Privacy Policy
This privacy policy was last updated 08/04/24
About our Privacy Policy
- The privacy of your Personal Information is important to Grineo. We respect your rights to privacy and rights under the Privacy Act and are committed to complying with the requirements of the Privacy Act in the collection and handling of your Personal Information.
- This policy explains how we collect, retain, process, share, transfer and handle your Personal Information and describes the kinds of Personal Information we collect, use, and disclose and our purposes for doing so.
- When we undertake activities in Australia, or if you are located in Australia, we are regulated by the Privacy Act, the Australian Privacy Principles and other applicable laws and codes in relation to your personal information.
- We use some defined terms in this policy. You can find the meaning of each defined term at section 2 of this policy.
- Personal Information is information which may be used to reasonably identify you. For example, your name, address, date of birth, gender, email address, telephone number is generally considered to be Personal Information. Personal Information may also include information we collect about your individual preferences. We do not collect Sensitive Information from you.
- This policy applies to your Personal Information when you use our Website or App, and interact generally with us but does not apply to Third Party Sites. We are not responsible for the privacy policies or content of Third Party Sites.
- For the avoidance of doubt, unless stated otherwise, this policy will govern our collection of your Personal Information irrespective of the forum.
- This policy may be updated from time to time and the most up to date version will be published on our Website. We encourage you to check our Website periodically to ensure that you are aware of our current policy.
- Your continued usage of our Website, App, and/or services will be taken to indicate your acceptance of the terms of this privacy policy insofar as it relates to our Website, App, and the services.
-
Definitions used in this policy
- Analytics Services means any third party website analytics provider.
- App means the mobile application that operates and supports the services we provide to you.
- Australian Privacy Principles or APPs means the principles set out in Schedule 1 to the Privacy Act.
- IP Address means a number automatically assigned to your computer which is required when you are using the internet and which may be able to be used to identify you.
- Grineo means Grineo Pty Ltd (ACN 663 984 629).
- Hay means Hay Limited (ABN 34 629 037 403), holder of Australian Financial Services Licence 515459.
- Overseas means any place or country other than Australia, and includes without limitation the United States and United Kingdom.
- Personal Information has the meaning as set out in section 6(1) of the Privacy Act.
- Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.
- Privacy Policy means this privacy policy as amended from time to time, available at Privacy policy.
- Sensitive Information has the meaning as set out in section 6(1) of the Privacy Act;
- Third Party Sites means online websites or services that we do not own or control, including websites of our partners
- Website means https://grineopay.com and/or any other website as we may operate from time to time.
- we, our, us and similar terms means Grineo Pty Ltd ACN 663 984 629 and our related entities.
- you, your and similar terms means, as the context requires (1) you, when you use our Website and/or App; and/or (2) you, during your dealings with us as a customer; and/or (3) any agent providing your Personal information to us; and/or (4) any agent dealing with us on your behalf.
-
Why we collect Personal Information
- When you visit our Website or use our App, we collect Personal Information so that we can provide you with products and services and improve and customise your experience with us. We only collect Personal Information if it is reasonably necessary for us to carry out our functions and activities. If you do not wish to provide us with some or all of the information that we ask for, we may not be able to verify your identity and as such you may not be able to use the services.
- The purposes for which we collect and hold your Personal Information include:
- to deliver our products and services to you;
- to confirm your identity and process your transactions;
- to improve our products and services, including the services provided to you and the performance and functionality of our Website and App;
- to manage our relationship with you, evaluate our business performance and build our customer database;
- to provide you with information about our products, services and activities;
- to respond to your requests and seek your feedback;
- to provide and improve technical support and customer service;
- to conduct research, compare information for accuracy and verification purposes, compile or analyse statistics relevant to the operations of our business;
- to facilitate our internal business operations, including fulfilment of any legal and regulatory requirements and monitoring, and investigating breaches of or enforcement of any legal terms applicable to our services, the Website and the App;
- to protect our property, the Website, the App, or our legal rights including to create backups of our business records;
- to manage risk and protect our Website and App from fraud by verifying your identity and helping to detect and prevent fraudulent use of our Website and App;
- for the direct marketing and promotional purposes as set out below; and
- to manage our business, including analysing data collected from our Website or App concerning visits and activities of users on our Website or App including the Analytics Services. This analysis helps us run our Website and App more efficiently and improve and personalise your experience online.
What Personal Information do we collect?
- The kinds of Personal Information we collect will depend on the type of interaction you have with us. Generally, the kinds of Personal Information we collect may include:
- your name, address (postal and residential), email address, telephone number(s), date of birth, photo or likeness, and gender when you register with us;
- information from third party sources such as data providers and credit organisations, where permitted by law, including public blockchain data such as your nominated public key for a digital asset wallet;
- details of the device you have used to access any part of our Website or App, including carrier/operating system, connection type, IP address, browser type and referring URLs and other information may be collected and used by us automatically if you use our Website or App, through the browser on your device or otherwise;
- information recorded on identity documents and copies of such identity documents when you register with us;
- location data;
- your connections with others whose personal information we may collect or hold; and
- transaction details relating to your use of our products, services or rewards including data regarding your feature usage patterns, interactions on our Website or App, and interactions with us.
- Telephone calls to us may also be recorded for training and quality assurance purposes.
- The kinds of Personal Information we collect will depend on the type of interaction you have with us. Generally, the kinds of Personal Information we collect may include:
With whom do we share Personal Information?
- We may disclose Personal Information collected from you:
- to our related entities, employees, officers, agents, contractors, other companies that provide services to us or with whom we partner to provide services to you (including Hay), sponsors, government agencies or other third parties to satisfy the purposes for which the information was collected (as outlined in clause 3.2 of this policy) or for another purpose if that other purpose is closely related to the primary purpose of collection and an individual would reasonably expect us to disclose the information for that secondary purpose;
- to third parties who help us to verify the identity of our clients and customers, and other software service providers who assist us to provide the services we provide to you;
- to third parties who help us analyse the information we collect so that we can administer, support, improve or develop our business and the services we provide to you including off-site back ups and customer support;
- to law enforcement or government agency, in our discretion or if required by a law, or legal process, such as a subpoena, court or other legal process with which we are required to comply, including in relation to our obligations under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth);
- if disclosure is required to enforce the terms of this policy or to enforce any of our terms and conditions with you;
- to our professional advisers such as consultants and auditors so that we can meet our regulatory obligations, and administer, support, improve or develop our business;
- to any other person, with your consent (express or implied);
- to facilitate the sale of all or a substantial part of our assets or business or to companies with which we propose to merge or who propose to acquire us and their advisers;
- to protect the interests of our users, clients, customers and third parties from cyber security risks or incidents and other risks or incidents; and
- to maintain the integrity of our Website and App and to protect our rights, interests and property and those of third parties.
- In addition to the above recipients, we will disclose your Personal Information if we are required to do so under law or if the disclosure is made in connection with either the normal operation of our business in a way that you might reasonably expect, for example, if such disclosure is incidental to IT services being provided to our business or for the resolution of any dispute that arises between you and us. This disclosure may involve your Personal Information being transmitted Overseas.
- In the event of a proposed restructure or sale of our business (or part of our business) or where a company proposes to acquire or merge with us, we may disclose Personal Information to the buyer and their advisers without your consent subject to compliance with the Privacy Act. If we sell the business and the sale is structured as a share sale, you acknowledge that this transaction will not constitute the “transfer” of Personal Information.
- We may disclose de-identified, aggregated data with third parties for marketing, advertising, and analytics purposes. We do not sell or trade your personal information to third parties.
- We may disclose Personal Information collected from you:
How we collect and store data and transmit Personal Information
- We usually collect and store information including in paper, physical and electronic form provided by you when you communicate with us by telephone, email, web-based form, letter, facsimile or other means, including when:
- we provide you with our services via telephone, email or our Website or App;
- we provide you with assistance or support for our products or services;
- you participate in our functions, events or activities or on our Website, App and social media pages;
- you request that we provide you with information concerning our products or services;
- you upload or submit information to us or our Website or App; or
- you complete any forms requesting information from you, including on registration with us, complete any survey or provide feedback to us concerning our products or services.
- Where practicable we will collect information from you personally. However, we may also collect your Personal Information through our partners and third parties who supply services to us.
- Please note that we use our own and third party computer servers including our Website or App hosts, data backups and payment gateway(s), which may be located Overseas and your Personal Information may be stored and transmitted Overseas as part of the normal operation of our business.
- We do not accept responsibility for Personal Information being released to public blockchains through the use of our Website or App, whether it be through public smart contracts or metadata matching.
- We also collect information from your computer or mobile device automatically when you browse our Website or App. This information may include:
- the date and time of your visit;
- your domain;
- locality;
- operating system;
- the server your computer or mobile is using to access our Website or App;
- your browser and version number;
- search terms you have entered to find our Website or App or to access our Website or App;
- pages and links you have accessed both on our Website and on other websites;
- the last website you visited;
- the pages of our Website or App that you access;
- the device you use to access our Website or App; and
- your IP Address.
- While we do not use some of this information to identify you personally, we may record certain information about your use of our Website or App such as which pages you visit and the time and date of your visit and that information could potentially be used to identify you.
- It may be possible for us to identify you from information collected automatically from your visit(s) to our Website or App. If you have registered an account with us, we will be able to identify you through your user name and passkey when you log into our Website or App. Further, if you access our Website or App via links in an email we have sent you, we will be able to identify you.
- The device you use to access our Website or App may collect information about you including your location using longitude and latitude co-ordinates obtained through GPS, Wi-Fi or cell site triangulation. For information about your ability to restrict the collection and use of such information, please use the settings available on your device.
- We may use statistical analytics software tools and software known as cookies which transmit data to third party servers located Overseas. To our knowledge, our analytic providers do not identify individual users or associate your IP Address with any other data held by them.
- We will retain your Personal Information for any time period we consider necessary to provide our products and services to you and to comply with our legal obligations. The period may vary depending on the type of Personal Information we hold. If we no longer need your Personal Information for these purposes we will take steps to destroy the information or ensure it is de-identified.
- We usually collect and store information including in paper, physical and electronic form provided by you when you communicate with us by telephone, email, web-based form, letter, facsimile or other means, including when:
-
How we protect your Personal Information
- We will endeavour to take all reasonable steps to keep secure and protect any Personal Information which we hold about you, including:
- securing our physical premises and digital storage media;
- using computer safeguards such as Secure Socket Layer (SSL) technology to ensure that your information is encrypted and sent across the Internet securely;
- placing password protection and access control over our information technology systems and databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
- taking regular back-ups of our electronic systems.
- Notwithstanding that we will take all reasonable steps to keep your Personal Information secure, data transmission over the internet is never guaranteed to be completely secure. We do not and cannot warrant the security of any information you transmit to us or from any online services.
- We will endeavour to take all reasonable steps to keep secure and protect any Personal Information which we hold about you, including:
Use of Cookies
- When you visit our Website or App or the website of any of our partners, we and our partners may use cookies and other tracking technology (Cookies) to recognise you and customise your online experience. Cookies are small files that store information on your computer, mobile phone or other device. They enable us to recognise you across different websites, services, devices and/or browsing sessions. Cookies also assist us to customise online content and advertising, save your preferences for future visits to the Website or App, measure the effectiveness of our promotions, prevent potential fraud and analyse your and other users’ interactions with the Website or App.
- If you do not wish to grant us the right to use Cookies to gather information about you while you are using our Website or App, then you may set your browser settings to delete, disable or block certain Cookies. The following browsers have publicly available information about how to adjust cookie preferences: Microsoft Edge, Mozilla Firefox, Google Chrome and Apple Safari.
- You may be requested to consent to use of Cookies when you access certain parts of our Website or App, for example, when you are asked if you want the Website to “remember” certain things about you.
- Certain aspects and features of the Website or App are only available through use of Cookies. If you disable Cookies, your use of the Website may be limited or not possible or parts of our Website may not function properly when you use them.
- Upon your first visit to our Website or App (or the first visit after you delete your Cookies), you may be prompted by a banner to accept our use of Cookies and other tracking technology (Cookies policy). Unless you have adjusted your browser setting so that it will refuse cookies and or decline to accept our Cookies policy, our system will issue Cookies when you access our Website or App.
- Our Website or App may contain web beacons (also called single-pixel gifs) or similar technologies (Web Beacons) which are electronic images that we use:
- (a) to help deliver Cookies;
- (b) to count users who have visited our Website; and
- (c) in our promotional materials, to determine whether and when you open and act on them.
- We may also work with third-parties:
- to place Web Beacons on their websites or in their promotional materials as part of our business development and data analysis; and
- to allow Web Beacons to be placed on our Website or App from Analytics Services to help us compile aggregated statistics about the effectiveness of our promotional campaigns or other operations.
- The Web Beacons of Analytics Services may enable such providers to place Cookies or other identifiers on your device, through which they may collect information about your online activities across applications, websites or other products.
Minors
- To access our services, you must be over the age of eighteen (18). We do not knowingly collect Personal Information from children under the age of eighteen (18) and do not wish to do so.
- We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using our services. In the event that it comes to our knowledge that a person under the age of eighteen (18) is using our services, we will prohibit and block such user from accessing the services and will take appropriate measures to prevent that user from making use of our services.
How we use Personal Information for communicating with you and direct marketing
- We may communicate with you by email, SMS or push notification, to inform you about existing and new products and services that may be of interest to you including administering contests, promotions, surveys or other site features.
- We will ensure that any email we send as direct marketing complies with the SPAM Act 2003 (Cth) and contains an “unsubscribe” option so that you can remove yourself from any further marketing communications. You may decline marketing messages sent by push notifications by refusing the relevant permission in your phone or tablet settings, however this setting will prevent you from receiving other messages from us via push notification. You may also opt-out of receiving marketing materials from us by adjusting your preferences on our Website or App.
- You can also write to us to request that your details be removed from any direct marketing list which we maintain. We will endeavour to remove your details from our direct marketing list within a reasonable time (ordinarily 5 working days).
- Our direct marketing list may be operated by software and servers located Overseas and your Personal Information may be sent Overseas as part of our marketing.
- We will also send communications that are required or necessary to send to users of our Website or App that contain information about important changes or developments to or the operation of the Website and App or as well as other communications you request from us. You may not opt out of receiving these communications but you may be able to adjust the media and format through which you receive these notices.
Not identifying yourself
- We cannot provide services to you on an anonymous basis or using a pseudonym.
- We may be able to provide you with limited information about our services in the absence of your identifying yourself but generally we will be unable to provide you with any information, goods and/or services unless you have identified yourself.
How to access or correct your Personal Information or make an enquiry or complaint
- You can access or correct some Personal Information we hold about you by accessing the App. You can also contact us in writing, if you have any queries in relation to this policy, wish to access or correct the Personal Information we hold about you, or make a complaint, at:
Email: privacy@grineopay.com; or
Mail: Privacy Officer
Grineo Pty Ltd
Level 14, 5 Martin Place, Sydney NSW 2000 - We aim to acknowledge receipt of all privacy complaints from you within 5 working days and resolve all complaints within 30 business days. Where we cannot resolve a complaint within that period, we will notify you of the reason for the delay as well as advising the time by which we expect to resolve the complaint.
- If, for any reason you do not wish to complain to us initially or if you are unsatisfied with our response to your complaint, you are free to file a complaint with the competent data protection authority. In Australia, you may file a complaint with the Office of the Australian Information Commissioner.
- In order to disclose information to you in response to a request for access we may require you to provide us with certain information to verify your identity. There are exceptions under the Privacy Act which may affect your right to access your Personal Information – these exceptions include where (amongst other things):
- access would pose a serious threat to the life, health or safety of any individual;
- access would have an unreasonable impact on the privacy of others;
- the request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between you and us and the information would not otherwise be accessible by the process of discovery;
- the information relates to existing or anticipated legal proceedings between you and us and the information would not otherwise be accessible by the process of discovery;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australia law or a court/tribunal;
- the information relates to a commercially sensitive decision making process; or
- giving access would prejudice enforcement related action.
- We may (depending on the request) charge you a fee to access the Personal Information. We will inform you of any fees payable in respect of accessing your Personal Information prior to actioning your request. All requests for Personal Information will be handled in a reasonable period of time (within 30 calendar days after the request is made).
- If you wish to have your Personal Information deleted, please contact us using the details above and we will take reasonable steps to delete the information (unless we are obliged to keep it for legal or auditing purposes). To the extent that any Personal Information is stored on a blockchain it may be impracticable, unfeasible or impossible to delete.
- In the event that you believe that there has been a breach of the Privacy Act, we invite you to contact us as soon as possible.
- If you are not satisfied with our handling of a complaint or the outcome of a complaint you may make an application to:
- (a) the Office of the Australian Information Commissioner by visiting www.oaic.gov.au and completing an online enquiry; or writing to GPO Box 5288 Sydney NSW 2001; or
- access would pose a serious threat to the life, health or safety of any individual;
- You can access or correct some Personal Information we hold about you by accessing the App. You can also contact us in writing, if you have any queries in relation to this policy, wish to access or correct the Personal Information we hold about you, or make a complaint, at:
Notifiable Data Breach
- We are bound by the Privacy Act and are committed to complying with the Notifiable Data Breaches Scheme (NDB) established by the Privacy Amendment (Notifiable Data Breaches) Act 2017.
- The NDB requires that where a data breach is likely to result in serious harm to any individuals to whom the information relates, we are required to notify those individuals and the Office of the Australian Information Commissioner.
- The NDB provides greater protection to the Personal Information of consumers, greater transparency in the way organisations like us respond to data breaches and give you the opportunity to minimise the damage caused by any unauthorised use of your Personal Information.
Changes to this Privacy Policy
- We may amend this privacy policy from time to time at our sole discretion, particularly where we need to take into account and cater for any:
- business developments; or
- legal or regulatory developments.
- If we make changes, we will notify you by revising the date at the top of the Privacy Policy and, where we make material changes to this policy, provide you with additional notice (such as adding a statement to the Website or App homepage or sending you a notification). If you do not agree to the terms of this Privacy Policy, or any material changes, you should cease using our services. We recommend you review the Privacy Policy whenever you access the services or otherwise interact with us to stay informed about our information practices and the ways you can help us to protect your privacy.
- We may amend this privacy policy from time to time at our sole discretion, particularly where we need to take into account and cater for any: