Last updated 29th May 2020
1.1 The privacy of your Personal Information is important to Cryptospend Pty Ltd (ACN 630 245 813). We respect your rights to privacy and rights under applicable privacy laws and are committed to complying with the requirements of the privacy law in the collection and handling of your Personal Information.
1.2 This policy explains how we collect, retain, process, share, transfer and handle your Personal Information and describes the kinds of Personal Information we collect, use, disclose and our purposes for doing so.
1.3 Where we undertake activities in the European Union (EU), or if you are located in the EU and we offer goods or services to you, or we monitor your behaviour as far as that behaviour takes place within the EU, we are regulated under the General Data Protection Regulation (GDPR) and are responsible as a “controller” or “processor” of personal data for the purposes of those laws.
1.4 Where we undertake activities in Australia, or if you are located in Australia, we are regulated by the Privacy Act, the Australian Privacy Principles and other applicable laws and codes in relation to your personal information. In this document, the term “personal data” includes personal information under the Privacy Act.
1.6 We use some defined terms in this policy. You can find the meaning of each defined term at the end of this policy.
1.7 Personal Information is information which may be used to reasonably identify you. For example, your name, address, date of birth, gender, email address, telephone number is generally considered to be Personal Information. Personal Information may also include information we collect about your individual preferences.
1.8 This policy applies to your Personal Information when you use our Website, and interact generally with us but does not apply to Third Party Sites. We are not responsible for the privacy policies or content of Third Party Sites.
1.9 For the avoidance of doubt, unless stated otherwise, this policy will govern our collection of your Personal Information irrespective of the forum.
1.10 This policy may be updated from time to time and the most up to date version will be published on our Website. We encourage you to check our Website periodically to ensure that you are aware of our current policy.
1.11 If, for any reason you do not wish to complain to us initially or if you are unsatisfied with our response to your complaint, you are free to file a complaint with the competent data protection authority. In Australia, you may file a complaint with the Office of the Australian Information Commissioner. Where the GDPR applies, the competent data protection authority includes the supervisory authority located in the particular EU state where you work, normally live or where any alleged infringement of data protection laws has occurred.
2. Why we collect Personal Information
2.1 When you visit our Website, we collect Personal Information so that we can provide you with products and services and improve and customise your experience with us. We only collect Personal Information if it is reasonably necessary for us to carry out our functions and activities.
2.2 Without limiting the processing or use of your personal data for the above purposes,your personal data may also be used:
(a) to verify your identity;
(b) to deliver our products and services to you;
(c) to respond to User’s support requests;
(d) in connection with your attendance or participation in functions, events or activities conducted by us or our partners
(e) to manage our relationship with you, evaluate our business performance and build our customer database;
(f) to meet the regulatory requirements of any competent authority or law enforcement agency (local or overseas) or implementing market’s best practices;
(g) to provide you with information about our products, services, functions, events or activities, including location specific offers where you elect to share your location with us on your device;
(h) to enable you to participate in any promotion, competition, survey and/or enable you to subscribe to mailing lists/newsletters and interact or follow our social media pages;
(i) to enable us to provide you with a better user experience, with more relevant content,features, and functionalities, and with technical assistance and support;
(j) to respond to your requests and seek your feedback;
(k) to conduct research, compare information for accuracy and verification purposes,compile or analyse statistics relevant to the operations of our business;
(l) to facilitate our internal business operations, including fulfilment of any legal and regulatory requirements and monitoring, analysing and improving the performance and functionality of our Website and investigating breaches of or enforcement of any legal terms applicable to our Website;
(m) to protect our property, the Website or our legal rights including to create backups of our business records;
(n) to manage risk and protect our Website from fraud or to assist with detecting and preventing fraudulent use of our Website;
(o) for the direct marketing purposes set out below; and
(p) to manage our business, including analysing data collected from our Website concerning visits and activities of users on our Website. This analysis helps us run our Website more efficiently and improve and personalise your experience online. We use information from third party services such as Google Analytics to help further improve your experience in using our Website.
3.1 The kinds of Personal Information we collect will depend on the type of interaction you have with us. Generally, the kinds of Personal Information we collect may include:
(a) your name, address (postal and residential), email address, telephone number(s),date of birth and gender when you register an account with us;
(b) information from third party sources such as data providers, exchanges and credit organisations, where permitted by law;
(c) details of the device you have used to access any part of our Website, including carrier/operating system, connection type, IP address, mobile payment methods,interaction with other retail technology such as use of NFC Tags or QR Codes which information may be collected and used by us automatically if you use our Website, through the browser on your device or otherwise;
(d) demographic information;
(e) location data;
(f) your connections with others whose personal information we may collect or hold;
(g) credit card, debit card, PayPal, AliPay, WeChat Pay or any other online payment methods or gateways and direct debit details for your bank account in order to process transactions; and
(h) transaction details relating to your use of our products, services or rewards.
3.2 Without providing the above information, you may not be able to use our Services, or complete any transaction contemplated by our Services.
3.3 Any Personal Information provided voluntarily by you via your use of the Service, such as the User’s e-mail address in order to be contacted(and any additional information related to such contacts), User responses to customer surveys about how we can improve our product(s) and service(s),transaction details provided through use of the Service, and/or other actions performed by your in connection with the Service.
3.4 Your telephone calls to us may also be recorded for training and quality assurance purposes.
4.1 We may disclose Personal Information collected from you:
(a) to our related entities, employees, officers, agents, contractors, other companies that provide services to us, sponsors, government agencies or other third parties to satisfy the purposes for which the information was collected (as outlined in clause 2.2 of this policy) or for another purpose if that other purpose is closely related to the primary purpose of collection and an individual would reasonably expect us to disclose the information for that secondary purpose;
(b) to merchants and the recipients of funds or Tokens to identify you as the sender of the funds and to a party whom sends you funds in connection with a transfer to you of funds or Tokens;
(c) to third parties, including those in the blockchain and fintech industry, marketing and advertising sectors, to use your information in order to let you know about goods and services which may be of interest to you in accordance with the SPAM Act 2003 (Cth) and the Privacy Act;
(d) to third parties who help us to verify the identity of our clients and customers, and other software service providers who assist us to provide the services we provide to you;
(e) to third parties who help us analyse the information we collect so that we can administer, support, improve or develop our business and the services we provide to you;
(f) if the disclosure is required by a law, or legal process, requested by a government agency or other third parties pursuant to a subpoena, court or other legal process with which we are required to comply;
(g) to our professional advisers such as consultants, bankers, professional indemnity insurers, brokers and auditors so that we can meet our regulatory obligations, and administer, support, improve or develop our business;
(h) to debt recovery agencies who assist us with the recovery of debts owed to us;
(i) to any other person, with your consent (express or implied); and(j) to facilitate the sale of all or a substantial part of our assets or business or to companies with which we propose to merge or who propose to acquire us and their advisers.
4.3 We may also disclose your Personal Information if you choose to participate in online or “app” based service offerings whereby your Personal Information may be disclosed to and stored in software which is operated by a third party intermediary as part of your dealings with us. Personal Information disclosed in this manner may be transmitted offshore, including to the United States of America or the EEA. When you provide your personal information to us, you consent to the disclosure of your personal information outside of Australia and acknowledge that other countries may have different data protection rules to Australia and that we are not required to ensure that the overseas recipients deal with that personal information in compliance with Privacy Legislation. We will, however, take reasonable steps to ensure any overseas recipient to which we provide your Personal Information deals with such information in a manner consistent with the APPs.
4.4 In the event of a proposed restructure or sale of our business (or part of our business) or where a company proposes to acquire or merge with us, we may disclose Personal Information to the buyer and their advisers without your consent subject to compliance with the Privacy Legislation. If we sell the business and the sale is structured as a share sale, you acknowledge that this transaction will not constitute the ‘transfer’ of Personal Information.
4.5 We will not sell, trade or rent your Personal Information to any third parties for marketing purposes without your consent.
5. How we collect and store data and transmit Personal Information
5.1 We collect Non-Personal Information through your use of the Service and/or the transactions carried out in connection with the Service. When you are using the Service, we may be aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below.
5.2 We collect Personal Information which you provide to us voluntarily.
5.3 We usually collect and store information in paper, physical and electronic form provided by you in person or when you communicate with us by messaging service (including but not limited to Whatsapp, Telegram or Skype), telephone, email, web-based form, letter, facsimile or other means, including when:
(a) you contact us over the phone;
(b) we provide you with our services via telephone, email or our Website;
(c) we provide you with assistance or support for our products or services;
(d) you participate in our functions, events or activities or on our social media pages;
(e) you request that we provide you with information concerning our products or services;
(f) you upload or submit information to access a rewards program or to submit a review or complaint; or
(g) you complete any forms requesting information from you, including on registration with us, complete any survey or provide feedback to us concerning our products or services.
5.4 Where practicable we will only collect information from you personally. However, we will also collect your Personal Information through our partners and third parties who supply services to us.
5.5 Please note that we use our own and third party computer servers including our Website hosts, data backups and payment gateway(s), which may be located overseas and your Personal Information will likely be stored and transmitted overseas.
5.6 We also collect information from your computer or mobile device automatically when you browse our Website. This information may include:
(a) the date and time of your visit;
(b) your domain;
(d) operating system;
(e) the server your computer or mobile is using to access our Website;
(f) your browser and version number;
(g) search terms you have entered to find our Website or access our Website;
(h) pages and links you have accessed both on our Website and on other websites;
(i) the last website you visited;
(j) the pages of our Website that you access;
(k) the device you use to access our Website; and
(l) your IP Address.
5.7 While we do not use some of this information to identify personally, we may record certain information about your use of our Website such as which pages you visit and the time and date of your visit.
5.8 It may be possible for us to identify you from information collected automatically from your visit(s) to our Website. If you have registered an account with us, we will able to identify you through your user name and password when you log into our Website. Further, if you access our Website via links in an email we have sent you, we will be able to identify you.
5.9 The device you use to access our Website may collect information about you including your location using longitude and latitude co-ordinates obtained through GPS, Wi-Fi or cell site tri-angulation. For information about your ability to restrict the collection and use of such information, please use the settings available on your device.
5.10 We may use statistical analytics software tools such as Google Analytics and software known as cookies which transmit data to third party servers located overseas. To our knowledge, Google Analytics does not identify individual users or associate your IP Address with any other data held by Google.
6.1 We will endeavour to take all reasonable steps to keep secure and protect any Personal Information which we hold about you, including:
(a) securing our physical premises and digital storage media;
(b) placing password protection and access control over our information technology systems and databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
(c) taking regular back-ups of our electronic systems.
6.2 Notwithstanding that we will take all reasonable steps to keep your Personal Information secure, data transmission over the internet is never guaranteed to be completely secure. We do not warrant the security of any information you transmit to us or from any online services.
8.1 To use the Service, you must be over the age of eighteen (18). Cryptospend does not knowingly collect Personal Information from children under the age of eighteen (18) and does not wish to do so.
8.2 We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the Service. In the event that it comes to our knowledge that a person under the age of eighteen (18) is using the Service, we will prohibit and block such User from accessing the Service and will take appropriate measures to prevent that User from making use of our Service.
9.1 We may communicate with you by phone, email, SMS or push notification, to inform you about existing and new products and services that may be of interest to you.
9.2 We will ensure that any e-mail that you are sent by us as direct marketing complies with the SPAM Act 2003 (Cth) and contain an ‘unsubscribe’ option so that you can remove yourself from any further marketing communications. To opt-out of communications via SMS, reply with “STOP”. You may decline marketing messages sent by push notifications by refusing the relevant permission in your phone or tablet settings, however this setting will prevent you from receiving other messages from us via push notification. You may also opt-out of receiving marketing materials from us using the contact details set out below.
9.3 You can also call or write to us to request that your details be removed from our direct marketing list. We will endeavour to remove your details from our direct marketing list within a reasonable time (ordinarily 5 working days).
9.4 Our direct marketing list may be operated by software and servers located overseas and your Personal Information may be sent overseas as part of our marketing.
9.5 We will also send communications that are required or necessary to send to users of our Website that contain information about important changes or developments to or the operation of the Website or as well as other communications you request from us. You may not opt out of receiving these communications but you may be able to adjust the media and format through which you receive these notices.
10.1 It may be impracticable to deal with you on an anonymous basis or using a pseudonym.
10.2 We may be able to provide you with limited information in the absence of your identifying yourself but generally we will be unable to provide you with any information, goods and/or services unless you have identified yourself.
10.3 Whenever and to the extent possible, we de-identify data which we holds about you when it is no longer necessary to identify you from the data which we hold about you.
11.1 If you have any queries in relation to this policy, you wish to access or correct the Personal Information we hold about you, or make a complaint, please contact us in writing at:
Mail: Privacy Officer CryptoSpend Pty Ltd 608 Harris Street ULTIMO NSW 2007
11.2 We ask that any complaint about the collection, processing, use, disclosure, storing or handling of your personal data should be made first in writing to us. We will then respond to your complaint in writing and in accordance with any time frames required by law. We may request you to provide further information about your complaint to duly assess your complaint.
11.3 We aim to acknowledge receipt of all privacy complaints from you within 5 working days and resolve all complaints within 30 working days. Where we cannot resolve a complaint within that period, we will notify you of the reason for the delay as well as advising the time by which we expect to resolve the complaint.
11.4 In order to disclose information to you in response to a request for access we may require you to provide us with certain information to verify your identity. There are exceptions under the Privacy Legislation which may affect your right to access your Personal Information – these exceptions include where (amongst other things):
(a) access would pose a serious threat to the life, health or safety of any individual;
(b) access would have an unreasonable impact on the privacy of others;
(c) the request for access is frivolous or vexatious;
(d) the information relates to existing or anticipated legal proceedings between you and us and the information would not otherwise be accessible by the process of discovery;
(e) giving access would reveal our intentions in relation to negotiations with you;
(f) giving access would be unlawful;
(g) denying access is required or authorised by or under an applicable law or a court/tribunal;
(h) the information relates to commercial sensitive decision making process; or
(i) giving access would prejudice enforcement related action.
11.5 We may (depending on the request) charge you a fee to access the Personal Information. We will inform you of any fees payable in respect of accessing your Personal Information prior to actioning your request. All requests for Personal Information will be handled in a reasonable period of time (within 30 days after the request is made).
11.6 If you wish to have your Personal Information deleted, please contact us using the details above and we will take reasonable steps to delete the information (unless we are obliged to keep it for legal or auditing purposes).
11.7 In the event that you believe that there has been a breach of the Privacy Legislation, we invite you to contact us as soon as possible.
11.8 If you are not satisfied with our handling of a complaint or the outcome of a complaint you may make an application to the Office of the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.
(a) business developments; or
(b) legal or regulatory developments.
(a) Australian Privacy Principles or APPs means the principles set out in Schedule 1 to the Privacy Act.
(b) IP Address means a number automatically assigned to your computer which is required when you are using the internet and which may be able to be used to identify you.
(c) Personal Information has the meaning set out in the Privacy Act.
(d) Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.
(e) Privacy Legislation means such laws or regulations as may place requirements on the handling of Personal Information under the Privacy Act and the Australian Privacy Principles .
(f) Third Party Sites means online websites or services that we do not own or control, including websites of our partners.
(g) Tokens has the meaning set out in our Terms and Conditions.
(h) Website means https://cryptospend.com.au/ and/or any other website as we may operate from time to time.
(i) we, our, us and similar terms means Cryptospend Pty Ltd (ACN 630 245 813) and our related entities.
(j) you, your and similar terms means, as the context requires (1) you, when you use our Website; and/or (2) you, during your dealings with us as a customer; and/or (3) any agent providing your Personal information to us; and/or (4) any agent dealing with us on your behalf.