This is the Green Data Exchange Privacy Policy

Effective date: 22 July 2024

This Privacy Policy applies to all personal information collected by Green Data Exchange Pty Ltd ACN 664 122 749 (GDX, we, us or our) when you use any of our products, including our software as a service - our GDX platform.

We comply with the Privacy Act and the Australian Privacy Principles (APPs), upon which this policy is based. GDX is committed to protecting the privacy of your personal information.

This policy explains how we manage the personal information that we collect, use and disclose - and how to contact us if you have any questions about our handling and management of your personal information.

1. General

Our Privacy Policy is effective as of the date indicated above. Please visit our website regularly as we update this Policy from time to time. We will let you know about changes by indicating on the Privacy Policy the date it was last updated and making such updated Privacy Policy available on our website.

2. What “personal information” means

Personal information means information or an opinion about an individual who is identified, or who can reasonably be identified, from the information. For example, a person’s name, date of birth, address, phone number, email address, or driver’s licence number is personal information.

If information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “personal information” and will not be subject to this Privacy Policy.

3. Personal information we collect

The kind of personal information that we collect from you will depend on how you interact with us, such as if you:

(a) use our GDX platform,

(b) are a visitor to our website or the website of a related company of ours,

(d) are a prospective customer or existing customer.

The personal information we collect from you may include:

(a) names,

(b) current and former addresses,

(d) telephone numbers,

(e) email addresses,

(f) GDX platform account login credentials,

(g) location data, and

(h) browsing history.

Depending on the nature of your interaction with us, we may collect government-related identifiers, such as Australian Company Number or Australian Business Number. We collect such details only where it is lawful to do so. We do not use government-related identifiers as our own identifier of individuals.

If you do not allow us to collect personal information, or if you provide us with incorrect or incomplete information, we may not be able to provide you with our products or services or otherwise interact with you.

When you use our GDX platform or our website we may collect information about your visit for statistical purposes, including:

(a) server address;

(b) top level domain name (for example .com, .gov, .au, etc),

(d) the pages and links you accessed and any documents downloaded during your visit,

(e) the previous site you visited,

(f) if you’ve visited our site before, and

(g) the type of browser used.

4. How we collect your personal information

We collect your personal information from you

We may collect personal information from you when you:

(a) visit our website,

(b) use our products and services,

(d) contact us with a query or request information about our products and services or those of our participating providers, or

(e) contact us by telephone, via mail, e-mail, online or other method of communication.

We collect your personal information from third parties

We may also collect your personal information from third parties when:

(a) you have given them your consent to disclose information to us, or

(b) we access publicly available sources of information to supplement or validate information we already hold.

Our website collects cookies from your computer which enable us to tell when you use our website and allow us to customise your website experience. However, generally, it is not possible to identify you personally from our use of cookies.

5. Why we collect, hold, use, and disclose personal information

We collect, hold, use and disclose personal information so that we can:

(a) provide or deliver our GDX platform to you,

(b) administer, improve, develop and manage our GDX platform and other products and services (including maintaining, testing and upgrading our GDX platform and systems),

(d) inform you about other products or services that we reasonably believe may be of interest to you,

(e) ensure we comply with the requirements of our participating providers,

(f) develop insights from our customer interactions to improve our GDX platform and other products and services we provide to customers,

(g) maintain and improve our customer service by monitoring for quality control, quality and training purposes,

(h) evaluate the performance of our systems or our service providers’ systems,

(i) manage our relationships with our participating providers, suppliers and stakeholders,

(j) manage our internal business, financial management, reporting and accounting,

(k) permit due diligence as part of a corporate transaction, such as a sale, merger or other change of control of our business,

(l) meet our regulatory and legal obligations, and

(m) create property level records that do not identify you, or reasonably enable you to be identified (these records are not personal information about you).

Marketing

By using our GDX platform, you consent to the receipt of direct marketing material. We will only use your personal information for this purpose if we have collected it directly from you and it is material of a type which you would reasonably expect to receive from us. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature.

6. Disclosure to service providers

We may disclose personal information to our service providers, who help us to provide our GDX platform and other products and services, and to conduct our day to day business activities.

We take steps to ensure that all our service providers agree to protect the privacy and security of your personal information, and that they only use it for the purposes described in this policy.

These service providers generally help us by:

(a) providing us with software so that we can provide you with our GDX platform and other products and services,

(b) providing us with our office management software, such as email,

(c) providing us with software that supports communication between our IT systems, including Australian-hosted cloud services,

(d) providing us with professional advice and services, and

(e) assisting us with marketing and advertising.

7. Links to third party sites

We may provide links to third-party websites from our website. We are not responsible for and make no warranty as to the content or privacy practices or policies of these third-party websites.

These links are provided for your convenience and do not represent our endorsement of any linked third-party website. We recommend that you review the privacy policies of these third parties prior to providing them with your personal information.

8. Data storage and security

We may store your information in our electronic records. We do not keep personal information in hard copy records.

We will take reasonable precautions to:

(a) store your personal information securely.

(b) make our GDX platform and storage facilities as secure as possible against unauthorised access, and

(c) protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.

Our safeguards may include a range of systems and communication security measures, such as:

(a) technical solutions, including passwords, anti-malware software, firewalls and encryption,

(b) cyber security awareness training for employees and contractors,

(d) confidentiality mandates for employees and contractors,

9. Sending personal information outside Australia

We do not transfer or disclose your personal information to anyone who is not located in Australia. We process and store your personal information in the cloud using Amazon Web Services hosted in Australia.

10. You can request access to your personal information

You can ask us for access to personal information we hold about you. If you would like to obtain access to your personal information, please contact us as set out below.

We aim to make personal information available as soon as reasonably possible after access has been requested. We will need to confirm identity before the requested personal information is provided.

If someone makes the request for access on your behalf, we will require your prior written consent or we will contact you directly to collect your consent.

In some circumstances we may refuse to give you access to some or all information you have requested. For example, where we have been unable to verify and confirm your identity, if providing access would have an unreasonable impact on the privacy of others; or giving access would reveal evaluative information in connection with a commercially sensitive decision-making process.

If we deny or restrict access to the information you have requested, we will give you written reasons for this decision when we respond to your request.

11. Correcting to your personal information

You are entitled to ask us to correct inaccurate personal information, subject to certain exceptions.

We rely on the personal information we hold in order to carry out our business, so it is important that information is accurate, complete and up-to-date. If you believe that your personal information is inaccurate, incomplete, out of date, irrelevant or misleading, please contact using the details provided below and we’ll correct that information as soon as reasonably possible after receiving any information we need to make the requested change.

Before we correct your personal information, we’ll need to verify and confirm your identity. If someone makes the request on your behalf, we will require your prior written consent or we will contact you directly to collect your consent.

If we don’t agree that the information needs to be corrected, we’ll let you know why. If that occurs, you can ask us to include a statement with the information that says you believe it’s inaccurate, incomplete, out of date, irrelevant or misleading.

12. Resolving concerns

If you have a complaint or concern about how we handle and manage your personal information, please contact us as set out below.

We will acknowledge complaint and provide a name, a reference number and contact details of the person responsible for reviewing the complaint.

We may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take reasonable steps to rectify the problem.

If you remain dissatisfied with the outcome of your complaint, you may make a complaint to the Office of the Australian Information Commissioner via their website at www.oaic.gov.au or by phone on 1300 363 992

13. How to contact us about privacy

Please contact our Privacy Officer by email at privacy@greendataexchange.me if you:

(a) have any queries,

(b) would like a copy of this privacy policy,

(d) would like to correct your personal information, or

(e) have a complaint about our privacy practices.