Last updated: July 1, 2021
Raw Ideas Pty Ltd (“Raw Ideas”,” “we,” or “us”) respects your privacy. This Privacy Policy describes the types of information we may collect from you when you visit the following website: https://www.rawideas.com, all Raw Ideas-owned websites, mobile applications and domains (the “Site(s)”) or use our other products and services that include an authorized link to this Privacy Notice (collectively, the “Services”), how we use the personal data we collect, with whom we share it, how we protect it, and the choices we offer you regarding our collection and use of such personal data.
For purposes of the General Data Protection Regulation (the “GDPR”), the data controller for personal data processed under this Privacy Notice is Raw Ideas.
Most private sector organisations in Australia are required by law to comply with the Australian Privacy Principles (APP) (http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles) and are subject to the Privacy Act 1988 (2014). Raw Ideas is committed to comply with these principles.
We follow the following principles in order to protect your privacy:
Personal information is defined under the Privacy and Personal Information Protection Act (NSW) 1998 (PPIPA) as ‘information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Personal information includes such things as an individual’s fingerprints, retina prints, body samples or genetic characteristics…’.
We may collect data relating to identified or identifiable individuals, and certain other information connected with that data (“personal data”) from users in a variety of ways, which vary depending on the context in which we process that personal data:
2.1 Data we collect from you – We collect personal data from you directly, for example, when you complete a registration form or provide data through our Service.
2.2 Data we receive from others – We receive personal data from third parties with whom we have a relationship. For example, we may receive certain personal data from a vendor operating on our behalf, or from our clients.
2.3 Data collected automatically – We may collect certain personal data automatically, for example, we collect Device/Network Data automatically using cookies and similar technologies when you browse our Site.
2.4 We generally process the following categories of personal data (note specific data elements are examples and may change):
Raw Ideas takes reasonable steps to ensure that the personal data held is protected from loss, misuse, alteration or unauthorised access. Your information is stored electronically and protected through the use of computer and network security technologies, such as intrusion prevention software, external email filtering and password protection to restrict access to authorised staff for approved purposes, and secure personal information from unauthorised access, modification, disclosure, misuse or loss.
This section relates to the Raw Ideas handling of face data collected using the Xperience application (App). The App is used to capture User Generated Content (UGC) which includes (but is not limited to) photographs, animated GIFs and videos. This UGC may include face data, which is limited in this context to a visual representation of a consenting user and is only used for the purposes within the App. Raw Ideas does not sell or transfer UGC, face data or any other data to any third party organisations. Xperience Portal account holders have access to selected user data collected (including event photos) and should make available any usage or privacy policies to users prior to interaction. Raw Ideas provide the ability to add acceptance criteria within the data collection process and it is the accounts holders responsibility to obtain the appropriate user consent prior to collecting any information, including face data.
The App is used in conjunction with the Xperience Portal platform and requires an account to be created prior to use. An event must be created by an account user in order to capture user details (i.e., first name, last name, email, mobile etc) and/or photos. When using the App, videos or photographs are captured only via the camera (if the user has granted permission for the App to access the camera). The App does not access the devices camera roll or any other local library at any time. The App will only obtain the specific videos or images taken and submitted using the App; Raw Ideas does not collect photo albums even if the user grants access to them. Each video or photograph that is uploaded using the App is uploaded to an Amazon Web Services (AWS) S3 storage bucket that is private and only accessible with access keys from with a specific IP range, which is secured with 2 Factor Authentication (2FA) and password which is changed every 90 days. The objects (i.e., User Generated Content) within the S3 bucket cannot be listed, modified or accessed unless specifically made public.
User generated content is stored in event subfolders within an S3 bucket and due to the sharing nature of the App, individual objects are made public for viewing purposes only. Please note that while the App does not require or request any metadata attached to the photos uploaded, metadata (including, for example, geotags) may be associated with photos by default. Raw Ideas do not use any metadata that may be associated with the User Generated Content created when using the App.
User generated content is stored in S3 with a randomised string in the filename and has no personal identifiable information for any individual who has either interacted with the App or who may have been engaged in an activity relating to the use of the App.
Raw Ideas has implemented reCAPTCHA to reduce spam and ensure secure site logins and communications received via contact forms from humans, not bots. ReCAPTCHA collects personal information from users to make this determination of whether they're human and not a bot. First, the reCAPTCHA algorithm will check to see if there's a Google cookie placed on the computer being used. Then, an additional reCAPTCHA-specific cookie will be added to the user's browser, and a complete snapshot of the user's browser window at that moment in time will be captured, pixel by pixel.
Some of the browser and user information collected at this time includes (but is not limited to):
For more information visit: https://developers.google.com/recaptcha
Communication, engagement and actions taken through external social media platforms that Raw Ideas participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. Raw Ideas will never ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
We may collect and use personal data for the following purposes:
4.1 To create and maintain your account. We process the Identity Data, Contact Data, and other personal data you provide when you register for a user account as necessary to provide and maintain your account, to authenticate your right to access our Services, and as otherwise necessary to carry out our contractual obligations to you or provide you with the features and functionality you request. In connection with our legitimate interests, we may also use this personal data to provide you with important updates regarding your account, service downtime, or other transactional or informational materials.
4.2 To process transactions. We process the Identity Data, Contact Data, Commercial Data, and Financial Data and other personal data you provide as part of a commercial transaction as necessary to process those transactions, process a payment or other financial transaction, process the assessments you submit or request, and review scoping inquiries made on the Sites or otherwise as necessary for performance of our contractual obligations to you, including as applicable, order confirmation, billing, and delivering products or services. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests.
4.3 Internal Processes and Service Improvement. We may use Identity Data, Contact Data, Device/Network Data, Commercial Data, and any other personal data we process as necessary in connection with our legitimate interests in improving the design and performance of our Services, to create a personalized user experience, and for ensuring the security and stability of the Services. Specifically, (i) we may use this data to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc., and we may also use this information in connection with the provision of new features, products, and analytics tools to be used by other clients; (ii) we may personalize the Service by greeting you by name, or associating users with particular customers; and (iii) we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our clients or users. We do this on the basis our legitimate interests.
4.4 Aggregate Analytics. We may process Identity Data, Device/Network Data and Commercial Data create aggregate analytics relating to trends in how our Services are used and perform, about patterns and trends among clients and responses to surveys/questionnaires, and to understand which aspects of our Services most relevant to users, and to create other reports regarding surveys/questionnaires, transactions and other aspects regarding the use of our Services. We perform this processing on the basis of our Legitimate Interests.
4.5 To respond to your inquiries. We will use your Contact Data and other personal data you may provide as necessary to respond to your inquiries, questions and/or other requests for information. We do this on the basis of our contractual obligations to you, our legal obligations, and our legitimate interests, depending on the nature of your inquiry.
4.6 Marketing Communications. We may process Identity Data, Device/Network Data and Contact Data in connection with our marketing and promotional communications if you sign up for such communications, or of you inquire about or register for our Services. We may also process Device/Network Data and Contact Data when you interact with our communications in connection with our interest in understanding communication response and open rates. When you sign up for marketing communications, we send you emails based on your consent, and any other processing is performed on the basis of our legitimate interests.
4.7 Exceptional Purposes. We may, without your consent or further notice to you, and to the extent required or permitted by law, process any of your personal data for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest or as required by a public authority. Please see the data sharing section for more information about how we disclose personal data in extraordinary circumstances. We may also send you communications required by law or which are necessary to inform you about our changes to the Services we provide you, for example, updates to this Privacy Notice and other legally required notices or information. We process data for these purposes as necessary in connection with our obligations to comply with laws, to protect the vital interests of natural persons, or because the processing is in the public interest, depending on the specific nature of the request.
4.8 To fulfill any other purpose for which you provide personal data. We may use your personal data for purposes that we make known to you at the time of collection of such information or otherwise upon your consent. If we process personal data in connection with our Services in a way not described in this Privacy Notice, this Privacy Notice will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it.
4.9 Data Sale. We do not sell your personal information.
The security of your personal data is important to us. We have adopted generally accepted industry standards in connection with our data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal data, username, password, transaction information, and data stored on the Sites. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
We may disclose personal data about you in the following ways and/or to the following third parties. Note, we may disclose aggregated, or anonymized information without restriction:
6.1 Affiliates. In order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your personal data with any of our current or future affiliated entities, subsidiaries, and parent companies.
6.2 Agents, Service Providers, and other Business Purposes. To contractors, service providers, and other third parties we use to support our business, provide the Services, who complete transactions or perform services on our behalf or for your benefit, or otherwise in connection with our other legitimate business interests. For example, we may use cloud-based hosting providers to host our Services or may disclose information as part of our own internal operations, such as security operations, internal research, etc.) When we disclose information for business purposes we may disclose Identity Data, Contact Data, Face Data, Financial Data, Device/Network Data, and Commercial Data.
6.3 Marketing. With your consent or where otherwise permitted by applicable law, to third parties for their own direct marketing purposes, to provide you with information about products that may be of interest to you, and for other purposes as specifically set forth in this Privacy Notice.
6.4 Legal Process. In limited circumstances, we may, without notice or your consent, Process your personal data, any communications sent or received by you, and any other information that we may Process from time to time, to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your personal data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your personal data to such parties.
6.5 Certain Business Transfers. Your personal data may be shared if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, personal data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
6.6 Consent. We may share your personal data when and with the parties to whom you consent or direct us to share your data.
To the extent required under applicable law, and subject to our rights to limit or deny access/disclosure under applicable law, you may have the following rights in your personal data. You may exercise your rights by contacting us using the contact information below. Note, we may require that you provide additional personal data to exercise these rights, e.g. information necessary to prove your identity.
7.1 Correct your personal data. You can correct any errors in the personal data we hold about you. For other requests, please contact us.
7.2 Access your personal data. You have the right to view or request a copy of any personal data that we hold about you. For more information on how to make such a request, please visit: https://www.oaic.gov.au/privacy/your-privacy-rights/your-personal-information/access-your-personal-information/.
7.3 Erasure. To the extent required by applicable law, you may request that we delete your personal data from our systems. It may not be possible for us to delete all the information we hold about you. For example, we may be required or permitted by law to retain some personal data is certain circumstances. Please contact us to discuss how we can assist you with your request.
7.4 Withdraw Consent. When we process your information on the basis that you have consented to such processing, you have the right to withdraw your consent at any time by contacting us using the contact information below or using the opt-out procedures we may make available from time to time.
7.5 Objection. You may have the right under applicable law to object to our processing of your personal data that we undertake without your consent as in connection with our legitimate business interests. You may do so by contacting us re: data rights requests. Note that we may not be required to cease, or limit processing based solely on that objection, and we may continue processing cases where our interests in processing are balanced against individuals’ privacy interests, or where we are otherwise not obligated to limit or cease processing.
7.6 Complaints. If you believe that your privacy has been infringed or a breach has occurred, you are entitled to complain. All complaints should initially be in writing and directed to privacy@rawideas.com. Raw Ideas will respond to your complaint as soon as possible, within 14 working days and attempt to resolve the complaint within 30 days.
7.7 Unsubscribe. You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. If you receive marketing emails from us, you can unsubscribe by clicking “unsubscribe” within each email. You may not have the right to opt-out of certain Service-related communications, transactional communications, or other messages which are not promotional in nature.
We retain personal data for the periods stated above, or if none, for so long as it remains relevant to its purpose or for so long as is required by law (if longer). As we process personal data on behalf of our clients, we may retain information for the periods requested by the client or delete information upon the client’s request. We will review retention periods periodically, and if appropriate, we may de-identify or anonymize data held for longer periods.
You may find advertising or other content on the Sites that link to the websites and services of our partners, suppliers, advertisers, sponsors, licensors, and other third parties. We do not control the content or links that appear on these websites and are not responsible for the practices employed by websites linked to or from the Site. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy policies and customer service policies. Data collection and processing on any third party site, or by any third parties, will be subject to that website or party’s own terms and policies.
10.1 We, and certain third parties, may process Device/Network Data and Inference Data when you interact with cookies and similar technologies on our Site. A cookie is a small file, which often includes an anonymous unique identifier, which is sent to your browser from a website’s computers and stored on your computer’s hard drive. Together with other similar technologies, these technologies may reveal information such as Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our Site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the Site. We may also receive this data from third parties to the extent allowed by the applicable partner. The privacy policies of third parties may apply to these technologies and information collected. Note, some of these technologies can be used by third parties to identify you across platforms, devices, sites, and services. Clients may also have access to information, such as reports and analytics, generated through these services. See below for information on how to opt out of the use of these technologies.
10.2 In connection with our legitimate interests in providing and improving the user experience and efficiency of our Services, and understanding information about the devices and demographics of visitors to our Services, we use the Device/Network Data and Inference Data (i) for “essential” or “functional” purposes, such as to enable various features of the Services such as your browser remembering your username or password, maintaining a session, or staying logged in after a session has ended; and (ii) for analytics and site performance purposes, such as tracking how the Services are used or perform, how users engage with and navigate through the Services, what sites users visit before visiting our Services, how often they visit our Services, and other similar information.
10.3 You can modify your settings with respect to cookies and similar technologies by following the instructions provided by your browser. These instructions are usually found in the “Tools,” “Help” or “Edit” tabs. If you set your browser to disable cookies and similar technologies, you may not be able to fully access and use our Sites. You must opt out of third-party services directly via the third party. For example, to learn more about or opt-out of Google’s analytics services, visit Google Analytics Terms of Use, the Google Privacy Policy, or Google Analytics Opt-out. Please note, currently our Service does not respond to your browser’s do-not-track request.
10.4 Our website uses Google Analytics. Google Analytics is a service which transmits traffic data to Google Servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand traffic and usage of our website.
10.5 If you access our Services using a mobile device, you may adjust the settings on your mobile device to allow or prevent the sharing of location information, if it is requested. For example, you can disable “Location” (or “Location Services” on iOS-based devices) on your mobile device to prevent sharing your location information with us. Please refer to instructions provided by your mobile service provider or the manufacturer of your mobile device to learn how to adjust your mobile device settings. Please note that if you disable the sharing of location information, you may be unable to access some features of our Sites that are designed for mobile devices.
We have the discretion to update this Privacy Notice at any time. When we do, we will revise the updated date at the top of this page. If we make material changes to this Privacy Notice, we will notify you here, by email, or by means of a notice on the Site prior to the change becoming effective. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal data we collect. You acknowledge and agree that it is your responsibility to review this Privacy Notice periodically and become aware of modifications.
The Sites are not directed to, and we do not knowingly collect or solicit personal data from, children under the age of 18 without written or verbal consent from a parent or guardian. If we learn we have collected or received personal data from a child under the age of 18 without such consent, we can delete that information by request of an authorised party. If you believe we might have any information from or about a child under the age of 18, please contact us using the contact information below.
Raw Ideas is based in the State of New South Wales in Australia. When we process personal data about you, we may transfer, process, and store such information outside of the country in which you reside, including in Australia. Australia may have different data protection laws than those in the country where you reside.
If you have any questions about this Privacy Policy, the practices of the Sites, or your dealings with us, please contact us at:
Privacy Office
Raw Ideas Pty Ltd
+61 2 8079 0000
privacy@rawideas.com