Clipchamp Privacy Policy
1. PURPOSE OF OUR POLICY
1.1 Clipchamp Pty Ltd ABN 89 162 516 556 (we, us or our) understands that protecting Personal Information is important. We have adopted this Privacy Policy to set out the standards we have in place to protect the Personal Information that we collect about individuals.
1.2 This Privacy Policy follows the standards of both:
(a) The Australian Privacy Principles set by the Australian Government for the handling of Personal Information under the Privacy Act 1988 (Cth) (Privacy Act); and
(b) The regulations and principles set by the European Union’s General Data Protection Regulation 2016/679 (GDPR).
1.3 By publishing this Privacy Policy we aim to make it easy for our customers and the public to understand what Personal Information we collect and store, why we do so, how we receive, obtain, store and/or use that information, and the rights of control an individual has with respect to their Personal Information in our possession.
2. WHO AND WHAT THIS POLICY APPLIES TO
2.1 Our Privacy Policy deals with how we handle “personal information” and “personal data” as it is defined in the Privacy Act and the GDPR respectively (together, Personal Information).
2.2 We handle Personal Information as a controller in our own right and also as a processor for and on behalf of our customers and other users.
2.3 Our Privacy Policy does not apply to information we collect about businesses or companies, however it does apply to information about the people in those businesses or companies which we collect.
2.4 The Privacy Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
2.5 If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.
2.6 We consider the protection of privacy of children very important and we have special processes in place for the collection of Personal Information from or about children. These are set out at point 7 below.
3 THE INFORMATION WE COLLECT
3.1 In the course of providing our services and running our business we collect Personal Information. Without limitation, the type of information we may collect is:
(a) Account Information. We may collect personal details such as an individual’s name, geo-location, third-party usernames and contact information when setting up an account for our services;
(b) Contact Information. We may collect information such as an individual’s email address, telephone, residential, business and postal address and other information that allows us to contact the individual;
(c) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide our services;
(d) Sensitive Information. We may collect sensitive information which has a higher level of protection under the Privacy Act and GDPR. For example, we may collect images in stored videos which make an individual’s ethnicity or religion reasonably identifiable;
(e) Statistical Information. We may collect information about an individual’s access and use of our services, including through the use of Internet cookies, their communications with our online services, the type of browser they are using, the type of operating system they are using and the domain name of their Internet service provider, their browser session, geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour for statistical purposes.
(f) Information sent to us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities, or any other Personal Information we request or receive; and
(g) Information from third parties. We may collect Personal Information from third parties, such as where a customer provides us with Personal Information about their users or where we need to access a customer’s content for support purposes and this contains Personal Information about others (for example, images of others).
3.2 Where we collect Personal Information about an individual, which we will maintain it in accordance with this Privacy Policy.
3.3 We may also collect non-Personal Information about an individual, meaning information which does not make any individual reasonably identifiable, such as information regarding their computer, network and browser. Where non-Personal Information is collected the Australian Privacy Principles and the GDPR do not apply.
4 HOW INFORMATION IS COLLECTED
4.1 Most information will be collected in association with an individual’s use of our service, an enquiry about our service or generally dealing with us. However we may also receive Personal Information from sources such as advertising, an individual’s own promotions, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
(a) Registrations/Subscriptions. When an individual registers or subscribes for a service, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;
(b) Supply. When an individual supplies us with goods or services;
(c) Contact. When an individual contacts us in any way;
(d) Access. When an individual accesses our premises physically we may require them to provide us with details for us to permit them such access. When an individual accesses our services through the internet we may collect information such as login details, and using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services. When an individual accesses our services they may opt to share Personal Information with us or opt out of sharing Personal Information with us. Videos on the services will be stored through our third party cloud storage facility and the individual may opt-out of this service. We have access to videos on cloud storage. An individual may also opt to share information with us for the purpose of us storing a copy of the video which we may access and examine for support purposes, including if the video export process encounters an error;
(e) Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened; and
(f) Research. When we contact an individual for market research purposes and collect opinions and preferences.
4.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.
4.3 Where we obtain unsolicited Personal Information (such as by accidental acquisition from a customer) we will either delete/destroy the information, or if we are legally permitted to retain such information, inform the individual that we hold such information.
5 HOW PERSONAL INFORMATION IS USED & DISCLOSED
5.1 In general, the primary principles for our use and disclosure of Personal Information, are that we:
(a) Will only use any Personal Information for the purpose for which it was collected, for secondary purposes related to the purpose for which it was collected, for other purposes with the individual’s permission, or as otherwise permitted or required by law. The purpose of collection is determined by the function or activity for which the information was collected and/or submitted.
(b) Only process Personal Information when we can identify a lawful basis to do so. It is always our responsibility to ensure that we can demonstrate which lawful basis applies to the particular processing purpose.
5.2 If it is necessary for us to disclose an individual’s Personal Information to third parties we will do so in a manner compliant with the Australian Privacy Principles and the GDPR.
5.3 We will not disclose or sell an individual’s Personal Information to unrelated third parties under any circumstances, unless the prior written consent of the individual is obtained.
5.4 How we use Personal Information: We may use Personal Information for the following purposes:
(a) The provision of goods and services between an individual and us;
(b) Verifying an individual’s identity, where reasonably necessary;
(c) Where an individual opts in, storing copies of their videos on the services for our examination where a support request is made, including where a video export error occurs;
(d) Communicating with an individual about:
i Their relationship with us;
ii Our goods and services;
iii Our own marketing and promotions to customers and prospects;
iv Competitions, surveys and questionnaires;
v Market research opportunities;
(e) Internal business purposes, such as accounting, administration and reporting;
(f) Improving our services and creating new services;
(g) Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
(h) As required or permitted by any law (including the Privacy Act and GDPR).
5.5 How we disclose Personal Information: There are some circumstances in which we disclose an individual’s Personal Information, including as follows:
(a) Members of the public where you choose to share a link to a video on our services with them, or where they otherwise access a hosted video you have made public;
(b) Third party service providers for the purpose of enabling them to provide their services to us, including (without limitation) our stock asset providers (such as Storyblocks), cloud data storage providers, web-hosting and server providers, marketing or advertising tools, professional advisors (such as our accountants and lawyers), optional integrated services (such as YouTube and Giphy) and our payment systems operators;
(c) Our employees, contractors and/or related entities;
(d) Our existing or potential agents or business partners;
(e) Sponsors or promoters of any promotions or competition we run;
(f) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a regulator or governmental authority should be made aware of;
(g) Third parties to collect and process analytical data, such as Facebook and Google Analytics or other relevant businesses;
(h) As required or permitted by law (including the GDPR and Privacy Act); and/or
(i) In order to sell our business (in that we may need to transfer Personal Information to a new owner or for due diligence purposes).
5.6 We may utilise third-party service providers to host our services, communicate with an individual, assist us process payments, to assist us with marketing and to store contact details about an individual. These service providers may be located outside of Australia or the European Economic Area. A list of our current third-party service providers is available here.
5.7 An individual who uses our online services will be sending information (including Personal Information) to the United States where our servers are located. That information may then be transferred within the United States or back out of the United States to other countries outside of the individual’s country of residence, depending on the type of information and how it is stored by us. These countries may not necessarily have data protection laws as comprehensive or protective as those in the individual’s country of residence, however our disclosures of Personal Information overseas will always be performed in accordance with the applicable requirements of the GDPR and Privacy Act.
6 Legal Bases For Processing
6.1 Legitimate interests: We will process Personal Information for our legitimate interest to allow individuals to access and use our website, to send marketing content we think may be of interest to customers and prospects, to contact customers about market research; to contact an individual if they leave their contact details with us or if they otherwise initiate contact with us, for our internal business processes, to improve the services and to create new services. Where we rely on legitimate interests the individual has a right to object to our processing of the Personal Information on this basis.
6.2 Performing a contract: We will rely on performing a contract to process Personal Information where we are preparing to enter into a contract with an individual or are carrying out our obligations under a contract with an individual. This includes, where we are setting up an account for an individual and where an individual is using our services.
6.3 Legal obligation: We will rely on a legal obligation to process Personal Information where we are subject to a legal obligation, including if we are reporting illegal activity or we have taxation obligations.
6.4 Consent: If we need to rely on consent, we will ask for affirmative consent to process the specific Personal Information for a specific purpose before we process the Personal Information for that purpose. For example, we will ask you to choose whether you would like to make your hosted videos public or private and we may ask you if you will consent to participate in market research.
7 Privacy & Children
7.1 In the European Union and Australia, if an individual is under 16 years of age, then they must not use or access the service or provide their Personal Information at any time or in any manner without their parent or legal guardian’s verifiable consent.
7.2 In the United States. If an individual is under 13 years of age, we require one of the following:
(a) The child is using the service as part of a school’s account strictly for educational purposes and the school has the child’s parent or legal guardian’s consent to the collection of the child’s Personal Information on behalf of the parent or legal guardian; or
(b) The child has the consent of their parent or legal guardian to share their Personal Information with us, to create an account and/or access the service which we will verify via an email sent to the child’s parent or legal guardian setting out what Personal Information we require, how we will use and disclose that Personal Information and a link to our Privacy Policy. The child’s parent or legal guardian can then input this Personal Information (to create an account for the child and allow the child access to the services) or the child’s parent or legal guardian can choose to refuse to input this Personal Information (restricting the creation of an account for the child and the child’s access to the services). Where the child’s parent or legal guardian refuses to give their consent or does not reply within a reasonable time, we will delete the Personal Information and the parent’s or legal guardian’s contact details.
7.3 Parents and legal guardians who have given consent on behalf of a child may request by contacting us via email to review the Personal Information we hold about the child and ask us to stop collecting, using or sharing the child’s Personal Information.
7.4 If we learn that Personal Information has been collected on the service from persons under the minimum age for that jurisdiction, without verifiable parental or legal guardian consent, then we will take the appropriate steps to delete or destroy such information.
8 Our commitment
8.1 Personal Information will:
(a) Be processed lawfully, fairly and in a transparent manner by us;
(b) Only be collected for the specific purposes we have and Personal Information will not be further processed in a manner that is incompatible with the purposes we have identified
(c) Be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed;
(d) Be kept up to date, where it is possible and within our control to do so;
(e) Be kept in a form which permits us to identify an individual, but only for so long as necessary for the purposes for which the Personal Information was collected; and
(f) Be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.
9 THE SAFETY & SECURITY OF PERSONAL INFORMATION
9.1 Where we no longer require Personal Information for the purpose it was originally collected and we have no other lawful basis for us to continue to hold that Personal Information we will delete or de-identify that Personal Information.
9.2 We have appointed an Australian based Data Protection Officer to oversee the management of this Privacy Policy and compliance with the Australian Privacy Principles, the Privacy Act and the GDPR. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.
9.3 We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
9.4 We use SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our reasonable control.
9.5 We are not responsible for the privacy or security practices of any third party the individual engages with separately from the services we provide. The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
9.6 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
9.7 Where there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information, then:
(a) We will immediately establish the likelihood and severity of the resulting risk to wider rights and freedoms of natural persons;
(b) If we determine we are legally required to notify the security breach, then we will (as applicable) notify:
i The relevant supervisory authority/ies and provide all relevant information on the particular breach; and
ii The affected individuals and provide all relevant information on the particular breach without undue delay.
9.8 We will document the facts relating to any security breach, its effects and the remedial action taken, and investigate the cause of the breach and how to prevent similar situations in the future.
10 Personal Information Rights
10.1 Choice: Individuals should read this Privacy Policy carefully. If an individual provides Personal Information to us, they understand we will collect, hold, use and disclose the Personal Information in accordance with this Privacy Policy. An individual does not have to provide Personal Information to us, however, if they do not, it may affect their use of our Services.
10.2 Unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), the individual can contact us using the details below or opt-out using the opt-out facilities provided in the communication.
10.3 Correction & rectification: If an individual believes that any Personal Information we hold about them is inaccurate, out of date, incomplete, irrelevant or misleading, they can contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, incomplete, misleading or out of date.
10.4 Objecting to processing: Individuals may have the right to object to processing of Personal Information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides the individual’s interests, rights and freedoms, in order to proceed with the processing of the Personal Information.
10.5 Restricting processing: The individual may have the right to request that we restrict the processing of their Personal Information if, they are concerned about the accuracy of the Personal Information; they believe their Personal Information has been unlawfully processed; they need us to maintain the Personal Information solely for the purpose of a legal claim; or we are in the process of considering their objection in relation to processing on the basis of legitimate interests.
10.6 Access, erasure and data portability: An individual may have the right to request details of the Personal Information we hold about them, or to request that we erase the Personal Information we hold about them, or that we transfer this information to a third party.
11 COMPLAINTS AND DISPUTES
11.1 If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the contact details below. We will promptly investigate the complaint and respond, in writing, setting out the outcome of our investigation and the steps we will take in response to the complaint. The individual also has the right to contact the relevant authority in the country in which they are based.
11.2 If we have a dispute regarding an individual’s Personal Information, we both should first attempt to resolve the issue directly between us.
12 Contacting INDIVIDUALS
12.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Where such information is materially important to the individual’s interaction with us, they may not opt out of receiving these communications on the basis of a direct marketing opt out.
13 CONTACTING US
13.1 All correspondence with regards to privacy should be addressed to:
Data Protection Officer
Clipchamp Pty Ltd ABN 89 162 516 556
Level 1, 315 Brunswick St
Fortitude Valley QLD 4006
Australia
privacy@clipchamp.com
An individual may choose to contact the Data Protection Offer via email in the first instance.
14 ADDITIONS TO THIS POLICY
14.1 We may, at any time and at our discretion, vary this Privacy Policy. We will notify individuals if we amend this Privacy Policy, through the contact details provided to us. Any amended Privacy Policy is effective once we notify the individual of the change. We will also post the new Privacy Policy on our webpage.
Last update: 30 July 2020