Last Updated: 25 July 2019

OUR PRIVACY POLICY

INTRODUCTION

Here at Kepler Analytics Pty Ltd (ABN 25 603 763 300) (we, us, our, or Kepler Analytics) protecting your privacy and treating your personal information with care is of paramount importance to us. This Privacy Policy explains why we collect personal information and how we collect, use, disclose, store and protect your personal information and the personal information of your Customers when you use our Kepler Analytics Products (our retail analytics, store foot traffic counting and conversion tracking products and anything we add from time to time).

It also explains how to contact us to correct, update or delete any personal information provided to us, or make a complaint if you have concerns.

We will only collect and process personal information about you where we have a lawful basis to do so. Lawful basis includes consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you) and legitimate interests (including security threats or frauds, compliance with applicable laws, and enabling us to administer our business).

This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and Kepler Analytics Product users; in other words, where we determine the purposes and means of the processing of that personal data.

We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).

 

CHANGES THAT WE MAKE TO OUR PRIVACY POLICY

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

WHICH ENTITIES DOES THIS PRIVACY POLICY COVER?

This Privacy Policy applies to Kepler Analytics and all related entities of Kepler Analytics around the world with respect to the Kepler Analytics Products.

 

WHAT IS PERSONAL INFORMATION?

Personal information is defined as information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

 

WHAT PERSONAL INFORMATION DO WE COLLECT?

Personal Data

Demographic and other personally identifiable information that you give to us when choosing to use the Kepler Analytics Products. The types of personal information we may collect about you include:

  • your name;
  • your contact details, including email address, street address and/or telephone number;
  • your employer and job title;
  • your business information, including customer-to-staff ratios and point-of-sale data;
  • information you provide us through feedback, customer surveys or otherwise;
  • details of Products and services we have provided to you and/or that you have enquired about, and our response to you;
  • support requests submitted to us and our response to you; and
  • any other personal information requested by us and/or provided by you or a third party.

Financial Data

Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase the Kepler Analytics Products. We store only very limited, if any, financial information that we collect.

Otherwise, all financial information is stored by our payment processor and you are encouraged to review their privacy policy and contact them directly for responses to your questions.

 

WHY DO WE COLLECT YOUR PERSONAL INFORMATION?

We may collect your personal information when required by law but generally we collect personal information from you (or about you) to allow us to:

  • supply you with the Kepler Analytics Products;
  • supply you with tailored service offerings that may benefit you;
  • communicate more effectively with you about our services and your care;
  • ensure your experience with us is a positive one;
  • notify you about our new service or product offerings, discounts, promotions or upcoming events;
  • provide analytics and solutions for your business;
  • if you have applied for employment with us; to consider your employment application; and
  • to comply with our legal obligations and resolve any disputes we may have.

Personal information collected or received by us will only be used for the stated purpose for which it was provided.

When you access the Kepler Analytics Products, we may collect certain information automatically, including, but not limited to, your operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data (Usage Data).

 

WHEN DO WE DISCLOSE YOUR PERSONAL INFORMATION?

Your personal information will not be used contrary to this Privacy Policy but may be disclosed to third parties in the following circumstances:

  • for the purpose it was collected;
  • if we sell all or part of our business and the purchaser also requires your personal information;
  • to enforce our legal rights or those of others;
  • with your consent, to create case studies for marketing purposes;
  • to allow service providers to provide their services to us, including (without limitation) IT service providers, data storage, web-hosting and server providers, email marketing providers, debt collectors, couriers, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
  • to enable the function of our employees, contractors and/or related entities;
  • to our existing or potential agents or business partners;
  • to third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), Facebook Pixel or other relevant analytics businesses;
  • to prevent actual or potential fraud or illegal activity; or
  • if we are required to do so by law.

If personal information is disclosed to a third party, we are required to take reasonable steps to ensure your personal information is treated in accordance with the laws that apply to personal information in that country.

 

WHEN AND HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

Directly

We collect most personal information directly from you when you make an enquiry about Kepler Analytics or purchase Kepler Analytics Products from us. Your consent may be express (e.g. you agree to the use of your information by ticking a box) or implied by an action you take or do not take (i.e. because you have agreed to terms and conditions that contain information about the use or disclosure of your information).

Indirectly

You may indirectly provide us your information when you purchase (or enquire to purchase via our website, in emails or otherwise) the Kepler Analytics Products from us, you set up the Kepler Analytics Products, you ask to find out more about our Products, you make a refund, return or other claim, you use our Kepler Analytics Products generally or you deal with us.

WHAT IF YOU DON’T WANT US TO COLLECT YOUR PERSONAL INFORMATION?

You are not obligated to provide us with your personal information. You may choose whether you receive communications from us. Whilst it is your choice not to provide your personal information to us this may impede our ability to provide you with all of the functionality of our Kepler Analytics Products.

 

WHAT IF YOU DON’T WANT TO RECEIVE FURTHER COMMUNICATIONS FROM US?

Should you wish to remove yourself from our contact database you may do so at any time by contacting our Privacy Officer via our website at www.kepleranalytics.com.

 

HOW CAN I ACCESS, CORRECT AND/OR UPDATE PERSONAL INFORMATION YOU HAVE COLLECTED?

At any time you may contact our Privacy Officer and request your personal information be modified. We will make all efforts to correct data once we have proved your identity.

We will deal with all requests for access to personal information as quickly as possible, but no later than 30 calendar days from the date of your request (unless any complexities arise). Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given.

We will provide you your personal information in a structured, commonly used, machine-readable format.

In some cases, we may be legally permitted to withhold access to the personal information we hold about you. This includes, but is not limited to, circumstances where giving you access would: be unlawful; have an unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative information generated within Kepler Analytics business in connection with a commercially sensitive decision-making process.

We will also refuse access where the personal information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we may refuse access where your request is frivolous or vexatious, and where we reasonably believe that: giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; unlawful activity, or misconduct of a serious nature, is being or may be engaged in against Kepler Analytics and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.

If we refuse to give you access we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.

Please note that the access and correction requirements under this Privacy Policy operates alongside and do not replace other informal or legal procedures by which an individual can be provided access to, or correction of, their personal information.

 

HOW DO WE STORE AND PROTECT YOUR PERSONAL INFORMATION?

For us to provide excellent service we are required to store some personal information and take the greatest of care to ensure this information is treated as private and confidential. Transmitting personal data via the internet does have inherent risks associated with it. We will however take all reasonable steps to ensure the security of this data. Note that no information transmitted over the Internet can be guaranteed to be completely secure. While we will endeavour to protect your personal information as best as possible we cannot guarantee the security of any information that you transmit to us, or receive from us. The transmission and exchange of information is carried out at your own risk.

Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

We have taken the necessary measures to ensure the personal information (including the financial information about yourself) we hold is not compromised. In accordance with and as permitted by applicable law and regulations we will retain your information as long necessary to serve you, to maintain your Kepler Analytics account or as otherwise need to operate our business.

Our third party secure data centre is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data. Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the country in which your information is stored, including Australian privacy laws and the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.

Your personal information is protected by security certificates and we use or employ through third party modern security stands where possible. We will take reasonable steps to maintain the integrity and security of any personal information we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such personal information.

It is important that you protect your privacy by ensuring that no one obtains your personal information and you must contact us directly if your details change. Should your information be erroneously provided to us or no longer remain valid within the constraints of this Privacy Policy we will securely destroy or de-identify it as soon as practicable, as long as it is lawful to do so.

We have obligations to notify you if you are affected by a data breach. We will take all reasonable precautions to prevent such an event. However, as we cannot guarantee that remedial action will be sufficient to prevent all instances of a breach, we will take steps to notify you of an eligible data breach as soon as practicable, or no later than 72 hours (where feasible) for EU citizens, and provide recommendations as to what steps you should take to mitigate any serious loss or damage.

 

END USER PERSONAL INFORMATION

You may provide us with access to your Customers’ (the end user) personal information to allow you to access analysis and data from our Products. The types of End User personal information that you may provide us access to and we may collect include:

  • name;
  • contact details, including street address, email address and/or telephone number;
  • credit card, transaction or other payment details including items purchased from you, billing and invoice details;
  • preferences and/or opinions provided to you;
  • details of products and services purchased, enquired about, and your response;
  • communication information including feedback, messaging, reviews or otherwise;
  • device information including browser session and geo-location data, device and network information, statistics on customer page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • dispute related information including any dispute case numbers, status, chargeback information and/or order cancellations that may be provided to you;
  • information about access to your services, including time and physical locations spent in stores, spaces, or otherwise; and
  • additional personal information that is provided to you, directly or indirectly, through the use of your services, associated applications, associated social media platforms and/or accounts where you collect End User information.

How we collect end user personal information

We require our clients and third parties to comply with the relevant privacy laws and, if required by law, to gather any consents or follow relevant requirements when obtaining end user personal information. We may collect and access end user personal information from clients and third parties through our Products and services.

 

COOKIES

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.

Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website.

 

HOW DO WE USE COOKIES?

We use cookies in a range of ways to improve your experience on our website, including:

  • Keeping you signed in
  • Understanding how you use our website
  • Providing you with a personalised service

WHAT TYPES OF COOKIES DO WE USE?

There are a number of different types of cookies, however, our website uses:

Functionality – we use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

Advertising – we use these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Sometimes we share some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

 

HOW TO MANAGE COOKIES

You can set your browser not to accept cookies. Each browser has their own way to remove cookies from your browser. However, the proper functionality of our services may not work without having cookies enabled.

 

THIRD PARTY SITES

Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.

 

OUR OBLIGATIONS UNDER THE GDPR

We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

 

YOUR RIGHTS UNDER THE GDPR

If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used.

Except as otherwise provided in the GDPR, you have the following rights:

  • to be informed how your personal information is being used;
  • access your personal information (we will provide you with a free copy of it);
  • to correct your personal information if it is inaccurate or incomplete;
  • to delete your personal information (also known as “the right to be forgotten”);
  • to restrict processing of your personal information;
  • to retain and reuse your personal information for your own purposes;
  • to object to your personal information being used; and
  • to object against automated decision making and profiling.

Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.

We may ask you to verify your identity before acting on any of your requests.

EU citizens are entitled to the right to erasure of personal information in certain circumstances, including but not limited to where the information is no longer necessary for the purpose for which it was collected, or where the EU citizen withdraws their consent and there is no other legal ground for processing their personal information. Please contact our Privacy Officer to discuss your request to remove your personal information.

EU citizens acknowledge and agree that Kepler Analytics may exercise any of the exceptions to the right of erasure, specifically in cases where data processing is necessary to exercise the right of freedom of expression and information.

We retain information for as long as required, allowed or we believe it useful. You must keep your own, separate back-up records. However, the length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).

We will retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.

 

OVERSEAS DISCLOSURE

We may store personal information overseas, including in the United States, Europe or the United Kingdom. Where we disclose your personal information to the third parties listed above, these third parties may also store, transfer or access personal information outside of Australia.

Unless we seek and receive your consent to an overseas disclosure of your personal information, we will only disclose your personal information to countries with laws which protect your personal information in a way which is substantially similar to the Australian Privacy Principles and/or we will take such steps as are reasonable in the circumstances to require that overseas recipients protect your personal information in accordance with the Australian Privacy Principles.

 

EUROPEAN UNION (OR EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

 

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by submitting your request to helpdesk@kepleranalytics.com.

If you are under 18 years of age, reside in California, and have a registered account with the Application, you have the right to request removal of unwanted data that you publicly post on the Application. To request removal of such data please contact us via your app under “General Enquiries & Feedback” and confirm the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Application, but please be aware that the data may not be completely or comprehensively removed from our systems.

 

Last Updated: 26 May 2022