Business Tools
Clone this page to use for the legal notices and disclaimer
Welcome to Daifo. This policy explains how we handle and use your personal information in connection with your use of our website and your rights in relation to it. Daifo Pty Ltd (ACN 661428244)(“we”, “our”** or “us**”) is incorporated in Australia with its registered address being 4 Blake St, Blackburn North, VIC, 3130.
Your privacy is important to us and we are committed to protecting your personal data and taking all reasonable steps to protect your information from misuse and to keep it secure in compliance with the Privacy Act 1988 (Cth) and the EU General Data Protection Regulation (EU) 2016/679 (together “data protection law”).
This policy applies to our Daifo website (daifo.ai), ReceiptPapa website (receiptpapa.com), and our social media pages (collectively, our “Sites”) and the services you can access through them.
This policy explains why and how we will use the personal information that we have obtained from you, with whom we will share it and the rights you have in connection with the information we use. Please read this policy carefully.
Daifo Pty Ltd is the controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed in connection with those activities listed. Please see the section at the end of this policy for our contact and legal information.
We receive personal information about you that you give to us (e.g. contact details and correspondence), that we collect from your use of the Sites (e.g device and Site activity data) and that we obtain from other sources. We only collect personal information that we need and that is relevant for the purposes for which we intend to use it.
This is information about you that you give to us by visiting our Sites, by corresponding with us via email or other means. This information is provided by you entirely voluntarily. The information you give to us can include your name, contact details (such as phone number and email address) and any personal information you include when corresponding with us, including your feedback on our Sites and services.
If you do not provide this information to us we may be unable to resolve your queries or otherwise communicate effectively.
When you use our Sites, we collect the following information:
If you do not provide this information to us you may be unable to use the Sites or some of its features.
We receive information about you when you or your administrator integrate third-party apps, like Google Drive, Dropbox, or link a third-party service with our Services. For example, if you create an account or log into the Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you. You or your administrator may also integrate our Services with other services you use, such as to allow you to access, store, share and edit certain content from a third-party through our Services. For example, you may authorize our Services to access, display and store files from a third-party document-sharing service within the Services interface. The information we receive when you link or integrate our Services with a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our Services.
We may obtain certain information about you that is available publicly. We obtain this either directly from websites published online or from third party data brokers who have themselves obtained your personal information from publicly available sources. We use this information in each case, only to the extent permitted by data protection law.
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will always have the option to choose not to receive marketing communications from us and can opt-out of these at any time.
Data protection law requires us to have valid legal grounds (known as ‘lawful bases’) to process your personal information for each of the different purposes for which we use it. The purposes for which we use your personal information, which we have categorised by the legal grounds on which we rely, is as follows:
We may use and process your personal information to contact you with marketing communications that you have specifically requested from us on the grounds that you have consented for us to do so.
You may withdraw your consent for us to use your information in any of these ways at any time. Please see Your rights over your personal information for further details.
We will use your personal information to comply with our obligations under the law including to keep a record relating to the rights you exercise in connection with our processing of your personal information.
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
Processing necessary for us to promote our business
Processing necessary for us to support enquiries from users of our Sites
Processing necessary for us to respond to changing market conditions and our customers’ needs
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
We only disclose your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties.
As the controller of your personal information, we decide why and how it is processed. Our responsibility for that processing extends to processing by our service providers if they process your personal information based on our instructions. We also work with other organisations in connection with some of the processing activities described in this statement, such as our group companies, social media platforms and certain suppliers.
Where that personal information is collected and sent to other organisations for a processing purpose that is in both our and their interests or where we make decisions together in relation to that particular processing, we will be “joint controllers” with the organisations involved. This includes, for example, disclosing your personal information to our customers (the ‘Stores’) with whom you are placing an order so that you can be supplied with the relevant goods and services. Where this applies, we and the other organisation will be jointly responsible to you under data protection law for this processing. If we pass your personal information to an organisation that independently decides why and how to use your personal information then it will be separately responsible to you for that processing and use your personal information in the ways described in its privacy policy (and not ours).
We may disclose your information to our third party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Sites and social media pages. Our Suppliers can be categorised as follows:
When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information safe and secure.
We may disclose the personal information to other third parties as follows:
We may transfer your personal information outside of Australia. If we do disclose personal information to other overseas persons or entities, we will take reasonable steps to ensure that the overseas recipients of your personal information do not breach the data protection law relating to your personal information.
If we transfer your information outside of Australia, we will take steps to ensure that appropriate measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include selecting recipients located in countries that have been declared adequately protective of your personal information by the relevant authorities or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Where they do not, we ensure that we impose contractual obligations on them that are broadly equivalent as required by data protection law. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions to and from our Sites may not always be completely secure, so please exercise caution.
We employ security measures to protect the information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage.
If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
If we suspect any misuse or loss of, or unauthorised access to, your personal information we may inform you of that suspicion and take immediate steps to limit any further access to, or distribution of, your personal information. If we determine that the breach is likely to result in serious harm to you and we are unable to prevent the likely risk of serious harm with remedial action, we will take action in accordance with data protection law.
If we receive unsolicited personal information that we are not permitted to collect under this privacy policy, or within the confines of the law, we will destroy or de-identify the unsolicited personal information as soon as practicable if it is lawful and reasonable to do so. We will destroy or de-identify your personal information if we no longer require it to deliver our services as soon as practicable if it is lawful and reasonable to do so.
When you use our Sites, we may obtain information using technologies such as cookies, tags, web beacons, and navigational data collection (log files, server logs, and clickstream data) to better understand your user experience. For example, we may collect information like the date, time and duration of visits and which Sites are accessed.
When you access our Sites, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer or mobile device. This enables us to recognise your computer or device and greet you each time you visit our Sites, without bothering you with a request to register or log-in. It also helps us keep track of products or services you view, so that we can send you news about those products or services.
We also use cookies to measure traffic patterns, to determine which areas of our Sites have been visited, and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online services. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
We may also log IP addresses (the electronic addresses of computers connected to the internet) to analyse trends, administer the Sites, track user movements, and gather broad demographic information.
This information is generally not linked to your identity, except where it is accessed via links in our emails to you, or where you have otherwise identified yourself. We may also collect anonymous data (which is not personal information) relating to your activity on our Sites (including IP addresses) via cookies. We generally use this information to report statistics, analyse trends, administer our services, diagnose problems and target and improve the quality of our services. To the extent this information does not constitute personal information because it does not identify you or anyone else, the data protection law does not apply and we may use this information for any purpose and by any means whatsoever.
If we obtain guest register data for contact tracing purposes, we store it for 60 days which is the maximum requirement in Australia and New Zealand. This is stored in a separate database to transactional user data. After 60 days, the data is deleted from the database.
We share this guest register data securely with the Store so they can verify that you have correctly registered.
We may also provide this information to the State Government via manual file transfer or by API integration to support broader contact tracing initiatives.
We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. The periods for which we hold your personal information will depend on the type of personal information. These periods also apply where we share your information with suppliers who process your personal information on our behalf.
We retain your personal information for the purposes of accounting purposes for up to 7 years from the date we no longer require it for the purposes listed above.
The only exceptions to the period mentioned above are where:
We also retain an anonymised version of the submitted personal information for as long as we require it for reporting and other statistical and analytical purposes. Such anonymised information will not identify you and may be derived from personal information that was contained within accounts that have subsequently been deleted.
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month after we have received this information or, where no such information is required, after we have received full details of your request.
You have the following rights, some of which may only apply in certain circumstances:
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by emailing or writing to us at the address at the end of this policy.
Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection law, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please click on the unsubscribe message on our emails.
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us, using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
You may ask us to restrict the processing of your personal information in the following situations:
where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information, if this concerns other individuals or we have another lawful reason to withhold that information.
Where we rely on your consent as the legal basis for processing your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
We do not envisage that any significant decisions will be taken about you using purely automated means, however we will update this policy if this position changes.
To exercise these rights, please let us know by emailing or writing to us at the address at the end of this policy.
You have the right to request that an independent person (usually the Commonwealth Privacy Officer) investigate where your personal information has or is being used in a way that you believe does not comply with data protection law. However, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
We may review this policy from time to time and any changes will be notified to you. Any changes will take effect 30 days after we post the modified terms on our Sites. We recommend you regularly check for changes and review this policy when you visit our Sites. If you do not agree with any aspect of the updated policy, you must promptly notify us and cease visiting our Sites.
You can contact us with your queries in relation to this policy or for any other reason at any time.
To contact us for any reason, including to exercise any of your rights in relation to your personal information, please write to the Privacy Office at the correspondence address below or email us at privacy@daifo.com.au.