Last Updated: May 25, 2018
1 Privacy Notice
This Privacy Notice explains the information practices and policies of BUSINESS ELECTRONICS HOLDINGS PTY LTD ABN 17 001 305 086 (“Bepoz”). It describes how we collect, use, and disclose information of:
(a) individuals (i.e. employees of customers or our customers’ customers, collectively “customers”) that use or may use our Products and Services;
(b) individuals (i.e. employees of customers or our customers’ customers, collectively “customers”) of prospective customers; and/or
(c) any visitors to any websites owned by Bepoz (“Bepoz Websites”).
For the purposes of this Privacy Notice, the terms “we”, “us” and “our” refer to Bepoz and “you” refers to anyone whose information we process for the purposes above.
This Privacy Notice does not reflect the privacy policies or practices of our customers or any other third party. Bepoz is not responsible for the privacy policies or practices of any customer, any customers’ customers, or any other third party.
2 About Bepoz
We provide electronic point of sale (POS) products (including POS software and various hardware devices) and services (including consulting, installation, maintenance and support) to our customers, (collectively, the “Products and Services”).
In using our Products and Services, our customers may backup, store and/or otherwise process business or other information or allow us to have access to such information, including Personal Information (defined below) in/on our Products and Services (“Customer Information”).
In providing our Products and Services, we process Customer Information on behalf of and under the direction and instruction of our customers.
It is the responsibility of our customers to ensure that the Customer Information they collect, backup, store or otherwise process and allows us to access through their use of our Products and Services has been legally collected and is processed in accordance with applicable data protection laws.
3 How We Collect, Use, and Share Information
We primarily collect, access, use, and share Personal Information where necessary for us to market and provide Products and Services to our customers and in the ordinary course of running our business, including through the receipt of communications such as emails, website enquiries and telephone calls.
When we say, “Personal Information,” we mean individually identifiable information that alone or when in combination with other information may be used to readily identify, contact, or locate a specific person, such as a name, address, phone number, username, email address, and password, it might also include information such as your IP addresses and/or other online identifiers and information related to your device (see “Cookies or Similar Technologies” section below)
4 Information Collected through Our Products, Services and Bepoz Websites
We may collect information, including Personal Information, in the following ways:
4.1 Information That You Provide to Us Voluntarily
We will collect any Personal Information that you voluntarily provide to us when you visit a Bepoz Website or subscribe to or enquire about any of our Products and Services.
For example, if you submit a sales enquiry or subscribe to a newsletter via a Bepoz Website web form or request additional information or contact from Bepoz via email, you will provide us with certain Personal Information, which may include names, company name, address, and email address.
In addition, if you choose to communicate with us via a web form, email, or by telephone, we will keep a copy of our communication together with your email address or phone number and our responses.
4.2 Information That We Collect Automatically
When you visit any Bepoz Website or use our Products and Services, we may also collect device related information from your device(s), including information such as an IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location), the date and time of use of our Products and Services, the date and time of an event on your IT systems, information from system logs, and technical attributes about the device or a web browser.
In some countries, including countries in the European Union, this information may be considered “personal data” under applicable data protection laws.
We collect this information because it enables us to better understand use of our Bepoz Websites, and Products and Services. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies or Similar Technologies” below.
4.3 Cookies or Similar Technologies
A persistent cookie gets entered by your Web browser into the “Cookies” folder on your computer and remains there after you close your Web browser. Persistent cookies may be used by your browser on subsequent visits to the site; however, session cookies are held temporarily in your computer’s memory and disappear after you close your browser or shut off your computer.
If you have arrived at any Bepoz Website by clicking on a banner ad for one of Bepoz’s products or Products and Services, a session cookie may be used. This cookie contains an identification number for the advertisement that you clicked on, and it helps Bepoz determine which of its ads attracts the most visitors. If you choose to request further information from us about Bepoz’s products and Products and Services, the personal information that you provide in that request will be linked to the information in the session cookie.
To better understand how our sites are used, Bepoz Websites may also use persistent cookies along with other information collected in our servers’ files (e.g., IP Address, referring URLs, etc.). Each browser is different, so you should check your browser’s “Help” menu to learn how to change your cookie preferences. If you reject or block cookies, Bepoz Websites may not function as intended.
4.4 Information That We Obtain from Third Party Sources
Bepoz may also collect information from commercially available sources but only where we are legally permitted to collect the information. Such information may include names, addresses, email addresses, and demographic data. The information Bepoz collects from these commercial sources may be combined and cross-referenced with information collected through our Products and Services. We use this information for communications purposes to provide direct marketing materials for our customers or prospective customers.
From time to time, we may also ask our partners or customers to voluntarily provide us with the email addresses of contacts of other organisations, so they too can benefit from the various products and Products and Services offered by us and our trusted affiliates. Where we do, we will ask that they have the permission to pass on these details to us.
4.5 How We Use Information Collected through Our Products, Services and Bepoz Websites
We use the information we collect, including Personal Information, to respond to any request or query directed to us (for example through web forms or email), to provide you/your organisation with our Products and Services and to manage our relationship with you.
For example, we may respond to a job application, address any enquiries or complaints you may have, endeavour to improve the Products and Services we provide, or provide you with information about other products and Products and Services we offer that we think you may be interested in.
If we have the right to do so, we may use your Personal Information for the purposes of direct marketing communications to your organisation, such as by adding your contact and other details to a marketing database. Where we do, we will provide you with an opportunity to opt out in accordance with section 6.
We may use any information we collect through the Products and Services and/or any Bepoz Websites for internal and service-related purposes, including providing it to third parties as necessary to allow us to facilitate provision of the Products and Services, maintain or improve Bepoz Website security, and/or invoicing for example.
From time to time, we will anonymise, and aggregate data collected through our Products and Services for analytics purposes, product improvement purposes and other commercial purposes.
5 How We May Disclose Information Collected through Our Products, Services and Bepoz Websites
We may share any information we collect, including Personal Information with the following categories of recipients and/or in the following circumstances.
5.1 With Our Group Companies, Third-Party Vendors and Service Providers.
We may share any information, including Personal Information, with any of our group companies, vendors and/or service providers in connection with the provision or marketing of the Products and Services, and Bepoz Websites. These third parties have access to Personal Information to the extent necessary to permit them to do their jobs, however, they are bound by confidentiality agreements before any information is provided to them, and they are restricted from using the information for other purposes.
5.2 As Required by Law and Similar Disclosures.
We may access, preserve, and disclose information, including Personal Information, if we believe it is necessary: to comply with national security or law enforcement requests and legal process, such as a court order or subpoena; to respond to your requests; to prevent or address fraud, security, or technical issues; or to protect our property or other legal rights or the rights or property of others, or to protect the vital interests of others.
5.3 Merger, Sale, or Other Asset Transfers.
If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy, receivership, sale of company assets, or transition of service to another provider, information collected through the Products and Services or Bepoz Websites (or both) may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
Other than as stated in this Privacy Notice, we will not release Personal Information to unaffiliated third parties, and we will not cross-reference Personal Information collected through one customer’s use of our Products and Services with that of any other customer or entity.
6 Access, Integrity, Retention, and Choices
6.1 Personal Information of customers’ customers
Please note that if you are one of our customers’ customers whose Personal Information we may backup or otherwise process in providing Products and Services to our customers, you must submit any requests for access to, correction, amendment, or deletion of your Personal Information, to our applicable customer.
6.2 Access & Correction
If you wish to request access to, correction, or deletion of Personal Information you have submitted through the Bepoz Websites, you can contact Bepoz at email@example.com. If you are a resident in the European Union, you may have additional rights which we have set out below.
6.3 Data Integrity and Purpose Limitation
Bepoz will use Personal Information only for or in ways compatible with the purposes for which it was collected.
6.4 Information Retention
We keep information we need to provide our Products and Services only so long as we have a valid business purpose, in accordance with applicable law and our customer agreements. For example, to provide you with Products and Services you have requested or to comply with applicable legal, tax or accounting requirements.
When we have no ongoing legitimate business need to process your Personal Information, we will delete it. If immediate deletion is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible or unless as otherwise required by law.
6.5 User Choices
We include an “unsubscribe” hyperlink in Bepoz marketing emails for those users who wish to stop receiving email communication from Bepoz. The hyperlink will connect to one of our websites, which will confirm the email address that has been automatically unsubscribed and will no longer receive emails from Bepoz.
We take steps to ensure that information is treated securely and in accordance with this Privacy Notice which include appropriate technical and organisational measures. These measures are designed to provide a level of security appropriate to the risk of processing of your Personal Information. However, neither the Internet nor any form of electronic storage can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information provided to us.
8 Compliance with Australian Privacy Principles
We comply with the Australian Privacy Principles as set out in the Privacy Act 1988 (Cth) (“Privacy Act”) regarding the collection, storage, use and disclosure of Personal Information from Australian users.
In addition to the uses set out in the section titled “How We Use Information Collected through Our Products, Services and Bepoz Websites”, we may also use your information, including Personal Information, for a secondary purpose that is related to a purpose for which we collected it, where you would reasonably expect us to use your Personal Information for that secondary purpose.
Under the Privacy Act, we have an obligation (the “Obligation”) to take reasonable steps, in the circumstances, before disclosing Personal Information to an overseas recipient to ensure that the overseas recipient does not breach privacy laws in relation to that information. However, should we obtain your consent to disclose your Personal Information to an overseas recipient, the Obligation does not apply.
In obtaining your consent, we will not be accountable, and you will not be able to seek redress against us under the Privacy Act, if the overseas recipient handles your Personal Information in breach of the Australian Privacy Principles (“APPs”) under the Privacy Act.
In providing your consent under this Privacy Notice, you acknowledge and agree to the risks associated with the disclosure of your Personal Information overseas. These risks may include the overseas recipient not being subject to any privacy obligations or privacy principles similar to the APPs and the overseas recipient being subject to foreign law that could compel the disclosure of your Personal Information to a third party, such as an overseas authority.
If you are a customer in Australia and wish to access, correct or update your information in accordance with section 6, Bepoz may refuse certain requests but only in circumstances where this is permitted under the Privacy Act.
9 International Use (Except EU)
Bepoz is headquartered in Australia, but we are a growing corporation with operations in multiple countries. In using Bepoz Websites, Products and Services and/or otherwise contacting us you acknowledge that your information may be accessed and processed around the world, by us in Australia or by our affiliates, partners, merchants, or service providers elsewhere in the world, including the New Zealand, Malaysia, Singapore, United States, European Union, the Philippines and India. We have taken appropriate safeguards to require that your Personal Information remains protected in accordance with the terms of this Privacy Notice and applicable data protection laws.
10 International Use (EU)
The General Data Protection Regulation (EU) 2016/679 (also known as the GDPR) is the data protection law adopted by the European Union (EU) set to replace the existing Data Protection Directive 95/46/EC and designed to strengthen data protection for all individuals within the EU and harmonize data protection and privacy laws for companies doing business in Europe.
• Strengthens the protection of personal data considering rapid technological developments, increased globalisation, and more complex international flows of personal data;
• Expands the rights of EU data subjects and creates new rights;
• Seeks to replace the existing patchwork of national data protection laws with a single set of rules, directly enforceable in each EU member state;
• Reaches beyond Europe, as it applies to any entity that processes personal data tied to offering products or services to, or monitoring behaviour of, individuals in the EU, regardless of where the data is processed or stored;
Bepoz has taken steps to align business practices, processes and policies with the GDPR’s data protection obligations, including a comprehensive review of all our business relationships, products, services, and data handling practices, including but not limited to the following:
• The creation of Data Privacy Impact Assessment (DPIA) and Data Flow Diagrams for the data in our products and services;
• The review and updating of contractual agreements and renegotiate terms as necessary to align with the GDPR;
• The review and updating of corporate privacy policies and privacy notices;
• The review and updating data-driven products and services;
• The preparation of a strengthened incident response process to ensure compliance with the GDPR’s data breach reporting obligations.
10.1 Right to Be Forgotten (EU)
To remove information from our database(s), you must send an email request to firstname.lastname@example.org with REMOVE MY DATA in the subject line and the following details in the body of the message:
• First Name
• Last Name
• Phone Number (if you originally provided it to us)
Bepoz will work to ascertain the validity of your request; our assumption is that the you have maintained control of your e-mail account and that the request is sent in good faith.
A member of our team will check the information you provided against the records in our database. If the information matches, we will reply and confirm that we are going to delete your records within 30 days. After that reply, you will receive no further communication from Bepoz.
Please keep in mind that we will have no way to contact you after we delete the original e-mail. You must either contact Bepoz directly or re-enter your information into a form on our website at https://www.bepoz.com.au to be added back into our systems.
11 Legal Basis for processing your Personal Information
Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
We will normally collect Personal Information from you only where we need the Personal Information to perform our contract for our Products and Services with our customers, where the processing is in our legitimate interests (provided these interests are not overridden by your data protection interests or fundamental rights and freedoms), or otherwise if we have your consent to do so. In some cases, we may also have a legal obligation to collect Personal Information from you such as to comply with background check requirements, tax details, or other benefit information for Bepoz employees.
If we ask you to provide Personal Information to comply with a legal requirement or to contact you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are and before doing so will ensure that we have considered your rights and interests.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us at email@example.com
12 Your Rights
We acknowledge individuals’ rights in relation to their personal data under application data protection laws.
In addition, if GDPR applies to your Personal Information, you may have the following data protection rights which you may exercise at any time by using the contact details provided under the “Complaints and How to Contact Us” section below:
• You may access, correct, update or request deletion of your Personal Information;
• You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information;
• You have the right to opt-out of marketing communications we send you at any time. In addition to using our contact details below, for email marketing communications you can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you;
• Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent;
• You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority.;
• We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Please note, if you are an individual whose personal information Bepoz processes as a “data processor”, for example to provide Products and Services on behalf of our customers, you must contact the relevant data controller of your Personal Information to exercise your rights. This might be one of our customers.
13 Children’s Privacy
We do not knowingly collect, store, or use information from children, including those under the age of 13. If you are under the age of 13, you may not submit any information through the Bepoz Websites or Products and Services. If you have reason to believe that a child under the age of 13 has provided information to us through the Bepoz Websites or Products and Services, please contact us and we will endeavour to delete that information from our databases.
14 Do Not Track
The Bepoz Websites currently do not respond to “Do Not Track” (DNT) signals and operate as described in this Privacy Notice whether a DNT signal is received or not.
15 Changes to This Privacy Notice
We may update this Privacy Notice to reflect changes to our information practices from time to time. If we decide to change this Privacy Notice, we will post the changes on this page so visitors to the Bepoz Website and our customers and the users of their IT systems are aware of our practices, and we will change the “Last Updated” date above.
If we make a material change to our information practices, such as to how we use Personal Information, we will make reasonable efforts to provide notice on our website and/or through our customers and obtain consent to any such uses as may be required by law.
16 Complaints and How to Contact Us
If you have any questions, comments, or concerns about this Privacy Notice or our information practices, please email us at firstname.lastname@example.org.
If you don’t receive adequate resolution of a privacy-related problem, you may write to our Privacy Officer at:
The Privacy Officer
Level 2, U7 Heritage Business Park
691 Gardeners Road, Mascot NSW 2020
If a complaint cannot be resolved by any of the mechanisms described above or for more information on your privacy rights, you may contact the Office of the Australian Information Commissioner at:
Phone: 1300 363 992. If calling from outside Australia: +61 2 9284 9749
Fax: +61 2 9284 9666
Address: GPO Box 5218, Sydney NSW 2001