ExoFlare is subject to the Australian Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles contained in the Privacy Act. If the EU General Data Protection Regulation (EU) 2016/679 (GDPR) applies to our handling of your ‘personal data’ (as that term is defined in the GDPR), for example, if you are a citizen or national of a Member State of the EU and we offer goods and services to you, we will comply with applicable requirements of the GDPR in relation to our handling of your personal data. Please note that our handling of your personal information may not subject to the Privacy Act or the GDPR, or other rules may apply to our handling under applicable law, including the other rules described below.
By providing personal information to us, you consent to our collection, use, and disclosure of your personal information in accordance with this Policy and any other arrangements that apply between us.
Who Is Responsible for Your Personal Information?
ExoFlare Pty Ltd of Level 3, 60 Martin Place, Sydney, NSW 2000 Australia, will be responsible for handling any personal information or personal data about you in connection with our business relationship.
Which Categories of Personal Information Do We Collect and Process?
We may collect and process the following categories of personal information depending on the nature of our business relationship with you or your organization:
- Private or work contact information, such as full name, address, telephone number, mobile phone number, fax number, and email address;
- Information about you, such as gender, age, date of birth, location (such as GPS), images, and identification (such as driver’s licence);
- Device related information, such as mobile device unique identifier and the IP address of your computer or other online identifiers if you use our products and services online;
- Payment-related information, such as information necessary for processing payments and fraud prevention (we may collect your credit card or other payment details necessary to process your payment for any products and services you purchase through any app provided by us. Your credit card and other payment details are collected, processed, and stored directly by ourselves or a designated Third Party payment system in accordance with their privacy policies and terms and conditions);
- Business information necessarily processed by us in a business or other contractual relationship with ExoFlare or voluntarily provided by you, such as feedback and customer survey information, and any other information you may provide to us;
- Information about the products and services we have provided to you, along with your interests and preferences and other information obtained by cookies or website analytics tools, in particular, your activities when you use our websites or other products or services we offer to you online (such as downloadable content). This may include information about which content you download, click or view for how often and how long;
- Information from publicly available resources, integrity databases, and credit agencies;
- Information from agricultural industry bodies, including AgriFutures, Australian Pork Limited, and Meat & Livestock Australia;
- Insight information generated by third parties we contract with to develop and improve our services;
- Information we are legally required to collect to comply with our legal or regulatory obligations, which may include information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you; and
- Health Information, which may include health information as defined in the Health Records and Information Privacy Act 2002 (NSW) – we shall ask of any current or historic medical conditions that may have a negative impact on livestock, in particular any incidences of respiratory or gastrointestinal illness.
For Which Purposes Do We Process, Collect, Hold, Use, and Disclose Your Personal Information?
Depending on the nature of our business relationship, we may collect, store, use and disclose your personal information for the following purposes (“Permitted Purposes“):
- to enable you to access and use our products and services;
- to enable ExoFlare or a designated Third Party payment system to handle and process payments;
- to plan for, provide, manage and administer the products and services that we provide to you and other customers (current or prospective), including, without limitation, to provide updates and new releases or to providing customer support;
- to operate and maintain our information technology systems, networks, services, databases, websites, and other digital infrastructure (regardless of ownership) (together, “Our Environment”), to protect the security of Our Environment, and to prevent, detect and respond to security threats, incidents, breaches, fraud or other criminal or malicious activities;
- to perform analytics, user profiling, and automated processing, on the basis of your activities when you use our products or services, in order to improve our products and services and to deliver targeted content to you;
- to comply with our legal obligations and regulatory obligations;
- to inform you, where permitted by our business relationship with you and applicable law, about ExoFlare’s products or services which are similar to products and services purchased or used by you or otherwise related to our business relationship with you or your organisation (including announcements, special offers, and other information), along with events and projects of ExoFlare;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
- to administer and perform customer surveys, feedback, marketing campaigns, market research and analyses, sweepstakes, contests, or other promotional activities or events; and
- to resolve any disputes that we may have with any of our users or any third parties, to respond to regulatory investigations and enforcement actions, to enforce our agreements with third parties, and to initiate or defend legal claims.
If the GDPR applies to our processing of your personal data, you have the right to object to our use of your personal data for direct marketing purposes, including the profiling described above. Please refer to the “Your rights and making complaints” section below for further explanation of your rights and how to exercise them.
Where your explicit permission is required for any marketing-related communication, we will only provide you with such information if you have opted in. You may opt-out at any time if you do not want to receive any further marketing-related types of communication from us. We will not use your personal information for taking any automated decisions affecting you or creating profiles other than described above.
On Which Basis Do We Process Your Information?
We will collect, store, use and disclose your information for the Permitted Purposes and only where:
- it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into such a contract;
- it is necessary to process any order you make for third party products and services;
- it is necessary for our or a third party’s legitimate interests, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. Our “legitimate interests” may include our commercial interests in operating our business in a professional, sustainable manner, in accordance with all relevant legal and regulatory requirements;
- it is required for us to comply with our legal obligations or another law permits us to process your personal information;
- it is necessary to protect your or another person’s vital interests; or
- we have obtained your specific or, where necessary, explicit consent to do so.
How Do We Collect Your Personal Information?
We will typically collect your personal information directly from you when you interact with us, for example, when:
- you register to use our products and services, including when you open an account with us;
- you make a payment with us through the App, our website, or a designated Third Party payment system provider;
- you use our products and services, website, or social media pages;
- you communicate or interact with us or other users in relation to our products and services; and
- you receive our communications (such as newsletters or other specific marketing material) or participate in our customer surveys.
Subject to the “For which purposes do we process, collect, hold, use and disclose your personal information?” section above, we may also obtain your personal information from third parties for communication and marketing purposes. These third parties include any of our contractors who supply services to us, from publicly maintained records, our partner institutions, or from a publicly maintained record.
Information Collected By Cookies and Other Technologies
ExoFlare may gather information by cookies or other web-tracking or analytics technologies. A cookie is a small text file that is stored on your device for record-keeping purposes. You can remove cookies by following the directions provided in your Internet browser’s “help” file or clearing out your browser’s cache. You may also decline our cookies if your browser permits you to do this, but doing so may interfere with your use of our website or the provision of our services.
How Do We Hold and Protect Your Personal Information?
We may hold personal information electronically or in paper files.
We will maintain physical, electronic, and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect personal information against misuse, intrusion, interference, loss, and unauthorised access, modification, or disclosure. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls, and SSL encryption and, depending on the information and the circumstances, this protection may in particular include:
- the use of confidential passwords for purposes of accessing such information in Our Environment;
- storing hard copies of documents containing personal or sensitive information in secure files created for this purpose;
- imposing and monitoring confidentiality controls on our employees;
- conducting reasonable due diligence on any third-party service provider’s security measures, and compliance with privacy laws, especially if they are located offshore; and
- maintaining physical access controls over our premises.
Where ExoFlare holds personal information that it no longer requires, ExoFlare will take reasonable steps to destroy or de-identify such information, subject to any law or court order requiring retention.
Where Do We Process Personal Information?
ExoFlare is an Australian business. In the course of our business activities (including because we may use a cloud-based service to store and process personal information), we may transfer your personal information to entities located outside Australia, or, where the GDPR applies, outside the European Economic Area, including to the United States of America and other potential offshore locations. The laws of those other countries may not have laws that require the same level of protection of personal information as Australia or the laws of your home country. When transferring your personal information in this way, we will comply with applicable data protection requirements and put in place appropriate safeguards to ensure the privacy, security, and integrity of your personal information.
If any transfer of personal data (as defined in the GDPR) is to a third country for the purpose of the GDPR, we will ensure the transfer (and any onwards transfer) complies with Chapter 5 of the GDPR, which may involve us entering into standard data protection clauses adopted by the European Commission with the other entity.
You may contact us using the contact details below if you would like further information on the safeguards that we will implement when collecting, holding, using, and processing your personal information.
With Whom Do We Share Your Personal Information?
We may disclose your personal information for the Permitted Purposes to:
- other entities in the corporate group of ExoFlare;
- service providers (including data processors), located in Australia or overseas, such as shared service centres or cloud providers, to process personal information on our behalf and in accordance with our instructions only, provided that we will retain control over and will remain responsible for your personal information and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal information when engaging such service providers, our service provides include Amazon, Google, ConvertKit, HelpScout, and Notion;
- professional advisors, dealers, and agents;
- courts, regulatory bodies, law enforcement agencies or other competent government authorities, as required, authorised or permitted by law (including, without limitation, if we suspect fraudulent or criminal activities), or to initiate or defend legal claims;
- other users of our products or services, and customer groups, where it relates to the provision of our products and services; and
- third parties if we sell or buy any business or assets, in which case we may disclose personal information to the prospective seller or buyer of such business or assets; and
- other specific third parties authorised by you to receive information held by us.
Otherwise, we will only disclose your personal information when you direct us to do so or give us permission.
How Long Do We Store Personal Information?
We will hold your personal information as long as required to provide you with the products or services or information you have requested and to execute and administer your business relationship with us. If you have asked us not to communicate with you, we will hold this information as long as required to comply with your request. We are also required to keep certain of your personal information (e.g., relating to business or tax-relevant transactions) for certain retention periods under applicable law. Your personal information will be promptly deleted when it is no longer required for these purposes.
Your Rights and Making Complaints
To obtain access to, or seek correction of, your personal information that we hold, please contact us using the contact details below.
If you have given us your consent for the processing of your personal information, you may withdraw your consent at any time with future effect, such that the withdrawal of your consent will not affect the lawfulness of processing based on the consent before its withdrawal. If you withdraw your consent, we will only continue processing your personal information where there is another legal ground or where we are legally required to do so.
For any of the above requests, please send a description of your personal information concerned and appropriate proof of identity (e.g., your name or customer number) as proof of identity to the contact details below. We may require additional proof of identity to protect your personal information against unauthorised access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
If you have any concerns about how your personal information is handled by us or wish to raise a complaint on how we have handled your personal information, you can contact us at the contact details below to have the matter investigated. Where a complaint is received, the Privacy Officer will consider the complaint, and within a reasonable time, will decide whether the complaint warrants further investigation. The complainant will be advised by ExoFlare of the outcome of its investigations within a reasonable time.
If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you may refer the matter to the Office of the Australian Information Commissioner at:
Phone: 1300 363 992
If we are processing your personal data within the scope of the GDPR, you can complain to the competent data protection supervisory authority in your country.
Are You Required To Provide Personal Information?
As a general principle, you will provide us with your personal information entirely voluntary. There are generally no detrimental effects on you if you choose not to consent or to provide personal information. However, there are circumstances in which ExoFlare cannot take action without certain of your personal information, for example, because this personal information is required to register your account, to book your attendance at an event, to provide you with a response to a communication or query, to provide you with access to a product, service, offering or newsletter, or to carry out a legally required compliance screening. In some instances, we may be unable to provide you with access to our products and services. In these cases, it will unfortunately not be possible for ExoFlare to provide you with what you request without the relevant personal information.
Changes to this Policy
How to Get In Touch with Us
For any questions and comments about our Policy, or in case you want to assert your rights, please contact us using the details below:
ExoFlare Pty Ltd
Level 3, 60 Martin Place
Sydney, NSW 2000
+61 406 304 616
Last updated: 21 October 2023