Privacy policy

 TAPT BY HATCH Pty Ltd (ACN 638 840 972)and TAPT LIMITED (company no  15712750) (together, “Tapt Group”, “we”, “us” or “our”) and our operation of the website at www.tapt.io, and www.taptbyhatch.com (“Website”) is committed to respecting your privacy. 

This privacy policy sets outs how we collect, use, process, store, share and disclose your personal information on our Website (“Privacy Policy”). You can view our terms and conditions and contact us at support@tapt.io. Any words capitalised in this Privacy Policy have the same meaning as in our Terms and Conditions. 

1. Openness And Transparency

  1. We are committed to protecting your privacy and respecting and upholding your rights under the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) and Data Protection Act 2018 (the “UK GDPR”) (collectively, “Privacy Laws”).  We are a data controller for the purposes of the UK GDPR. We ensure that we will take all necessary and reasonable steps to comply with the relevant Privacy Laws and to deal with inquiries or complaints from individuals about compliance with the relevant Privacy Laws. 

  2. By accessing and using our Website, Products and Services, you freely and expressly consent to the collection, use, processing, storage and disclosure of Personal Information by us as set out in this Privacy Policy.  

2. Your Information

  1. For the purposes of this Privacy Policy, “Personal Information” has the meaning given under the applicable Privacy Laws. Generally, personal information refers to information or opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.

  2. With regards to your Personal Information:

    1. We will collect Personal Information only by lawful and fair means, and not in an unreasonably intrusive way. 

    2. We will only collect Personal Information about you if you voluntarily provide it to us or if you explicitly give consent to us collecting it. If you provide us with personal information, this will constitute your consent.

    3. We may collect Personal Information from you when:

      1. you complete a Profile or set up an Account for use of the Services and Products that we provide;

      2. communicate with us;

      3. visit our Website;

      4. provide us with feedback; or

      5. complete online surveys.

    4. If you use a pseudonym when dealing with us or you do not provide identifiable information to us, we may not be able to provide you with any or all of our Services and/or Products as requested. If you wish to remain anonymous when you use Services, Products and/or Website, do not sign into it or provide any information that might identify you.

    5. We require individuals to provide accurate, up to date and complete Personal Information at the time it is collected.   

  3. We ask that you do not send us, or do not disclose, any sensitive personally identifiable information (such as information related to racial or ethnic origin, religion or other beliefs, health, criminal background or trade union membership) on or through the Website or otherwise. If, contrary to this request, you do provide any sensitive personal information, in doing so you consent to us collecting and handling that information in accordance with this Privacy Policy.  

3. Personal Information We May Collect

  1. The type of Personal Information we collect from you includes, without limitation, to the following:  

    1. your full name;

    2. email address;

    3. phone number;

    4. your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;

    5. any additional information relating to you that you provide to us directly through our software and via  our Website or online presence or through other Websites or accounts from which you permit us to collect information;

    6. information you provide to us through customer surveys; and

    7. any other Personal Information that may be required in order to facilitate your dealings with us. 

  2. This data is used to enable us to identify and verify you and provide you with support, services, mailings, sales and marketing actions. Certain functionality of the Services requires your Personal Information to function properly.

  3. From time to time, we may also ask you to provide, without limitation, the following optional Personal Information:

    1. details of your social media profiles (such as LinkedIn, Instagram or Facebook);

      1. the company you work, including its address, website and phone number;

      2. your job classification;

      3. office phone number; and

      4. details of people you connect with in your personal and professional life;

      5. files that may contain personal information; and

      6. a personal headshot. 

      7. The provision by you of the information in Clause 3.2 is completely optional. If you do share this with us, in doing so you consent to us collecting and handling that information in accordance with this Privacy Policy.  

4. Information About Children Under 18

  1. Our Website is not intended for users under the age of 18. We acknowledge that the definition of a “minor” changes between jurisdictions, however we do not knowingly seek or collect Personal Information from any person below the age of 18 years.  

5. What Is Our Legal Basis?

  1. Under the UK GDPR, we must have a legal basis to process Personal Information collected from individuals residing in the United Kingdom. We rely on several legal bases to process your Personal Information, including:

    • where it is necessary to provide you with access to, and use of, Products, Services and Website;
    • for our legitimate interests to provide, operate and improve our Products, Services or Website;
    • where you have freely and expressly consented to the processing of your Personal Information by us, which you may withdraw at any time; or
    • where we are under a legal obligation to process your Personal Information.

  2. Where we rely on your consent as the lawful basis to process your data under the UK GDPR we will always ask for you to positively affirm your acceptance.

  3. We note that all contact or other data forms where consent is required to be given by you include no pre-checked checkboxes so that you are able to freely and affirmatively opt-in. We will also provide you with notice on the Services specifically detailing what it is that you are consenting to in clear and plain language as well ensuring that each matter that requires consent is clearly distinguishable.

6. How Your Information Is Used

  1. We use, process and disclose your Personal Information for the purposes for which the information is collected, or for a directly related purpose, including (but not limited to):

    • providing our Website to you;

    • the provision of our Services and Products, which includes uploading aspects of your Personal Information to your Profile, Tapt Card and other Tapt Products;

    • administering, protecting, improving or optimising our Website, Products and Services (including performing data analytics, conducting research and for advertising and marketing purposes);

    •  informing you about our Website, Products, Services, surveys, or other promotional activities or events sponsored or managed by us, or our business partners;

    • responding to any inquiries or comments that you submit to us;

    • verifying your identity;

    • any other purpose you have consented to; and

    • any use which is required or authorised by a relevant Privacy Law.

7. Disclosure Of Personal Information

  1. We may disclose your Personal Information to:

    • third parties we ordinarily engage from time to time to perform functions on our behalf for the above purposes;
    • any person or entity to whom you have expressly consented to us disclosing your Personal Information;
    • our external business advisors, auditors, lawyers, insurers and financiers;
    • our payment processing service provider Chargebee or Shopify (if and to the extent that they need us to disclose it); and 
    • any person or entity to whom we are required or authorised to disclose your Personal Information to in accordance with the relevant Privacy Laws.   

8. Direct Marketing

  1. Where we:

    • have your express consent (which you may withdraw at any time by contacting us in writing at support@tapt.io);
    • have a legal basis; or
    • are otherwise permitted by relevant Privacy Laws,

      we may use and process your Personal Information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events. 
  2. At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, you consent to receiving direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at support@tapt.io

    9. Our Website

    1. When transmitting Personal Information from your computer to our Website, you must keep in mind that the transmission of information over the internet is not always completely secure or error-free. Other than liability that cannot lawfully be excluded, we will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of that information. 

    10. Cookies

    1. We use cookies, web beacons and similar technologies (collectively, “Cookies”) on our Website. By accessing or using this Website, you agree that we can store and access Cookies in accordance with this Privacy Policy.

    2. Cookies are small files that can be stored on and accessed from a user’s device, when the user accesses a website. They enable authorised web servers to recognise you across different websites, services, devices and browsing sessions.

    3.  We may use Cookies to enable you to access and use our Website and services, including to: 

      • Identify you as a user of our Website and services;
      • process your user requests;
      • improve your user experience;
      • remember your user preferences on our Website; 
      • monitor your use of our Website and for analysis of our user base;
      • facilitate communications with you;
      • control your access to certain content on our Website; and
      • protect our Website.
    4. The data collected through Cookies will not be kept for longer than is necessary to fulfil the purposes mentioned above. We will handle any Personal Information collected by Cookies in the same way that we handle all other Personal Information.

    5. At any time, you can delete and refuse to accept browser Cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Website.

    6. Unless you have adjusted your browser setting so that it will refuse Cookies, our system will issue Cookies when you direct your browser to our Website.

    11. Data Storage And Transfer

    1. We may store Personal Information in either electronic or hard copy. We will take all reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information. 

    2. We cannot guarantee the security of any Personal Information transmitted over the internet and therefore, you disclose information, including your Personal Information to us at your own risk. We will not be liable for any unauthorised access, modification or disclosure, or misuse of your Personal Information.  

    3. We use a number of software and other providers located outside Australia for our day to day business and IT functions, and in some cases this may involve the transfer of a limited amount of Personal Information to those providers.  The majority of these are located in the United States of America, with one being based in Ireland. In some cases these businesses may use sub-processors based in other countries.   A full list of these providers is available on request. 

    4. We use reasonable endeavours to ensure that any third party recipient receiving your Personal Information from us is bound by the relevant Privacy Laws (including the standard contractual clauses approved by the European Commission). The standard contractual clauses are available on the European Commission’s Website at https://ec.europa.eu/info/law/law-topic/data-protection_en

    5.  In the event of a restricted transfer (as that term is defined in the UK GDPR), we will enter into a Data Processing Addendum with you in the format set out in Schedule 1, or as required by the UK GDPR from time to time. 

    12. Notifiable Data Breaches

    1. We take data breaches very seriously. 

    2. For UK users, we will endeavour to meet the 72-hour deadline as imposed by the UK GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you. Further, where there is likely to be a high risk to your rights, we will endeavour to contact you without undue delay. We will review every incident and take action to prevent future breaches.

    13. Access To Information, Destruction Of Personal Information

    1. Under the UK GDPR an individual residing in the United Kingdom has enhanced privacy rights, including the right to:

      • require us to correct any Personal Information held about you that is inaccurate or incomplete;

      • require the deletion of Personal Information concerning you in certain situations;

      • data portability for Personal Information you provide to us;

      • object or withdraw your consent at any time to the processing of your Personal Information;

      • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or  

      • otherwise restrict our processing of your Personal Information in certain circumstances.

    1. Subject to some exceptions provided by the relevant Privacy Laws, you may request access to your Personal Information in our customer account database, or seek correction of it, by contacting us. See section 14: Contact information. Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so. 

    2. We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.  

    3. If you believe that we hold Personal Information about you that is not accurate, complete or up-to-date then you may update it via the Website or our software, and/or request that your Personal Information be amended.  We will respond to your request to correct your Personal Information within a reasonable timeframe and you will not be charged a fee for correcting your Personal Information.  

    4. If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it. 

    14. Third Party Sites

    1. The Website may contain links to other third party websites including social media networks. This Privacy Policy applies solely to information collected by us on our Website. 

    2. If you follow a link to any of these third-party websites, please note that these websites have their own privacy policies that you should check before you submit any Personal Information to these websites.

    15. Contact Information

    1. If you require further information regarding our Privacy Policy or wish to make a privacy complaint, please contact us in writing at support@tapt.io.

    2. If we receive a formal written complaint about our privacy practises, we will contact the complainant regarding his or her concerns and attempt to resolve the complaint as soon as possible.   

    3. If you are dissatisfied with the outcome of our handling of your complaint, you can lodge a privacy complaint with the Office of the Australian Information Commissioner (“OIAC”) or the European Data Protection Supervisor (“EDPS”). For further information about the EDPS or OAIC’s privacy complaint handling process, please see: http://www.oaic.gov.au/privacy/making-a-privacy-complaint or https://edps.europa.eu/node/75_en.

    16. Notices And Revisions

    1. We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice. Non-material changes and clarifications will take immediate effect, and material changes will take effect 30 days after the posting of the amended Privacy Policy on the Website. 

    17. Enforcement

    1. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Information that cannot be resolved between us and the individual.

    Dated 22/05/2024