Privacy Policy

LAST UPDATE: 30 October 2023

1. How this policy works

This Privacy Policy applies to the collection, use, disclosure and handling of Personal Information by Converlens Pty Ltd and its related entities (“we”, “us”, “our” or “Converlens”), including information collected via converlens.com (our “website”), product pages, mobile and/or web applications (collectively, the “Services”).

As Converlens Pty Ltd is an Australian business, this Privacy Policy takes into account the requirements of the Australian Privacy Principles set out in the Australian Privacy Act, as well as other applicable privacy laws.

Any capitalised terms not defined in this Privacy Policy have the meanings given to those terms in our Master Subscription Agreement.

Your privacy is very important to us, and we encourage you to read this Privacy Policy carefully. By providing Personal Information to us, you consent to our collection, handling, use and disclosure of your information in accordance with this Privacy Policy. If we are not able to collect certain Personal Information about you, this may limit your ability to use or access the Services.

This Policy does not apply to websites, apps, products, or services that we do not own or control. Further, where our Services are made available to you via an organisation (for example, where your employer is our Customer and has made you an Authorised User of the Services under our contract with them), that organisation will control the information processed via the Services, including Customer Data. This means that this Privacy Policy will not apply to that information, and Converlens will not be responsible for the privacy practices of that organisation. Rather, your information will be subject to that organisation’s practices, policies, and collection notices. We encourage you to review these materials as they relate to the handling of your information.

2. What information we collect

We collect Personal Information in several ways. We may collect information directly from you or during our dealings with you, for example where you use our Services, contact and correspond with us, attend our premises or events, or apply for a position of employment with us.

When you use our Services, you may provide information to us. This includes:

• when you set up a profile, your name, email address, and profile photo (“Account Data”);

• content you provide through the Services (for example, projects, notes, tags, files, submissions, survey responses);

• content, files, or other media that you import to the Services (including via our integrations), as well as certain account details associated with such integrations;

• when you subscribe to our paid services, your billing details including your billing address;

• details of services we have provided to you or that you have enquired about;

• your responses to questionnaires, surveys, or requests for feedback; and

• additional Personal Information that you provide to us directly or indirectly through your use of our Services, associated social media platforms or accounts from which you permit us to collect information.

We log certain information about your access to and use of our Services (“Technical Information”). This includes:

• device data (including, but not limited to, the type of device you use, data on device advertising IDs and similar hardware qualifiers, the browser you use, your operating system, and approximate geographic location data);

• usage data (including, but not limited to, search terms entered, pages viewed, and other usage behaviour identified by analytics events);

• network and internet information (including, but not limited to, URLs, and Internet Protocol addresses); and

• information we collect via cookies and other tracking technologies (please see the “How Do We Use Tracking Technologies” section below for more information).

If you apply for a job with Converlens, we may collect certain information in connection with your application such as your name, contact details, occupation, education and work history. We may also collect certain information necessary to verify your identification or working rights.

We may receive information about you from third party sources. This includes marketing or demographic information about you from third party providers, including data about your organisation or industry or other public information available online, such as through professional profiles. We may combine this information with other data we have to improve your experience with the Services or inform you of Services we think may be of interest to you.

3. How we use information we collect

The way we use your information depends on our relationship with you and the purpose of collection. We collect and use your information:

• to deliver our Services and enable you to access and use our Services;

• to improve our Services and your overall user experience;

• to process your payments where you have signed up to a paid service;

• to contact and communicate with you;

• to prevent and address technical problems, and maintain the security of the Services;

• to provide you with support services, if requested;

• to help us understand traffic patterns, and analyse how you use the Services;

• for internal record keeping;

• for advertising and marketing, including to send you information about our products and services;

• in connection with a merger, acquisition, reorganisation or similar transaction;

• when required or permitted by law, or to respond to legal process;

• for any other purpose with your consent.

4. How we share information we collect

We share information we collect in the ways set out below, including in connection with possible business transfers. We do not sell information about you to advertisers or other third parties.

Sharing with other users
Converlens is collaborative cloud product built for teams to collect, manage, analyse, report on and share information and data. This can include sharing information with others through the Services, and with certain third parties. For example, your profile information or content you upload to the Services may be shared with other members of your workspace or the Customer administering your workspace. These people are usually colleagues you work with day-to-day, or clients you have added to your workspace. Some of our Services enable you to share information publicly (such that it is accessible without a Converlens Account), including through surveys, pages, insights, reports and published data. When you share information publicly it can be indexed and archived by search engines and other third parties located anywhere in the world. Our services provide different options for sharing and deleting your content and data but we cannot delete content from third parties so we advise caution about information you make public.

Sharing with third parties
In addition to the specific circumstances discussed elsewhere in this policy, we may share Personal Information:

• with our corporate affiliates and subsidiaries;

• with third parties performing services to support our core business functions and internal operations;

• with third parties (including agents and sub-contractors) assisting us to provide information, products, services or direct marketing to you;

• to support our audit, compliance, and corporate governance functions;

• in connection with a change of ownership or control of all or part of our business (such as a merger, acquisition, reorganisation, or bankruptcy);

• with credit reporting agencies and courts, tribunals and regulatory authorities where you fail to pay for goods or services provided to you;

• if we have a good-faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to detect or protect against fraud or security issues;

• if otherwise required or permitted by applicable law or regulation, including laws and regulations of Australia and other countries, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or in response to a request from law enforcement or other public authorities wherever we may do business; (b) protect and defend our rights or property; (c) act in urgent circumstances to protect the personal safety of our users, customers, and contractors/employees; or (d) enforce our legal terms or otherwise protect against any legal liability; and

• with your consent or at your direction.

5. How we use tracking technologies

Some features in the Services may require the use of “cookies” (i.e. small text files that are stored on your device). You may delete and block all cookies from our Services, but parts of the Services may not work. We use different categories of cookies for different reasons. These categories, and your options for managing your preferences, are set out below.

Required cookies Required cookies enable you to navigate the Services and use its features, such as accessing secure areas of the Services. If you have chosen to identify yourself to us, we may use cookies containing encrypted information to allow us to uniquely identify you when you are logged into the Services and to process your online transactions and requests.

Performance cookies These cookies collect information about how you use our Services, including which pages you go to most often and whether you receive error messages from certain pages. These cookies do not collect information that individually identify you, and the information is only used to improve how the Services function and perform.

Functionality cookies Functionality cookies allow our Services to remember information you have entered or choices you have made (for example, changes you have made to text size, font and other customisations) to provide enhanced, personalised features and optimise your use of the Services after logging in. For example, we may use local shared objects to store your preferences or display content based on what you view.

Analytics cookies When you visit our website, our third party analytics services providers (such as Google Analytics and Twilio Segment) may use cookies and other tracking technologies to collect and store certain Technical Information.

Targeting or advertising cookies These cookies collect information about your browsing habits to understand your interests, deliver personalised advertising content and track the performance of our advertisements. From time to time, we may use cookies delivered by third parties and their partner networks (for example, Meta Pixel, LinkedIn Insight Tag and Google Marketing Platform pixels) to unlock valuable insights about visitors to our Services, track conversions, retarget website visitors, and measure and optimise the performance of our campaigns across different platforms.

Managing your preferences Your options to manage your preferences depend on the type of cookies used:

• Required cookies:Because required cookies are essential to operate the Services, there is no option to opt out of these cookies.

• Analytics cookies:

  • Google Analytics: Google’s ability to use and share information collected by Google Analytics is restricted by the Google Analytics Terms of Service and the Google Privacy Policy. You may also learn more about how Google collects and processes data specifically in connection with Google Analytics. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on.

  • Twilio Segment: ‍Twilio Segment’s use of information is set forth in its Privacy Policy, which includes opt-out instructions.

• Targeting or advertising cookies:

  • Google: You can opt out of Google Marketing Platform's use of cookies by visiting the Google Marketing Platform opt-out page or the Network Advertising Initiative opt-out page. You can also read Google’s privacy policy here.

  • General: To learn more about other advertising networks and their opt-out instructions, you can visit https://optout.networkadvertising.org

• Other: To learn how to opt out of other cookies using your browser settings, you can visit www.allaboutcookies.org. You may also be able to opt out of certain cookies by interacting with banners or pop ups made available by us on the Services.

6. How we respond to Do Not Track signals

Your browser settings may allow you to automatically transmit a Do Not Track signal to websites and other online services you visit. Please note, we do not alter our practices when we receive a Do Not Track signal from a visitor’s browser. To find out more about Do Not Track, please visit https://www.allaboutdnt.com.

7. Managing your information

You can review, update, correct or delete the Personal Information held by Converlens by contacting legal@no.converlens.com. If you are a Converlens user, you may also manage certain information directly via your user account. If you wish to remove your user account, you may do so through your account settings. However, this will not necessarily remove all Personal Information held about you by Converlens.

For your protection, we may only share and update the Personal Information associated with the specific email address that you use to send us your request, and we may need to verify your identity before doing so. We will try to comply with such requests in a reasonably timely manner.

Please note that we may retain certain information in anonymised and aggregated form, in archived or backup copies as required pursuant to records retention obligations, or otherwise as required or permitted by law.

We may use some of the information we collect for marketing purposes, including to send you promotional communications about new features, products, events, or other opportunities. If you wish to stop receiving these communications or to opt out of use of your information for these purposes, please follow the opt-out instructions such as clicking "Unsubscribe" (or similar opt-out language) in those communications. You can also contact us at legal@no.converlens.com to opt out. Please note that we may continue to send you service-related communications, including notices of any updates to our terms of service or privacy policy, via email.

8. Data storage, transfer, and security

Converlens stores Customer Data (including backups) in your selected jurisdiction from the list of locations we support. By default all Customer Data is stored in Australia, unless you have specifically selected to store it in one of our other data centre locations.

In limited circumstances we may need to share 1) anonymised metadata such as system and access logs, and, 2) Account Data (including Personal Information, such as your name, email and billing details), with subprocessors who may be located or store data outside of your selected workspace region, including Australia and the United States. For example, we use Stripe (USA) to process payments from you on our behalf. You can read more about these subprocessors, including their geographic location, here. You can read more about our data storage practices here.

We aim to ensure that your information is secure at all times. We have in place a number of physical, technical and organisational measures to safeguard and secure your information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. These measures are described in our security documentation available by request from security@no.converlens.com.

Although we take measures to safeguard your information, due to the inherent nature of the Internet, we cannot guarantee the security of any information that you transmit to us or receive from us.

9. Children under 16

The Services are not directed to individuals who are under the age of 16 and we do not solicit nor knowingly collect Personal Information from children under the age of 16. If you believe that we have unknowingly collected any Personal Information from someone under the age of 16, please contact us immediately at legal@no.converlens.com and we will take steps to ensure that the information is deleted.

10. Links to other websites

Our Services may contain links to other websites of interest. We do not have any control over those websites. We are not responsible or liable for the protection and privacy of any information which you provide while visiting such websites, and such websites are not governed by this Privacy Policy.

11. Changes

We reserve the right to change this Privacy Policy at any time, and such changes will be effective when they are posted to this page. We will notify you of any changes by posting the updated policy to this page, and/or by sending notice to the contact email address associated with your Converlens account, if you have one. By continuing to use our Services or otherwise continuing to interact with us, you acknowledge that the collection, use and sharing of your Personal Information is subject to the updated Privacy Policy. We recommend that you review this page periodically for any changes.

12. Contact us

Please contact legal@no.converlens.com if you have any questions or concerns about this Policy or our information handling practices, or if you believe that we have not complied with this Policy or applicable privacy laws, including the Australian Privacy Act.

We will take any privacy complaint seriously and will investigate and aim to resolve any such complaint in a timely and efficient manner. Our target response time is 30 days, and we request that you cooperate with us during this time, including providing us with any relevant information we may require.

We expect to be able to deal with your complaint fairly and promptly. However, if you are not satisfied, and the Australian Privacy Act applies, you can contact the Office of the Australian Information Commissioner (the “OAIC”). The OAIC’s contact details are made available on their website.

APPENDIX 1

13. Additional rights for European residents

The laws of certain jurisdictions may provide data subjects with various rights in connection with the processing of Personal Information, including:

1. the right to withdraw any previously provided consent;

2. the right to access certain information about you that we process;

3. the right to have us correct or update any personal information;

4. the right to have certain personal information erased;

5. the right to have us temporarily block our processing of certain personal information;

6. the right to have personal information exported into common machine-readable format;

7. the right to object to our processing of personal information in cases of direct marketing, or when we rely on legitimate interests as our lawful basis to process your information; and

8. the right to lodge a complaint with the appropriate data protection authority.

Where we are deemed a data controller under the laws of certain jurisdictions, we will take steps to help ensure that you are able to exercise your rights regarding Personal Information about you in accordance with applicable law. To do so, you may contact us at legal@no.converlens.com. Please note these rights may be limited in certain circumstances as provided by applicable law. We will promptly review all such requests in accordance with applicable laws. Depending on where you live, you may also have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first reach out to us at legal@no.converlens.com, so we have an opportunity to address your concerns directly before you do so.

Under the laws of certain jurisdictions, when processing the Personal Information of Authorised Users in connection with the provision of Services to our Customers, we may be deemed a ‘data processor’ while our Customers are deemed ‘data controllers’. Where we are deemed a data processor, Authorised Users should contact our Customer, the data controller, to pursue any such legal data subject rights. We will reasonably cooperate with our Customers to support and comply with any such data subject rights requests

14. Legal bases for processing (for EEA users)

Where we are deemed a data controller under applicable privacy laws of the European Economic Area (EEA) and if you are an individual in EEA, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases may depend on the Services you use and how you use them, such as the following:

• we need your information to provide you the Services, including to operate the Services, provide customer support and personalised features and to protect the safety and security of the Services;

• our collection and use of your information satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;

• you give us consent to collect and/or use your information for a specific purpose; or

• we need to process your information to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

Under the laws of certain jurisdictions, when processing the Personal Information of Authorised Users in connection with the provision of Services to our Customers, we may be deemed a ‘data processor’ while our Customers are deemed ‘data controllers’. Where we are deemed a data processor, we rely on our Customer, the data controller, to ascertain they have legitimate bases to authorise our processing of Customer Data. Authorised Users should contact our Customer, the data controller, to withdraw consent, object to processing, or pursue any legal data subject rights.

Where we are using your information because we or a Customer (e.g. your employer) have a legitimate interest to do so, and you object to such use, then, in some cases, this may mean no longer being able to access or use the Services.

15. Data retention

We will retain your Personal Information for as long as your account is in existence or otherwise as necessary to provide you the Services, or as otherwise required or permitted by applicable law. You can learn more about our data retention practices here.