PRIVACY

1. INTRODUCTION

Your privacy and the protection of your personal information is important to Shping. This public privacy policy (or privacy statement) explains what personal data we process, how we collect it and why. We take the security of your data very seriously and this privacy policy tells you what we do to ensure its protection. In this policy we also outline the rights we think you have with your personal data, and how you can exercise them.

2. WHO WE ARE

Shping is a world-first integrated shopper marketing, brand protection, product safety and global product database rolled into a single ecosystem that rewards consumers for using it and contributing to it.

Shping operates a smartphone application ( app) whereby consumers can retrieve and obtain product related information by scanning the product’s barcode. The app may provide additional services for selected products (if available), including but not limited to, authenticity checks, product recall notifications, verification of product recall status, providing product related information, warranty activation, receipt storage, social media integration with participating brands, product rating and feedback and the ability for users to upload product information to Shping’s product database, together with such other services as Shping may introduce from time to time.

App users may also be able to earn rewards, known as Shping Coins for particular actions performed while using the app and we collect information from you so we can transfer these coins to your digital wallet. We are also able to assist you with the purchase and sale of Shping Coins and do to so we will collect personal data including financial information about you.

Our headquarters are in Melbourne, Australia.

3. OUR APPROACH TO PRIVACY

We do not sell your personal data to third parties for marketing or promotional purposes unless we have your express consent. We do not abuse or misuse your personal data, or let it fall into the wrong hands. We only collect or process your information for the reasons we say we do.

As a business, we obtain personal data from app users and owners of Shping Coins to provide our services. We obtain personal data when you sign up for the app and any of Shping’s services. The information Shping collects is what you tell Shping about yourself and information about how you use Shping’s app and services, such as what personal information you tell Shping about yourself in creating an account including your phone number and street address, your IP address and location.

When you use the app or this website, Shping automatically receives and records information on its server logs from your browser or mobile platform, including your location, IP address, cookie information, and the page you requested. To best manage information such as location data, you may disable the tracking functionalities on your smartphone device, although the app and our services to you will not operate to their full capacity if you do so.

Also, if you contact Shping, Shping may keep a record of that correspondence. Shping may also draw upon this information in order to adapt the Services to your needs, to research the effectiveness of Shping’s network and services, and to develop new tools for the Services. Where possible, Shping endeavour to limit the collection of your personal data. Shping asks that you update Shping if your personal data details change.

We share your personal information with our business partners in order to provide our services to you. They have their own privacy policies that apply to your information and must be able to provide you with a copy.

Technology, laws or even our way of doing business can change from time to time, as can your rights and expectations. To ensure we comply with data protection regulations, we will update this privacy policy. When we make changes, we will always publish it here on our website.

4. YOUR CONSENT

When you download the app or use our services, or provide information using our technology, you will be asked to indicate that you have read and agreed to this privacy policy. Your use of this website is also subject to this privacy policy. In giving your consent, you agree to:

  • The collection and use of your personal information by us and the third parties described in this privacy policy;
  • The disclosure of your personal information to the third parties described in this privacy policy; and
  • The transfer of your personal information to other countries outside Australia.

If you do not want your personal information to be used in any of the ways listed above, then please do not use our app, website or services.

5. WHERE AND WHY WE COLLECT AND PROCESS YOUR PERSONAL INFORMATION

We collect your personal information from the following sources:

  • When you visit website;
  • When you sign up to the app;
  • When you contact us including where you contact us for help or support;
  • From third parties so we can gain information about you to better provide our services to you; and
  • When you use services (e.g. completing a product review or other comments on the app, uploading photos on the app transferring Shping Coins to your digital wallet or where you ask us to buy or sell Shping Coins in your behalf.

We process your information for one or more of the following purposes:

  • You are using the app or visiting our website;
  • To upload on the app (e.g. a review of a product by you which you want uploaded on the app);
  • To analyse how you use the app and our services which we will share with third parties (e.g. with the brand owner of a product on which you have provided a review);
  • To provide you with information you have requested from us;
  • To ensure the safe operation and security of our app, website and underlying business infrastructure; and
  • To manage any communication between us and you.

6. OUR LEGAL BASIS FOR PROCESSING YOUR DATA

By using our app, website or service we assume you have provided consent for us to collect, process and store your data. Further, if you have come to our app, website or contacted us for help or information we also assume you have provided us with consent to collect, possess and store your data.

If you do not provide consent for us to process your personal data as described in this privacy policy then please do not use our app, website or services.

7. WHAT INFORMATION WE COLLECT

Our app and services collect and analyse a range of information. This may include;

  • Biographical/profile information that you have supplied to us voluntarily;
  • You physical and email address;
  • Your date of birth;
  • Location information, meaning data which reveals an approximate geographical location of you and your mobile device. We only collect this information where you have agreed to us doing so and also by agreeing to a notification on your mobile device;
  • Information about the type of mobile device you own;
  • Technical data such as an Internet Protocol (IP) address, time zone, operating system and platform and information about your internet browser application;
  • App ‘metadata’, which means information about the way in which our application is used and how it functions on your mobile device (for example, which app screens you use most, how long it takes to transmit information to us, the volume of information, etc.). Metadata does not include any personal information about you. We collect metadata via Google Analytics in order to improve the usability, security and performance of our app;
  • Product reviews, comments, photos and other information you upload on the app on a voluntary basis (you do not have to provide any information on the app);
  • Your digital wallet particulars, bank details or other payment details (for transfer of and the purchase and sale of Shping Coins); and
  • Information received from other sources to provide our services to you.

If you are visiting our website, app or trying to contact us for information, assistance or technical support, then the data we collect or may ask for could include;

  • Your name;
  • Your contact details, such as a phone number and/or email address;
  • Your approximate location (depending on the settings on your device); and
  • Any technical or diagnostic information we deem necessary to fix a problem or resolve an issue you are experiencing with our app or services.

8. SHARING INFORMATION WITH THIRD PARTIES

Any technical or diagnostic information we deem necessary to fix a problem or resolve an issue you are experiencing with our app or services.

We may share your personal information with:

  • Our product partners such as product brands owners who have a product in our brand database and who have asked us to collect, process or analyse it on their behalf;
  • Our partners, sub processors or vendors working on our behalf, who provide us with IT and support services to help us manage and store information, and who may require such information for the performance of any contract we enter into with them to conduct our business;
  • Group companies, who may provide related or ancillary services; and
  • Internationally recognised legal, regulatory or Cryptocurrency bodies.

We will also share your personal information in the following circumstances:

  • If we believe that it is reasonably necessary to comply with a law, regulation or legal request (e.g. to assist in matters of public interest or safety);
  • If we sell, transfer or otherwise share some or all of our assets in connection with a merger, acquisition, reorganisation or sale of assets, or in the event of bankruptcy. We endeavour to provide you with notice prior to the transfer of your personal information to a successor entity;
  • To complete any transaction or provide any product or service you have requested or authorised;
  • To maintain the security of website, app and services; and
  • To protect ours, yours and our product partners’ rights and property.

9. SECURITY

We have what we believe are robust, appropriate and sufficient security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our Information security management system. Although even with that, we have no control over what happens between your smartphone device and our information infrastructure. You should be aware of the many cyber security risks that exist and take appropriate steps to safeguard your own information.

We accept no liability in respect of breaches that occur beyond our sphere of control. However, we take the privacy and protection of your personal information very seriously and use a number of methods to try to keep your personal information secure from loss or unauthorised use or access when it is in our possession or control. These methods include reasonable physical, technical and organisational measures to restrict access to your personal information. Access to your data (for example amongst our employees and our product partners) is strictly controlled by a combination of secure passwords, permissions-based user roles, tried and tested processes, multi factor authentication and more.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website and/or apps, you are responsible for keeping this password confidential. You should never share a password with anyone and you should ensure that you do not reuse or recycle passwords.

Where required by applicable law, we will notify you of any loss of or unauthorised access to your personal information, and we will cooperate with the appropriate authorities to investigate such incidents in a timely fashion.

10. INTERNATIONAL TRANSFERS OF INFORMATION

We are a global company which provides services globally. As such your personal information may be transferred and stored in locations outside of Australia and where privacy laws may not be as protective as they are in Australia. Our product partners may also operate in such locations and may require that we transfer your personal information to them in those locations.

We take steps to try to ensure that your personal information is kept secure regardless of its location, in compliance with applicable laws. Your consent to this privacy policy followed by your submission of any personal information to us represents your agreement and consent to that transfer.

11. RETENTION OF YOUR INFORMATION

We keep your personal information for as long as is necessary to fulfil the purposes for which it was collected. This purpose is usually for one of the two reasons as listed above in the section on our legal basis to process your data, namely to help you or to carry out our obligations of a contract. In most cases, this will be the duration of a particular meeting, event, project or campaign for which our product partners have asked us to collect and process information about you. However, we are subject to our product partners’ instructions and they may ask us to retain it for longer or to delete it sooner. We regularly audit the information we hold to ensure that it remains relevant to our current requirements and those of our product partners.

We maintain a permanent record of anonymized location, demographic and survey data. This data is used to produce aggregated consumer insights and cannot be used to identify individuals.

12. MINORS

We do not knowingly collect personal information or data of minors under 16 years of age. We have no control over who contacts us but we do not conduct business with anyone under 16 years of age. For our product partners, if they are using our products and services to collect or process data of children, then they must comply with the data protection laws applicable to them. In those circumstances, our product partners may be obliged to obtain express consent from the children’s parents or legal guardians prior to the use of our service.

13. YOUR RIGHTS

As a data subject whose personal information we collect and process, you have certain rights. If you wish to exercise any of these rights, then please email privacy@shping.com or use the contact details supplied below. In order to process your requests, we will ask you to provide two valid forms of identification for verification purposes.

Your rights are as follows:

  • The right to be informed. As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this policy and any related communications we may send to you.
  • The right of access. You may request a copy of the personal information we hold about you. We will always provide this free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following;
    • The categories of personal data concerned
    • The purpose for processing the personal data
    • If applicable, who we have disclosed the data to
    • The proposed or planned retention period for that data
    • The source of personal data, if collected from a third party
  • The right to rectification. If you feel we hold inaccurate or incomplete personal data about you, you may exercise your right to correct or complete it. This may be used in conjunction with the right to restrict processing (see below) to make sure that incorrect or incomplete information is not processed until it has been rectified.
  • The right to erasure. Often referred to as the ‘right to be forgotten’. Where no overriding legal basis or legitimate reason continues to exist for processing your personal information, you have the right to request that we delete that data. We will always take all reasonable steps to ensure the erasure or deletion of your data.
  • The right to restrict processing. You have the right to ask us to stop processing your personal data. We will still store the information, but will not process it further. This right is an alternative to the right to erasure. If any of the following conditions apply, then you may exercise your right to restrict processing;
    • You contest accuracy of your personal data and we are verifying it.
    • Your data has been unlawfully processed.
    • We no longer need the personal data for processing but the personal data is required for part of a legal process (e.g. establishing, exercising or defending a legal claim).
    • You have exercised your right to object and processing is restricted pending a decision on the status of that processing.
  • The right to object. You have the right to object to our processing of your information. This applies when processing is;
    • Based on your legitimate interests (or those of a third party)
    • For the purposes of direct marketing
    • For research purposes (scientific, historic or statistical)
    • Based upon public tasks or legitimate interests

14. DATA PROTECTION OFFICER

We have nominated a Date Protection Officer to take overall responsibility for matters of data protection and privacy. This is our Head of Information Security and you can contact them with any questions or concerns about your data by emailing privacy@shping.com (for more contact details see below).

15. CONTACT US

Should you have any questions, comments or concerns about this policy or how we handle and process your data then please email privacy@shping.com.

Our address is:

    Authenticateit Pty Ltd (ABN 30 155 162 253) trading as Shping
    Level 2, 10 Queens Rd
    Melbourne 3004
    AUSTRALIA

Shping customer service team’s may be contacted on 03 9924 4405 for Australia and +61 3 9924 4405 for overseas callers.