What is the purpose of this Privacy Policy and Collection Statement?

Birchal Pty. Ltd. ACN 616 478 767 and its related bodies corporate (referred to as ‘we’ or ‘our’ or ‘us’ or ‘Birchal’) operate the website birchal.com (including any subdomains) across desktop, mobile, tablet and apps. We provide a variety of products and services via the website.

We are bound by the Privacy Act 1998 (Privacy Act), including the Australian Privacy Principles (APPs) and recognise the importance of ensuring the confidentiality and security of your personal information.

This Privacy Policy and Collection Statement (Privacy Policy) applies to our website, all products and services we provide and your interactions with us. It sets out how we collect, use, disclose and manage personal information.

Please read through it carefully because by accessing our website and using our products and services, you expressly agree to this Privacy Policy. If you do not agree, no hard feelings but we request you close this website and stop using our products and services now.

All third parties (including customers, suppliers and service providers) that have access to or use personal information collected and held by Birchal must also comply with this Privacy Policy.

Please also read our Terms of Service — those terms are important and also apply to you when you use our website and our products and services.

What kind of personal information do we collect and hold?

Personal information is information or an opinion relating to an individual, which can be used to identify that individual.

We may collect and hold a range of personal information about you to provide you with our products and services, including:

Sensitive information is personal information that includes information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences, health and criminal record. Except where noted above, we do not have a need to collect sensitive information so we do not collect this information.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as "personal information" and will not be subject to this Privacy Policy. This may include where information has been aggregated, anonymised, pseudonymised or de-identified.

How we collect and hold personal information

We generally collect personal information directly from you. For example, personal information will be collected when you create a Birchal account, use our products and services, interact with our website, call us or send us correspondence, when you interact with our advertising, apply for a job, participate in discussion boards, take part in webinars or events or join us on social media.

We may also collect personal information about you from a third party, such as electronic verification services, payment providers, issuers, share registry providers, accountants, advisors, third party data providers, suppliers, social applications, marketing agencies and business partners.

We may collect some information about you when you visit our website, such as your IP address, browser and device type. We may also use third parties to analyse traffic at our website, which may involve the use of cookies and similar tracking technologies - we explain this more below.

We will not collect sensitive information about you without your consent, unless an exemption in the APPs applies. These exceptions include if the collection is required or authorised by law or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

If the personal information we request is not provided by you, we may not be able to provide you with the benefit of our services or meet your needs appropriately.

We may not give you the option of you dealing with us anonymously or under a pseudonym. This is because it is impractical, and, in some circumstances, unlawful for Birchal to deal with individuals who are not identified.

Unsolicited personal information

We may receive unsolicited personal information about you. We take reasonable steps to de-identify or destroy unsolicited personal information we receive, unless it is relevant to our purposes for collecting personal information. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information.

Who do we collect personal information about?

The personal information we may collect and hold includes (but is not limited to) personal information about:

Website collection, cookies & related technologies

We collect personal information when we receive completed online generated forms from our website www.birchal.com. We, our clients and our third-party partners, such as our advertising and analytics partners, may also use cookies, pixels and other tracking technologies.

We use these technologies to understand how users interact with our website, to compile aggregate data about our website traffic, including where our website visitors are located, and interaction so that we can offer better user experiences.

To use our website, you must consent to our use of cookies. You can also withdraw or modify your consent to our use of cookies at any time. If you no longer wish to receive cookies, you can use your web browser settings to accept, refuse and delete cookies. To do this, follow the instructions provided by your browser. Please note that if you set your browser to refuse cookies, you may not be able to use certain features of our website, products and services.

Cookies do not contain personal information in themselves, but can be used to identify a person when combined with other information. Cookies are small text files which are transferred to your computer’s hard drive through your web browser that enables our website to recognise your browser and capture and remember certain information. This includes facilitating your use of products and services.

We use Google Analytics and Google’s related services. The data collected in this way is anonymous to us and our users, however, the data we collect may be combined with other information which may be identifiable to you. You can read how Google uses the information (and how you can control it) here.

We use Meta/Facebook pixels to collect data, track conversions from Meta ads, optimise ads, build targeted audiences for future ads and remarket in connection with our products and services and users products and services. The data collected in this way is anonymous to us and our users, however, the data we collect may be combined with other information which may be identifiable to you. You can read how Meta uses the information (and how you can control it) here.

You may also encounter cookies (or similar) on certain pages of our website that has been placed by third parties (e.g. if you view a web page created by a user, there may be a cookie placed within that web page). We do not control the use of cookies by third parties.

Why we collect and hold personal information and how we use it

We may use and disclose the information we collect about you for the following purposes:

We may use and disclose your personal information for any of these purposes. We may also use and disclose your personal information for secondary purposes which are related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act.

Sensitive information will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise, or an exemption in the Privacy Act applies.

Who might we disclose personal information to?

We may disclose personal information to:

If we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the specific purpose for which we supply it. We will use reasonable endeavours to ensure that our contractual arrangements with third parties adequately address privacy issues and we will make third parties aware of this Privacy Policy.

Sending information overseas

We may disclose personal information to our related entities, employees, contractors, service providers and suppliers, including data hosting and cloud-based IT service providers, located outside of Australia. For example, we transfer data outside of Australia to our service providers in order to obtain secure storage, back-up and data retrieval services.

While it is not practical to list all of the countries in which personal information is likely to be disclosed, the key countries include Poland, India, Japan, Singapore, Taiwan, Germany and the USA.

We will not send personal information to recipients outside of Australia unless we have taken reasonable steps to ensure that the recipient does not breach the Act and the APP, the recipient is subject to an information privacy scheme similar to the Privacy Act or the individual has consented to the disclosure.

If you consent to your personal information being disclosed to an overseas recipient and the recipient breaches the APPs, we will not be accountable for that breach under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

Management of personal information

We recognise the importance of securing personal information. We take reasonable steps to protect your personal information from misuse, interference or loss and unauthorised access, modification or disclosure.

Your personal information is generally stored in digital format on our computer database and on secure servers. Any paper files are stored in secure areas.

We apply the following guidelines:

Payment information is transmitted securely using Secure Sockets Layer (SSL) encryption technology and processed through our payment processor’s secure payment gateway (which is PCI-DSS compliant). We do not store your payment information (such as bank account details, credit card or debit card information) on our websites’ servers or databases. You will see some of your bank account information in your profile, this is a masked version of the information which is necessary for the payment validation process.

Even after these measures and despite our reasonable efforts, no security measure is ever perfect or impenetrable. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please contact us as soon as you can using our contact details below.

How long do we keep your personal information

The length of time we keep your personal information (whether or not your Birchal account is deactivated) depends on what it is and whether we have an ongoing business need to retain it (e.g., to provide our services or to comply with our legal, tax, accounting or other regulatory obligations).

We’ll retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, or as otherwise required by law. Following that period, we’ll take reasonable steps to delete or de-identify it. Most of your personal information is or will be stored by us for a minimum of 7 years.

If you would like us to do so, we will deactivate your Birchal account on your request. After your Birchal account is deactivated, it will be removed from our websites and you will no longer be able to login, however, we may retain your personal information as described in this Privacy Policy. To make a deactivation request, please send an email using the contact details below.

Direct marketing

By agreeing to this Privacy Policy, you confirm that we (or our business partners on our behalf) may send you direct marketing communications and information about your Birchal account, our products and services and other offers, promotions, goods or services which we believe may be of interest to you.

Otherwise, we may only use personal information we collect from you for the purposes of direct marketing without your consent if:

If we collect personal information about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (or it is impracticable to obtain your consent), and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact you may make such a request in our direct marketing communications.

You may opt-out of receiving marketing materials from us by using the “unsubscribe” link at the bottom of our emails or via your Birchal account. You have the right to request us not to use or disclose your personal information for the purposes of direct marketing or for the purposes of facilitating direct marketing by other organisations. We must give effect to the request within a reasonable period of time. You may also request that we provide you with the source of their information. If such a request is made, we must notify you of the source of the information free of charge within a reasonable period of time.

A company you follow, express an interest in or invest in, may also send you direct marketing communications and information. If you do not wish to receive marketing information from that company we encourage you to contact the company or use that company’s unsubscribe facilities. As you can appreciate, we are not responsible for the activities of a third party.

Identifiers

We do not adopt identifiers assigned by the Government (such as drivers’ licence numbers) for our own file recording purposes, unless one of the exemptions in the Privacy Act applies.

How do we keep personal information accurate and up-to-date?

We are committed to ensuring that the personal information we collect, use and disclose is relevant, accurate, complete and up-to-date.

Once you have created a Birchal account, you can review and change your personal information, including your name, company, address, phone number, bank account details and your password. You must update your personal information as soon as you can after it changes.

We also encourage you to contact us to update any personal information we hold about you. If we correct information that has previously been disclosed to another entity, we take reasonable steps to notify the other entity within a reasonable period of the correction. Where we are satisfied that the information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. We do not charge you for correcting the information.

Accessing your personal information

Subject to the exceptions set out in the Privacy Act, you may gain access to the personal information that we hold about you by contacting our Privacy Officer. We will provide access within 30 days of your request. If we refuse to provide the information, we will provide reasons for the refusal.

We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.

External links

Our website may contain links to, and interfaces with, websites, services and widgets operated by third parties, such as social media buttons and features (e.g. “likes” and “shares”), search engines, companies seeking investment through our websites or other partners. Third parties are responsible for informing you about their own privacy practices so if you use these businesses, we encourage you to check out their privacy policies.

As you can appreciate, we make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website.

Your rights

You have rights. This Privacy Policy contains information about how:

Contact us or make a complaint

If you have any questions about this Privacy Policy or if you wish to make a complaint about how we have handled your personal information, you can lodge a complaint with us by:

We have an effective complaints handling process in place to manage privacy risks and issues. The complaints handling process involves:

If you are not satisfied with our response to your complaint, you can also refer your complaint to the Office of the Australian Information Commissioner by:

Updates to this Privacy Policy

We may update this Privacy Policy from time to time. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.