LAST UPDATE: 30 October 2023
1. How this policy works
2. What information we collect
We collect Personal Information in several ways. We may collect information directly from you or during our dealings with you, for example where you use our Services, contact and correspond with us, attend our premises or events, or apply for a position of employment with us.
When you use our Services, you may provide information to us. This includes:
when you set up a profile, your name, email address, and profile photo (“Account Data”);
content you provide through the Services (for example, projects, notes, tags, files, submissions, survey responses);
content, files, or other media that you import to the Services (including via our integrations), as well as certain account details associated with such integrations;
when you subscribe to our paid services, your billing details including your billing address;
details of services we have provided to you or that you have enquired about;
your responses to questionnaires, surveys, or requests for feedback; and
additional Personal Information that you provide to us directly or indirectly through your use of our Services, associated social media platforms or accounts from which you permit us to collect information.
We log certain information about your access to and use of our Services (“Technical Information”). This includes:
device data (including, but not limited to, the type of device you use, data on device advertising IDs and similar hardware qualifiers, the browser you use, your operating system, and approximate geographic location data);
usage data (including, but not limited to, search terms entered, pages viewed, and other usage behaviour identified by analytics events);
network and internet information (including, but not limited to, URLs, and Internet Protocol addresses); and
information we collect via cookies and other tracking technologies (please see the “How Do We Use Tracking Technologies” section below for more information).
If you apply for a job with Converlens, we may collect certain information in connection with your application such as your name, contact details, occupation, education and work history. We may also collect certain information necessary to verify your identification or working rights.
We may receive information about you from third party sources. This includes marketing or demographic information about you from third party providers, including data about your organisation or industry or other public information available online, such as through professional profiles. We may combine this information with other data we have to improve your experience with the Services or inform you of Services we think may be of interest to you.
3. How we use information we collect
The way we use your information depends on our relationship with you and the purpose of collection. We collect and use your information:
to deliver our Services and enable you to access and use our Services;
to improve our Services and your overall user experience;
to process your payments where you have signed up to a paid service;
to contact and communicate with you;
to prevent and address technical problems, and maintain the security of the Services;
to provide you with support services, if requested;
to help us understand traffic patterns, and analyse how you use the Services;
for internal record keeping;
for advertising and marketing, including to send you information about our products and services;
in connection with a merger, acquisition, reorganisation or similar transaction;
when required or permitted by law, or to respond to legal process;
for any other purpose with your consent.
4. How we share information we collect
We share information we collect in the ways set out below, including in connection with possible business transfers. We do not sell information about you to advertisers or other third parties.
Sharing with other users
Converlens is collaborative cloud product built for teams to collect, manage, analyse, report on and share information and data. This can include sharing information with others through the Services, and with certain third parties. For example, your profile information or content you upload to the Services may be shared with other members of your workspace or the Customer administering your workspace. These people are usually colleagues you work with day-to-day, or clients you have added to your workspace. Some of our Services enable you to share information publicly (such that it is accessible without a Converlens Account), including through surveys, pages, insights, reports and published data. When you share information publicly it can be indexed and archived by search engines and other third parties located anywhere in the world. Our services provide different options for sharing and deleting your content and data but we cannot delete content from third parties so we advise caution about information you make public.
Sharing with third parties
In addition to the specific circumstances discussed elsewhere in this policy, we may share Personal Information:
with our corporate affiliates and subsidiaries;
with third parties performing services to support our core business functions and internal operations;
with third parties (including agents and sub-contractors) assisting us to provide information, products, services or direct marketing to you;
to support our audit, compliance, and corporate governance functions;
in connection with a change of ownership or control of all or part of our business (such as a merger, acquisition, reorganisation, or bankruptcy);
with credit reporting agencies and courts, tribunals and regulatory authorities where you fail to pay for goods or services provided to you;
if we have a good-faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to detect or protect against fraud or security issues;
if otherwise required or permitted by applicable law or regulation, including laws and regulations of Australia and other countries, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or in response to a request from law enforcement or other public authorities wherever we may do business; (b) protect and defend our rights or property; (c) act in urgent circumstances to protect the personal safety of our users, customers, and contractors/employees; or (d) enforce our legal terms or otherwise protect against any legal liability; and
with your consent or at your direction.
5. How we use tracking technologies
Some features in the Services may require the use of “cookies” (i.e. small text files that are stored on your device). You may delete and block all cookies from our Services, but parts of the Services may not work. We use different categories of cookies for different reasons. These categories, and your options for managing your preferences, are set out below.
Performance cookies These cookies collect information about how you use our Services, including which pages you go to most often and whether you receive error messages from certain pages. These cookies do not collect information that individually identify you, and the information is only used to improve how the Services function and perform.
Functionality cookies Functionality cookies allow our Services to remember information you have entered or choices you have made (for example, changes you have made to text size, font and other customisations) to provide enhanced, personalised features and optimise your use of the Services after logging in. For example, we may use local shared objects to store your preferences or display content based on what you view.
Managing your preferences Your options to manage your preferences depend on the type of cookies used:
Required cookies:Because required cookies are essential to operate the Services, there is no option to opt out of these cookies.
Targeting or advertising cookies:
General: To learn more about other advertising networks and their opt-out instructions, you can visit https://optout.networkadvertising.org
Other: To learn how to opt out of other cookies using your browser settings, you can visit www.allaboutcookies.org. You may also be able to opt out of certain cookies by interacting with banners or pop ups made available by us on the Services.
6. How we respond to Do Not Track signals
Your browser settings may allow you to automatically transmit a Do Not Track signal to websites and other online services you visit. Please note, we do not alter our practices when we receive a Do Not Track signal from a visitor’s browser. To find out more about Do Not Track, please visit https://www.allaboutdnt.com.
7. Managing your information
You can review, update, correct or delete the Personal Information held by Converlens by contacting email@example.com. If you are a Converlens user, you may also manage certain information directly via your user account. If you wish to remove your user account, you may do so through your account settings. However, this will not necessarily remove all Personal Information held about you by Converlens.
For your protection, we may only share and update the Personal Information associated with the specific email address that you use to send us your request, and we may need to verify your identity before doing so. We will try to comply with such requests in a reasonably timely manner.
Please note that we may retain certain information in anonymised and aggregated form, in archived or backup copies as required pursuant to records retention obligations, or otherwise as required or permitted by law.
8. Data storage, transfer, and security
Converlens stores Customer Data (including backups) in your selected jurisdiction from the list of locations we support. By default all Customer Data is stored in Australia, unless you have specifically selected to store it in one of our other data centre locations.
In limited circumstances we may need to share 1) anonymised metadata such as system and access logs, and, 2) Account Data (including Personal Information, such as your name, email and billing details), with subprocessors who may be located or store data outside of your selected workspace region, including Australia and the United States. For example, we use Stripe (USA) to process payments from you on our behalf. You can read more about these subprocessors, including their geographic location, here. You can read more about our data storage practices here.
We aim to ensure that your information is secure at all times. We have in place a number of physical, technical and organisational measures to safeguard and secure your information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. These measures are described in our security documentation available by request from firstname.lastname@example.org.
Although we take measures to safeguard your information, due to the inherent nature of the Internet, we cannot guarantee the security of any information that you transmit to us or receive from us.
9. Children under 16
The Services are not directed to individuals who are under the age of 16 and we do not solicit nor knowingly collect Personal Information from children under the age of 16. If you believe that we have unknowingly collected any Personal Information from someone under the age of 16, please contact us immediately at email@example.com and we will take steps to ensure that the information is deleted.
10. Links to other websites
12. Contact us
Please contact firstname.lastname@example.org if you have any questions or concerns about this Policy or our information handling practices, or if you believe that we have not complied with this Policy or applicable privacy laws, including the Australian Privacy Act.
We will take any privacy complaint seriously and will investigate and aim to resolve any such complaint in a timely and efficient manner. Our target response time is 30 days, and we request that you cooperate with us during this time, including providing us with any relevant information we may require.
We expect to be able to deal with your complaint fairly and promptly. However, if you are not satisfied, and the Australian Privacy Act applies, you can contact the Office of the Australian Information Commissioner (the “OAIC”). The OAIC’s contact details are made available on their website.
13. Additional rights for European residents
The laws of certain jurisdictions may provide data subjects with various rights in connection with the processing of Personal Information, including:
the right to withdraw any previously provided consent;
the right to access certain information about you that we process;
the right to have us correct or update any personal information;
the right to have certain personal information erased;
the right to have us temporarily block our processing of certain personal information;
the right to have personal information exported into common machine-readable format;
the right to object to our processing of personal information in cases of direct marketing, or when we rely on legitimate interests as our lawful basis to process your information; and
the right to lodge a complaint with the appropriate data protection authority.
Where we are deemed a data controller under the laws of certain jurisdictions, we will take steps to help ensure that you are able to exercise your rights regarding Personal Information about you in accordance with applicable law. To do so, you may contact us at email@example.com. Please note these rights may be limited in certain circumstances as provided by applicable law. We will promptly review all such requests in accordance with applicable laws. Depending on where you live, you may also have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first reach out to us at firstname.lastname@example.org, so we have an opportunity to address your concerns directly before you do so.
Under the laws of certain jurisdictions, when processing the Personal Information of Authorised Users in connection with the provision of Services to our Customers, we may be deemed a ‘data processor’ while our Customers are deemed ‘data controllers’. Where we are deemed a data processor, Authorised Users should contact our Customer, the data controller, to pursue any such legal data subject rights. We will reasonably cooperate with our Customers to support and comply with any such data subject rights requests
14. Legal bases for processing (for EEA users)
Where we are deemed a data controller under applicable privacy laws of the European Economic Area (EEA) and if you are an individual in EEA, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases may depend on the Services you use and how you use them, such as the following:
we need your information to provide you the Services, including to operate the Services, provide customer support and personalised features and to protect the safety and security of the Services;
our collection and use of your information satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
you give us consent to collect and/or use your information for a specific purpose; or
we need to process your information to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.
Under the laws of certain jurisdictions, when processing the Personal Information of Authorised Users in connection with the provision of Services to our Customers, we may be deemed a ‘data processor’ while our Customers are deemed ‘data controllers’. Where we are deemed a data processor, we rely on our Customer, the data controller, to ascertain they have legitimate bases to authorise our processing of Customer Data. Authorised Users should contact our Customer, the data controller, to withdraw consent, object to processing, or pursue any legal data subject rights.
Where we are using your information because we or a Customer (e.g. your employer) have a legitimate interest to do so, and you object to such use, then, in some cases, this may mean no longer being able to access or use the Services.
15. Data retention
We will retain your Personal Information for as long as your account is in existence or otherwise as necessary to provide you the Services, or as otherwise required or permitted by applicable law. You can learn more about our data retention practices here.