CaffeAssist

Our protection statement

We are committed to protecting your personal information/data (personal data) you provide when you apply to work for us, buy our products or services, or if you just visit our website for information about or to learn more about what we do.

We will comply in our handling of your personal data with all applicable legal requirements depending on the particular country jurisdiction in which you operate This includes:

  • the Privacy Act 1988 (Cth) and the Australian Privacy Principles issued pursuant to that Act if you are situated in Australia.
  • the Data Protection Act 2018 and the European General Data Protection Regulation if you are situated in the European Union or if your personal data is subject to those laws and regulations; and
  • the various laws applicable in the United States including the Health Insurance Portability and Accountability Act if you are situated in the United States.

We refer to these laws generically as Data Protection Laws but the particular laws only apply to your personal data where the provisions of those laws make them apply. For example, Australia Data Protection Laws only apply in Australia. Where a provision in this notice and policy is included because of a particular Data Protection Law, we have made it clear which Data Protection Laws apply.

This Privacy Notice and Policy sets out how we (or ‘us’) will collect, use, disclose and keep secure your personal data. It also covers how we make the personal data it holds available to you for access and correction by you in the event that such information is inaccurate or incomplete.

Addresses and contacts

In Australia and for the purposes of the Australian Data Protection Laws, the contact entity is listed on our contact page with our ABN (Australian Business Number) with the principal place of business at our Australian address.

For other jurisdictions please check on our website or check with the Australian Privacy Officer (see below for contact details).

Contacting Us – complaints and queries

If you require further information regarding our Privacy Notice and Policy, our treatment or handling of your personal data or if you want to make a complaint or raise a query, you can contact our Privacy Officer by post at one of the addresses set out above (please mark your envelope “For the attention of the Privacy Officer”) or by the details listed on our Contact Us page

(please state “For the attention of the Privacy Officer” in the subject line).

You can also complain directly to the Australian Privacy Commissioner at https://www.oaic.gov.au/ in Australia. In the EU you can complain to the relevant authority for the particular member state which, in Spain (where we are located) is set out above under ‘Addresses and Contacts’.

What personal data we might collect

Note that when we refer to personal data, we mean personal data as defined by the relevant Data Protection Laws.

However, the personal data that we collect will typically include your name, address, email address, telephone number, job title and other information relating to you personally which you may choose to provide.

Data Protection Laws in most cases, recognise that certain types of personal data are more sensitive than others. These types are known as ‘sensitive’ or ‘special category’ personal data and include information revealing racial or ethnic origin, religious or philosophical beliefs and political opinions, trade union membership, genetic or biometric data, information concerning health or data concerning a person’s sex life or sexual orientation. We will only collect special category data where we need to (for example if you have special requirements we need to meet if you are making site visits or are on our premises) and only where you have given your explicit consent to the processing of such data for one or more of the purposes specified in this Privacy Notice and Policy.

You do not have to provide your personal data if you do not want to. However, if you choose not to do so, you may not be able to take full advantage of our service, as some personal data is required in order to match volunteers with suitable volunteering opportunities.

The Privacy Act 1988 requires entities bound by the Australian Privacy Principles to have a privacy policy. This privacy policy outlines the personal information handling practices of our company (or “us” or “we”). This policy is written in simple language. If at any point we become an entity not bound by the Privacy Act 1988 we will not opt in to the Australian Privacy Principles.

Eligibility

All persons registered as users with us must be aged 16 years and over.

How and when we collect personal data about you

When you directly give us information

We may collect and store personal data about you when you interact with us and provide your personal data directly to us.  For example, this could be when you:

  • order our products or use one of our services.
  • make an enquiry.
  • give us feedback.
  • make a complaint; and/or
  • apply for a job.

If you disclose personal data about someone other than yourself, you must ensure that you have the relevant individual’s consent to provide their personal information to us.

When you indirectly give us information

When you interact with us on social media platforms such as Facebook or Instagram, we may also obtain some personal data about you. The information we receive will depend on the privacy preferences you have set on each platform and the privacy policies of each platform. To change your settings on these platforms, please refer to the privacy notices of the social media provider you are using.

We may obtain information about your visit to our website, for example the pages you visit and how you navigate the site, by using cookies (see below).

Purposes for which we may process your personal data

We will only use your personal data for one or more of the following purposes:

  • To perform our obligations with regard to performance of our contract(s) with you: Where we need to do so, we will use your personal data in order to carry out our obligations arising from any contracts entered into between you and us for goods or services.
  • Direct Marketing: From time to time we may use your personal data to provide you with current information about our products and services, changes to our organisation, or new products or services being offered by us or any company with whom we are associated.
  • To respond to requests from you: If you contact us with a query, we may use your personal data to provide you with a response.
  • To verify your identity: We will need to use your personal data in order to verify your identity and to assist you if you have forgotten any user name or password.
  • To monitor and evaluate usage of the website: We may use your personal data in order to improve current and future performance of the website.
  • To process job applications: We may process your personal data if you send or fill in an application form or send us your CV or details in respect of an opportunity to work with us in order to evaluate your suitability and respond to you.
  • To manage our records: We may use your personal data in order to record and deal with any complaint you may have, record a request not to receive further notifications, update you about changes to our website or terms and conditions and for other essential internal record-keeping purposes.
  • To report contraventions of law: We reserve the right to report any breach of the terms and conditions applicable to use of our website which involves a breach of law to the appropriate authorities including the police and any other regulatory authority.
  • To communicate with you: We may use your personal data in order to communicate with you. However, we will only send you information by email, SMS, or phone if you have given us specific consent. If you withdraw your consent and then subsequently opt-in to receive information again, then your most recent preference may supersede.
  • To protect your vital interests: We may process your personal data in order to protect your interests where we reasonably think that there is a risk of serious harm or abuse to you or someone else or where there is a possible breach of law (including a data breach that Is notifiable under Data Protection Law), in which case we may need to contact you to notify you of any breach of data security and the consequences for you (see below).
  • To conduct market research and surveys: We may invite you to participate in surveys or market research to help us improve our website, fundraising, services, and strategic development. Participation is always voluntary, and no individuals will be identified as a result of this research, unless you consent to us publishing your feedback.
  • To comply with legal, regulatory and tax requirements: We may process and disclose your personal data where we are required to do so under a legal obligation.

We will not use personal data without taking reasonable steps to ensure that the information is accurate, complete, and up to date.

Lawful basis of processing

The processing of your personal data which is subject to the EU General Data Protection Regulation will be done only if and to the extent that at least one of the following applies:

  • you have given your consent to the processing of the personal data for one or more specific purposes.
  • the processing is necessary for the performance of our contract with you for the use of the website and service, or in order to take steps at your request prior to entering into a contract.
  • the processing is necessary for compliance with a legal obligation to which we are subject; and/or
  • the processing is necessary for the purposes of the legitimate interests pursued by our company, including the efficient provision of our service, service improvement, and communications.

Consent

If there are additional purposes (other than those identified above) for which we propose to use your personal data, the purposes will be specifically notified to you and your consent requested to the proposed use when we collect your personal data for that specific use. We will always give you the option to decline to provide your personal data or to decline to allow us to use that personal data for the purposes for which we have proposed to use it.

Cookies

When you come to the website, our server attaches a small text file to your hard drive — a cookie. A ‘cookie’ assigns you a unique identifier so that the website can recognise you each time you re-enter the website, so we can recall where you have previously been on our site, and which keeps track of the pages you view on the website. Cookies help us deliver a better website experience to you.

The information collected by using a cookie is sometimes called “clickstream.” We use this information to understand how our users navigate our website, and to determine common traffic patterns, including what site the user came from. We may use this information to make navigation of our website easier and to help redesign the website from time to time in order to make your experience on our website more efficient and enjoyable.

You also have choices with respect to cookies. By modifying your browser preferences, you have the choice to accept all cookies or disable them, to be notified when a cookie is set, or to reject all cookies. If you choose to reject all cookies you will be unable to use those services or engage in activities that require the placement of cookies. Certain aspects of the site may not function properly if you set your browser to reject all cookies.

Who do we share your information with?

We will only share your data with the following categories of recipient:

  • Third-party suppliers: We may need to share your personal data with data hosting providers or service providers who host our website or assist us to deliver our services. These providers will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection clauses.  We will take reasonable steps to ensure that its contracts with third parties include requirements for third parties to comply with Data Protection Law in their handling of your personal data. For personal data subject to the EU General Data Protection Regulation, we will ensure that the model contractual clauses are included in our contractual arrangements with suppliers with which we share your personal data.
  • Law enforcement agencies and other official bodies: We will comply with requests where disclosure is required by law, for example, we may disclose your personal information to the government for tax investigation purposes, or to law enforcement agencies for the prevention and detection of crime. We may also share your information with the emergency services if we reasonably think there is a risk of serious harm or abuse to you or someone else.
  • We always aim to ensure that your personal data is only used by those third parties for lawful purposes in accordance with this Privacy Notice and Policy.

Other disclosure

If a disclosure is not for the purposes we have identified and is not for a reasonably related ancillary purpose or if your upfront consent has not been obtained, we will not disclose your personal data.

Data quality and security

We will review, on an ongoing basis, its collection and storage practices to ascertain how improvements to accuracy of your personal data can be achieved.

We will take steps, to the extent technically practicable, to destroy or anonymise personal data after as short a time as is reasonably possible after requested, unless the law requires otherwise.

Security

We will take all reasonable steps to require employees and contractors to perform their duties in a manner that is consistent with our legal responsibilities in relation to Data Protection Law.

We will review, on a regular and ongoing basis, its information security practices to ascertain how ongoing responsibilities under Data Protection Law can be achieved and improved.

It is important to note, that part of the operation of our website involves sending personal data over the Internet which is beyond our control and we cannot guarantee security of your personal data in transmission (as there are always risks associated with transmitting information across the Internet).

Notification of data breach

In the unlikely event that your personal data is involved in a data breach that is likely to result in serious harm to you, we will inform you and recommend what steps you should take in response to the breach. We will also notify the appropriate supervisory authorities (which in the United Kingdom is the Office of the Information Commissioner and in Australia the Australian Information Commissioner) of eligible data breaches. Each suspected data breach reported to us will be assessed to determine whether it is likely to result in serious harm, and as a result require notification to you.

Your rights as a data subject

You have the following rights as a data subject, by reason of Data Protection Law:

  • The right to request access to the personal data that we hold about you (also known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that it is accurate and that we are lawfully processing it.
  • The right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • The right to withdraw consent. Where our processing of personal data is based on your having given consent, you also have the right as a data subject to withdraw that consent at any time. Specifically, if you do not wish to receive marketing information, you may at any time decline to receive such information by emailing us as per our Contacts page on this website. If the direct marketing is by email you may also use the unsubscribe function. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
  • The right to lodge a complaint. You have the right to lodge a complaint with a supervisory authority. In Australia, this is the Australian Privacy Commissioner at https://www.oaic.gov.au/ and in Spain, the supervisory authority is the Protección de datos vacaciones details for which can be found at https://www.aepd.es/.

If you are subject to the General Data Protection Regulation, the following also apply:

  • The right to request erasure of the personal data that we hold about you (also known as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • The right to request restriction of processing about you. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • The right to object to processing. Where we are processing your personal data solely on the grounds that there is a legitimate interest to do so, and there is something about your particular situation which makes you want to object to processing on this ground, then this enables you to challenge the processing. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • The right to data portability. This enables you to ask us to transfer your personal information to another party in certain circumstances.

If you wish to invoke any of the above rights, please contact us using the details set out in the section of this Privacy Notice and Policy headed “Contacting Us – Complaints and queries”.

Third parties and other Privacy Policies

We may provide links within our website to other websites as part of the facilities and services provided by our website. We do not endorse the content of any linked website or the organisation operating it. Again, if you visit those websites, any personal data you provide, or share will be under the control of that organisation and subject to their privacy policy.

Transferring information overseas

We will not transfer your personal data overseas (meaning, in the case of Australia, outside of Australia and in the case of the EU, outside the European Economic Area) unless required by us to provide our services. If at any time, personal data must be sent overseas by us for sound business reasons, we will require the overseas organisation receiving the information to provide a binding undertaking that it will handle that information in accordance with Data Protection Law, including as part of any services contract we enter into.

Duration of processing

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The appropriate retention period for any given type of personal data depends on a range of factors, including the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which it was collected, and the applicable legal requirements.

Automated decision-making (including profiling) 

We undertake no automated decision-making in respect of data subjects.

Plans for further processing

We have no plans to process personal data for reasons other than the reason for which the data was originally collected.

Changes to our privacy notice and policy

Our Privacy Notice and Policy may change from time to time, so please check this page occasionally to see if we have included any updates or changes, and that you are happy with them because we will not notify you other than in relation to material changes which will be posted as a notification within the website.

The last update to this Privacy Notice and Policy was made on 2 August 2019.