Privacy Policy
1. Overview
FoodFraud Scorecard is an application which provides reporting on potential food fraud in your nominated raw materials. It identifies risks and suggests how they should be addressed. In order to provide you with the best user experience and protect your interests, we require all users of the Site and/or App to comply with the following Terms of Use and the Privacy Policy.
This privacy policy (“Privacy Policy”) sets out how Integrity Compliance Systems Limited ACN 162 764 810 trading as FoodFraud Scorecard, of Unit 1, 20 Rivergate Place, Murarrie QLD 4172 (“FoodFraud Scorecard”, “Integrity Compliance”, “us”, “our” and “we”) collects, stores, uses, protects and shares your personal information. It applies to our website (https://foodfraudscore.com) and all related websites, applications, services and tools (together the “Website”). By visiting or using the Website you agree to the collection, storage, usage and disclosure of your personal information by Us in the manner described in this Privacy Policy. Unless we obtain your written consent, we will not sell, disclose, licence or rent your personal information to a third party for that third party’s marketing purposes. You must be over 18 years of age to use FoodFraud Scorecard or have express parental/guardian consent, whereby your parent/guardian is also agreeing to abide by our policies and terms and indemnify us for your breach of any policies or terms.
We comply with the Australian Privacy Principles and, for the benefit and security of our international customers, we also give consideration to privacy requirements of other countries:
- Indonesia
We also comply with the privacy laws enacted in Indonesia, being Law No. 27 of 2022 regarding Personal Data Protection effective on 17 October 2022 (“PDP Law”). PDP Law specifies two subjects, with two separate functions, responsible for personal data, being: (i) Controller, any party (including individuals, public bodies and international organisations) who determines the purpose and controls the processing of personal data; and (ii) Processor, any party who processes personal data. The distinction of Controller and Processor would be relevant in their respective obligations, liabilities and compliance requirements. You would be the Controller of your personal information and we act as the Controller. As the Controller, you essentially determine the purpose of data processing based on lawful grounds and as the Processor, we must conduct our services as directed by you, i.e. only use that information for those purposes stipulated in this Privacy Policy as agreed and approved by you prior to engaging our services. - Europe
In the event of our expansion into Europe, we intend to use Standard Contractual Clauses approved by the European Commission for transfers to United States, Japan, India, Canada, Australia and South Korea in providing the services. - Asia-Pacific
Our privacy processes comply with the Asia-Pacific Economic Cooperation (‘APEC’) and Cross Border Privacy Rules (‘CBPR’) system, which provides a framework for organisations to ensure protection of personal data transferred among participating APEC economies, and the PRP demonstrates an organisation’s ability to provide effective implementation of a personal data controller’s privacy obligations related to the processing of personal information. More information about the APEC framework can be found here.
By using any of this website, you consent to the terms of this Privacy Policy. If you don’t agree to any part of this policy or our Terms of Use, do not access our Website or use any of our services as access and usage is conditional upon your acceptance of these terms as updated from time to time.
We reserve the right to amend this Privacy Policy at any time by posting the amended terms on the Website. If we make material changes to this policy, we will notify you by means of a notice on our announcements board and/or other means so that you access and review the changes. If you object to any changes, you may close your account or discontinue communication with us. By continuing to use the Website after notice of changes has been sent to you or published on the Website, you are deemed to have consented to the changes. “Personal Information” means information that can be associated with a specific person and can be used to identify that person and includes your Information. Information that has been made anonymous or aggregated so that it cannot be used, whether in combination with other information or otherwise, to identify a specific user is not personal information.
You understand that many online software packages including, but not limited to, Microsoft, Atlassian, Google and Xero, store data in facilities which may not be wholly or in part, based on Australian shores, and therefore may not fall under the jurisdiction of the Australian Privacy Principles. We and any third parties or software providers we engage now and in the future, will take all reasonable steps to provide for the security of such stored data to the extent possible and act in accordance with the terms as provided by those third parties and software packages. You may refuse to work with us where you deem the risk of data breach to be greater than the convenience and cost effectiveness of the solution provided. To disengage our services, please notify us in writing and we will take measures to remove your details from our system.
2. Collection of Information
We collect personal information in a number of ways, including:
- when you provide information directly to us in person, by phone or in writing (whether electronic, via our communication tools or otherwise);
- when you visit and/or use the Website, in which case, we record information sent to us by your computer, mobile device or other access device;
- from third parties such as our related entities, service providers to Us, operators of linked websites, applications and advertising on the Website;
- when you enter information for food fraud testing and the outcome generated as a report by FoodFraud Scorecard;
- when you are communicating with us regarding our services.
Third parties we integrate with may also collect personal information in a number of ways, and this will be dealt with in their own privacy policies which you accept when engaging their services and integrating. Such collection may include the above information we collect plus:
- collecting information relating to communications between you and your team or between your team and the third party;
- collecting information generated when reporting on food fraud;
- collecting information specific to their own privacy policy and system requirements for provision of services that may be different and in excess of the information requirements we have to enable service provision.
3. What We Collect
We collect the following types of personal information in order to provide you with access to and use of the Website and for the purposes provided for in this Privacy Policy:
- your name, telephone number, email address, physical address and other contact information;
- information you provide through our customer support;
- the type and volume of services you are using;
- your IP address, cookies and other tracking information;
- information about you, your role with a company or position in a company, your security level within that company and whether that enables you to enter into a contract on behalf of that company when engaging and/or using our services;
- information we may receive from third party providers or integrated systems;
- financial information such as credit card or bank account numbers provide by you, though note any information stored in an integrated third party provider is not stored with us nor collected by us personally;
- other services linked to your account such as a Microsoft account or any account with those parties noted in this policy as a third party;
- what devices you use for interacting with our services;
- pricing information for use in reporting once deidentified;
- records and content of communications with us or any other person including when using Website communication tools;
- personal information based on your activities on the Website;
- personal information you provide to us through any discussions boards, correspondence, user information pages, disputes, or shared by you from other social applications, services or websites;
- to the extent permitted by law, other personal information provided by or obtained from third parties (such as a credit bureau) including navigation and demographic data and credit check information;
- additional personal information we ask you to provide to verify your identity or when we suspect that you are in breach of our Terms of Service, this Privacy Policy or other Website policies (including your personal ID and your answers to any questions we pose to you); and
- personal information from your interaction with the Website and its content and advertising, including device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Website, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address and standard web log data.
4. What You May Provide To Third Parties
When interacting with us, you may be asked by third party providers to provide personal information in order to provide you with access to and use of the Website and for the purposes provided for in this Privacy Policy. We do not store this information and when you are providing this information, you are doing so in accordance with and acceptance of the privacy policy and terms of use of each of the third party providers.
5. How Personal Information Is Used
Our principal purpose in collecting, using and storing your personal information is to provide you with access to and use of the Website in a personalised, safe and efficient manner. You consent to us collecting, using, storing and sharing your personal information to:
- operate the Website, the FoodFraud Scorecard application, generate content and provide customer support and billing services (including updates and improvements);
- provide the services requested by you;
- provide you with information via blogs, general email and online correspondence and newsletters;
- research, develop and improve our services;
- to conduct surveys to determine use and satisfaction with our services;
- to generate statistics in relation to the Website;
- detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Terms of Service, this Privacy Policy or other policies;
- enforce our Terms of Service, this Privacy Policy or other policies;
- verify information for accuracy or completeness (including by way of verification with third parties);
- report internally and to investors regarding revenue and financial metrics of FoodFraud Scorecard;
- combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out this Privacy Policy;
- contact you at your contact details we have collected, by way of voice call, post, text message or email;
- aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you;
- collect fees, resolve disputes and to identify, test and resolve problems;
- notify you about the Website and/or App, and any updates to either or to our policies and Terms of Use from time to time; or
- supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications based on your preferences, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences.
6. How We Store and Secure Your Personal Information
While we use best endeavours to implement safeguards in an effort to protect your information, given the nature of the internet, no security system is impenetrable. We cannot provide any guarantees of absolute safety of that information from others, when the information is being stored with us or transmitted through integrated systems. However we minimise the type of data stored by and delete your code after 30 days, so minimise any impacts to you.
We will not collect your identification documents i.e. drivers licence or passport, your date of birth or bank account details, therefore if you do get an email bearing our logo or similar identifying mark, this is highly likely to be a phishing scam and you should not respond. If you have concerns or queries, contact us to discuss.
It is your responsibility for securing storage and access to the information you provide when using our service, not ours. You should speak with your IT division around using SSL and two factor authentication, and any other methods of security in your own systems, along with using caution when integrating into our systems.
7. How We Transfer Your Personal Information
In the event that we need to transfer and/or store your collected information outside of your country of residence, generally for the purpose of enabling services to be provided via third party integrations you have selected, we take care in protecting that information within our control. Given privacy laws may vary from region to region, we not only comply with the privacy laws of Australia, but also take guidance from those in the region your information may be transferred to, to a reasonable extent, given the type and sensitivity of information being transferred.
8. How To Access and Control Your Personal Information & Opting Out
You have the right to request a copy of your information and for your information to be deleted or restricted at any time. Given we store limited information, you may be required to make the same request from those third parties who you have integrated into our services also and this will be your responsibility to communicate directly with those third parties given such information is not in our control nor do we have any rights to supply it to you, or amend or delete it in any way.
You can access your personal information from your profile. You may deactivate your account at any time however please note that we are legally required to retain some information for record keeping purposes and may be required to retain information to finalise provision of services provided to you.
If you think your information has been used by another person to provide our services, you may request that we delete your account. You are solely responsible for ensuring the safety and security of your account and your storage of passwords. Should you make a request to delete your account, we reserve the right to investigate the matter prior to deleting the account, to ensure the integrity and safety of our own system and to provide information on the unauthorised access if legally required of us.
You may opt out of personalised communications, though even after opting out, you may still receive some general communications. You will be responsible for opting out of communications sent by third parties as we are unable to make this request on your behalf, and opting out may impact the services that can be provided to you. You may request to opt out from third parties who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioural Advertising or are members of the Network Advertising Initiative or. You can find out more here: https://www.youronlinechoices.eu, https://www.aboutads.info and https://optout.networkadvertising.org/.
9. Disclosure to Third Parties
Notwithstanding section 6 above, you agree that we may disclose your personal information to:
- enable you to use our services that integrate with third parties;
- enforce our Terms of Service, this Privacy Policy and other policies;
- comply with any applicable law, request by a governmental agency or regulatory authority or legally binding court order;
- respond to or resolve claims that a member has violated the rights of others;
- protect a person’s rights, property or safety;
- report to, train, work with and/or obtain advice from our directors, staff, contractors, professional advisers and related entities;
- engage with outsourced service providers who assist us to provide its services such as information technology providers and marketing advisers (including in relation to fee collection, fraud investigations and Website operations);
- engage with third parties to whom you expressly ask us to send, or consent to us sending, your personal information;
- work with credit agencies (including regarding missed and late payments or other defaults or breaches on your account); or
- work with and report to such entities that we propose to merge with or be acquired by and in such case, we will require that the new entity following the merger or acquisition adhere to this Privacy Policy.
11. No Spam, Spyware or Spoofing
- You are prohibited from engaging in spam, spyware or spoofing type activities, regardless of whether directed towards us or other users of Us.
- You must not use the Website to send, upload or distribute spam, viruses or malicious, illegal or prohibited content to the Website or otherwise send content that would breach our Terms of Service or this Privacy Policy.
- You are not permitted to add a user or member to our mailing list (postal or email details included) without the written consent of a user or member.
- We may (or we may engage a third party service provider to) take steps to scan and filter messages to check for spam, viruses, phishing attacks and other malicious activity or unlawful or content prohibited by this Privacy Policy and our Terms of Service.
- To report spam, spyware or spoof activities to us, please email us on the details below.
12. Storage and Security
- We store and process your personal information on our host’s servers, currently located in multiple locations around the world. You consent to the transfer, storage and retention of that information onto the servers of our host provider used from time to time by Us, regardless of the location of those servers.
- We have taken steps to protect your personal information by contracting with a third party to provide technical and security measures. These measures are designed to mitigate, but do not guarantee against, the risk of loss, misuse, unauthorised access, disclosure and alteration.
- The third party providers will advise in their own policies and terms where data is stored. Where possible, we will use best endeavours to store data in the country where your business operations are, for example if you are an Australian company, we will consider Australia the better option for storage of your data, however we reserve the right to store the data in any location that is secure and deemed the right option by our development team from time to time.
13. Contact Us
If you have a question regarding this Privacy Policy, would like to amend your Personal Information stored securely by us or you would like to make a complaint, please contact the Privacy Manager at:
Email: info@integritycompliance.com.au
Phone: (07) 3390 5729
Address: Unit 1, 20 Rivergate Place, Murarrie QLD 4172
Contact: Scott Walker