We are Seethrough.com (‘SeeThrough’, ‘See Through™’, ‘we’, ‘us’ and ‘our’). We provide the See Through™ website, product and associated products worldwide. SeeThrough is owned by MGM Wireless Holdings Pty Ltd (MGM). This business is a fully owned subsidiary of MGM Wireless Ltd, a Public Company listed on the Australian Stock Exchange (ASX company code: MWR) ABN 93 091 351 530. For the purpose of this and related policies MGM are the data controller.
When you use our products and services, we understand that you trust us with your information – we are committed to keeping that trust. That starts with helping you understand our privacy practices and your choices regarding this information, including for SeeThrough users in the European Economic Area (EEA) the EU General Data Protection Regulation 2016/679 (GDPR) and for Australian users, in accordance with the Privacy Act 1988 (Cth) (Australian Privacy Act) where applicable.
WHAT PERSONAL DATA WE COLLECT, HOLD AND USE
We will only collect personal data from you if it is reasonably necessary to provide services to you. We will only collect personal data for the purposes for which we advised you we were collecting it for or a related purpose which would reasonably be expected or otherwise with your permission.
The types of information we collect depends on how you use our products and services.
Personal data we may collect and hold includes:
- Personal Information: first name, last name, username, or similar identifier, date of birth, gender, suburb and postcode
- Contact Data: billing address, email address and telephone numbers
- Financial Data: payment card details, credit history, service history
- Transaction Data: details about payments to and from you and other details of products and services you have purchased from us
- Usage Data: Internet Protocol address (IP address), browser type, browser version, service pages visited, visit logs, unique device identifiers
- Profile Data: username, password, security pin, profile picture and preferences
- Location Data: Geographical GPS location data, IP Location
- Images and videos, messages, files, contacts you share
- We will generally not be required to collect sensitive information about you. We will only do so if it is considered reasonably necessary for us to collect such information for us to perform our functions or activities and you consent, or collection is required by law or another exception under the GDPR or Australian Privacy Act applies.
HOW WE COLLECT YOUR PERSONAL DATA
We will generally collect the above personal data from you directly. We collect personal data from you in various ways such as when you set up an account with us, communicate with us, when you fill in an application form or survey, if you apply for a job with us, if we provide a product or service to you, or when you participate in any of our activities.
We may also collect data and personal information about individuals from third parties like credit reports, marketing mailing lists, and public information (including public posts to social network sites) and commercially available personal, identity, geographic and demographic information. This can include information gained from our partners, including our business and commercial partners, credit reporting bodies and automatically, including through Web Servers (as further set out below):
Website Servers: When you access our website and online services the Web Server Data listed above is collected. We advise Google Analytics Demographic and Interest reporting may be used to develop specific offers or advertising from time to time.
Our Cookies Policy details the types of Cookies we use to run our service and your options regarding Cookies. Our current cookies policy can be viewed and downloaded from our website at www.seethrough.com.
If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly at email@example.com.
THE PURPOSES FOR WHICH WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL DATA
We collect personal data which is reasonably necessary for one or more of our functions as noted above and including to:
- Maintain your account and contact details;
- Allow you to download and purchase our products and services;
- Process transactions and end user related information, including confirmations and invoices;
- Communicate with you;
- Facilitate communication between you and other parties you choose to communicate with;
- Provide you with access to protected areas of the site;
- Verify data for accuracy and completeness;
- Improve the quality of our services and develop new ones;
- Help our services deliver more useful, customized content;
- Keep you posted on software updates, technical updates, security alerts and support and administrative messages;
- Send marketing communication to you;
- Provide you with recommendations for other products or systems we own;
- Conduct surveys to determine use and satisfaction;
- Comply with our legal obligations;
- Protect a person’s rights, property or safety;
- Credit reporting purposes;
We will not use or disclose this data for a secondary purpose unless you consent to us doing so, or under the circumstances involved we believe you would reasonably expect us to use or disclose the data for a secondary purpose and that secondary purpose is related to the primary purpose.
In the unlikely event that we hold sensitive data about you, we will only disclose or use that data with your consent or if the disclosure is directly related to the primary purpose.
Please note that we will also use or disclose your personal data or sensitive data if we are required to do so by law or a court/tribunal order; or if we reasonably believe that the use or disclosure of the data is reasonably foreseeable for an enforcement related activity or on behalf of an enforcement body, in which case we will make a written note of the use or disclosure or another exception applies under the Australian Privacy Act or GDPR.
LAWFUL BASIS FOR PROCESSING PERSONAL DATA UNDER THE GDPR (for users in the EEA)
For users in the EEA, we will only use and process your personal data in the following circumstances:
- Where you have provided explicit consent. You have the right to withdraw consent you provided to us at any time by contacting us.
- Where we need to comply with a legal or regulatory obligation.
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Depending on the situation you can withdraw your consent by emailing firstname.lastname@example.org. Where we are using your information because of a legitimate interest to do so, you have the right to object to that use, however, if you do so it may mean that it is not possible for you to continue using the services.
ANONYMITY AND PSEUDONYMITY
We allow our customers to transact with us anonymously or by using a pseudonym, wherever that is reasonable and practicable. However, this will not be possible if we are required or authorised by law or other instrument to deal with customers who have been appropriately identified; or where it is impracticable for us to deal with individuals who have not identified themselves or who prefer to use a pseudonym.
WHO DO WE DISCLOSE YOUR PERSONAL DATA TO?
Because ST is part of a global business and group of companies, information may be shared with other related business units around the world.
We work with other companies that help us provide our systems and services to our customers, and we may provide data to these companies for the purpose of providing the services and products to you and to facilitate our interests as stated above. Those service providers will only be provided with access to your information as is reasonably necessary for the purpose that we have engaged the service provider, and we will require that such third parties comply with our Standards and all applicable laws.
To enable us to provide you with data about our products and services we may disclose your personal data to credit reporting agencies and other third parties. The data we may disclose for credit reporting purposes includes, amongst other things:
The fact that you have applied for credit and the amount;
The fact that we are a credit provider to you; and Payments which become overdue and for which debt collection action has started.
We may also use your personal data to:
- Obtain from a credit reporting agency a credit report containing personal data about you in relation to commercial credit provided by us;
- Obtain a report containing information about your commercial activities or commercial creditworthiness from a business which provides information about the commercial creditworthiness of a person;
- Obtain a report from a credit reporting agency and other information in relation to your commercial credit activities.
We may also disclose your personal data to third parties to whom you expressly ask us to send the personal data to or to third parties you consent to us sharing your personal data with.
DEALING WITH UNSOLICITED PERSONAL DATA
If we happen to receive personal data about you from a source other than you, or it is data provided by you which we did not request, we undertake to determine, within a reasonable period, if we could have requested such personal information where applicable in accordance with the Australian Privacy Act or the GDPR and handle the unsolicited information accordingly.
INTERNATIONAL TRANSFER OF PERSONAL DATA
We operate on a global scale – as such the international transfer of data is an essential element of our business operations, for example, we may store and process personal data in a cloud service hosted outside the EU or Australia in any country in which we or our partners maintain their data.
We have a rigorous selection process and work only with affiliates and service providers that offer the same level of security and data protection as we do. We make sure to have a contract signed with each third party that guarantees their confidentiality and dedication to the safekeeping of your personal data in accordance with the applicable laws.
We may also transfer your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body. We will always take steps to ensure that any international transfer of data is carefully managed to protect your rights and interests and only transfer your personal data utilising encryption and pseudonymisation activities.
You have the right to ask for more information about the safeguards we have put in place as mentioned above. Contact us as set out in the details below if you would like further information.
ADOPTION, USE OR DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS
As a general practice we do not collect or use government related identifiers. In any event we will not use or disclose a government related identifier unless it is reasonably necessary for an enforcement related activity by or on behalf of an enforcement body. We may also use or disclose a government related identifier related to you if we are allowed or required by law or regulation to do so.
QUALITY OF PERSONAL DATA
We take all steps reasonable in the circumstances to ensure that the personal data we collect from you is accurate, up to date and complete. Where we collect data from you directly, we rely on you to supply accurate and we may not consider that further steps are required. We will also ensure that all steps reasonable under the circumstances are taken to ensure that the personal data we use or disclose is, when considered in relation to the purpose for which we are using or disclosing the data, accurate, up to date, complete and relevant.
PROTECTION OF PERSONAL DATA
We will take all reasonable steps to protect your personal data from misuse, interference, loss, unauthorised access, modification and unlawful disclosure. Personal data that is no longer needed will be deleted or anonymized.
How you can protect your data
We urge customers to take every precaution to protect their personal data by changing passwords often, using a combination of letters and numbers, and make sure a secure browser and internet connection is used.
How we protect your data
We safeguard the security of the data with physical, electronic and managerial procedures. We use industry best practice encryption for all our services including Devices, Applications, Websites and Communications.
All data is stored and processed in infrastructure restricted to centres based in Australia. The environment utilises state-of-the-art network security electronic surveillance, physical security and multi-factor access control systems to protect client data. The data centres are staffed 24×7 by trained security teams.
We use purpose-built, integrated firewall and virtual private network (VPN) security appliances and systems which ensures the highest level of protection.
Police Background Checks
A condition of engagement of all our employees, consultants, contractors and sub-contractors, communication service providers and advisors is that they successfully pass Police Background checks for nay prior child safety/ or sexual offences. Any child safety or related offence results in the immediate termination of our relationship with that individual or organisation.
NOTIFIABLE DATA BREACH
In the event that there is a personal data breach and we are required to comply with the notification of eligible data breach provisions under Australia privacy laws, the GDPR and/or any other regulations or legislations, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.
We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible.
In the case of a personal data breach in the EEA we will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the ICO in accordance with the Data Protection Act 2018 and the GDPR.
If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.
Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the relevant Supervisory Authority (for users in the EEA).
We will then review the incident and take action to prevent future breaches.
YOUR RIGHTS OF ACCESS TO, AND CORRECTION OF, PERSONAL DATA
The laws of some countries grant particular rights in respect of personal information. Users in those jurisdictions may have the right to:
- Request a copy of your information;
- Request that we correct inaccuracies relating to your information;
- Request that your information be deleted or that we restrict access to it;
- Request a structured electronic version of your information;
- Object to our use of your information.
Should you wish to make a request in respect of your personal information please contact us at email@example.com.
In some circumstances we may not be able to comply with a request that you make in respect of your personal data. For example, we may not be able to provide a copy of your information where it infringes on the rights of another user. We may also be required to retain certain information that you ask us to delete for various reasons, such as where there is a legal requirement to do so. In some cases, you may have shared your information with third parties, such as by publishing a design on a third party’s website. In that case we will not be able to delete the information, and you will need to contact that third party directly.
If we are unable to resolve your request, or if you are concerned about a potential violation, you may be entitled to report the issue or make a complaint to the data protection authority in your jurisdiction.
You may have specific rights in relation to your information depending on where you live.
Whilst our products are aimed at supporting guardians and holders of parental responsibility to make informed decisions about the education of their children, we do not knowingly solicit personal information from children and the services are not offered to children.
PRIVACY – ENQUIRIES, REQUESTS, COMPLAINTS, BREACHES
If you think your personal data, held by us, may have been compromised in any way or you have any other Privacy related complaints or issues, you should also raise the matter with a representative of our customer service team as soon as possible.
We will take all reasonable steps to ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.
If we do not resolve your enquiry, concern or compliant to your satisfaction or you require further information in relation to any privacy matters, please contact the relevant Supervisory Authority, whose contact details are below.
Office of the Australian Information Commission (Aust)
1300 363 992
Level 3, 175 Pitt Street, Sydney NSW 2000
GPO Box 5218, Sydney NSW 2001
Information Commissioner’s Office (UK)
+44 (0) 303 123 1113
Wycliffe House, Water Lane, Wilmslow SK9 5AF
+61 (08) 8104 9588
154 Fullarton Road, Rose Park SA 5067, Australia
Last update: 12/09/2019