This is how Sumday collects, uses and protects your personal information.
Local Carbon Pty Ltd ACN 650 359 489 trading as Sumday (we, us, our) understands that protecting your personal information is critically important. This privacy policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you — how we collect and handle your personal information, and what choices you have with respect to that personal information. Personal information is defined in the Privacy Act 1988 (Cth) (the Act).
This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles. You may have additional rights if you are located in the European Union or European Economic Area (EU) under the General Data Protection Regulation 2016/679, and if you are located in the United Kingdom (UK), under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK.
Where you subscribe to the Sumday service, the Sumday Terms and Conditions (available here) contain additional terms and conditions in relation to our collection and use of other, non-personal information that you provide to us in connection with the Sumday service.
We may make changes to this privacy policy from time to time, including to reflect changes to our website, products or services that may impact how we handle personal information. If we make a change, we will upload the revised privacy policy to our website, so we recommend you check back regularly to review any changes. Changes to this privacy policy will apply from the date that we upload the revised policy to our website, and your continued use of our website, the Sumday service or our other services after that time constitutes your acceptance of the changes.
Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.
The types of personal information we may collect about you include:
We collect personal information in a variety of ways, including:
We use and disclose personal information for the following purposes:
We may disclose personal information to:
While we store personal information in Australia, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.
Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to work with you as a customer or supplier of our business.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Restrict and unsubscribe: To object to processing for direct marketing / unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.
Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.
We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.
We may enable you to post reviews, comments, photos and other user-generated content. Any content you choose to submit will be accessible by anyone, including third parties not associated with us. We have no control over how others may use or misuse information you make publicly available. We are not responsible for the privacy, security or accuracy of any user-generated content you choose to post or for the use or misuse of that information by any third parties.
We may use cookies, tracking pixels and similar technologies on our website and in our emails from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Tracking pixels are tiny, invisible images (typically the size of one pixel) embedded in web pages or emails. Cookies and tracking pixels, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie or collected by tracking pixels. Unlike cookies, tracking pixels do not store any information on your device, but instead send information to our servers when the pixel is loaded.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.
You can block tracking pixels by using ad-blocking or privacy-focused browser extensions. Some email providers allow you to block images by default, which can prevent tracking pixels in emails from loading.
However, if you use your browser settings to block all cookies (including essential cookies) and tracking pixels, you may not be able to access all or parts of our website and you may not receive personalised content.
Google Analytics: We may use Google Analytics Advertising Features. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. These cookies and identifiers may collect Technical and Usage Data about you. You can opt-out of Google Analytics Advertising Features using the Google Analytics Opt-out Browser add-on (here). To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here.
Facebook / Meta Analytics: We may use tools provided by Meta, such as the Meta Pixel, advanced matching, and Conversions API. These allow us to measure ad performance and deliver ads that may be relevant to you on Meta platforms based on your activity on our website or app. You can control whether we can join data from third-party partners with your Meta account for ads by adjusting your preferences within Meta’s settings, including Off-Facebook activity. For more information, please see Meta’s Privacy Policy here.
If you have any questions about this privacy policy, or if you would like to request access to, or correction of, your personal information, or to make a complaint, you can contact us via email at privacy@sumday.io.
Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy above and this Appendix carefully and contact us if you have any questions.
This Appendix applies to the personal information set out in the Privacy Policy above. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.
We collect and process personal information about you only where we have legal bases for doing so under applicable laws. The table below describes all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.
If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer doing business with us. Further information about your rights is available below.
| Purpose of Use / Disclosure | Type of Data | Legal Basis for Processing |
|---|---|---|
| To enable you to access and use our services, including to manage your subscription. |
| - Performance of a contract with you |
| To assess whether to take you on as a new client, including anti-money laundering, anti-terrorism, sanction screening, fraud, and other background checks. |
|
|
| To do business with you, including dispatching and delivering products or services. |
| - Performance of a contract with you |
| To communicate with you about our business, including responding to support requests or other inquiries. |
| - Performance of a contract with you |
| To respond to website inquiries. |
| - Legitimate interests: ensuring the best client experience |
| For internal record keeping, administration, invoicing, and billing. |
|
|
| For analytics, market research, and business development, including improving our website and marketing strategy. |
| - Legitimate interests: keeping our website updated and relevant |
| For advertising and marketing, including sending promotional information about events and experiences. |
| - Legitimate interests: to develop and grow our business |
| If you have applied for employment with us, to consider your application. |
| - Legitimate interests: considering your employment application |
| To comply with legal obligations or if otherwise required or authorised by law. | — | - To comply with a legal obligation |
The countries to which we send data for the purposes listed above may be less comprehensive than what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy Policy and Appendix 1. This includes:
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
You may request details of the personal information that we hold about you and how we are processing it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation.
If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the details set out above in our Privacy Policy or the details set out below.
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group (Prighter) with its local partners as our privacy representative and your point of contact if you are located in the EU or the UK. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data).
