Privacy Policy

INTRODUCTION

Local Carbon Pty Ltd ACN 650 359 489 trading as Sumday (we, us, our) regards the privacy of our clients, suppliers and other individuals who visit our website or communicate with us, as important. This privacy policy sets out how we collect and handle your personal information, and what choices you have with respect to that personal information. Personal information is defined in the Privacy Act 1998 (Cth) (the Act).

This Privacy Policy takes into account the requirements of the Act. You may have additional rights if you are located in the European Union or European Economic Area (EU) under the General Data Protection Regulation 2016/679, and if you are located in the United Kingdom (UK), under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK

Where you subscribe to the Sumday service, the Sumday Terms and Conditions (available here) contain additional terms and conditions in relation to our collection and use of other, non-personal information that you provide to us in connection with the Sumday service. 

CHANGES TO THIS POLICY

We may make changes to this privacy policy from time to time, including to reflect changes to our website, products or services that may impact how we handle personal information. If we make a change, we will upload the revised privacy policy to our website, so we recommend you check back regularly to review any changes. Changes to this privacy policy will apply from the date that we upload the revised policy to our website, and your continued use of our website, the Sumday Portal or our other services after that time constitutes your acceptance of the changes.

PERSONAL INFORMATION WE COLLECT

We collect personal information that you provide directly to us, including via our website (such as through subscribing to the Sumday service or submitting an enquiry), submitted via the Sumday Portal, or through any other means of communicating with us (e.g. telephone call, email or in person). 

This may include: 

  1. your name and contact details, for example, where you provide these as part of taking up a subscription to the Sumday service, or in becoming a supplier of services to us
  2. information about your opinions where you provide us with feedback or suggestions
  3. the names and business contact details for your suppliers where you submit these as part of using the Sumday / Local Carbon service
  4. your name, contact details and other personal information where you voluntarily submit a CV or resume to us, either unsolicited or in response to a position we have advertised.

We may also collect personal information about you from third parties where you have consented to this, or where the information is publicly available. 

You are under no obligation to provide personal information to us, however if you choose not to provide such information, we may not be able to provide services to you or respond to your request.

By providing us with your personal information you consent to us handling that information in accordance with this privacy policy. By providing us with someone else’s personal information, you warrant that you have obtained their consent to do so, and their consent for us to handle the information in accordance with this privacy policy.  

HOW WE USE PERSONAL INFORMATION

We use and disclose personal information for the following purposes:

  1. to verify your identity
  2. to provide products and services to you
  3. where you are a supplier to us, to receive products and services from you
  4. to provide you with updates on our products and services that we think may be relevant to you, and to market our products and services to you, including contacting you electronically for this purpose
  5. to develop and improve our website, products, and services
  6. to bill you or the organisation you represent and to collect money that you or they owe us
  7. to respond to communications from you
  8. to protect and/or enforce our legal rights and interests, including defending any claim
  9. for any other purpose authorised by you or applicable privacy laws, including the Act and (where applicable to our business with you) State and Territory based privacy legislation. 

We may also rely on exemptions under applicable privacy laws to use and disclose personal information in appropriate circumstances, such as the employee records exemption in the Act.

UNSUBSCRIBING FROM MARKETING COMMUNICATIONS

You can unsubscribe from any marketing communications from us by following the instructions on any communications sent to you. You can also exercise this right at any time by contacting us using the details at the end of this privacy policy.

DISCLOSING PERSONAL INFORMATION TO THIRD PARTIES

We may disclose personal information to:

  1. our employees, contractors, and other companies within our corporate group
  2. any third parties that provide or support our website and corporate IT systems we use to operate our business or supply our services
  3. our consultants and advisors to protect and/or enforce our legal rights and interests
  4. a person who can require us to supply your personal information (e.g. a regulatory authority) in order to comply with a legal or regulatory obligation, or in response to a non-mandatory request for information
  5. any other person authorised by law (e.g. a law enforcement agency)
  6. a new or prospective owner of our business or our assets in connection with any merger or sale of all or part of our business or assets (in which case we will take reasonable steps to ensure the new owner has a privacy policy reasonably consistent with this policy)
  7. any other person you give us consent to disclose the information to. 

We use cloud services as part of our corporate IT systems that may be hosted in data centres outside of Australia. You consent to us transferring your personal information to such countries for the purposes outlined in this privacy policy. Where we transfer your personal information to a recipient in a country that does not provide the same level of privacy protection as Australia, we will take reasonable steps to ensure your personal information is appropriately protected by that recipient. 

OVERSEAS DISCLOSURE

While we store personal information in Australia, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.

PROTECTING YOUR PERSONAL INFORMATION

We take reasonable steps to protect the personal information we hold from misuse, interference, loss and unauthorised activity.

ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

Subject to certain grounds for refusal set out in the Act, you have the right to access your personal information that we hold in a manner that is reasonable and practicable and to request a correction to your personal information.

Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates or a person who is authorised to make a request on their behalf. In respect of a request for correction, if we are satisfied that the information is incorrect and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you believe the personal information is incorrect and have requested the correction.

If you want to exercise either of the above rights, you can contact us by email at privacy@sumday.io. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting). We will respond to your request within a reasonable period. We may charge you our reasonable costs of providing you with copies of your personal information.

INTERNET USE AND EXTERNAL LINKS

While we take reasonable steps to maintain the security of our website, providing information over the internet is not without risk. 

If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We are not responsible for any content on these other sites, or for how the owners of that site collect, use and protect personal information that you may provide to them. We suggest you review that site’s privacy policy before you provide any personal information. 

COOKIES

We use cookies (a small data file with an alphanumeric identifier that we transfer to your computer’s hard drive so that we can recognise your browser) to monitor your use of our website and to optimise or personalise certain features of our website for you. While cookies do not normally contain personal information, if you have provided us with personal information as part of using our website then the cookies we use may be associated with that personal information to enable us to increase the personalisation of our website for you.

You may disable cookies or instruct your browser to stop accepting them by changing the settings on your browser, although this may mean that you cannot use certain features of our website.

CONTACT US

If you have any questions about this privacy policy, or if you would like to request access to, or correction of, your personal information, or to make a complaint you can contact us via email at privacy@sumday.io

Last update: 11/2023

APPENDIX 1: ADDITIONAL RIGHTS AND INFORMATION FOR INDIVIDUALS LOCATED IN THE EU OR UK

Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.

WHAT PERSONAL INFORMATION IS RELEVANT? 

This Appendix applies to the personal information set out in the Privacy Policy above. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.

PURPOSES AND LEGAL BASES FOR PROCESSING 

We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.

If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer doing business with us. Further information about your rights is available below.

DATA TRANSFERS

The countries to which we send data for the purposes listed above may be less comprehensive that is what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy Policy and Appendix 1. This includes:

  • only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or
  • including standard contractual clauses in our agreements with third parties that are overseas.

DATA RETENTION

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

EXTRA RIGHTS FOR EU AND UK INDIVIDUALS

You may request details of the personal information that we hold about you and how we are process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation. 

If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the details set out above in our Privacy Policy above or the details set out below. 

REPRESENTATIVE – EU AND UK INDIVIDUALS

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group (Prighter) with its local partners as our privacy representative and your point of contact if you are located in the EU or the UK. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please use the details below.

For any questions or notices, please contact our EU/UK Representative if you are based in the European Union or the United Kingdom at:

EU/UK Representative: Prighter https://prighter.com/q/17023917182