Privacy

 

1. General

Your privacy is important to us and MondoConneX Pty Ltd (we, us, our) are committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Privacy Act) and the General Data Protection Regulation (EU 2016/679) (GDPR), which applies across the European Union (collectively, Privacy Laws).

This policy specifically relates to how and when we collect, process, use, share, store, disclose, alter and destroy personal information collected through:

  • Our websites or mobile application - whether owned by or operated by us, by our network of third party WiFi partners or by our third party Post Transaction partners (Platforms),

  • Our MondoMenu ordering system (Menu), or

  • Other products and services we may provide from time to time such as consulting or technical services.

This privacy policy specifically excludes our Mondo CheckIn platform. The Mondo CheckIn platform provides data collection and storage for contact tracing purposes and is administered under a separate privacy policy, which can be accessed via the https://mondocheckin.com/checkin/privacy site.

We take all necessary steps to ensure that any personal information collected through our Platforms, Menu and other products and services is used, shared, stored, disclosed and processed lawfully and fairly.

For the purposes of the GDPR, we are responsible as both data controllers and/or data processors where personal information is provided through the use of the Platforms.

By accessing or using the Platforms, Menu or our products or services, you indicate that:

  1. you have read and understood this policy; and
  2. you agree that your access to, or use of, the Platforms, Menu or any of our products or services indicates your consent to this policy

If you have any questions about this policy, you can contact us using the details below.

2. Changes to this policy

We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we upload the revised policy.

3. What personal information we collect

a. Personal information

Personal information is information or an opinion about you which identifies you, or which is reasonably capable of identifying you, whether or not the information is true or recorded in a material form.

We collect and use personal information from customers, authorised users or visitors of the Platforms, Menu, purchasers of our products or services, and any other individual who interacts with us.

We collect and use different types of personal information depending on the type of dealing you have with us, which may include:

  1. your full name, email address, telephone number and postcode;
  2. your gender;
  3. financial information, including payment details (if making a purchase on Menu);
  4. details of what you have purchased on Menu;
  5. responses to surveys you complete, or products or services you have engaged with on our Platforms;
  6. information from enquiries you have made;
  7. communications between us;
  8. information or data which we automatically collect from you through the use of cookies or similar technologies (see section 12); and
  9. any additional information required for user authentication processes.

b. Sensitive information

We do not intentionally collect your sensitive information (as defined by the Privacy Laws). However, some of our services are automated and we may not recognise that you have accidentally provided us with sensitive information. If you have accidentally sent us sensitive information, please contact us using the details below.

4. Collection

We collect personal information about you in a variety of ways, including if you:

a. Methods of collection

  1. set up or update an account or other registration on our Platforms;
  2. opt-in to offers and deals;
  3. browse or purchase from Menu;
  4. complete or respond to our surveys;
  5. use or order our products and services;
  6. access, interact with, or use our Platforms;
  7. interact or communicate with us, such as by telephone, email or in person;
  8. submit an enquiry to us via our Platforms, Menu or our website.

Additionally we may collect information about you;

  1. third parties (which we discuss further in clause 6b of this policy); and
  2. from publicly available sources of information (for example, if you use our social media sites or applications, pages or plugins).

We will only collect personal information that is necessary for one or more of our functions to operate or for a purpose outlined in this policy or otherwise disclosed to you.

By providing your personal information to us, you acknowledge that you are authorised to provide such information to us.

You do not have to provide your personal information to us. However, if you do not do so, we may not be able to provide you with access to, and use of, our products, services or Platforms.

5. Legal basis for processing personal information (EU Only)

We rely on several legal bases under the GDPR to collect, process, store, use and disclose the personal information of individuals residing in the European Union (EU), including:

  1. where you have freely and expressly consented to the collection, use, storage, processing and disclosure of your personal information for a specific purpose. The provision of personal information to us is voluntary. However, if you do not provide your personal information to us, we may not be able to provide you with access to, and use of, our products, services or Platforms. You may withdraw your consent at any time by contacting us using the details below;
  2. where the collection, use, storage, processing and disclosure of your personal information is necessary for the performance of a contract to which you are a party. For example, when collection and use is necessary to fulfil our obligations to provide you with access to, and use of, our products, services or Platforms;
  3. for our legitimate business interests, including, but not limited to:
    1. providing, operating and improving our products, services or Platforms;
    2. marketing new promotions, offers, products, services provided by us or our Authorised Affiliates that we consider may interest or benefit you (see 6bii for more information);
    3. managing, analysing, understanding and developing our relationship with you; and
    4. responding to your queries or complaints; and
  4. where there is a legal obligation to collect, use, store, process or disclose your personal information. For example, we may be obliged to disclose your personal information by reason of any applicable law, regulation or court order and/or to protect our interests and legal rights.

6. How we use your personal information

a. Purpose of use and disclosure

We only use, process and disclose your personal information for the purposes for which it is collected. In particular, we use, disclose and process your personal information to:

  1. provide or deliver our Platforms, Menu, products or services to you;
  2. administer, improve, develop and manage our Platforms, Menu, products or services,
  3. operate, maintain, test and upgrade our Platforms, Menu, products or services; and
  4. inform you about our Platforms, Menu, products or services or other matters which we believe are of interest to you.

We may also use, disclose and process your personal information:

  1. to customise the content on our Platforms or Menu;
  2. to charge and bill you for our products and services or those of the venue you order from if using Menu;
  3. to verify your identity;
  4. to perform research and analysis about our Platforms, Menu, products or services;
  5. to comply with regulatory or other legal requirements;
  6. for any purpose to which you have consented; and
  7. for any other purpose notified to you at the time of collection.

In the event of a merger, acquisition or sale of the whole or part of our business or assets, we reserve the right to transfer your personal information as part of the transaction, without your consent or notice to you.

b. Disclosure to third parties

With your consent, we may provide your personal information to:

  1. our employees, related entities, business partners, third party contractors, suppliers and agents from time to time for the purpose of delivering, providing and administering our Platforms, Menu, products or services; and
  2. third party service providers who process or use your personal information for the purpose of performing functions on our behalf, but may not process or use such information for any other purpose. Examples of these third party service providers include, but are not limited to, marketing and analysis organisations, financial and credit card institutions to process payments, hosting companies, web developers, internet service providers, customer service providers, customer support specialists, fulfilment companies, external business advisors (including auditors and lawyers), our insurer and research and data analysis firms (collectively, Authorised Affiliates).

When we disclose your personal information to any of our Authorised Affiliates, we will ensure that they undertake to protect your privacy. These Authorised Affiliates are not permitted to use the information for any purpose other than the purpose for which they have been given access.

Our Authorised Affiliates may also provide us with personal information collected from you. If you disclose personal information to an Authorised Affiliate, we rely on you to provide the Authorised Affiliate with consent for us to collect, store, use, process and disclose your personal information.

We may also disclose any personal information we consider necessary to comply with any applicable law, regulation, legal process, government request or industry code or standard.

c. Overseas disclosure

Our Authorised Affiliates may be located in or outside the EU, including in Australia and other countries from time to time, whose laws are not recognised by the European Commission as providing an adequate level of protection to Personal Information.

Where we do transfer your personal information to our overseas Authorised Affiliate, we take steps reasonably necessary to ensure that:

  1. there is a legal basis for the transfer of your personal information; and
  2. your personal information is treated securely.

By accessing or using our products, services or Platforms, or providing your personal information to us, you explicitly and freely consent to the transfer of your Personal Information to our overseas Authorised Affiliates. If you do not wish to receive information from any of our Authorised Affiliates, please let us know using the details below.

d. Disclaimer

We will not disclose your personal information to any third party (other than our Authorised Affiliates) without your written consent, unless:

  1. we are otherwise required by the relevant Privacy Laws;
  2. we are permitted to under this policy; or
  3. such disclosure is, in our opinion, reasonably necessary to protect our rights or property, avoid injury to any person or ensure the proper functioning of the Platforms, Menu, products or services.

This policy only covers the use and disclosure of information we collect from you. The use of your personal information by any third party is governed by their privacy policies and is not within our control.

7. Use of Financial Information

  1. If you use our website to make purchases or other financial transactions (such as payment of invoices through the Website for products or services you purchase from a third party user or venue), we may collect information about the purchase or transaction. This includes payment information, such as your credit card or debit card number, billing details and other account and contact information (Financial Information).
  2. We will only collect Financial Information from you with your prior knowledge and consent. You can access and browse our Website without disclosing Financial Information.
  3. We use your Financial Information solely to process payments for products or services you request or purchase through the use of our Website. We only use and retain your Financial Information to complete payments you initiate; any Financial Information that is collected is solely for the purpose of transaction approval and the transfer of funds.
  4. We provide data encryption throughout the payment process and only share your Financial Information with your credit card provider, third party payment processor or financial institution to process payments. The Financial Information we collect from you is strictly confidential and held on secured servers in controlled facilities.
  5. We do not retain your Financial Information after the transaction is complete, unless you check a box through which you ask us to save your Financial Information for future product purchases or payments. If you do check that box, we will retain your Financial Information until you contact us and ask that we remove it from our databases.
  6. We may use third party agents to manage online payment processing. These agents are not permitted to store, retain or use your Financial Information or other personally identifiable information, except for the sole purpose of payment processing on our behalf. Any third party agent used by us is not authorised to use your Financial Information in any way other than to process payments and is required to keep any Financial Information it uses or collects confidential.

8. Storage and Security

a. Protecting your personal information

We take reasonable steps in the circumstances to keep your personal information safe. We use a combination of technical, administrative, and physical controls to protect and maintain the security of your personal information.

Our officers, employees, agents and third-party contractors are expected to observe the confidentiality of your personal information.

Wherever possible, we procure that Authorised Affiliates who have access to your personal information take reasonable steps to:

  1. protect and maintain the security of your personal information; and
  2. comply with the relevant Privacy Laws when your accessing and using your personal information.

b. No Guarantee

The transmission of information via the internet is not completely secure. While we do our best to protect your personal information, we cannot guarantee the security of any personal information transmitted through the Platforms, Menu, our products or services.

You provide your personal information to us at your own risk and we are not responsible for any unauthorised access to, and disclosure of, your personal information.

c. Destruction of personal information

We will destroy or de-identify personal information where it is no longer required, unless we are required or authorised by law to retain the information.

d. Suspected data security breach

We have a comprehensive data breach notification policy and response plan (Response Plan), which outlines the steps our personnel are required to take in the event of a data breach. This allows us to identify and deal with a data breach quickly to mitigate any harm that may result.

As part of the Response Plan, we will notify you as soon as practicable if we:

  1. discover or suspect that your personal information has been lost, accessed by, or disclosed to, any unauthorised person or in any unauthorised manner;
  2. believe that you are likely to suffer serious harm as a result; and
  3. are unable to prevent the likely risk of harm.

If you would like more information about our Response Plan, please contact us using the details below.

9. Direct Marketing

a. Your consent

At the time of accessing or using our Platforms, Menu, products or services, or otherwise from time to time, we may seek your express consent, by requesting that you tick the appropriate check box when providing us with your personal information, for us or our partners to send you marketing or promotional materials and other information.

Where we have obtained your prior consent or are otherwise permitted under the GDPR, we may, from time to time:

  1. use your personal information to send you information about the products or services we offer, and any other information that we consider may be relevant to you; and
  2. disclose your personal information to a specified Partner for the purpose of that Partner contacting you for marketing purposes. For example, a specified Partner may send you information about special deals, products or services they offer and other information that may interest you. These communications may continue, even after you stop using our products or services.

10. Opting Out

You can unsubscribe or opt-out from receiving marketing or promotional materials at any time by:

  1. emailing us at contact@mondoconnex.com;
  2. logging in to your account and using the info and feedback form; or
  3. using the unsubscribe facility included in our commercial electronic messages (ie email or SMS).

If you unsubscribe or opt-out, your account will be deleted and you will not have your personal information provided to any Partner or other Authorised Affiliates for marketing or other purposes (except to the extent that disclosure is required by law).

You may re-subscribe at any time by re-registering.

11. Links to other websites from our Platforms

Our Platforms, Menu, products or services may contain hyperlinks or banner advertising to or from thirdparty websites.

We do not endorse any of these third parties, their products or services or the content on these websites.

These websites are not subject to our privacy standards, policies and procedures.Therefore, we recommend that you make your own enquiries about their privacy practices.

We are in no way responsible for the privacy practices or content of these thirdparty websites.

12. Cookies Policy

We may collect information when you access and use our Platforms, Menu, products or services by utilising features and technologies of your internet browser, including cookies, pixel tags, web beacons, embedded web links and similar technologies. A cookie is a piece of data that enables us to track and target your preferences.

The type of information we collect may include statistical information, details of your operating system, location, your internet protocol (IP) address, the date and time of your visit, the pages you have accessed, the links which you have clicked and the type of browser that you were using.

We may use cookies and similar technologies to:  

  1. enable us to identify you as a return user and personalise and enhance your experience and use of our Platforms; and
  2. help us improve our service to you when you access our Platforms and to ensure that our Platforms remain easy to use and navigate.

Most browsers are initially set up to accept cookies. However, you can reset your browser to refuse all cookies or warn you before accepting cookies.

If you reject our cookies or similar technologies, you may still use the Platforms, Menu, products or services, but may only have limited functionality of them as a result.

We may also use your IP address to analyse trends, administer the Platforms, Menu and other websites we operate, track traffic patterns and gather demographic information.

Your IP address and other personal information may be used for credit fraud protection and risk reduction.

For further information about cookies and similar technologies, including how to refuse them, contact us using the details below.

13. Your rights in relation to privacy

a. Privacy rights (EU only)

Under the GDPR, you have a number of important rights. Subject to certain exceptions, you have the right to:

  1. fair and transparent processing of your personal information and processing in accordance with the GDPR;
  2. require us to rectify or correct any personal information we hold about you that is inaccurate or incomplete;
  3. require us to erase your personal information in certain situations;
  4. obtain a copy of your personal information in a commonly used electronic format so that you can manage and move it, or request we send it to a third party;
  5. object or withdraw your consent at any time to the collection, use, processing or disclosure of your personal information (including for direct marketing purposes), but this does not:
    1. apply where we have other legal justifications to continue to collect, use, process or disclose your personal information; or
    2. affect the lawfulness of any collection, use, processing or disclosure that occurred before you withdrew your consent;
  6. object to decisions being made by automated means which produce legal effects concerning you or significantly affecting you; or
  7. otherwise restrict our collection, use, processing or disclosure of your personal information in certain circumstances.

You can exercise any of these rights by contacting us using the contact details below. 

b. Access Rights

We will use our reasonable endeavours to keep your personal information accurate, up-to-date and complete.

You have the right to access any personal information we hold about you, subject to some exceptions provided by relevant Privacy Laws.

You can access, or request that we correct, your personal information by writing to us using the details below. We may require proof of identity.

If we do not allow you to access any part of your personal information, we will tell you why in writing.

We will not charge you for requesting access to your personal information but may charge you for our reasonable costs in supplying you with access to this information.

We will endeavour to respond to your request for access or correction within 1 month from your request.


14. Consents

You expressly and freely acknowledge and agree that we, our Authorised Affiliates and each of their officers, employees, agents and contractors are permitted to collect, process, use, share, store, disclose, alter and destroy your personal information in accordance with this policy and the relevant Privacy Laws.

15. Children’s Policy

We do not knowingly seek, collect or process personal information from or about persons under the age of 16 years of age (Child or Children) without the consent of a parent or guardian.

If we become aware that any personal information relating to a Child has been provided without the consent of a parent or guardian, we will use reasonable endeavours to:

  1. delete the personal information from all relevant files as soon as possible; or
  2. ensure, where deletion is not possible, that the personal information is not used further for any purpose or disclosed further to any Authorised Affiliate.

Any parent or guardian with queries regarding our collection, use, processing or disclosure of personal information relating to their Child should contact us using the details below.

16. Complaints

If you have any issues about this policy or the way we handle your personal information, please contact us using the details below and provide full details of your complaint and any supporting documentation.

At all times, privacy complaints:

  1. will be treated seriously;
  2. will be dealt with promptly;
  3. will be dealt with in a confidential manner; and
  4. will not affect your existing obligations or your commercial arrangements with us.

If you are dissatisfied with the outcome of your complaint, you may refer the complaint to:

  1. EU only: the lead supervisory authority in the relevant EU member state, whose details can be found by visiting http://ec.europa.eu/justice/article-29/structure/data-protection- authorities/index_en.htm; or
  2. Australia only: the Office of the Australian Information Commissioner whose details can be found by visiting https://www.oaic.gov.au.

17. Contact us

You can contact us using the following details:

  1. by email to contact@mondoconnex.com; or
  2. by calling us on +61 3 9067 5638.