This policy is effective 2021-06-03
Sezoo is based in Melbourne Australia. This means that, while we will aim to comply with all applicable global privacy regulations, the privacy act directly applicable to our business is the Australian Privacy Act 1988.
In Australia, the Privacy Act is the responsibility of the Office of the Information Commissioner, you can read about it here: https://www.oaic.gov.au/privacy/the-privacy-act/. The Australian Privacy Act 1988 defines 13 Privacy Principles. We’ll describe our commitment to privacy first, and then how we address each of the 13 principles of the Act.
Our Commitment to Privacy
At Sezoo we deeply value privacy, in fact improving privacy for people by working with organisations is a core part of our business offering.
So we will only ever want to know what you want us to know about you. We will deliberately avoid collecting repositories of data about people and their behaviours.
While we respect your privacy, we also recognise the importance of connections and value exchange. We will be happy to get to know you if you want to connect and we will remember only what we need to remember to provide the service(s) that you want and to stay in touch with you while you want us to.
This way of thinking directly impacts our behaviour and use of technologies.
It means that, to the extent possible, we will not apply surveillance technology on our website, derive and capture behavioural insights based on analytics, click rates and page views, nor will we follow you with cookies.
Why “to the extent possible”? At the moment sometimes you need to remember stuff so that you can make online things work – these are “functionally necessary”. Sometimes you need to remember stuff because regulators demand it. And sometimes, if we’re using a product provided by another company, we may not have full control over that product’s behaviour.
Whenever it is necessary to remember something about you, or when we know that a product we use has an approach to privacy that we think you should know about, we will make sure that you are aware of it beforehand so that you can make an informed decision about whether to proceed.
As well as being advocates for privacy, we are realists about technology and our own abilities. We make sure that all our work is as good as we can make it, but we don’t claim that we are perfect.
If you have questions or advice on how we can improve our approach to privacy we would love to hear from you. Please email firstname.lastname@example.org.
Sezoo and the 13 Principles of the Australian Privacy Act
You can read about the 13 principles here: https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-quick-reference/
The list below echoes these principles and describes our approach to each one in italics.
APP 1: Open and transparent management of personal information
That’s what we’re describing here. We hope it makes sense, if not, please send any questions to email@example.com and we’ll get back to you as soon as we can.
APP 2: Anonymity and pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
Absolutely. You will be able to choose if and how to identify yourself to us. Make sure that the connection works and that you recognise yourself though!
APP 3: Collection of solicited personal information
Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of sensitive information.
Actually we don’t want to collect this stuff at all if possible, and we certainly don’t anticipate collecting any sensitive information.
APP 4: Dealing with unsolicited personal information
Outlines how APP entities must deal with unsolicited personal information.
We won’t seek it, and if we receive it, we’ll delete it.
APP 5: Notification of the collection of personal information
Outlines when and in what circumstances an APP entity that collects personal information must tell an individual about certain matters.
We’ll always ask you if we need to know something about you to provide a service.
APP 6: Use or disclosure of personal information
Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.
We will not on-sell, share or otherwise disclose information about you to others.
APP 7: Direct marketing
An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.
If we produce marketing materials, they will be opt-in and sent on request. We will not use unsolicited direct marketing.
APP 8: Cross-border disclosure of personal information
Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.
We use cloud based service providers for our back office and product suite. This means the physical storage location may be overseas (and sometimes non-determinate). These systems will only be accessible to Sezoo employees and will contain little or no personal information about others.
APP 9: Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
For us this is a big issue. We’re fans of a way of thinking about online identity called “self-sovereign identity” which means that we’re not fans of the inappropriate use or collection of government (or other singular) identifiers.
APP 10: Quality of personal information
An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
Our approach to this will be somewhat different, we want you to be the curator of your information. We won’t want to remember it, we’ll want to ask you to provide it when we need it. If this gets too annoying, and you ask us to, we might remember some things – but our first position is to always ask you to make sure things are up to date and correct.
APP 11: Security of personal information
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.
We will minimise to the extent possible any personal information we hold and yes for any information that we do hold, we will take all reasonable steps to protect it.
APP 12: Access to personal information
Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.
We will be happy to receive a request from you, but we may not know anything about you, in fact we won’t know anything about you except what you’ve told us and that we’ve agreed to remember.
APP 13: Correction of personal information
Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.
This one is a bit like our approach to principle 10: we really want you to be the source of truth about you rather than our records. To the extent possible, we will always ask you to confirm information when we need it to provide a service for you rather than remembering stuff that can easily become out of date.
Let's enhance our digital mindset and re-establish trust in our solutions for all.Let's Talk