Our privacy obligations
Photo Anywhere is governed by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). The APPs regulate how personal information is handled by Photo Anywhere.
Notice to EU/UK individuals: this Privacy Statement is intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union 27 April 2016 (the “General Data Protection Regulation” or “GDPR”), and the UK equivalent (the “UK GDPR”), and provide appropriate protection and care with respect to the treatment of your user information in accordance with the GDPR.
Note to California residents: this Privacy Statement is intended to comply with California Consumer Privacy Act (“CCPA”) and other applicable California law.
We will review this policy annually, and make updates as required.
The types of personal information we collect and hold
We collect personal information about our users in order to provide our products, services, and customer support. Our products, services, and customer support are provided through many platforms including but not limited to: websites, phone apps, email, and telephone. The specific platform and product, service, or support you interact with may affect the personal data we collect.
How we collect personal information
Information that you specifically give us
While you use our products and services you may be asked to provide certain types of personal information. This might happen through our website, applications, online chat systems, telephone, paper forms, or in-person meetings. We will give you a Collection Notice at the time, to explain how we will use the personal information we are asking for. The notice may be written or verbal.
We may collect personal information about you - such as your name, address, telephone number, fax number, e-mail address, etc - directly from you.
Generally, the information we collect includes your:
· Account Details - username, password, profile picture.
· Contact Details - email address, phone number (private and business).
· Location Details - physical address, billing address, business address, timezone.
· Business Affiliations
· Identity Details - full name, proof of identity (e.g. drivers licence, passport), proof of address (e.g. utility bill), photograph of the user.
· Financial Information - credit card details, wire transfer details, payment processor details (e.g. skrill, paypal), tax numbers.
· User Generated Content - project descriptions and attachments, bid description, user profiles, user reviews, contest descriptions and attachment, user messages etc.
Other information related to your request or inquiry, or that you provide when you communicate, engage or otherwise interact with us or the Services.
Information that we collect from others
Users have the ability to invite non-users to our platform by providing contact details such as email address. In these situations, the information will be collected and stored by us to contact the non-user and to prevent abuse of the invite systems.
Your payment provider may transmit information about the payment that we may collect or process.
In some situations, personal information of users may be collected from public sources.
We may collect or process the following information:
· Basic Details - username, profile picture.
· Contact Details - email address, phone number (private and business)
· Location Details - Physical Address, billing address, business address, timezone.
· Business Affiliations
· Financial Information - payment account details (e.g. paypal email address and physical address), and wire transfer details.
· List of contacts - email provider address book.
· User Generated Content - user profile.
Information we collect as you use our service
We maintain records of the interactions we have with our users, including the products, services and customer support we have provided. This includes the interactions our users have with our platform such as when a user has viewed a page or clicked a button.
In order to deliver certain products or services we may passively collect your GPS coordinates, where available from your device. Most modern devices such as smartphones will display a permission request when our platform requests this data. In some territories, including California and countries in the European Economic Area (“EEA”) and the United Kingdom (the EEA and the United Kingdom, together “Europe”), this information may be considered personal data or personal information under applicable data protection laws.
When we are contacted we may collect personal information that is intrinsic to the communication. For example, if we are contacted via email, we will collect the email address used.
We may collect or process the following information:
· Metadata - IP address, computer and connection information, referring web page, standard web log information, language settings, timezone, etc.
· Device Information - device identifier, device type, device plugins, hardware capabilities, etc.
· Location - GPS position.
· Actions - pages viewed, buttons clicked, time spent viewing, search keywords, etc.
Links to other sites
How we use personal information
The information we request, collect, and process is primarily used to provide users with the product or service they have requested. Generally, we use the personal information that we collect as follows:
· to provide the service or product you have requested;
· to facilitate the creation of a User Contract (see Terms of Service for more information);
· to provide technical or other support to you;
· to answer enquiries about our services, or to respond to a complaint;
· to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications);
· to allow for debugging, testing and otherwise operate our platforms;
· to conduct data analysis, research and otherwise build and improve our platforms;
· in order to to respond to legal process (eg, court orders, subpoenas or warrants) or regulator investigators and inquiries, or where otherwise required by law or our legal, regulatory or ethical obligations;
· for other purposes with your consent, unless you withdraw your consent for these purposes.
· connecting the buyer and seller for legal title to transfer so this information is shared in the ordinary course of business.
· where necessary, for the administration of our general business, accounting, record keeping, audit, compliance and legal functions.
The 'lawful processing' grounds on which we will use personal information about our users include, but are not limited to:
· when a user has given consent;
· when necessary for the performance of a contract to which the user is party;
· processing is necessary for compliance with our legal obligations;
· processing is necessary in order to protect the vital interests of our users or of another natural person;
· processing is done in pursuing our legitimate interests, where these interests do not infringe on the rights of our users;
· Investigate or enforce violations of our user agreement; and
· To prevent illegal activity.
We use automated decisions when helping matching users to jobs. The primary way this occurs is through how we rank users. These rankings are produced by analysing user generated content, user activity and the outcome of jobs; in this context, user generated content will include reviews that users receive when completing jobs. More information on these ranking guides can be found in our community articles. Automated decision making is also used to recommend potential jobs to our users and as a part of our marketplace security systems.
When we disclose personal information
Our third party service providers
The personal information of users may be held, transmitted to or processed on our behalf outside Australia, including 'in the cloud', by our third party service providers. Our third party service providers are bound by contract to only use your personal information on our behalf, under our instructions.
Our third party service providers include:
· Cloud hosting, storage, networking and related providers;
· SMS providers;
· Payment and banking providers;
· Marketing and analytics providers; and
· Security providers.
Third party applications
Other disclosures and transfers
We may also disclose your personal information to third parties for the following purposes:
· if necessary to provide the service or product you have requested;
· to comply with the law and our ethical obligations or respond to legal process or regulator investigations and inquiries, or where otherwise required by law or our ethical obligations. For example, we may disclose information in response to subpoenas, court orders, and/or other lawful requests by regulators and/or law enforcement, including responding to national security or law enforcement disclosure requirements; or
· for other purposes with your consent.
As we are a global company, with offices around the world, your personal information may be processed by staff in any of our offices. Photo Anywhere currently has offices in Australia.
We do not sell user personal information to third parties.
Accessing, correcting, or downloading your personal information
You have the right to request access to the personal information Photo Anywhere holds about you. Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period, and without unreasonable expense for no charge. Most personal information can be accessed by logging into your account. If you wish to access information that is not accessible through the platform, or wish to download all personal information we hold on you in a portable data format, please contact our Privacy Officer. We will provide the required information to you within one month of receiving the request.
You also have the right to request the correction of the personal information we hold about you. All your personal information can be updated through the user settings pages. If you require assistance please contact our customer support.
If you are a resident in Europe, you may ask us: to access, correct, update or delete your user information; you may object to our processing of this information, ask us to restrict our processing of your user information, or request portability of your user information. Similarly, if we have collected and processed your user information with your consent, then you can withdraw your consent at any time. However, please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your user information conducted in relation on lawful processing grounds other than consent. You have the right to complain to a data protection authority about our collection and use of your user information. For more information, please contact your local data protection authority.
California Residents Only: If you are a California resident, you are entitled to request notice of certain information about the user information that we may share with third parties for marketing purposes (e.eg., the categories of user information shared, and contact information of applicable third parties), as well as request that we disclose to you what personal information we collect, use, disclose and the right to request deletion of personal information we collect or maintain about you. If you would like to exercise any of these rights, please mail your written request to us at the address below and title your request as follows or in a similar manner: “CCPA - California Resident Request”. You also have the right to opt out of the sale of your personal information (as defined by applicable law), which you may exercise, and to not be treated in a discriminatory manner for having exercised your rights regarding your privacy rights under the California Consumer Privacy Act (CCPA).
Exercising your other rights
You have a number of other rights in relation to the personal data Photo Anywhere holds about you, however, there may be restrictions on how you may exercise the rights. This is largely due to the nature of the products and services we provide. Much of the data we collect is in order to facilitate contracts between users, facilitate payments, and provide protection for the legitimate users of our marketplace - these data uses are protected against the below rights.
You have the right to:
· seek human review of automated decision-making or profiling;
· opt-out of direct marketing, and profiling for marketing;
· erasure; and
· temporary restriction of processing.
Human review of automated decision making / profiling - In the case of our ranking algorithms, it is not possible to exercise this right as this ranking is a fundamental part of the marketplace that users participate in, opting out would mean not being able to participate in the marketplace. Decisions affecting marketplace security are already reviewed by humans.
Direct marketing and profiling - users can control what emails they receive through their settings page.
Erasure - Most personal information and user generated content cannot be deleted as they are used to support contracts between users, document financial transactions, and are used in protecting other legitimate users of the marketplace. In the case of non-personal data that can be linked with personal data, it will either be erased or otherwise anonymised from the personal data.
Temporary restriction to processing - under certain circumstances you may exercise this right, in particular if you believe that the personal data we have is not accurate, or you believe that we do not have legitimate grounds for processing your information. In either case you may exercise this right by contacting our privacy officer.
Unless stated above, users may exercise any of the above rights by contacting our Privacy Officer.
Additional Privacy Information for California & European Residents
California: Effective January 1, 2020, the California Consumer Act of 2018 (CCPA) permits consumers who are California residents to ask businesses covered under the act about personal data it has collected about the consumer, submit an access or deletion request, and opt-out of the sale of personal information, if applicable. These provisions do not apply to personal data collected, processed, shared, or disclosed by financial institutions pursuant to federal law such as the Gramm-Leach-Bliley Act. Contact us if you have questions about our privacy statement, this consumer notice, or your personal data. We will not share personal information we collect about you except to the extent permitted under California law.
We may also process certain user information on the basis of the following legitimate interests, provided that such interests are not overridden by your privacy rights and interests: delivering and continuing to develop and improve the App, learning from your behaviour on the App (e.g., analysing traffic) to better serve you and other App users, helping us modify or enhance the App and its content, receiving insight as to what users do (and don’t) like about our App or aspects thereof, and providing a stable, consistent and secure user experience in connection with the App.
To contact our Privacy Officer
If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:
Attn: Privacy Officer
Grosvenor Place, Level 37,
225 George Street,
Sydney, NSW 2000
For the purposes of the GDPR, our Privacy Officer is also our Data Protection Officer (DPO).
While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as above. We will acknowledge your formal complaint within 10 working days of receipt.
If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by calling them on 1300 363 992, making a complaint online at www.oaic.gov.au, or writing to them at OAIC, GPO Box 5218, Sydney NSW 2001.
If you are in the European Union, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
This Agreement was last modified on 27 February 2021.