This Privacy Policy applies to all personal information collected by via Mpoints’s websites, mobile applications, products and services (Services)

Mpoints respects your right to privacy and is committed to safeguarding the privacy of our customers and software application users. Mpoints this Privacy Policy to help you make an informed decision about whether to use or continue using the Website and/or the Service. If you do not agree to our practices, please do not use the Website and the Service.

This Privacy Policy is subject to the Terms of Use located at www.mpoints.com.au. Your use of the Service and any personal information you provide through the Service remains subject to the terms of this Agreement.

This Privacy Policy outlines the specific legal obligations Mpoints has when collecting and handling your personal information. Those obligations are outlined in the Privacy Act 1988 (Cth) (Privacy Act) and, in particular, the Australian Privacy Principles found in that Act.

What is “personal information”?

1. The Privacy Act currently defines “personal information” as meaning information or an opinion about an identified individual or an individual who is reasonably identifiable:

   • whether the information or opinion is true or not; and

   • whether the information or opinion is recorded in a material form or not.

2. If information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “personal information” and will not be subject to this privacy policy.

What information do we collect?

The kind of personal information that we collect from you will depend on how you use the Website. The personal information which we collect and hold about you may include:

1. Personal information you voluntarily provide to us: This includes personal information provided by the user directly (whether face-to-face, by telephone, email, online forms, post, through social media or by communicating with us in any way), when you make an enquiry through our Website, our Service, or over the phone or when you enter into a transaction with us by purchasing a product you are voluntarily giving us the personal information that we collect.

   Categories of personal information: The personal information we may collect includes your name, date and place of birth, medical history, physical address, email address, phone number, billing information, details of products and services we have provided to you and/or that you have enquired about, additional personal information that you provide to us, directly or indirectly, through your use of our Website, and/or accounts from which you permit us to collect information; and any other personal information requested by us and/or provided by you or a third party, and our response to you and feedback on the Service.

2. Our email marketing list: If you elect to sign up to our email marketing list, we may collect your name, email address, and email marketing preferences.

3. Personal information we collect automatically: When you use our Service or browse our Website, we may collect information about your usage and web browsing. We may collect the personal information as log files, or through cookies or other tracking technologies (see the “Cookies and tracking” below for more information), store it, and link it to the other personal information we hold about you.

   Categories of personal information: The personal information we may collect includes your IP address, your operating system, your browser ID, time, date, your browsing activity, your interaction with the Service.

4. Statistical information: We may collect statistical (non-personal) information about your use of the Website and the Service to improve the features and overall user experience. This may include statistical information such as pages accessed on the Website and the Service, search terms, links that are clicked on, Website and Service visit times, browsers and operating systems, IP address, and cookies.

5. Cookies and tracking: We may use various technologies to collect and store information when you use our Service, and this may include using cookies and similar tracking technologies, such as pixels and web beacons. You may control the use of cookies at the individual browser level, however your use of the Website and Service may be affected.

6. User Information, being personal information relating to our Users and (where applicable) their businesses. We collect this information so that we can provide our Services to those Users. For the purposes of GDPR in the European Union, we are the ‘data controller’ of this User Information and we collect and store it for the purposes of providing our Services to Users and maintaining records and contact details relating to those Services and Users. This policy sets out how Mpoints process your information as a User.

7. Customer Information, being personal information relating to individuals with whom our Users interact (such as customers of their businesses). Users of our Services are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as all privacy policies, agreements, or other obligations, relating to the collection of personal information in connection with the use of our Services by individuals with whom our Users interact. We collect information under the direction of our Users, and have no direct relationship with individuals whose personal information we process in connection with the use of our Services. If you are a User providing information (including personal information) about someone else, you must have the legal ability to do so and, if necessary, inform them about how their personal information will be used (as described in this Privacy Policy). If you are an individual who interacts with a User using our Services – for instance if you’re an employee or customer of a business – that User is the controller of your information, and you should contact them directly (e.g. – the owner or manager of the business) – for assistance with any requests or questions relating to your personal information.

   The Website and Service do not currently recognize Do Not Track (DNT) signals sent by our users’ web browsers.

   If we are not able to collect information about you, we may not be able to provide you with products services and assistance to the extent that they require us to collect, use of disclosed personal information.

How we collect your personal information?

1. We may collect personal information from you whenever you input such information into the Website or the system for the Service.

2. We also collect cookies from your computer which enables us to tell when you use the Website, the Service, and to help customise your Website and Service experience. As a general rule, however, it is not possible to identify you personally from our use of cookies.

How do we protect your information?

1. We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.

2. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.

Purpose of collection

We collect your personal information for the primary purpose of:

1. Providing a personalised experience in provision our services to you through the Website and the Service.

2. To respond to enquiries, feedbacks and complaints.

3. To perform authorised financial transactions in the provision of service.

4. Advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you.

5. To comply with our legal obligations and resolve any disputes that we may have.

6. We may also use your personal information for secondary purposes such as our service providers who assist us in operating the Website or analytics, market research and business development, including to improve our Website and Service. Your personal information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties.

7. The email address you provide may be used to send you information, respond to inquiries, and/or other requests or questions

8. To send periodic emails.

9. To process transactions.

10. Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without you consent, other than for the express purpose of delivering the purchased product or service requested.

11. To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you).

12. To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs).

    
    

Sensitive Information

1. Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's, sexual orientation or practices, racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information, genetic information, biometric information.

2. Sensitive information will be used by us only:

   1. For the primary purpose for which it was obtained.

   2. With your consent; or where required or authorised by law.

Disclosure of Personal information

Your personal information shall not be used or disclosed except:

1. where your consent is obtained expressly or impliedly;

2. where required in the delivery of personalized services, which may include to:

   • disclose personal information to third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators; and

   • our employees, contractors and/or related entities; and

   • our existing or potential agents or business partners;

   • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;

   • credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;

   • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia;

   • third parties to collect and process data, such as Google Analytics or other relevant businesses. This may include parties that store data outside of Australia.

3. As authorized by the law to courts, tribunals, regulatory authorities and law enforcement officers, in connection with any actual or prospective legal proceedings, or in order to establish, exercise of defend our legal rights.

Security of Personal Information

The transmission and exchange of information is carried out at your own risk. We take reasonable steps to protect your personal information from misuse, loss, unauthorized access and use and unauthorized disclosure to third parties. Nevertheless, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Except to the extent liability cannot be excluded due to the operation of the statute, Mpoints excludes all liability (including in negligence) for the consequences of any unauthorised access to your personal information. Please notify us immediately if you become aware of any breach of security.

Your personal information will be deidentified once it is no longer needed for the purpose for which it was collected.

Access and correction

You may access your personal information to correct and/or update in certain circumstances as required by the Australian Privacy Principles. If you would like to obtain such access, please contact us.

To ensure confidentiality, details of your personal information will be passed on to you only if we are satisfied that the information relates to you. A fee will not be charged for an access request, but you may be charged the reasonable expense we incur (such as search and copying costs). If we refuse to provide you with access or correct the personal information held about you by us (in accordance with the Privacy Act), then we will provide reasons for such refusal.

Overseas transfer

To bring you Services, we operate globally. In order to do so, your personal information may be transferred to, and processed in countries other than the country you live in, outside of your home country, including to Australia, New Zealand, United Kingdom, China, Malaysia and the United States. These countries may have laws different to what you’re used to. Rest assured, where we disclose Personal Data to a third party in another country, we put safeguards in place to ensure your Personal Data remains protected.

Specifically, Mpoints hosts data with Microsoft Azure in the United States and in Australia. This means that your personal information will be transferred to the US or to Australia. The servers on which personal information is stored are kept in a controlled and secure environment.

European Economic Area (EEA) users: This means that your information may be transferred outside of the EEA. Where your personal information is transferred outside the EEA, it will only be transferred to countries that have been deemed to provide adequate protection for EEA information (like New Zealand and Australia), or to a third party where we have approved transfer mechanisms in place to protect your personal information – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US based third parties). Australian users: The third parties we share data with do not control, and are not permitted to access or use your Personal Data, except for the limited purpose it was provided. This means that, for the purposes of Australian privacy legislation and Australian users, Mpoints does not disclose Personal Data to third parties located overseas. China and Malaysia users: This means your information may be transferred outside China / Malaysia. Where your personal information is transferred outside China / Malaysia, the relevant regulations for overseas transfer of personal information will be followed, including the Personal Information Protection Law (China) and Personal Data Protection Act (Malaysia).

Updates to Privacy Policy

1. You acknowledge that the Service is subject to technical progress and development and that We may update or modify this Privacy Policy from time to time, and you agree to review the latest version of this Privacy Policy from time to time.

2. All modifications will be effective immediately upon our posting of the modifications on our Website or notice board. Please check back from time to time to review our Privacy Policy.

3. From time to time we will review our Privacy Policy to keep pace with changes in our Service and any data protection and privacy laws applicable to the processing of Personal Data that we are committed to comply with, including:

   • the Privacy Act 1988 (Cth, Australia);

   • the Privacy Act 1993 (New Zealand);

   • the Personal Data Protection and Electronic Documents Act, SC 2000, c5 (federal, Canada);

   • the Personal Data Protection Act (Alberta, Canada);

   • the Personal Data Protection Act (British Columbia, Canada);

   • all applicable United States federal and state privacy laws, including, but not limited to, the California Online Privacy Protection Act (CalOPPA), Early Learning Personal Data Protection Act (ELPIPA);

   • the General Data Protection Regulation (EU);

   • the Data Protection Act 2018 (UK);

   • Personal Information Protection Law (China);

   • Personal Data Protection Act (Malaysia); and

   • any other applicable privacy legislation.

   (the above collectively referred to as “Data Protection Laws”)

4. This Privacy Policy is our most recently updated Privacy Policy. Your continued use of the Service constitutes your agreement to this Privacy Policy and any amendments. We encourage you to read our Privacy Policy carefully.

Your rights

1. Deactivating your account: If you wish to deactivate your Mpoints account, you may do so by logging into your Mpoints account and following these instructions.

2. Your European Privacy Rights: In addition to the rights listed above, if you are in the EEA you also have rights to:

   • Know what personal information we hold about you, and to make sure it’s correct and up to date.

   • Request a copy of your personal information or ask us to restrict processing of or delete it.

   • Object to our continued processing of your personal information and to request a permanent deletion of your data.

   • For more information about your European Privacy Rights, please see our GDPR help guide.

   If you’re not happy with how we are processing your personal information, you have the right to complain to your local information protection authority. Your local data protection authority will be able to give you more information on how to submit a complaint.

   You can request to exercise these rights by emailing support@mpoints.com.au. We will process your request within 30 days of receiving your request. Note that we may require proof of identification before we process your request.

Children and our Services

Our Services are not directed to children, and you may not use our Services if you are under the age of 18. You must also be old enough to consent to the processing of your Personal Data in your country (in some countries we may allow your parent or guardian to do so on your behalf).

Your consent

By using our site, you consent to our privacy policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page.

Contacting Us

If you have any queries, or if you seek access to your personal information, or if you have a complaint about our privacy practices, you can contact us by email: support@mpoints.com.au.