About this Privacy Policy

(22 March 2023)

This is the privacy policy (Privacy Policy) for The Wishlist Company Pty Ltd, an Australian company (TWC, we, our, us). Our Privacy Policy is designed to inform you of our policies and procedures regarding the collection, use and disclosure of information we receive about you, and information about your privacy rights. We may change this Privacy Policy from time to time, and it is important that you review it regularly. Any change to this Privacy Policy will become effective when we publish a revised Privacy Policy on our website.

Collected Information

We collect and use information from visitors to our website and from users of our software applications (“Services”) that are licensed by our business-to-business clients (“Clients”). This may include personal information about you (“Customer Data”). Personal information generally means any information about an individual from which that person can be identified. This may include:

General information such as your name;
Contact information such as your address, phone number, and email address
Transaction information such as information about products and services you have viewed or purchased and when and where the transaction occurred including payment type;
Technical information such as how you use our products including your identity, device make and model, device name, MAC address, Internet Protocol (IP) address, carrier name, operating system and browser type; and
Marketing information such as your preferences in receiving marketing communications from us, third-party links you have visited immediately prior to and after you visit our website and your location information

We do not collect any sensitive personal information about you (this includes details about your race or ethnic origin, political opinions or associations, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or union, sexual orientation or practices, criminal record information, health, genetic background or biometric personal information).

How we collect your information

We may collect personal information in the following ways:

information you provide to us directly, for example when you communicate or interact with us or one of our Clients that offers our Services to you, by telephone, email, online (including through our products and Services and website) or in person;
your response to any surveys or marketing materials we, or our Clients send out;
interactions between you, other users of our Services, and our staff;
interactions between you and our Clients and their staff; and
information that we automatically collect when you use our Services to enable us to fulfil our obligations to our Clients and to provide product support.

In some instances, we collect information about you from other sources such as our suppliers and other third parties who provide services to us; and publicly available sources.

Why we collect your information

We use your personal information for the following purposes:

To fulfil our obligations to our Clients, and you, in delivering our Services
To process transactions you initiate by using our Services;
To verify your identity;
To respond to requests and provide product support;
To monitor usage in order to improve our Services, or to improve your experience with our Services;
To update you about our Services
To link or combine with information we get from third parties to help understand your needs;
To detect and investigate fraudulent, unauthorized, or illegal activity; and
For any other purpose for which the information was originally collected.

For additional information on our legal basis for processing your information, please contact us.

Who we may disclose your information to

We may disclose information, including your personal information, to various third parties for any of the purposes identified above. The types of third parties with whom we disclose personal information include:

our Clients;
government agencies for reporting and compliance purposes;
third party suppliers, service providers and partners, which provide services and support for our programs and operations; and
to a third-party organisation in the event, we sell or transfer all or a portion of our business or assets

In order to comply with our legal obligations, respond to complaints and claims, and investigate and protect ourselves and third parties against any activity that we reasonably suspect to be fraudulent, we may also disclose your personal information to law enforcement agencies, regulatory authorities and governments around the world and their service providers in connection with their investigations, screening or other functions.

Transfers to other countries

When we disclose information in accordance with this Privacy Policy, it may be accessed from, transferred to, and/or stored outside the country in which you are located. The privacy laws in that country may be of a lower standard than those in your own country. In these situations, we may not be accountable for the actions of those recipients, and you may have limited or no rights under the applicable privacy regime. Of particular note to European users of our Services, your data may be transferred and/or stored in USA, Canada or Australia.

Direct marketing communications

From time to time, we may send you direct marketing communications. We may contact you by electronic messages (e.g., email), online (e.g. through our website), by mail and by other means, unless you opt out or we are subject to legal restrictions. You may opt out of receiving electronic messages from us at any time by contacting our Privacy Officer via the contact details at the bottom of this Privacy Policy or by using the opt out mechanism included in our marketing messages.

Behavioural Targeting

We may use your information to provide you with targeted advertisements we believe of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work. You can opt out of targeted advertising on services such as Facebook, Google and Bing. You can also opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at http://outpout.aboutads.info/

Cookies and visitor tracking

To provide services through our website, or understand more about visitors to our websites and social media platforms, we collect certain information from your browser about your interactions. This information is collected as statistical information and includes the IP address, browser type, language and access times.

In many cases, the tools used on our website record information in a way that does not identify you as an individual. In other cases, information collected through our website may be personal information in which case this Privacy Policy will apply. We may also collect personal information through our social media presence.

We collect information via cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies in the browser settings if you prefer. If you choose to decline cookies, you may not be able to use certain services or features that depend on cookies.

We use Google Analytics to track information about how visitors use our site. This only collects statistical information such as the number of visitors to our website, how they arrived there (i.e. via a Google search or another website), whether it is a first-time or return visit. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/ and exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

We use marketing cookies to help us deliver advertising that is more relevant to you and your interests. They include third-party cookies placed by our partners and other advertisers who share cookie data with us. For example, we use these cookies to allow our website to serve up different versions of a page for marketing purposes. If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Policy, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/.

Data security

We take reasonable measures to ensure that your personal information is transmitted and stored securely, in order to prevent loss, misuse, and unauthorized access, destruction, or disclosure. However, please be aware that, despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

We store information in both physical and electronic form at our offices or on our servers. We have put in place reasonable security measures designed to protect your personal information from being accidentaly lost, modified, used or accessed in an unauthorised way, altered or disclosed.

We have put in place procedures to deal with personal information breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

Accessing your personal information

The accuracy of the personal information we hold, and use is important to us. We take reasonable steps to ensure that the personal information we handle is accurate, complete, relevant, not misleading and up to date. To help us keep your personal information accurate, please let us know if there are any errors or changes in your personal information.

You can request to access or correct the personal information we hold about you at any time. To request access to, or a correction of, any personal information that we may hold about you (or to request our confirmation of whether we hold information about you), please contact our Privacy Officer using the contact details at the bottom of this Privacy Policy. In most cases, we can help you promptly and informally with these requests. In other cases, we may need to verify your identity and ask you to make your request in writing.

From time to time, we may need to reject your request to access or correct the personal information we hold about you, if we believe it to be necessary and to the extent allowed by law. We will provide our reasons if we deny your request for access to, or correction of, your personal information. Where we decide not to make a requested correction to your personal information and you disagree, you may ask us to make a note of your requested correction with the information we hold about you. We won’t charge you for simply making a request to access or correct personal information. However, we may charge reasonable costs for carrying out your request.

You may also contact our Privacy Officer if you wish to obtain further information regarding our privacy practices and the way we handle your personal information

Other privacy rights

Subject to certain limitations and restrictions (e.g., depending on circumstances such as where you reside) you may have the right to exercise additional rights in relation to your personal information. These may include the right to:

request erasure of your personal information;
object to processing of your personal information;
request restriction of processing of your personal information;
transfer your personal information (i.e. the right to data portability);
not be subject to automatic decision making; and
withdraw consent.

If you wish to exercise or obtain details of any of the rights set out above, please contact our Privacy Officer via the contact details at the bottom of this Privacy Policy. The Privacy Officer may require further information in order to assess the applicability of the right to the relevant circumstances.

We take your privacy concerns seriously. If you have a complaint regarding our handling of your personal information or concerning our privacy practices, you may file a complaint with our Privacy Officer using the contact details set out at the bottom of this Privacy Policy. Our Privacy Officer will confirm receipt of your complaint. If our Privacy Officer believes an investigation is necessary, we will open an investigation into your complaint. Our Privacy Officer may need to contact you to request further details of your complaint. If an investigation has been opened following a complaint made by you, our Privacy Officer will contact you with the result of that complaint as soon as possible. You may also raise a complaint and contact the local privacy and data protection authorities directly in your country.

Additional services and external links

From time to time, we may provide links from our website or platforms to additional services through separate websites and platforms. These websites operate independently of us and may be subject to alternative terms of use, including terms concerning use of your personal information. We have not reviewed these third-party sites and do not control and are not responsible for any of these websites, their content or their privacy policies. If you decide to access or interact with any of the third-party sites listed on our website, you do so at your own risk.

Information retention

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy and in each case in accordance with applicable legal and regulatory requirements in respect of permitted or required retention periods and limitation periods for taking legal action.

Changes to the Online Privacy Policy

This policy is subject to change from time to time and without notice to you due to changes in technology and/or our business. A revised version will be posted to this website if required. The changes shall be effective to you immediately upon our posting.

Sub-processors

We uses sub-processors to assist in providing our Services. A sub-processor is a third party who agrees to receive personal data from us intended for processing activities to be carried out (i) on behalf of our customers; (ii) in accordance with customer instructions as communicated by us; and (iii) in accordance with the terms of a written contract between us and the sub-processor.

Sub‐processor	Purpose for the data transfer	Location
AWS	Provision of hosted server infrastructure and database services	Australia
Atlassian	Management of support ticket data used to provide support services to our customers	Australia, USA
Shopify	E-commerce services for TWC customers. We provide The Wishlist for Shopify Merchants (“the App). When you install the App, we are automatically able to access certain types of information from your Shopify Account, consistent with the information described in this Privacy Policy	Canada, USA

Questions?

If you have questions about this online privacy statement please contact us, and one of The Wishlist Company specialists will be in touch with you shortly.

Previous Versions

September 02, 2022

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.