Privacy Policy

Last Modified on 19 November 2024‍

1. Privacy Statement

GetaFile Pty Ltd ABN 16 644 783 808 (we/our/us) provides a cloud-based file management platform, GetaFile.

We consider your privacy to be important and we take our responsibility to protect it seriously. We understand that you are concerned about your privacy, along with the confidentiality and security of any personal information provided to us.

This Privacy Policy describes how we collect, use, process, and disclose (Process) your data (which includes any information you provide that may be able to identify you personally) in conjunction with your access to and use of all of the products, services, websites and platforms that we offer (referred to collectively as our Services).

2. Personal Information

2.1 Non-EU Data

Your rights regarding the data that we Process are set out in this Policy. We process your data in accordance with the Australian Privacy Act 1988 (Cth). If you are accessing our Site, our Platform or receiving Services from a location outside of Australia or the EU, your personal information will be processed in Australia and in accordance with this Policy, unless we are required to comply with Privacy Laws specific to your jurisdiction.

If for any reason you need to contact us in relation to your data, our contact details are:

Attention: Privacy Officer, GetaFile
Address: PO Box 238, Hobart, Tasmania, Australia
Email: support@getafile.io

2.2 EU data

If you are based in the European Union, or your data is otherwise protected by European Union General Data Protection Regulation (GDPR), you may contact us directly using the above contact information.

3. Basis for collection

We collect data in the following circumstances:

(a) Engaging

Where you have requested access to the Platform or that we provide you with our Services, we need to Process your data to:

(i) enter into our agreement with you;

(ii) deliver to you our Services;

(iii) have an account on the Platform.

(b) Legitimate Business Purposes

We may also Process your data (even where it is not related to us entering into an agreement or contract with you) where we consider:

(i) you will not be detrimentally impacted;

(ii) you would reasonably expect us to engage in such Processing; and

(iii) it is necessary to fulfil our legitimate interests.

This may include, for example, processing your data to improve our Site, Platform or our Services, or to enable our third-party service providers (including Google Analytics and Stripe) to provide us with services.

Due to the nature of our Platform and Services, we Process data, files and information integrated with the Platform by our users. Data is uploaded to our Platform and only stored for the purpose of Services provided within the Platform. Our users may elect to delete their data and files at any time, including on termination of their account.

(d) Legal Compliance

There are certain situations in which we may be required to Process your data to comply with a law or Court order.

(e) Consent

In certain circumstances we may request that you specifically consent to our Processing of your data. Where we do so, we will provide an explanation of the nature of the Processing to which you are consenting. If we have requested your consent, you can withdraw your consent at any time by contacting us using the contact information set out in section 2.

4. Ways that we collect information

We collect data in a variety of ways from those interacting with us, including:

(a) through our Site;

(b) through our Platform and account creation process;

(d) through any of our other business activities or events;

(e) where your customer, client or personnel data is migrated to the Platform by our users; and/or

(f) where you otherwise voluntarily provide us with your data (for example, where you respond to a survey or feedback request).

5. Types of information we collect

5.1 General

We may collect and store the following data from our users:

(a) contact information such as full name, email address and telephone number;

(b) account details including user name, team/account name, password (encrypted), API authentication tokens and refresh tokens (encrypted);

(d) files and data associated to those files;

(e) data logs, which may include information such as your internet protocol address, browser type, browser version, clickstream data, referring URLs, the pages of our Site or parts of our Platform that you visit, the time spent on any pages of our Site or parts in our Platform and other log related information relating to your use of our Services; and

(e) all other information that you provide to us voluntarily and directly, including in any enquiry made to us.

5.2 Account payment information

Account payment information including credit card details are collected directly and stored by our third-party payment processing provider, Stripe. These details are not collected by us and only accessed via API.

5.3 Site and Platform Data

Whenever you visit our Site or enter our Platform, our servers automatically record information for statistical purposes about your usage, such as:

(a) the type of browser used;

(b) the referring URL;

(d) the number and type of pages viewed;

(e) the date and time of visits; and

(f) the exit URL.

This information remains anonymous and we do not link it to any data, unless at the time of visiting our Site or the Platform you were logged in to your account.

5.4 Cookies

We may utilise "cookies" through our Site which enable us to monitor traffic patterns and to serve you more efficiently if you revisit our Site. A cookie does not identify you personally, but it does identify your computer. You can set your browser to disable cookies or to notify you when you receive a cookie and provide you with an opportunity to either accept or reject it in each instance. If you disable cookies, you may not be able to access certain areas or features on our Site.

5.5 Web Beacons

Web beacons (also known as clear gifs, pixel tags or web bugs) are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users or to access cookies.

Unlike cookies which are stored on the user’s computer hard drive, web beacons are embedded invisibly on web pages (or in e-mail). Web beacons may be used to deliver or communicate with cookies, to count users who have visited certain pages and to understand usage patterns.

Like many sites, we use web beacons to collect information which is done in accordance with this Policy.

5.6 Third Party Advertisements

From time to time we may allow third parties, including our authorised service providers, advertising partners and ad networks to serve advertisements on our Site. Any information that these third parties collect via cookies is completely anonymous and is non-identifiable. If you provide a third party with information directly, we strongly recommend you first review the privacy policy of the relevant third party.

5.7 Information collected in connection with our Services

Our users utilise the Platform to more efficiently manage and sync information about their customers and clients. If you interact with any of our users, our users permit us to Process information about you via our Platform. We do not send your data or information to any external applications other than those connected to MeldAPI by the user.

We are not responsible for the type of data and information collected by our users or transferred to any third-party platform through our Platform, including any sensitive information which may be collected in the course of our users operations.

5.8 Sensitive information

We do not knowingly collect or use any health-related information or any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life, or sexual orientation, criminal convictions and offenses, trade union membership, or genetic or biometric data.

5.9 Information about minors

We do not knowingly collect or use data from children under 18. If a parent or guardian becomes aware that his or her child has provided us with data, that parent or guardian should contact us. If we become aware that a child has provided us with Personal Information, we will delete such information from our files.

6. Disclosure

6.1 Purposes of collecting data from your interactions with us

Generally, we only use data for providing, evaluating, improving, personalising and developing our Platform, Services and our Site. More specifically we use data to:

(a) enable you to interact with and use our Site and Platform;

(b) provide Services;

(d) promote and market our Services and Platform;

(e) improve our Services, the Platform or the Site;

(f) deal with your enquiries; and

(g) prosecute and defend any allegations of wrongdoing or unlawfulness.

6.2 Ancillary use of data from your interactions with us

Typically, we will only Process data for the reasons set out in clause 6. However, in some circumstances, we may use data for reasons other than those specifically identified above. We will only do so where:

(a) you would reasonably expect us to use or disclose the data;

(b) you have consented to our Processing of your data for some other purpose; or

(c) the use or disclosure of the data is required or authorised by law, the order of a regulatory authority, or a court or tribunal.

6.3 Anonymising personal data obtained from interactions with us

When using data for the purposes contemplated in clauses 6.1.and 6.2, we use our best endeavors to anonymise that data such that any personally identifiable information is removed wherever it is not strictly necessary to pursue our legitimate business interests.

6.4 Direct Marketing

Where data is being used for direct promotional or marketing purposes, whether provided by us or an associated entity or a third party, we will obtain your consent. You may at any time decline to receive further offers by opting out.

Please be aware that opting out of a direct marketing communication will only unsubscribe you from the enterprise that have contacted you directly. Please let us know if you want to unsubscribe from all direct marketing that originates from us (excluding our associated entities) by emailing us using the contact information provided in this Privacy Policy.

7. Overseas Disclosure

7.1 Overseas disclosure

To provide customer support, perform back-office functions, store account data or to otherwise assist us in providing our Services and Platform, we utilise AWS infrastructure based in the United States of America.

We have implemented security measures to protect the security of your data. However, as with any transfer of data, there are still risks of data breaches.

Where you are based in the European Union or your data is otherwise collected in accordance with the GDPR, you acknowledge that there may be instances where your data is transferred outside of the European Union and to countries which have not been the subject of an “adequacy decision” pursuant to the GDPR. Such transfers are necessary for our legitimate business purposes and in order for us to perform our Services.

By requesting our Services you are explicitly consenting to the international transfer and Processing of your data including sensitive information (Special Category data) in accordance with this Privacy Policy, in full and informed knowledge of the risks associated with such transfers and Processing.

In all other circumstances we will only disclose data to an overseas recipient if:

(a) you consent to the transfer; or

(b) the disclosure of the information is required or authorised by law, a regulatory authority, or a court or tribunal order.

7.2 Use of Google Analytics

We may from time to time use Google Analytics on our Site, a web analysis service operated by Google Inc. (“Google“). Google Analytics uses cookies (text files) which are sorted on your computer and which allow for analysis of your visits to be conducted. Information concerning your visit produced through cookies (including IP address) will be transferred to and stored on a server in the United States of America operated by Google. Google will analyse this information to produce a report for the operator on Site usage and online usage of associated services. Google may also transfer this information to third parties either where this is required by law or where third parties are contracted by Google to Process data. Google will not allow your IP address to be linked to any other data.

8. Security

We use industry best practices to protect data that we deal with from:

(a) misuse, interference and loss; and

(b) unauthorised access, modification or disclosure.

All staff and third-party providers with access to data, including third-party data storage providers, are required to comply with appropriate information security industry standards.

Although we work to ensure our security systems align with industry best standard, there is always risk associated with the transmission of information via the internet.

You acknowledge that we cannot guarantee the security of any data transmission, and as such all data transmissions are entirely at your risk. Once we have received your data, we will take reasonable steps to use procedures and security features to try to prevent unauthorised access, modification or disclosure.

9. Third parties

Our Site, promotional material and Platform may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party sites, products or services whatsoever, including those of our clients.

We enter into legal contracts with each of our clients which contractually require them to adhere to applicable privacy laws and self-regulatory advertising codes. Ultimately, the collection, processing, use and disclosure of your information by our clients is managed by our client’s under their own privacy policies.

We encourage you to read the terms and policies of all third-party sites, apps or services that you visit or interact with.

10. Data Rights and Retention

10.1 Destruction and Erasure of data

(a) We will only retain your data whilst it is required for the purpose for which it was collected (for example, to provide our contractual services to you, or for our legitimate business purposes). When we no longer require the data, we will take all reasonable steps to destroy the information, or to ensure the information is deidentified (unless we are required to retain the data by law, a regulatory authority or the order of a court or tribunal).

(b) Notwithstanding the above, you have the right to request the erasure of your data. If you wish to have your data erased, please let us know and we will take all reasonable steps to destroy it, unless we need to keep it to comply with a law, or the order of a regulatory authority, court or tribunal. Where we have provided your data to a third party, we will take reasonable steps to ensure that party also deletes your data.

10.2 Access to data

We will provide you with access to the data held by us in relation to you, except to the extent that denying access is required or authorised by law, a regulatory authority or a court or tribunal order.

10.3 Request for Access

To request access to your data please use the contact information contained in this Privacy Policy. We will respond to your request and either provide you with the data you have requested, or notify you when we will provide you with your data. Any data requested will be provided within 30 days of your request, unless we are unable to provide you with access to the data because, for example, doing so would breach the law, the ruling of a regulatory authority, or a court or tribunal order. If this is the case we will advise you of the reasons we cannot provide your data.

10.4 Use of Intermediaries

If you have requested access to your data and we are unable to provide you with that access, you may request that, where it is reasonable for us to do so, we engage a mutually agreed intermediary to deal with the data you have requested and that would allow you sufficient access to your data to meet your requirements.

10.5 Costs

We will not charge for providing an initial copy of your data. However, we reserve the right to charge for providing additional copies of data. If we do decide to charge you fees, such fees will not be excessive, and we will notify you of those costs prior to providing you with the data. We may require anticipated costs to be paid prior to providing you with additional copies of your data.

10.6 Data portability

Insofar as it does not adversely affect the rights and freedoms of others and where you have communicated a request to us:

(a) we will provide you with such data that we have collected about you in a structured, commonly used and machine-readable format; or

(b) after receiving your request, where technically feasible, we will transmit your data directly to another data processor or controller.

10.7 Correction of Personal Information

(a) We are obligated to ensure that data that we are Processing is kept accurate and up to date. Please notify us if any of your data changes, so that we may update our records. You will also have the ability to update your data via the Platform where you are a user.

(b) If at any time you wish to correct any data held by us, please contact us using the contact information contained in this Privacy Policy. We will correct your data to ensure that the information is accurate, up to date, complete, relevant and not misleading.

If we advise that we are unable to correct your data, for example due to a law, order of a regulatory authority or court or tribunal, we will notify you in this regard.

(c) If we correct data about you that we previously disclosed to another party, we will take reasonable steps in the circumstances to give that party notification that the data has been corrected, unless it is impracticable or unlawful to do so.

10.8 Restriction of Processing

You may request that we limit or restrict the way we Process your data. Where we are satisfied grounds for restriction exist, we will only Process your data:

(a) with your consent;

(b) for the establishment, exercise or defense of legal claims against us; or

11. Complaints

If you believe that we have used or disclosed your data in a manner which is contrary to this Privacy Policy or otherwise breaches an applicable law, then you should contact us using the contact information in this Privacy Policy. We will happily work with you to address any concerns that you may have.

If you are based in the European Union and have a complaint regarding your data, you may also contact our European Representative using the contact information contained in clause 2.2 of this Privacy Policy.

Within 30 days of receipt of your complaint we will notify you in writing as to what action we propose to take in relation to your complaint and will provide you with details of what further action you can take if you are not satisfied with our response.

You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. If you are in Australia, you may lodge your complaint with the Office of the Australian Information Commissioner. Information on making a privacy complaint can be found on their website at https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us.

If you are unsure who your relevant supervisory authority may be, please contact us so that we may provide you with assistance.

12. Variations

We reserve the right to vary this Privacy Policy from time to time to ensure that we remain up to date with market expectations, the law and technological advances. Any variations to this Privacy Policy will be published on our Site.

It is your responsibility to check our Privacy Policy periodically to ensure you are aware of any changes made to it.

13. Definitions

Services means the data migration and management services advertising services provided via the Platform, along with ancillary services establishing and supporting the Platform.

Site means the Site located at the domain name www.getafile.io.

Platform means the cloud-based file management platform known as GetaFile.

Privacy Law means the Privacy Act 1988 (Cth) and any other applicable law, regulation or directive of a government agency regarding the collection, storage and use of personally identifiable information, including without limitation:

(a) the Privacy Act 1988 (Cth);

(b) the GDPR;

(d) the CCPA.

‍

Please contact us with any questions or concerns.