location, your internet protocol (IP) address, the cookies installed on your device, the date and time (including time zone) of your visit, the pages you have accessed, the links which you have clicked on and the type of browser that you were using.
  • We may use cookies and similar technologies to:
    • enable us to identify you as a return user and personalise and enhance your experience and use of our Site; and
    • help us improve our service to you when you access our Site and to ensure that our Site remains easy to use and navigate.
  • Most browsers are initially set up to accept cookies. However, you can reset your browser to refuse all cookies or warn you before accepting cookies.
  • If you reject or disable our cookies or similar technologies, you may still use the Site but may only have limited functionality of the Site.
  • We may also use your IP address to analyse trends, administer the Site and other websites we operate, track traffic patterns and gather demographic information.
  • Your IP address and other personal information may be used for credit fraud protection and risk reduction.

10.       Your rights in relation to privacy

10.1      Privacy rights (EU only)

  • Under the GDPR, you have a number of important rights. We must ensure your information is:
    • processed lawfully, fairly and transparently;
    • collected for specified, explicit and legitimate purposes (and processed accordingly);
    • adequate, relevant and limited to what is necessary for purpose;
    • accurate;
    • stored in a minimal way; and
    • processed to ensure integrity and confidentiality.
  • Subject to certain exceptions, you have the right to:

Your rights

What does it mean?

The right of access

This policy explains what information we collect and process, why and when, we collect your information as well as how we collect, hold, use and disclose your information. You have the right to request copies of your information.

The right to have your information processed lawfully

We must process your data lawfully. Processing of your data is only lawful if:

·         consent has been given;

·         processing is necessary for the performance of a contract;

·         processing is necessary to satisfy legal obligations; or

·         if one of the other conditions in this Article is satisfied.

The right to know our details

You have the right to know our information before we collect your information. We are required to provide you with the following details:

·         our identity and contact details;

·         purpose and legal basis for processing data;

·         recipients of data;

·         any transfers outside of EU;

·         length of time of storage of data;

·         that you have the right to request access to, rectification of, erasure or transfer of data;

·         that you have the right to withdraw consent; and

·         the existence of any automated decision-making.

If you already have this information, we are not required to provide it to you again.

The right to transparency

We are required to provide you with information that is:

·         concise, transparent, intelligible and in an easily accessible form;

·         in clear and plain language; and

·         in writing, including electronically where appropriate.

The right to consent

We must be able to demonstrate that you have given us consent. Your consent must be given in a way that is:

·         clearly distinguishable from other matters that may be included in the document;

·         in an intelligible and easily accessible form; and

·         in clear and plain language.

You have the right to withdraw your consent at any time, and you must be informed of this prior to providing consent.

The right to child consent

If you are under the age of 16, consent must be given on your behalf by someone who holds parental responsibility.

The right to rectification

You have the right to request that we correct any information we hold about you that is inaccurate or incomplete.

The right of erasure

You have the right to request that we erase your information in certain situations.

The right to restrict processing

You have the right to request that we restrict our collection, use, processing or disclosure of your information in certain circumstances.

The right to object to processing

You have the right to:

1.     object to decisions being made by automated means which produce legal effects concerning you or significantly affecting you; and

2.     object or withdraw your consent at any time to the collection, use, processing or disclosure of your information (including for direct marketing purposes), but this does not:

a.     apply where we have other legal justifications to continue to collect, use, or process or disclose your information; or

b.     affect the lawfulness of any collection, use, processing or disclosure of your information in certain circumstances.

The right of data portability

You have the right to obtain a copy of your information in a commonly used electronic format so that you can manage, share and move it. You also have the right to request we send it to a third party.

  • You can exercise any of these rights by contacting us using the details below.
  • We also have further obligations to you under the GDPR in relation to how we look after and treat your information. You can find further details here.

10.2      Access rights

  • We will use our reasonable endeavours to keep your personal information accurate, up-to-date and complete.
  • You have the right to access any personal information we hold about you, subject to some exceptions provided by relevant Privacy Laws.
  • You can access, or request that we correct, your personal information by writing to us using the details below. We may require proof of identity.
  • If we do not allow you to access any part of your personal information, we will tell you why in writing.
  • We will not charge you for requesting access to your personal information but may charge you for our reasonable costs in supplying you with access to this information.
  • We will endeavour to respond to your request for access or correction within 1 month from your request.

11.       Children’s policy

  • We do not knowingly seek, collect or process personal information from or about persons under the age of 16 years of age (Children) without the consent of a parent or guardian.
  • If we become aware that any personal information relating to a Child has been provided without the consent of a parent or guardian, we will use reasonable endeavours to:
    • delete the personal information from all relevant files as soon as possible; or
    • ensure, where deletion is not reasonably practicable, that the personal information is not used further for any purpose or disclosed further to any Authorised Affiliate.
  • Any parent or guardian with queries regarding our collection, use, processing or disclosure of personal information relating to their Child should contact us using the details below.

12.       Consent

You expressly and freely acknowledge and agree that we, our Authorised Affiliates and each of their officers, employees, agents and contractors are permitted to collect, process, use, share, store, disclose, alter and destroy your personal information in accordance with this policy and the relevant Privacy Laws.

13.       Changes to the policy

  • We may amend this policy from time to time at our sole discretion.
  • Any revised policy will be posted on our Site and will be effective from the time of posting.
  • Your continued use of our products, services or the Site following the posting of any revised policy indicates your acceptance of the changes to the policy.
  • You should regularly check and read the policy.

14.       Complaints

  • If you have any issues about this policy or the way we handle your personal information, please contact us using the details below and provide full details of your complaint and any supporting documentation.
  • At all times, privacy complaints:
    • will be treated seriously;
    • will be dealt with promptly;
    • will be dealt with in a confidential manner; and
    • will not affect your existing obligations or your commercial arrangements with us.
  • Our Privacy Officer will endeavour to:
    • respond to you within 10 business days; and
    • investigate and attempt to resolve your concerns within 30 business days or any longer period necessary and notified to you by our Privacy Officer.

15.       Updates

  • We are committed to:
    • clearly expressing our Privacy Policy and keeping it up to date; and
    • making sure we take reasonable steps to implement the practices, procedures and systems to ensure we comply with all the relevant Privacy Laws.

16.       Contact us

You can contact us using the following details:

 

 

Scroll to Top