Privacy Policy

This Privacy Policy is applicable to all companies within the SalesPond Group (which includes SalesPond, Datalist and Podiem).

Laws and regulations we adhere to

We are actively monitoring privacy laws globally, and, using the highest standards across them, have developed policies and processes that provide assurance within the company and to our clients, partners and interested parties, that the availability, integrity and confidentiality of their information will be maintained.

We adhere to the core requirements of the Australian Privacy Act that are set out in the Australian Privacy Principles (APPs). The APPs set out how an organisation such as SalesPond should collect, hold, use, and disclose personal information. The APPs also give individuals and households a right to know what information an organisation holds about him or her, and a right to correct it if it is wrong.

This Privacy Policy sets out SalesPond’s common global approach for handling personal information that is regulated by the above acts.

You can review the principles at https://www.oaic.gov.au/privacy/australian-privacy-principles

  • Australian Data Protection Act 1998, and security/privacy provisions in the various Australian Health Acts
  • New Zealand Privacy Act 2020
  • Australian Consumer Data Protection Regulations 2019
  • Australian Prudential Standard CPS 234 Information Security
  • European General Data Protection Regulation GDPR
  • European ePrivacy Provisions
  • The various Privacy Acts in the U.S.A. including, but not limited to California Consumer Privacy Act
  • Philippine Data Privacy Act 2012
  • Malaysia Personal Data Protection Act 2010
  • Japanese Act on the Protection of Personal Information ("APPI") recently amended and the amendments came into force on 30 May 2017
  • Singapore Personal Data Protection Act of 2012 (No. 26 of 2012) (the Act) on October 15, 2012
  • Peoples Republic of China’s:
    • National Standard of Information Security Technology – Personal Information Security Specification (PIS Specification), as amended and effective from October 1, 2020;
    • Guidelines on Internet Personal Information Security Protection, effective from April 19, 2019; and
    • National Standard of Information Security Technology – Guidelines on Personal Information Security Impact Assessment, effective from June 1, 2021.
  • Hong Kong Data (Privacy) Ordinance (Cap. 486) (Ordinance)
  • Canada’s:
    • Personal Information Protection and Electronic Documents Act ('PIPEDA')
    • Personal Information Protection Act ('PIPA Alberta')
    • Personal Information Protection Act ('PIPA BC')
    • Personal Information Protection and Identity Theft Prevention Act ('PIPITPA') (not yet in force)
    • An Act Respecting the Protection of Personal Information in the Private Sector ('Quebec Privacy Act'), (collectively, 'Canadian Privacy Statutes')
  • South Africa’s 2020 Privacy Act (POPIA)
  • Mexico’s Federal Law on the Protection of Personal Data held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) at July 6, 2010
  • Panama’s Bill No. 665 of August 20, 2018, which regulates the protection of personal data.
  • India’s Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules (Privacy Rules), which took effect in 2011
  • In every other jurisdiction SalesPond operates

Types of information we collect

Most of the information we use is from publicly available sources however, the list below outlines the types of items we would gather, however not all of these items will be asked for any single service.

Name (First, Middle, Last) Job Title Department Company Name Phone Number Email Address

When collecting Personal Information our first preference is to collect the information directly from you, as that would be the most accurate. However, in some cases, we are provided personal information about you from our clients, or information suppliers. In these cases we can require them to assure us you have provided your consent for its use, before we use that information.

If we determine your consent has not been provided, we will de-identify or destroy that personal information.

Cookies

Our internet facing applications collect certain personal information by automated means, using technologies such as cookies, session cookies, pixel tags, browser analysis tools, server logs and web beacons. We treat this information as personal information when it is associated with the individual’s contact information. In many cases, this information is not linked to any personal information you may provide and cannot be used to identify you (e.g. website traffic patterns).

However, before we use any cookies or similar programs we will ask for you (see above) for your consent and provide you the means, if you wish to limit or stop the use of cookies.

Pixel tags and web beacons

These are graphic images placed on website pages or in emails that allow us to determine whether the recipient has performed a specific action. When the recipient accesses these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.

For more details about cookies and how to change your cookie preferences see here https://www.allaboutcookies.org/manage-cookies/

Use and disclosure of information

We use personal information about you, only for the purposes contained in a consent received from you, or from our customers.

We will not disclose information that personally identifies you to any third party other than what you have consented to or otherwise required by local Law.

Direct Marketing

If we ask you to agree to allow us or our associates to “direct market” to you, you will be provided the option to accept or decline before we proceed. The default answer will be “No”.

Third Parties & Your Information

We will only collect, store, use or disclose personal information that you have provided consent, either directly or via our clients, unless we are required by law to protect our rights or property (or those of any third party), or to avoid injury to any person, e.g. a court order.

In order to deliver the services that we provide, we, on occasions must disclose your personal information to other organisations, only in relation to providing our services. For example, government agencies as required by law, banks and financial institutions, superannuation funds, health funds and contracted service providers (sometimes called SubProcessors).

We, when needed, will share personal information with business partners, but only, with your consent, either directly or as verified by our customers, and only to the extent required to provide our services.

We take steps to ensure that these organisations are bound by privacy obligations in relation to the protection of your personal information. These include:

  • Inserting these obligations into our contract
  • Doing detailed security and privacy risk analysis of our subProcessors to ascertain their level of compliance matches our own. In some cases we reject SubProcessors who do not meet these standards

Disclosure of Information Overseas

By default we store information in the country we collected it but, when required, will transfer to companies in foreign countries some of your personal information to fulfil the purpose for which it was provided. We will however before doing any such transfers:

  • Verify consent has been provided, as per above
  • Ensure Privacy and Security obligations are covered contractually
  • Do detailed security and privacy risk analysis of our subProcessors to ascertain their level of compliance matches our own

Linked Sites

We have relationships with third party companies who may place advertisements on our sites, as well as perform tracking and reporting functions for us. These partners may place cookies on an individual’s computer when they visit our Sites, in order to display targeted advertisements. These partners are not allowed to collect personal information in this process, and we do not give any personal information to them as part of this process.

Our Sites may link directly to websites operated by third parties (Linked Sites), these Sites are not operated by us. We encourage you to always read the applicable privacy policy of any Linked Site on entering the Linked Site. We cannot control and thus are not responsible for the content or practices of the Linked Sites nor their privacy policies regarding the collection, storage, use and disclosure of your personal information. However, you still have the option of managing their cookies – see https://www.allaboutcookies.org/manage-cookies/

How long will we keep your information?

Only as long as it is needed to perform the purpose it was collected for, or longer if required by local law.

Destruction

Once we no longer need your information we will either destroy or anonymise (de-identify) it.

Protection

We protect your personal information in a secure environment using industry best practice including, among other things:

  • Firewalls
  • Data encryption, both at rest and when transmitted
  • Intrusion detection
  • Anti-Virus and Anti Malware Protection
  • Constant upgrades and patches of systems to minimise the risk of hacking
  • Site monitoring security
  • Limiting internal access to personal information to those personnel who need access to the information in order to do their jobs
  • These personnel are limited in number, have police checks and sign NDAs
  • N+1+ redundancy of key systems
  • Others

These security measures are designed to ensure your personal information is not subject to unauthorised access, loss or misuse however, this security cannot be guaranteed procedures to promptly investigate the incident and determine if there has been a data breach involving personal information, and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with Privacy Law requirements.

Your Rights

Consent

When we collect information from you, before we use that information, we will ask for your consent. We will tell you:

  • What information we propose to collect
  • Why we need the information
  • What we are going to do with that information

We will:

  • Be specific and explicit in our request(s)
  • Ensure you have the means of withdrawing consent at any time either via the website or app or by contacting our Privacy Office at [email protected]
  • Then ask you to renew your consent regularly, just to be sure you are happy to continue

The GDPR

The GDPR confers additional privacy rights to E.U. citizens, however the SalesPond Group believes everyone should have these rights and more, so have included them for all in our internal policies and this Privacy Policy. These include, but are not limited to:

- Right to review the accuracy of your information

You have the right to review the information we hold about you, to ensure it is accurate and we only hold what you have consented to.

- Right to erasure

You can, at any time, request that we delete all personal information which relates to you. We will comply with any such request unless we are required to keep that information for:

  • the public interest;
  • the law will not allow it, e.g. for tax purposes;
  • archiving, research or statistical purposes (which would otherwise be rendered seriously impaired); or
  • the establishment, exercise or defence of legal claims.

- Right to restriction on data processing

In certain circumstances, you may also request a restriction on the processing of your personal data. You can make such a request in the following situations:

  • where you believe that the information held is inaccurate;
  • where the processing is unlawful;
  • where we are storing the information for legal claims, however do not require it for processing purposes; or
  • you have legitimate grounds to object to data processing.

If you make such a request, we will not process any of your personal information without your consent, unless it is for the purposes of storage, legal claims, protecting the rights of another person or it is in the public interest of either the EU or the respective Member State.

- Right to data portability

In certain circumstances, you may request that we provide you with all personal information that relates to you. If this is the case, we will provide you with that information in a structured, commonly used and machine-readable format. Upon request from you, and subject to certain circumstances, we will also transmit that information to another controller.

- Right to object

You have the right to request that your personal information is not processed by us in various circumstances. These circumstances include the pursuit of business interests, direct marketing and profiling. Unless we have legitimate grounds to object to your request, we will stop processing data for the purposes requested.

Access and complaints to us

If you request access to the personal information we hold about you, we will respond to your request within 30 days and, where reasonable and practicable, give access to the information in the manner you request. This will be subject to any exemptions allowed under the local laws.

You may request information or make a complaint by writing to: Privacy Office at [email protected].

Any requests for information should be directed to our Privacy Office at [email protected] and contain 100 points of identification, so we know you are who you say you are. Using the points table below:

You must supply at least ONE Primary document. Foreign documents must be accompanied by an official translation Required on document N = Name, P = Photo, A = Address, S = Signature Points Worth
Passport (current) (current or expired within last 2 years but not cancelled) N-P 70
Citizenship Certificate N 70
Full Birth certificate (not birth certificate extract) N 70
Certificate of Identity issued by the resident Government to refugees and non – local citizens for entry to the country N 70
Local Driver Licence/Learner’s Permit NAP 40
Current (local) Tertiary Student Identification Card NP 40
Photo identification card issued for local regulatory purposes (e.g. Aviation/Maritime Security identification, security industry etc.) NP 40
Current (local) Tertiary Student Identification Card NP 40
Government employee ID (local Federal/State/Territory) NP 40
Defence Force Identity Card (with photo or signature) NP 40
Department of Veterans Affairs (DVA) card NA 40
Benefits card (with reference number) NA 40
Birth Certificate Extract N 25
Birth card (Births, Deaths, Marriages issue only) N 25
Medicare/aid card N 25
Credit card or account card N 25
Marriage certificate (Local Registry issue only) NS 25
Decree Nisi / Decree Absolute (Local Registry issue only) NS 25
Change of name certificate (Local Registry issue only) NS 25
Bank statement (showing transactions) NA 25
Property lease agreement - current address NA 25
Taxation assessment notice NA 25
Local Mortgage Documents - Current address NA 25
Rating Authority - Current address e.g. Land Rates NA 25
Utility Bill - electricity, gas, telephone - Current address (less than 12 months old) NA 25
Reference from Indigenous Organisation NP 25
Documents issued outside the local jurisdiction (equivalent to local jurisdiction documents).
Must have official translation attached
NP 25
TOTAL

SalesPond has appointed “DataRep” as its Data Protection Representative for the purposes of GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK. DataRep has locations in each of the 27 EU countries, the UK, and Norway and Iceland in the European Economic Area (EEA) so you can contact them in your home country. Please click here for the contact details of your country.

Complaints to the authorities

If you are unsatisfied with how we have handled your complaint you can contact your local regulator to complain at:

Austria
Data Protection Council (Datenschutzrat)

www.bundeskanzleramt.at/site/6417/default.aspx (Datenschutzrat : Datenschutz : Fachinhalte : Bundeskanzleramt Österreich) Web page of the data protection council (Datenschutzrat), an advisory body of the federal government (German)

Andorra

www.apda.ad (Agència Andorrana de Protecció de Dades) – Website of the data protection authority of the Principality of Andorra (Catalan)

Argentina

https://www.argentina.gob.ar/aaip (Agencia de Acceso a la Información Pública) – Website of the Argentine data protection agency (Spanish)

Australia

  • www.privacy.gov.au (Office of the Privacy Commissioner) – Website of the Australian federal privacy commissioner (English).
  • http://www.lawlink.nsw.gov.au/privacynsw (privacynsw – Privacy NSW: Lawlink NSW) – Website of the privacy commissioner of the Australian state of New South Wales (English).
  • www.privacy.nt.gov.au (Office Of The Information Commissioner. Northern Territory of Australia) – Website of the information commissioner of the northern territory of Australia.
  • www.privacy.vic.gov.au (Privacy Victoria – Home) – Website of the privacy commissioner of the Australian state of Victoria (English).
  • www.oic.qld.gov.au (Information Commissioner – Welcome) – Website of the privacy commissioner of the Australian state of Queensland (English)
  • www.privacy.gov.au (Office of the Privacy Commissioner) – Website of the Australian federal privacy commissioner (English).

Belgium

www.privacycommission.be (CBPL-CPVP) – Website of the Belgian data protection agency, the Commission de la protection de la vie privée / Commissie voor de bescherming van de persoonlijke levenssfeer (French, Dutch)

Bulgaria

www.cpdp.bg (Комисия за защита на личните данни) – Website of the Bulgarian data protection authority (Bulgarian).

Canada

  • www.priv.gc.ca (Privacy Commissioner of Canada / Commissaire à la protection de la vie privée du Canada) – Website of the Privacy Commissioner of Canada (English, French).
  • www.priv.gc.ca/resource/prov/index_e.asp (Provincial / Territorial Privacy Laws – Office of the Privacy Commissioner of Canada) – Hyperlink page with information on Canadian territorial privacy Laws, oversight offices and government organizations (English)
  • http://dpi.priv.gc.ca (Office of the Privacy Commissioner – Deep Packet Inspection) – Site of the privacy commissioner of Canada on Deep Packet Inspection (English)

Croatia

www.azop.hr (Agencija za zaštitu osobnih podataka – Home) – Website of the Croatian personal data protection agency (Croatian, English).

Cyprus

www.dataprotection.gov.cy (Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα – Αρχική Σελίδα) – Website of the office of the Cypriot commissioner for personal data protection (Greek, English).

Czech Republic

www.uoou.cz (ÚOOÚ – Hlavní stránka) – The website of the Czech office for personal data protection (Czech, English).

Denmark

www.datatilsynet.dk (Datatilsynet: Forside) – Website of the Danish data protection agency (Danish, English).

Dubai

http://dp.difc.ae (DIFC | Data Protection Law) – Website of the data protection agency of Dubai (English)

Estonia

www.aki.ee (Andmekaitse Inspektsioon: Andmekaitse Inspektsioon) – Website of the Estonian data protection agency (Estonian, Russian, English)

Finland

www.tietosuoja.fi (Tietosuojavaltuutetun toimisto – Tietosuojavaltuutetun toimisto) – Website of the Finnish data protection board (Finnish, Swedish, English)

France

www.cnil.fr (CNIL – Commission nationale de l’informatique et des libertés) – Website of the French data protection agency (French, English, Spanish).

Germany

  • www.datenschutz.de (Datenschutz – Ihr gutes Recht! – Virtuelles Datenschutzbüro
  • http://www.datenschutz.de – The virtual data protection office, a portal site of the German data protection agencies (German)
  • www.bfd.bund.de (Internetauftritt des Bundesbeauftragten für den Datenschutz und die Informationsfreiheit) – Website of the German federal data protection commissioner (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit) (German, English, French).
  • www.baden-wuerttemberg.datenschutz.de (Der Landesbeauftragte für den Datenschutz Baden-Württemberg) – Website of the data protection authority of Baden-Württemberg (German).
  • www.datenschutz-bayern.de (Bayerischer Landesbeauftragter fuer den Datenschutz) – Website of the Bavarian data protection authority for the public sector (German)
  • www.regierung.mittelfranken.bayern.de/aufg_abt/abt1/abt1dsa60.htm (Regierung von Mittelfranken) – Website of the Bavarian data protection authority for the private sector (German)
  • www.datenschutz-berlin.de (Berliner Beauftragter für Datenschutz und Informationsfreiheit) – Website of the Berlin data protection authority with links to all other German data protection authorities and the Privacy Magazine (German).
  • www.lda.brandenburg.de (Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg | Startseite) – Website of the data protection authority of Brandenburg (German, English, Polish).
  • www.datenschutz-bremen.de (Der Landesbeauftragte für Datenschutz und Informationsfreiheit Bremen) – Website of the data protection authority of the city of Bremen (German).
  • http://www.datenschutz-hamburg.de/ (Der Hamburgische Datenschutzbeauftragte) – Website of the data protection authority of Hamburg (German).
  • www.datenschutz.hessen.de (Startseite des Hessischen Datenschutzbeauftragten) – Website of the data protection authority of the state of Hessen (German).
  • www.datenschutz.mvnet.de (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Mecklenburg-Vorpommern) – Website of the data protection authority of the state of Mecklenburg-Western Pomerania (German)
  • www.lfd.niedersachsen.de (Der Landesbeauftragte für den Datenschutz Niedersachsen) – Website of the data protection authority of the state of Lower Saxony (German).
  • www.lfd.nrw.de (LfD – NRW) – Website of the data protection authority of the state of North Rhine-Westphalia (German).
  • http://www.datenschutz.rlp.de (Der Landesbeauftragte für den Datenschutz Rheinland-Pfalz) – Website of the data protection authority of the state of Rhineland-Palatinate (German).
  • http://www.lfdi.saarland.de/ (Landesbeauftragter für Datenschutz Saarland) – Public sector data protection and freedom of information in the state of Saarland (German).
  • www.datenschutz.sachsen.de (Der Sächsische Landtag) – Website of the data protection authority of the state of Saxony (German).
  • www.datenschutz.sachsen-anhalt.de (Datenschutz Sachsen-Anhalt) – Website of the data protection authority of the state of Saxony-Anhalt (German).
  • https://www.datenschutzzentrum.de/ (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein) – Data protection website of Schleswig-Holstein (German).
  • www.thueringen.de/datenschutz (Der Thüringer Landesbeauftragte für den Datenschutz) – Website of the data protection authority of the state of Thuringia (German).

Greece

www.dpa.gr (Αρχή) – Website of the hellenic data protection authority (Greek, English).

Hong Kong

www.pcpd.org.hk (Office of the Privacy Commissioner for Personal Data, Hong Kong) – Website of the Privacy Commissioner for Personal Data of Hong Kong (English, Chinese)

Hungary

http://abiweb.obh.hu/abi/ (ABIWEB – Az Adavédelmi Biztos honlapja) – Homepage of the Parliamentary Commissioner for Data Protection and Freedom of Information in Hungary (Hungarian, English)

Iceland

www.personuvernd.is (Persónuvernd. Þínar upplýsingar, þitt einkalíf.) – Website of the Icelandic data protection authority (Icelandic, English).

Ireland

www.dataprotection.ie (Home – Data Protection Commissioner – Ireland) – Website of the data protection commissioner of the Republic of Ireland (English, Irish).

Israel

http://ilita.justice.gov.il (ראשי – ומידע טכנולוגיה למשפט הרשות – (Website of the Israeli Law, Information and Technology Authority (ILITA), home to the Israeli data protection authority (Hebrew, English)

Italy

www.garanteprivacy.it (Garante per la protezione dei dati personali) – Website of the Italian data protection agency (Italian, English).

Japan

www.soumu.go.jp/english/index.html (Ministry of Public Management, Home Affairs, Posts and Telecommunications) – Website of the Japanese Ministry of Public Management, Home Affairs, Posts and Telecommunications (Japanese, English).

Korea

www.kisa.or.kr (한국정보보호진흥원에 오신것을 환영합니다. 음성서비스를 사용하시려면 컨트롤키와 엔터키를 누르세요) – Website of the Korea Information Security Agency (Korean, English).

Latvia

www.dvi.gov.lv/eng (Data State Inspection .|. Homepage) – Website of the Latvian data protection agency (Latvian, Russian, English, hyperlink leads to English page).

Liechtenstein

www.dss.llv.li (Home – Datenschutzstelle) – Web page of the data protection authority of the principality of Liechtenstein (German-language page only, but there is an English translation of the data protection law).

Lithuania

www.ada.lt (Valstybinė duomenų apsaugos inspekcija) – Website of the Lithuanian data protection agency (Lithuanian, English).

Luxembourg

www.cnpd.lu/de (Commission nationale pour la protection des données – Startseite) – Data protection authority of Luxembourg (German, French)

Malta

www.dataprotection.gov.mt (Welcome to Data Protection) – Website of data protection commission of the republic of Malta (English).

Former Yugoslav Republic of Macedonia

http://www.dzlp.mk/index.cfm?lng=2 (Дирекција за заштита на лични податоци) – Website of data protection commission of the former Yugoslav Republic of Macedonia (Macedonian, English).

Mexico

www.ifai.org.mx/DatosPersonales (Protección de Datos Personales) – Website of Mexican data protection authority (Spanish, parts in English).

Monaco

www.ccin.mc (CCIN – Commission de contrôle des informations nominatives – Principauté de MONACO – Site officiel) – Website of data protection commission of the Principality of Monaco (French).

New Zealand

www.privacy.org.nz (The Office of the Privacy Commissioner, New Zealand / Homepage) – Website of the New Zealand data protection agency (English)

Netherlands

www.cbpweb.nl (College bescherming persoonsgegevens) – Website of the Dutch data protection agency (Dutch, English)

Norway

www.datatilsynet.no (Forsiden – Datatilsynet – personvern og informasjonssikkerhet) – Website of the Norwegian Data Inspectorate (Norwegian, English).

Philippines

https://www.privacy.gov.ph

Poland

www.giodo.gov.pl (GIODO Generalny Inspektor Ochrony Danych Osobowych) – Website of the Polish Inspector General for the Protection of Personal Data (Polish, English, French)

Portugal

www.cnpd.pt (Página Principal – CNPD) – Website of the Portugese data protection agency, the Comissão Nacional de Protecção de Dados (Portugese, French, English)

Romania

www.dataprotection.ro (ANSPDCP Dataprotection Romania) – Website of the Romanian national authority for the supervision of personal data processing (Romanian, English).

Sweden

www.datainspektionen.se (Datainspektionen – Vi värnar om din personliga integritet i IT-samhället) – Website of the Swedish Data Inspection Board (Swedish, English).

Switzerland

Slovakia

www.dataprotection.gov.sk (Úrad na ochranu osobných údajov Slovenskej republiky) – Website of the Slovakian data protection authority (Slovakian, English).

Slovenia

www.ip-rs.si (IP-RS: Domov) – Website of the Slovenian information commissioner (Slovenian, English).

Spain

  • http://swww.agpd.es (Agencia de Protección de Datos) – Website of the Spanish data protection agency (Spanish, some texts in English).
  • www.madrid.org/apdcm (La Agencia – Agencia de Protección de Datos de la Comunidad de Madrid – Comunidad de Madrid) – Website of the data protection agency of the city of Madrid (Spanish).
  • www.apdcat.net (Agència Catalana de Protecció de Dades) – Website of the Catalan data protection agency (Catalan, Spanish, English).
  • www.avpd.es (Agencia Vasca de Protección de Datos) – Website of the Basque data protection agency (Basque, Spanish).

Thailand

www.oic.go.th/content_eng/default_eng.asp (Office of the Official Information Commission (O.I.C.)) – English part of the website of the Information Commission of Thailand (Thai, English).

United Kingdom of Great Britain and Northern Ireland

United States of America (USA)

Uruguay

www.datospersonales.gub.uy (Unidad Reguladora y de Control de Datos Personales) – Homepage of the data protection authority of Uruguay (Spanish)