a) My Life Capsule Pty Ltd (ACN 640 040 311) (we, us or our) operates the following sites:
b) Our purpose and mission, is to help families protect, organise and share their most important information in the safest digital environment.
c) My Life Capsule is built using privacy-by-design principles. You are our customer, not our product, and protecting your privacy is paramount. You can learn more about the 7 Privacy-by-Design principles here.
d) Your privacy is important to us and we are committed to protecting your personal and sensitive information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Privacy Act) and the General Data Protection Regulation (EU 2016/679) (GDPR), which applies across the European Union (collectively, Privacy Laws). Where GDPR is applicable, we encourage you to read and familiarise yourself with a summary of your rights in the table in clause 11.1(b) below.
e) We do not read, mine or sell your personal information. We will be transparent with you about how your personal information is managed.
f) Our Sites have been designed and built to ensure that the personal information you store and organise in your capsule cannot be seen, read or accessed by us.
g) Only you, and the connections you choose to share your personal information with, can view your personal information.
h) This policy outlines how we protect your fundamental right to privacy in line with the applicable Privacy Laws.
a) This policy outlines how and when we collect, process, use, share, store, disclose, alter and destroy your personal and sensitive information and applies to all personal and sensitive information we collect through:
i) our Sites; and
ii) our products and services.
b) If you have any questions about this policy, you can contact us using the details below.
Depending on the product or service you select, we may collect, store or use:
a) personal information (referred to in clause 3.2);
b) sensitive information (referred to in clause 3.3); and
c) specific information (referred to in clause 3.4),
provided by you, or otherwise provided in the course of using our products or services (together Information).
a) Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not the information is true or recorded in a material form.
b) This may include:
i) your name, date of birth, address, telephone number, email address, occupation, passwords, pin codes, documents, certificates, ID cards, medical history and the contact details of your emergency contacts;
ii) information about the products or services you order or enquire about, including how the products or services are used;
iii) your financial information (such as credit card details), method of payment and any additional information required for user authentication processes; and
iv) any other information relating to you that you provide to us, including the information you provide by email or telephone, which we may utilise to support your use of our products or services.
a) We will store the sensitive information provided by you with your explicit consent. If you select a product or service from us which requires you to upload or otherwise disclose sensitive information, you will be prompted to do so.
b) By doing so, you will be providing your explicit consent and authorising us to collect such information and otherwise perform the functions and activities you have requested.
c) If you believe that you have accidentally provided us with sensitive information, please contact us using the details below.
We may also collect and store other types of information which may not, on its own, be classified as personal or sensitive (specific information), such as:
a) the date and time you accessed our Sites or our products and services;
b) product usage codes, such as your hashed user ID;
c) the IP address and country used at the time you signed up to use our products and services, or access our Sites; and
d) other information contained in:
i) end of trial or end of user usage reports; and
i) daily and weekly capture usage reports.
a) We collect and store your Information in several ways, including:
i) through your use, or orders, of our products or services (and our records of these);
ii) when you visit our Sites or submit Information through our Sites (such as for customer help functions), contact us, or complete any forms or documents (such as onboarding forms) for our products or services;
iii) by mirroring your created attachments, specifically your user and attachment internal ID’s, which only hold specific information.
iv) when you participate in surveys, questionnaires or other promotional activities;
v) from third parties (which we discuss further in clause 6.2 of this policy); and
vi) from publicly available sources of Information.
b) The Information we collect will enhance your use of the Sites or our products or services, and assist us in providing a better service to you.
c) We will only collect Information that is necessary for one or more of our functions or for a purpose outlined in this policy or otherwise disclosed to you.
c) By providing your Information to us, you acknowledge that you are authorised to provide such Information to us.
a) When we collect Information directly from you, we will take reasonable steps to notify you (using a collection notice) at, before, or as soon as practicable after, the time of collection.
b) As a collection notice is specific to a particular collection of Information, it will provide more specific Information about our Information-handling practices than this policy.
c) This policy is subject to any specific provisions contained in our collection notices and the terms and conditions of any offers, products and services. We therefore encourage you to read those provisions carefully.
a) You may allow us to collect Information from a representative who you have authorised to provide us with your Information.
b) When we collect your Information from your authorised representative, we will take reasonable steps to make sure you are aware of the collection.
c) If you provide us with Information about another individual (as their authorised representative), we rely on you to:
i) inform them that you are providing their Information to us; and
ii) advise them that they can contact us for further Information.
d) You must take reasonable steps to ensure the individual is aware of, and consents to, the matters outlined in this policy, including that their Information is being collected, the purposes for which that Information is being collected, the intended recipients of that Information, the individual’s right to access that Information, and who we are and how to contact us.
e) Upon our request, you must also assist us with any requests by the individual to access or update their log in details such as their username or email.
We rely on several legal bases under the GDPR to collect, process, store, use and disclose the Information of individuals residing in the European Union, including:
a) consent – where you have freely and expressly consented to the collection, use, storage, processing and disclosure of your Information for a specific purpose. The provision of Information to us is voluntary. However, if you do not provide your Information to us, we may not be able to provide you with access to, and use of, our products, services or Sites. You may withdraw your consent at any time by contacting us using the details below;
b) contract performance – where the collection, use, storage, processing and disclosure of your Information is necessary for the performance of a contract to which you are a party. For example, when collection and use is necessary to fulfil our obligations to provide you with access to, and use of, our products, services or Sites;
c) our legitimate business interests – where we need to do so for legitimate business interests, including:
i) providing, operating and improving our products, services or Sites;
ii) marketing new promotions, deals, offers, competitions, products, services provided by us or our Authorised Affiliates that we consider may interest or benefit you;
iii) managing, analysing, understanding and developing our relationship with you; and
iv) responding to your queries or complaints; and
d) compliance with legal obligations – where there is a legal obligation to collect, use, store, process or disclose your Information. For example, we may be obliged to disclose your Information by reason of any applicable law, regulation or court order and/or to protect our interests and legal rights.
a) We only use, process and disclose your Information for the purposes for which it is collected.
b) In particular, we use and process your Information to:
i) provide you with our products or services, or the Sites;
ii) improve, develop and manage our products, services and the Sites;
iii) operate, maintain, test and upgrade our systems; and
iv) notify you of opportunities we think you might be interested in, including new product or service offerings.
c) We may also use and process your Information:
i) to customise the advertising and content on our Sites;
ii) to provide Information that we think may interest or benefit you, including Information about the Sites;
iii) to charge and bill you for our products and services;
iv) to verify your identity;
v) to conduct fraud, risk reduction and creditworthiness checks;
vi) to perform research and analysis about our products, services and the Sites;
vii) to comply with regulatory or other legal requirements,
viii) for any purpose to which you have consented; and
ix) for any other purpose notified to you at the time of collection.
d) In the event of a merger, acquisition or sale of the whole or part of our business or assets, we reserve the right to transfer your personal Information as part of the transaction, by providing you with 30 days’ notice.
a) With your consent, we may provide your Information to:
i) our employees, related entities, business partners, third party contractors, suppliers and agents from time to time for the purpose of delivering, providing and administering our products, services or Sites; and
ii) third party service providers who process or use your Information for the purpose of performing functions on our behalf, but may not process or use such Information for any other purpose.
b) Examples of these third party service providers include marketing and analysis organisations, financial and credit card institutions to process payments, hosting companies, web developers, internet service providers, customer service providers, customer support specialists, fulfilment companies, external business advisors (including auditors and lawyers), our insurer, and research and data analysis firms, (collectively, Authorised Affiliates).
c) The table below lists some of our main Authorised Affiliates:
|Third party supplier||Description||Country where data is physically stored||Registered office country||Personal data stored or processed|
|Meeco||Data protection service||
|Australia||All user data|
|Postmark||Postal marking service||USA||USA||Email service|
|Unify Solutions||Identity, Access and security Services||Ireland||Australia||Processing our customer data|
|Amazon Web Services||Data hosting||
|USA||All user data is encrypted and stored securely within AWS|
|MailChimp & its subsidiary Maildrill||Email service provider||USA||USA||Your email address. When registering via a MailChimp email, the service can identify your general location, time zone and device.|
|Microsoft Azure||Data hosting||Ireland||USA||All user data is encrypted and stored securely within Azure|
Depending on your location any of the following may apply:
· New Zealand
|Your full name, email address, account log-in credentials, payment card number, CVC code and expiration date & Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of the Sites you are visiting; Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.|
|Zendesk||Stripe Service Provider & Sub-Processor||The information included by the individual reaching out to Stripe, such as name, email address, phone number, and other information that may be included based on the nature of the communication|
|Amazon Web Services||Stripe Service Provider & Sub-Processor||User data and user’s Customers’ data|
|Conversocial||Stripe Service Provider & Sub-Processor||Information included in the query|
|DocuSign||Stripe Service Provider & Sub-Processor||User data|
|Stripe Service Provider & Sub-Processor||User data and user’s Customers’ data|
|Marketo||Stripe Service Provider & Sub-Processor||User data|
|Salesforce||Stripe Service Provider & Sub-Processor||User data|
|Zendesk||Customer service platform||European Union||USA||Support tickets and any communications with support agents|
d) When we disclose your Information (such as your email address for verification and security purposes) to any of our Authorised Affiliates, we will ensure that they undertake to protect your privacy. These Authorised Affiliates are not permitted to use the Information for any purpose other than the purpose for which they have been given access.
e) Our Authorised Affiliates may also provide us with Information collected from you. If you disclose Information to an Authorised Affiliate, we rely on you to provide the Authorised Affiliate with consent for us to collect, store, use, process and disclose your Information.
f) We may also disclose any Information we consider necessary to comply with any applicable law, regulation, legal process, governmental request or industry code or standard.
a) Our Authorised Affiliates may be located in or outside Australia, including in Belgium, United States, Canada, Malaysia, Mexico, India, Ireland, Japan, New Zealand, Singapore and the United Kingdom and other countries from time to time, whose laws are not recognised by the European Commission as providing an adequate level of protection to Information.
b) Where we do transfer your Information to our overseas Authorised Affiliate, we take steps reasonably necessary to ensure that:
i) there is a legal basis for the transfer of your Information; and
ii) your Information is treated securely (including, using reasonable endeavours to ensure that each overseas Authorised Affiliate receiving your Information are bound by Standard Contractual Clauses approved by the European Commission, which can be found at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).
c) By accessing or using our products, services or Sites, or providing your Information to us, you explicitly and freely consent to the transfer of your Information to our overseas Authorised Affiliates.
a) We will not disclose your Information to any third party (other than our Authorised Affiliates) without your written consent, unless:
i) we are otherwise required by the relevant Privacy Laws;
ii) we are permitted to under this policy; or
iii) such disclosure is, in our opinion, reasonably necessary to protect our rights or property, avoid injury to any person or ensure the proper functioning of the Sites.
b) This policy only covers the use and disclosure of Information we collect from you. The use of your Information by any third party is governed by their privacy policies and is not within our control.
c) If we collect any Information that is not referred to or contemplated in this policy, we will give you notification of the collection at the time that we or one of our services collects the Information.
a) Security is a priority for us when it comes to your Information.
b) We take reasonable steps in the circumstances to keep your Information safe. We use a combination of technical, administrative, and physical controls to protect and maintain the security of your Information. We also use End-to-End critical data and document vaults including 3-Key Encryption Store protecting data in transit and at rest.
c) Our officers, employees, agents and third party contractors are expected to observe the confidentiality of your Information.
d) Wherever possible, we procure that Authorised Affiliates who have access to your Information take reasonable steps to:
i) protect and maintain the security of your Information; and
ii) comply with the relevant APPs when your accessing and using your Information.
a) Whilst we undertake extensive efforts to secure your Information at infrastructure and device levels, the transmission of Information via the internet is not completely secure and not immune to malicious acts and hacks. While we do our best to protect your Information, we cannot guarantee the security of any Information transmitted through the Sites or otherwise electronically.
b) You provide your Information to us at your own risk and we are not responsible for any unauthorised access to, and disclosure of, your Information.
a) We will destroy or de-identify Information where it is no longer required, unless we are required or authorised by law to retain the Information.
b) We will usually retain information for no longer than 30 days however, there may be exceptions to this rule such as retaining log in details to authenticate or verify accounts.
c) To ensure we do not keep your Information for longer than necessary, we consider several criteria, including:
i) the purpose for which we are holding your Information;
ii) legal or regulatory obligations in relation to your Information (eg financial reporting obligations);
iii) whether we have an ongoing relationship (eg you have an account with us or our brands, you receive ongoing marketing communications or regularly visit or use our products, services or Sites);
iv) any specific requests you have made regarding the deletion of your Information; and
v) our legitimate business interests (eg defending claims, statistical analysis or research).
a) You can access, change or delete your Information at any time using your login. Alternatively, contact us at email@example.com and we will help you access or change your Information. We will however, be unable to assist with account enquiries relating to any secret codes as we do not have access to this information.
b) Under some circumstances you can:
i) request the restriction of processing relating to your Information;
ii) object to the processing of your Information; or
iii) request to receive a portable copy of your Information.
To exercise any of these rights, please contact us at firstname.lastname@example.org.
c) We may ask you for further information to be able to verify your identity or the reasons for your request. Provided we have received all necessary information from you, we will endeavour to provide you with an answer within 30 days of receipt of your request.
The Information you provide to us will be stored by us for no longer than legally required following your Information request or following the closure of your account.
a) We have a comprehensive data breach notification policy and response plan (Response Plan), which outlines the steps our personnel are required to take in the event of a data breach. This allows us to identify and deal with a data breach quickly to mitigate any harm that may result.
b) As part of the Response Plan, we will notify you as soon as practicable if we:
i) discover or suspect that your Information has been lost, accessed by, or disclosed to, any unauthorised person or in any unauthorised manner;
ii) believe that you are likely to suffer serious harm as a result; and
iii) are unable to prevent the likely risk of harm.
c) If you would like more Information about our Response Plan, please contact us using the details below.
a) At the time of accessing, or using, our products, services, Sites or otherwise from time to time, we may seek your express consent, by requesting that you tick the appropriate check box when providing us with your Information, for us to send you marketing or promotional materials and other Information.
b) Where we have obtained your prior consent or are otherwise permitted under the GDPR, we may, from time to time, use your Information to send you Information about the promotions, deals, competitions, products or services we offer, and any other Information that we consider may be relevant to you.
c) These communications may continue, even after you stop using our products or services.
a) We may send this Information to you via the communication channels specified at the time you provide your consent.
b) These communication channels may include mail, email, SMS telephone, social media or by customising online content and displaying advertising on our Sites.
a) You can opt out of receiving these communications by:
i) contacting us using the details below; or
ii) using the unsubscribe function in the email or SMS.
b) You may re-subscribe at any time by re-registering. You will be required to re-enter your Information as we only retain these details for a period of 30 days after you opt-out.
a) Our Sites may contain hyperlinks or banner advertising to or from third party websites.
b) We do not endorse any of these third parties, their products or services, or the content on these websites.
c) These websites are not subject to our privacy standards, policies and procedures. Therefore, we recommend that you make your own enquires about their privacy practices.
d) We are in no way responsible for the privacy practices or content of these third party websites.
a) We may collect Information when you access and use our Sites by utilising features and technologies of your internet browser, including cookies as set out in this link. A cookie is a piece of data that enables us to track and target your preferences.
b) The type of Information we collect may include statistical Information, details of your operating system, general location to ensure compliance with that country’s data regulations and to provide the language of choice, your internet protocol (IP) address, the general date and time of your visit, the pages of the website you have accessed (this excludes the app which has no applicable cookies), the links which you have clicked and the type of browser that you were using.
i) enable us to identify you as a return user and personalise and enhance your experience and use of our Sites; and
ii) help us improve our service to you when you access our Sites and to ensure that our Sites remain easy to use and navigate.
d) Most browsers are initially set up to accept cookies. However, you can reset your browser to refuse all cookies or warn you before accepting cookies.
e) If you reject our cookies or similar technologies, you may still use the Sites but may only have limited functionality of the Sites.
f) We may also use your IP address to analyse trends, administer the Sites and other websites we operate, track traffic patterns and gather demographic Information.
g) Your IP address and other Information may be used for credit fraud protection and risk reduction.
h) We may use various third party products and services to support and supplement our existing products. These third party products and services will all collect cookies to various degrees. These are the third parties we use:
Meeco – data protection services – Meeco cookie settings.
iii) Stripe – payment service provider – Stripe cookie settings.
v) MailChimp – email service provider – Mail Chimp cookie statement.
i) processed lawfully, fairly and transparently;
ii) collected for specified, explicit and legitimate purposes (and processed accordingly);
iii) adequate, relevant and limited to what is necessary for purpose;
v) stored in a minimal way;
vi) processed to ensure integrity and confidentiality.
b) Subject to certain exceptions, you have the right to:
|Your rights||What this means?|
|The right of access||This policy explains what Information we collect and process, why and when, we collect your Information as well as how we collect, hold, use and disclose your Information. You have the right to request copies of your Information.|
|The right to have your Information processed lawfully||
We must process your data lawfully. Processing of your data is only lawful if:
· consent has been given;
· processing is necessary for the performance of a contract;
· processing is necessary to satisfy legal obligations; or
· if one of the other conditions in Article 6 of the GDPR is satisfied.
|The right to know our details||
You have the right to know our information before we collect your Information. We are required to provide you with the following details:
· our identity and contact details;
· purpose and legal basis for processing data;
· recipients of data; and
· any transfers outside of the European Union;
· length of time of storage of data;
· that you have the right to request access to, rectification of, erasure or transfer of data;
· that you have the right to withdraw consent;
· the existence of any automated decision-making.
If you already have this information, we are not required to provide it to you again.
|The right to transparency||
We are required to provide you with Information that is:
· concise, transparent, intelligible and in an easily accessible form;
· in clear and plain language; and
· in writing, including electronically where appropriate.
|The right to consent||
We must be able to demonstrate that you have given us consent. Your consent must be given in a way that is:
· clearly distinguishable from other matters that may be included in the document;
· in an intelligible and easily accessible form;
· in clear and plain language.
You have the right to withdraw your consent at any time, and you must be informed of this prior to providing consent.
|The right to child consent||If you are under the age of 16, consent must be given on your behalf by someone who holds parental responsibility.|
|The right to rectification||You have the right to request that we correct any Information we hold about you that is inaccurate or incomplete.|
|The right of erasure||You have the right to request that we erase your Information or account in certain situations. If you later change your mind and decide you would like to have an account once again, we will welcome you back however, you will have to recreate all of your data.|
|The right to restrict processing||You have the right to request that we restrict our collection, use, processing or disclosure of your Information in certain circumstances.|
|The right to object to processing||
You have the right to:
1. object to decisions being made by automated means which produce legal effects concerning you or significantly affecting you; and
2. object or withdraw your consent at any time to the collection, use, processing or disclosure of your Information (including for direct marketing purposes), but this does not:
a. apply where we have other legal justifications to continue to collect, use, or process or disclose your Information; or
b. affect the lawfulness of any collection, use, processing or disclosure of your Information in certain circumstances.
|The right of data portability||You have the right to obtain a copy of your Information in a commonly used electronic format so that you can manage, share and move it. You also have the right to request we send it to a third party.|
|Automated processing||You have the right not be subject to a decision based solely on automated processing that produces concerning legal effects or significantly affects you.|
c) You can exercise any of these rights by contacting us using the details below.
d) We also have further obligations to you under the GDPR in relation to how we look after and treat your Information. You can find further details here.
a) We will use our reasonable endeavours to keep your Information accurate, up-to-date and complete.
b) You have the right to access any Information we hold about you, subject to some exceptions provided by relevant Privacy Laws.
c) You can access, or request that we correct, your personal Information by writing to us using the details below. We may require proof of identity.
d) If we do not allow you to access any part of your Information, we will tell you why in writing.
e) We will not charge you for requesting access to your Information but may charge you for our reasonable costs in supplying you with access to this Information.
f) We will endeavour to respond to your request for access or correction within 1 month from your request.
a) We do not knowingly seek, collect or process Information from or about persons under the age of 16 years of age (Children) without the consent of a parent or guardian.
b) If we become aware that any Information relating to a Child has been provided without the consent of a parent or guardian, we will use reasonable endeavours to:
i) delete the Information from all relevant files as soon as possible; or
ii) ensure, where deletion is not possible, that the Information is not used further for any purpose or disclosed further to any Authorised Affiliate.
c) Any parent or guardian with queries regarding our collection, use, processing or disclosure of Information relating to their Child should contact us using the details below.
You expressly and freely acknowledge and agree that we, our Authorised Affiliates and each of their officers, employees, agents and contractors are permitted to collect, process, use, share, store, disclose, alter and destroy your Information in accordance with this policy and the relevant Privacy Laws.
a) We may amend this policy from time to time at our sole discretion.
b) Any revised policy will be posted on our Sites and effective from the time of posting.
c) Your continued use of our products, services or the Sites following the posting of any revised policy indicates your acceptance of the changes to the policy.
d) You should regularly check and read the policy.
a) If you have any issues about this policy or the way we handle your Information, please contact us using the details below and provide full details of your complaint and any supporting documentation.
b) At all times, privacy complaints:
i) will be treated seriously;
ii) will be dealt with promptly;
iii) will be dealt with in a confidential manner; and
iv) will not affect your existing obligations or your commercial arrangements with us.
c) Our Privacy Officer will endeavour to:
i) respond to you within 14 business days; and
ii) investigate and attempt to resolve your concerns within 30 business days or any longer period necessary and notified to you by our Privacy Officer.
d) If you are dissatisfied with the outcome of your complaint, you may refer the complaint to the lead supervisory authority in the United Kingdom. The supervisory authority in the United Kingdom is the United Kingdom Information Commissioner] who may be contacted at email@example.com, +44 1625 545 700or any other channels as updated at https://ico.org.uk/.
e) If your issue has not been resolved to your satisfaction, then you can raise your concern with the:
|Office of the Australian Information Commissioner
Phone: 1300 363 992
GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601
Data Protection Authority in Belgium
Phone: +32 (0)2 274 48 00 (or) +32 (0)2 274 48 35
Mail: Drukpersstraat 35, 1000 Brussel
|Information Commissioner’s Office in the United Kingdom
Phone: 0303 123 1113 or +44 1625 545 700
Mail: Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF United Kingdom
We are committed to:
b) making sure we take reasonable steps to implement and the practices, procedures and systems to ensure we comply with all the relevant Privacy Laws.
You can contact us using the following details:
a) by email to firstname.lastname@example.org;
b) by calling them on 1300 431 660; or
c) by post to Suite 4/22 Council Street, Hawthorn East, Victoria, Australia, 3123.
View our Terms & Conditions here.