Privacy Policy
Ravel Technologies Pty Ltd (ACN 617 316 864) of L27, Tower 1, 100 Barangaroo Ave, Sydney, NSW 2000 (“Inspace”, “we”, “us” or “our”) and our operation of the following websites: https://www.inspacevr.com/ & https://www.inspace-studio.com/ & https://www.inspacestack.com/ (collectively, the “Websites”) is committed to respecting your privacy. This privacy policy sets outs out how we collect, use, process, store, share and disclose your Personal Information on our Websites (“Privacy Policy”). You can view our terms of use and contact us at info@inspacxr.com.We are committed to protecting your privacy and respecting and upholding your rights under the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (the “GDPR”) (collectively, “Privacy Laws”). We are a data controller for the purposes of the GDPR. We ensure that we will take all necessary and reasonable steps to comply with the relevant Privacy Laws and to deal with inquiries or complaints from individuals about compliance with the relevant Privacy Laws. By accessing and using our Websites and associated services, you freely and expressly consent to the collection, use, processing, storage and disclosure of Personal Information by us as set out in this Privacy Policy.
PERSONAL INFORMATION
1.1
Personal information is any information relating to an identified or identifiable natural person (“Personal Information”) and generally when used in this policy has the meaning given to it in the Privacy Laws. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (including phone numbers and email addresses) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2
You may need to provide Personal Information about other users to us, for example, personal information about your authorised representatives, or employees. If so, you are responsible for informing those individuals that you are providing their Personal Information to us, to ensure they agree to their information being provided to us, and to advise them of this Policy.
1.3
Stripe is an online payment system that is used to process payments on the Website. Personal Information will also be collected from you for the purpose of processing such payments.
YOUR INFORMATION
2.1
We will collect Personal Information only by lawful and fair means and not in an unreasonably intrusive way. Generally, we will collect Personal Information directly from you, and only to the extent necessary to provide our services requested or ordered by you or a Customer of ours that has referred you to one of our Websites and to carry out our administrative functions or as required by a relevant Privacy Law or expressed in this Privacy Policy.
2.2
We will not collect sensitive personal information (as defined under the relevant Privacy Laws) from you. We ask that you do not send us, or do not disclose, any sensitive personally identifiable information (such as information related to racial or ethnic origin, religion or other beliefs, health, criminal background or trade union membership) on or through the Websites or otherwise. If, contrary to this request, you do provide any sensitive personal information, in doing so you consent to us collecting and handling that information in accordance with this Privacy Policy.
2.3
We may collect Personal Information about you that you have provided to our business partners or from third parties and in respect of which you have given the third party permission to share with us.
2.4
We may also collect technical information related to your visit to our Websites and/or Services, which includes, but is not limited to, your internet protocol (IP) address (which can provide general information about your location, country, region, or city, but not your precise location), login information, device data such as device/browser type and version, time zone setting, and the operating system and platform you use when visiting our Websites or Services.
2.5
If you use a pseudonym when dealing with us or you do not provide identifiable information to us, we may not be able to provide you with any or all of our services as requested. If you wish to remain anonymous when you use our Websites, do not sign into them or provide any information that might identify you.
2.6
We require individuals to provide accurate, up to date and complete Personal Information at the time it is collected.
INFORMATION ABOUT CHILDREN UNDER 18
3.1
Our Websites are not intended for users under the age of 18. We acknowledge that the definition of a “minor” changes between jurisdictions, however we do not knowingly seek or collect Personal Information from any children below the age of 18 years.
WHAT IS OUR LEGAL BASIS?
4.1
Under the GDPR, we must have a legal basis to process Personal Information collected from individuals residing in the European Union. We rely on several legal bases to process your Personal Information, including:
(a)
where it is necessary to provide you, with access to, and use of the services and the Websites;
(b)
for our legitimate interests to provide, operate and improve our services or the Websites to our customers;
(c)
where you have freely and expressly consented to the processing of your Personal Information by us, which you may withdraw at any time; or
(d)
where we are under a legal obligation to process your Personal Information.
HOW YOUR INFORMATION IS USED
5.1
We use, process and disclose your Personal Information for the purposes for which the information is collected, or for a directly related purpose, including (but not limited to):
(a)
providing our Websites and services to you and/or our customers (including providing our Customers with Personal Information for their internal analytics);
(b)
administering, protecting, improving or optimising our Websites and services (including performing data analytics, conducting research and for advertising and marketing purposes);
(c)
creating industry reports from de-identified data;
(d)
verifying your age and/or identity;
(e)
billing you via Stripe for purchasing Services;
(f)
informing you about our Websites, services, rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
(g)
responding to any inquiries or comments that you submit to us;
(h)
any other purpose you have consented to; and
(i)
any use which is required or authorised by a relevant Privacy Law.
5.2
We may also use, process, and disclose your Personal Information for the purposes for which the information is collected, or for a directly related purpose, where we:
(a)
have your express consent (which you may withdraw at any time by contacting us in writing at info@inspacxr.com);
(b)
have a legal basis to do so; or
(c)
are otherwise permitted by relevant Privacy Laws
5.3
Where you complete an enquiry form, about a specific project provided on one of our Websites, we may share personally identifiable information (such as your email address) with our customers who have paid to list the relevant project. In such an instance, we will request and you grant us permission to provide our Customer with your Personal Information in order for them to provide you further information relating to the project that you enquired about and to provide you with assistance with your future property purchase or lease.
5.4
We do not undertake to sell or rent your personal information. We may, however, disclose your email and contact details to a customer of ours that has referred you to our Website or to whom you have visited a project provided on one of our Websites, with your expressed consent. When considering if we can disclose your Personal Information, please note that each of our customers will have their own privacy policy dealing with interactions with your data.
5.5
We may also provide non-personal information (such as email domain addresses) to a third party for the purposes for which the information is collected, or for a directly related purpose, including (but not limited to):
(a)
providing our Websites and services to you and/or our customers; and
(b)
administering, protecting, improving or optimising our Websites and services (including performing data analytics, conducting research and for advertising and marketing purposes).
DISCLOSURE OF PERSONAL INFORMATION
6.1
We may disclose your Personal Information to:
(a)
a Customer of our Services who has listed a project on our Websites through which you have enquired about, as provided for in section 5.3 above;
(b)
third-parties we ordinarily engage from time to time to perform functions on our behalf for the above purposes;
(c)
any person or entity to whom you have expressly consented to us disclosing your Personal Information to;
(d)
our external business advisors, auditors, lawyers, insurers and financiers;
(e)
our payment processing service provider Stripe; and
(f)
any person or entity to whom we are required or authorised to disclose your Personal Information to in accordance with the relevant Privacy Laws.
6.2
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
6.3
We will not share any other personally identifiable information with any third parties without your consent. We may, however, share non-Personal Information with our Customers for analytical purposes.
DIRECT MARKETING
7.1
Where we:
(a)
have your express consent (which you may withdraw at any time by contacting us in writing at info@inspacxr.com);
(b)
have a legal basis; or
(c)
are otherwise permitted by relevant Privacy Laws,
we may use and process your Personal Information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.
7.2
At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at info@inspacxr.com.
COOKIES
8.1
We use cookies, web beacons and similar technologies (collectively “Cookies”) on our Website. By accessing or using our Websites, you agree that we can store and access Cookies in accordance with this Privacy Policy.
8.2
Cookies are small files that can be stored on and accessed from a user’s device when the user accesses a website. They enable authorised web servers to recognise you across different websites, services, devices and browsing sessions.
8.3
We may use Cookies to enable users to access and use our Websites and Services, including to:
(a)
identify users of our Websites and Services;
(b)
process user requests;
(c)
improve user experience;
(d)
remember user preferences on our Site;
(e)
monitor the use of our Site and for analysis of our user base;
(f)
facilitate communication with users;
(g)
control access to certain content on our Site; and
(h)
protect our Site.
8.4
The data collected through Cookies will not be kept for longer than is necessary to fulfil the purposes mentioned above.
8.5
We will handle any Personal Information collected by Cookies in the same way that we handle all other Personal Information.
8.6
You can delete and refuse to accept browser Cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of the Website.
8.7
Unless you have adjusted your browser setting so that it will refuse Cookies, our system will issue Cookies when you direct your browser to our Websites.
INSPACE WEBSITES
9.1
When transmitting Personal Information from your computer to our Websites, you must keep in mind that the transmission of information over the internet is not always completely secure or error-free. Other than liability that cannot lawfully be excluded, we will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of that information.
DATA STORAGE
10.1
We may hold your Personal Information in either electronic or hard copy. We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information. For example, authentication is handled via Microsoft Azure and/or Auth0, both of which are AIPAA, ISO/IEC 27018, and GDPR compliant. Further, your Personal Information is stored with Microsoft Azure and/or Auth0, both of which is fully encrypted at rest.
10.2
However, we cannot guarantee the security of any Personal Information transmitted over the internet and therefore you disclose information and Personal Information to us at your own risk. We will not be liable for any unauthorised access, modification or disclosure, or misuse of your Personal Information.
10.3
We may disclose your Personal Information to third party recipients such as our payment processing provider Stripe located in or outside of the European Economic Area and Australia in order to provide our services to you and enable the Retailer to deliver products to you. As at the date of this Privacy Policy, such third party recipients (“Recipients”) are located in countries including France, Australia and other countries whose laws may not be recognised by the EU Commission as providing an adequate level of protection to Personal Information.
10.4
When entering into a transaction with us you expressly and freely consent to your Personal Information being disclosed or transferred to such Recipients. We will take steps reasonably necessary to ensure your Personal Information is treated securely and in accordance with this Privacy Policy. We use reasonable endeavours to ensure that each Recipient receiving your Personal Information is bound by the relevant Privacy Laws (including the standard contractual clauses approved by the European Commission). The standard contractual clauses are available on the European Commission’s Website at https://ec.europa.eu/info/law/law-topic/data-protection_en.
ACCESS TO INFORMATION
11.1
Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:
(a)
require us to correct any Personal Information held about you that is inaccurate or incomplete;
(b)
require the deletion of Personal Information concerning you in certain situations;
(c)
data portability for Personal Information you provide to us;
(d)
object or withdraw your consent at any time to the processing of your Personal Information;
(e)
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or
(f)
otherwise restrict our processing of your Personal Information in certain circumstances.
11.2
Subject to some exceptions provided by the relevant Privacy Laws, you may request access to your Personal Information in our customer account database, or seek correction of it, by contacting us. See section 14: Contact information. Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so.
11.3
We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.
11.4
If you believe that we hold Personal Information about you that is not accurate, complete or up-to-date then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe and you will not be charged a fee for correcting your Personal Information.
11.5
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
MailChimp and privacy consent
12.1
To provide our Services we may use MailChimp, which provides online tools that can be used to create, send, and manage emails. MailChimp may collect personal information, such as distribution lists which contain email addresses, and other information relating to those email addresses. For further information about the type of personal information MailChimp collects, refer to the MailChimp Privacy Policy.
12.2
We will only use this information to:
(a)
create, send and manage emails relating to Inspace;
(b)
measure email campaign performance;
(c)
improve the features for specific segments of customers;
(d)
evaluate your use of our Websites;
(e)
compile reports on website activity for us and, if applicable, for our Customers, and
(f)
provide other services relating to website activity and internet usage.
12.3
MailChimp may transfer this information to third parties where required to do so by law, or where such third parties process the information on MailChimps’s behalf. MailChimp collects information about when you visit the website, when you use the services, your browser type and version, your operating system, and other similar information.
12.4
MailChimp is based in the United States of America (USA) and the information collected about your use of the website (including your IP address) will be transmitted to and stored by MailChimp on servers located outside Australia. We are required to inform you that by subscribing to our Services you may be consenting to your personal information being collected, used, disclosed and stored as set out in Mail Chimp’s Privacy Policy and agree to abide by Mail Chimp’s Terms of Use.
12.5
You understand and acknowledge that this service utilises a MailChimp platform, which is located in the United States of America (USA) and relevant legislation of the USA will apply. Australian Privacy Principle 8.1 contained in Schedule 1 of the Privacy Act will not apply.
12.6
You understand and acknowledge that MailChimp is not subject to the Privacy Laws and you will not be able to seek redress under the Privacy Laws but will need to seek redress under the laws of the USA.
12.7
You can opt out of our mailing list if you choose the ‘unsubscribe’ service provided by MailChimp in every email, or contact Inspace. You can also disable or refuse cookies or disable Flash player; however, you may not be able to use the services provided by MailChimp if cookies are disabled.
THIRD PARTY SITES
13.1
The Websites may contain links to other third party websites including social media networks. This Privacy Policy applies solely to information collected by us on our Website.
CONTACT INFORMATION
14.1
If you require further information regarding our Privacy Policy or wish to make a privacy complaint, please contact us in writing at info@inspacxr.com.
NOTICES AND REVISIONS
15.1
We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice. Non-material changes and clarifications will take immediate effect, and material changes will take effect 30 days after the posting of the amended Privacy Policy on the Website.
ENFORCEMENT
16.1
We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice. Non-material changes and clarifications will take immediate effect, and material changes will take effect 30 days after the posting of the amended Privacy Policy on the Website.
%201.svg)