GDPR Privacy Policy
Last updated: 2 October 2024
This policy explains how Offerrewardgrid collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection legislation. By using our services at offerrewardgrid.net, you acknowledge the practices described herein.
1. Data Controller
Offerrewardgrid acts as the data controller for personal data collected through this website and its associated services. For any data protection enquiries, you may contact us at:
Email: support@offerrewardgrid.net
Phone: +61 2 9618 7202
Address: U172/46 Macquarie St, Barton ACT 2600, Australia
2. Definitions
| Term | Meaning |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person |
| Processing | Any operation performed on personal data, including collection, storage, use, or deletion |
| Data Subject | The individual whose personal data is being processed |
| Processor | A third party that processes data on behalf of the controller |
| Consent | Freely given, specific, informed, and unambiguous agreement to processing |
3. Personal Data We Collect
3.1 Data You Provide Directly
We collect personal data that you voluntarily submit when using our services, including but not limited to:
Account and contact information: full name, email address, phone number, and postal address.
Consultation data: messages, project descriptions, requirements, and any files or documents you share during sessions.
Payment information: billing details processed through secure third-party payment providers. We do not store full card details on our systems.
Communication records: correspondence sent to our support email or through contact forms.
3.2 Data Collected Automatically
When you visit our website, certain technical data is collected automatically:
Usage data: pages visited, session duration, referral sources, and interaction patterns.
Device and browser data: IP address, browser type, operating system, screen resolution, and language preferences.
Cookie data: identifiers stored locally on your device to maintain session state, preferences, and analytics. See Section 9 for full cookie details.
3.3 Data From Third Parties
We may receive limited personal data from third-party integrations such as authentication providers, payment processors, or analytics platforms, only where you have authorised such sharing.
4. Legal Basis for Processing
We process your personal data only where a valid legal basis under Article 6 of the GDPR exists:
| Processing Purpose | Legal Basis |
|---|---|
| Delivering consultation services | Performance of a contract (Art. 6(1)(b)) |
| Account creation and management | Performance of a contract (Art. 6(1)(b)) |
| Responding to enquiries and support requests | Legitimate interests (Art. 6(1)(f)) |
| Sending service-related communications | Performance of a contract (Art. 6(1)(b)) |
| Sending marketing communications | Consent (Art. 6(1)(a)) |
| Improving and analysing service performance | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) |
5. How We Use Your Data
We use collected personal data for the following purposes:
Service delivery: scheduling, conducting, and managing online consultations and associated workflows.
Account administration: creating and maintaining user accounts, authenticating access, and managing preferences.
Communication: responding to support requests, sending booking confirmations, reminders, and service updates.
Billing: processing payments, issuing invoices, and managing refunds where applicable.
Service improvement: analysing usage patterns to identify issues, optimise user experience, and develop new features.
Security: detecting and preventing unauthorised access, fraudulent activity, or misuse of our platform.
Legal compliance: fulfilling obligations under applicable law, including record-keeping requirements.
6. Data Sharing and Disclosure
6.1 Third-Party Service Providers
We engage trusted third-party processors to support our operations. These parties are contractually bound to process data only on our documented instructions and in accordance with GDPR requirements. Categories of processors include:
Cloud hosting and infrastructure providers
Payment processing platforms
Email delivery and communication services
Analytics and performance monitoring tools
Customer support software providers
Video conferencing platforms used during consultations
6.2 Legal Requirements
We may disclose personal data where required to do so by law, court order, regulatory authority, or to protect the rights, property, or safety of Offerrewardgrid, its clients, or others.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. Affected individuals will be notified in advance where required by law.
6.4 No Sale of Data
We do not sell, rent, or trade personal data to any third party for their independent marketing or commercial purposes.
7. International Data Transfers
As a transnational service, your personal data may be transferred to and processed in countries outside your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place, including:
Standard Contractual Clauses (SCCs) approved by competent authorities
Transfers only to countries recognised as providing an adequate level of data protection
Binding corporate rules or equivalent transfer mechanisms where applicable
You may request details of the safeguards applied to specific transfers by contacting us at support@offerrewardgrid.net.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal obligations.
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account plus 2 years after closure |
| Consultation records | 5 years from date of session |
| Billing and transaction records | 7 years for financial compliance purposes |
| Support correspondence | 3 years from last interaction |
| Marketing consent records | Until consent is withdrawn, plus 1 year |
| Website analytics data | 26 months from collection |
Upon expiry of applicable retention periods, personal data is securely deleted or anonymised.
9. Cookies and Tracking Technologies
9.1 What We Use
Our website uses cookies and similar technologies to ensure functionality, measure performance, and enhance user experience.
9.2 Cookie Categories
| Category | Purpose | Basis |
|---|---|---|
| Strictly necessary | Session management, security, authentication | Legitimate interests |
| Functional | Remembering preferences, language settings | Consent |
| Analytics | Understanding how users navigate and use the service | Consent |
| Marketing | Delivering relevant communications and measuring campaign performance | Consent |
9.3 Managing Cookies
You may withdraw consent for non-essential cookies at any time through your browser settings or our cookie preference centre. Note that disabling certain cookies may affect the functionality of our services.
10. Your Rights Under GDPR
As a data subject, you hold the following rights regarding your personal data. We will respond to all verified requests within 30 days.
| Right | Description |
|---|---|
| Right of access | Obtain confirmation of whether we process your data and receive a copy of it |
| Right to rectification | Request correction of inaccurate or incomplete personal data |
| Right to erasure | Request deletion of your data where no longer necessary or lawfully required |
| Right to restriction | Request that we limit processing while a dispute or objection is being resolved |
| Right to data portability | Receive your data in a structured, machine-readable format for transfer to another provider |
| Right to object | Object to processing based on legitimate interests, including direct marketing |
| Right to withdraw consent | Withdraw consent at any time without affecting prior processing |
| Right not to be subject to automated decisions | Not be subject to solely automated decisions that produce significant legal effects |
To exercise any of these rights, submit a written request to support@offerrewardgrid.net. We may request identity verification before processing your request.
11. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:
Encryption: data in transit is protected using TLS encryption; data at rest is encrypted using industry-standard algorithms.
Access controls: role-based access ensures only authorised personnel can access personal data on a need-to-know basis.
Audit logging: access to sensitive data is logged and reviewed periodically.
Security assessments: we conduct regular reviews of our security practices and infrastructure.
Incident response: documented procedures are in place to detect, contain, and report data breaches within 72 hours where required by law.
No transmission over the internet or electronic storage system is entirely secure. While we take every reasonable precaution, we cannot guarantee absolute security.
12. Children's Data
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data relating to a minor, please contact us immediately at support@offerrewardgrid.net and we will take prompt steps to delete such data.
13. Automated Decision-Making and Profiling
We do not make decisions about individuals based solely on automated processing that produce legal or similarly significant effects. Where any profiling or automated analysis takes place, it is used only to support service personalisation and is not determinative of any individual outcome.
14. Updates to This Policy
We review and update this policy periodically to reflect changes in our practices, services, or applicable law. When material changes are made, we will notify registered users by email and update the date at the top of this document. Continued use of our services following notification constitutes acceptance of the revised policy.
We recommend reviewing this policy periodically. All previous versions are available upon request.
15. Complaints
If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the competent supervisory authority in your country of residence or establishment. We encourage you to contact us first at support@offerrewardgrid.net so we may address your concern directly before escalation.
16. Contact Us
For any questions, concerns, or requests relating to this policy or our data processing practices, please reach out to us through any of the following channels:
Email: support@offerrewardgrid.net
Phone: +61 2 9618 7202
Post: Offerrewardgrid, U172/46 Macquarie St, Barton ACT 2600, Australia