our Local Serves mobile application which is available for download on Google Play and the Apple App Store (the App); and
our website at http://www.localserves.com.au (the Website),
(together, Local Serves).
Local Serves provides users with functionality that enables them to order food and beverages from local restaurants, takeaway shops and cafés advertised on Local Serves (Food Providers) for collection from or delivery by the Food Provider and administering orders (the Services).
INFORMATION FOR ALL USERS
1.The Types of Personal Information We Collect and Hold about You
If you register an account with Local Serves (User), we may collect and hold the following types of personal information:
- your name;
- telephone number(s);
- email address(es);
- payment information, including partial debit or credit card details;
- personal information, including dietary requirements;
- device and network usage details (IP addresses) collected via Local Serves;
- survey responses and feedback;
- information about your usage of Local Serves; and
- personal information in messages, emails, reviews or other communications you have with us.
- All information, including personal information, about non-Users that is entered into or collected by Local Serves from Users.
2.How we collect personal information
Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. We only collect personal information that is necessary to provide the functionality of Local Serves, the Services and to otherwise operate our business.
We collect personal information about Users when personal information is entered by the User into Local Serves, and when a User voluntarily discloses personal information to us (via the App, Website, telephone, surveys, e-mail, messages, online forms or elsewhere).
Users are responsible for ensuring that all consents and authorisations have been obtained or provided by them as required by law for the lawful collection of personal information that we collect from them.
3.How we use personal information
How we use personal information about Users is set out in the following table:
- To manage, provide and support a User's use of Local Serves and the Services;
- In order to store personal information in databases and systems in our hosting environments at third party data centres;
- To provide support services to Users that require us to view and update personal information held in Local Serves;
- When backing up and restoring data;
- When conducting traffic analysis of Local Serves and the Services;
- When conducting research and development of Local Serves and the Services;
- When carrying out marketing calls and sending newsletters and other promotional material to identify and inform Users about products, functionality and services that may be of interest to them;
- To improve and develop Local Serves and the Services and for general product and business development;
- To carry out security audits, investigate security incidents and implement security processes and procedures that require access to personal information;
- Backing up and restoring data that includes User's personal information;
- To handle complaints.
- Required to identify persons who use Local Serves and to identify persons who request support or wish to exercise their rights under privacy law to access and correct their personal information or otherwise to exercise their other rights with respect to their personal information;
- Necessary for our legitimate interests, including in order to operate and grow our business and in order to administer and allow Users to operate Local Serves and for us to deliver the Services;
- For our accounting, billing and other internal administrative purposes;
- To comply with our legal and statutory obligations;
- Required in order to determine which privacy law applies to the individual.
- As required to offer a potential User access to Local Serves and the Services.
- To manage, provide and support a User's use of Local Serves and the Services;
- Necessary for our legitimate interests (in order to promote our business, Local Serves and the Services);
We collect information about Users through their use of Local Serves, known as analytics data.
Such analytics data is limited to information about devices accessing Local Serves, the amount of time a User spends on Local Serves and in which parts of it and the path navigated through it.
All analytics data is de-identified and is not collected or held in a form that could reasonably be expected to identify an individual.
In any event, we only use analytics data to help us review, enhance and improve Local Serves and the Services (for statistical or research purposes) and to develop case studies and marketing material without identifying any individual.
5.How we hold and secure personal information
We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities.
We take reasonable steps to protect personal information that we hold using such security safeguards as are reasonable in the circumstances to protect against loss, unauthorised access, modification and disclosure and other misuse, and we implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
- only use reputable cloud hosting providers to host personal information;
- implement passwords and access control procedures, anti-virus, firewall and security controls for email and other applicable computer software and systems;
- maintain files, in both hardcopy and electronic form, at our offices and other access-controlled premises;
- operate online records managements systems on secure networks;
- regularly perform security testing;
- carry out security reviews of our systems which seek to find and eliminate any potential security risks in our electronic and physical infrastructure as soon as possible;
- maintain physical security measures in our buildings and offices such as visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);
- require our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment and subcontractor agreements that we enter into with them;
- use SSL encryption on our systems;
- have data backup archiving and disaster recovery processes in place;
- if appropriate in the circumstances taking into account the state of the art, the costs of implementation and the nature, scope, content and purpose of the processing, we will encrypt personal information; and
- with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed.
6.Disclosure of personal information
We will disclose personal information to our employees, officers, advisors, suppliers, agents and related entities who assist us with the delivery of the Services. We take reasonable steps to ensure that they are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations which apply to personal information that we provide to them.
6.2We only disclose personal information that we collect to third parties as follows:
- Food Providers whom we enter agreements with for the delivery of the Services;
- data storage and software providers who host Local Serves databases and information (e.g. email hosting providers and online CRM providers) on our behalf;
- when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
- where a person provides written consent to the disclosure of their personal information;
- where we become aware that specific personal information needs to be disclosed to protect the safety or vital interests of any person we may disclose it.
- if we are contacted by any person who represents to us that they are a User, for security purposes, we will only discuss the personal information that we hold about them with them if they correctly identify themselves as such according to our security measures;
- if we sell all or part of our business, we will provide our databases to the purchaser;
- to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;
- for the enforcement of a law imposing a pecuniary penalty;
- for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); and
- to police and other governmental bodies or regulatory authorities where required by law.
7.Third Party Websites
Local Serves may include links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third party website prior to sending personal information to them. All Users should contact us in the first instance, if they have any enquiries about any links on Local Serves.
8.Interacting with us without disclosing personal information
You do not have the option of not identifying yourself or using a pseudonym when using Local Serves or contacting us to enquire about your User account as it is not practical for us to provide you with access to the Services or to discuss your User account if you refuse to provide us with your personal information.
We may transfer your personal information to our contractors and service providers who assist us with the supply and provision of Local Serves to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will take reasonable steps to ensure that such recipients do not breach the APPs in relation to personal information or other relevant State and Territory laws (as applicable). At present we transfer your personal information to our interstate Food Providers, contractors and service providers within Australia. We do not currently use offshore Food Providers or Delivery Providers.
10.How to Access and Correct Personal Information Held by Us
Users who wish to access and correct the personal information held by us about them should contact us. Prior to contacting us or submitting a request for access to correct any personal information held about them, Users can update their personal information by logging into their account on Local Serves.
Once an account is deleted, we may still be required to retain the data in accordance with our data retention obligations. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person's vital interests).
Unless we are required to retain personal information for a longer period in the circumstances described in clause 10.2, personal information will be stored for 7 years and any data that is no longer required for the maintenance of active Users will be deleted after this period. We will only keep personal information for longer periods than specified above, where required under applicable law.
As an alternative to deleting personal information, we may elect to de-identify it where permissible by law. We may use personal information that we de-identify for the purpose of improving Local Serves and for provision to third parties for marketing and research purposes (such as to map usage trends to improve subsequent usage experiences, to understand User profiles and to develop more relevant and engaging experiences on Local Serves).
Where you require your personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter unless applicable law requires us to retain the personal information, in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
We will handle all requests for access to personal information in accordance with our statutory obligations. You can request to receive a copy of your personal information by emailing [email protected]. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request. We will endeavour to provide a response to any request for access to personal information within 72 hours from the time a request is made.
11.Our contact details
Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:
Contact: Privacy Representative
Email: [email protected]
Post: PO Box 8181, Burwood Heights, Victoria 3151
We endeavour to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.
If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
Telephone: 1300 363 992
Email: [email protected]
Address: GPO Box 5218, Sydney NSW 2001
|How We Use and Process Personal Information that We Collect
|Why We Collect Personal Information
|Personal information about Users
|Personal information about non-Users