Privacy Policy

Table of contents

1. Who are we
2. What does this notice cover
3. Personal data we collect and how we get it
4. How we use your personal data
5. Cookies and similar tracking technologies
6. How we share your personal data
7. Personal data retention
8. Security
9. International transfers
10. Your rights
11. Updates to this notice
12. How to contact us
13. Additional information if you’re in the EEA or UK

1. Who are we?

When we say “Splendid”, “we”, “our” or “us”, we mean the Splendid Group of companies. Our headquarters are in Australia, but we operate and have offices all over the world. Our registered business name is Splendid Suggestions Pty Ltd. See our Contact Us page for more information.

2. What does this notice cover?

This notice describes how we process personal data. When we say “personal data” we mean information that relates to you, and from which you can be identified. Personal data includes your name, email, address, telephone number, and so on. In some countries, personal data can also include information about your device, such as your IP address and device type.

This notice applies to personal data we collect across all our websites in connection with any services we provide. It also applies to personal data we collect from third party data sources, and through surveys, events, customer support, competitions, and promotional programs. For this notice, we’ll just call them our “services”.

3. Personal data we collect and how we get it

The personal data we collect depends on how you interact with us. We collect personal data:

• When you provide it to us directly. This includes when you visit our websites, use our services, or provide personal data directly through other interactions with us.
• Automatically. We collect some personal data about you automatically when you visit our websites or use our services. For example, we collect data about the pages you look at and the links you click on.
• From third parties. Although we collect the majority of personal data about you directly or automatically, sometimes we might collect it from other sources. For example, from trusted third parties and service providers that help us deliver our services (such as providers of email, marketing, and analytics) and from social media platforms.

Personal data categories and sources

We’ve summarised the categories of personal data we collect and their sources, below.

Identity and contact data such as your name, email address, telephone number, address or social-media handle. We source this directly from you, automatically or from third parties.

Communications data such as feedback on our services and other communications with us or with our service providers, competition and survey entries, chat, email or call history, and call recordings if you consent to them. We source this directly from you, automatically, or from third parties.

Marketing and advertising data such as interests based on your use of our services, survey responses, promotions you enter, communication preferences, preferences for particular services, and subscription details. We source this directly from you, automatically or from third parties.

Device data such as data collected using tags and pixels, including your IP address, ISP, the browser you use to visit our websites, device type and location, operating system, device identifiers and advertising identifiers. We source this automatically.

4. How we use your personal data

We use your personal data to operate our services, and to manage our relationship with you. We’ll otherwise only use your personal data for:

• The purposes in this notice or that we explain to you when we collect your personal data.
• Other purposes that are related to the ones in the first dot-point where permitted by law.

Purposes for using personal data

We’ve set out more information about the specific purposes for which we use your personal data below.

To communicate with you about our services. For example, we may send you service updates, invoices, technical notices, security alerts, support messages and responses to your enquiries. We may contact you through a variety of channels, for example, by email, telephone, and SMS.

The categories of personal data we use for this purpose are: identity and contact data, account data, marketing and advertising data, device data, and service usage data.

For security management. For example, to address threats and fraud, and protect you, our business and people, we may use malware and other monitoring tools to detect suspicious activity and block unauthorised access.

The categories of personal data we use for this purpose are: identity and contact data, account data, marketing and advertising data, device data, and service usage data.

For compliance management. For example, to ensure compliance with our terms of use and related internal reporting.

The categories of personal data we use for this purpose are: identity and contact data, account data, marketing and advertising data, device data, and service usage data.

For marketing communications. For example, to contact you about services, promotions, competitions and events we think may be of interest, including those of our affiliates and partners. We may contact you through a variety of channels, for example, by email, telephone, SMS and in-product communications.

The categories of personal data we use for this purpose are: identity and contact data, account data, marketing and advertising data, device data, and service usage data.

To personalise content. For example, we may provide local or otherwise targeted content and information for customers, and to tailor the content served on our websites and apps, and via our services.

The categories of personal data we use for this purpose are: identity and contact data, account data, marketing and advertising data, device data, and service usage data.

For personalised advertising. For example, we may personalise, target, and deliver advertising on our websites and apps, and via third party websites and other online services. We may also identify audiences and individuals like you to better tailor our marketing campaigns and communications, and measure the effectiveness of our campaigns and adjust our methods.

The categories of personal data we use for this purpose are: identity and contact data, account data, marketing and advertising data, device data, and service usage data.

For legal and regulatory compliance. For example, to comply with any legal and regulatory obligations which apply to us, including responding to requests under data protection or other applicable laws.

The categories of personal data we use for this purpose are: identity and contact data, account data, marketing and advertising data, device data, and service usage data.

To manage legal claims. For example, to preserve our legal rights, and defend and bring claims to protect our interests.

The categories of personal data we use for this purpose are: identity and contact data, account data, marketing and advertising data, device data, and service usage data.

5. Cookies and similar tracking technology

We use cookies and similar tracking technology (“cookies”) to collect and use personal data about you, including to serve interest-based advertising.

6. How we share your personal data

There will be times when we need to share your personal data with third parties. We’ll only share your personal data with:

• Other companies in the Splendid group of companies who enable us to provide you with our services or who otherwise use personal data for the purposes in this notice.
• Third party service providers and partners who also enable us to provide you with our services or who otherwise use personal data for the purposes in this notice. For example, we may share your personal data with service providers that assist us with billing, customer support, hosting and storage, data analytics, security, marketing and email services. We won’t share your mobile telephone number or SMS opt-in consent status with these third parties for their own marketing purposes without your explicit consent.
• Regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, to exercise, establish or defend our legal rights, or to protect your interests or those of any other person. Where possible and appropriate, we’ll notify you of this type of sharing.
• Other people where we have your consent or where permitted by law.

Also, if you’ve been invited to use our services by a subscriber, we may share data relating to your use of our services with that subscriber.

7. Personal data retention

We’ll retain your personal data for as long as we’ve a relationship with you and for a period of time afterwards where we have an ongoing business or legal need to keep it. For example, to comply with legal, tax, or accounting requirements. After that, we’ll make sure it’s deleted or anonymised.

8. Security

Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.

9. International transfers

When we share personal data, it may be transferred to and processed in countries other than the country you live in due to the location of our teams and data hosting locations. These countries may have laws different to the ones that apply in your country. Rest assured, when we transfer personal data to another country, we put safeguards in place to protect your personal data.

10. Your rights

It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time. Just follow the unsubscribe instructions in the marketing communication.

You also have rights to:

• Know whether and what personal data we hold about you, and to correct it if it’s inaccurate or out-of-date.
• Request a copy of your personal data, or ask us to restrict processing your personal data or delete it.
• Object to our continued processing of your personal data.
• Not be subject to wholly automated decisions that have legal or significant effects upon you, and to challenge the decision and request a human review.

You can exercise these rights at any time by making a request using the details in the ‘How to contact us’ section.

If you’re not happy with how we are processing your personal data, please get in touch with us using the ‘How to contact us’ section. We’ll review and investigate your complaint, and get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.

11. Updates to this notice

We may update this notice from time to time. If we make a material change, we’ll make sure we let you know, usually by sending you an email or posting a notice on our websites and in our apps.

12. How to contact us

We’re always keen to hear from you. If you’re a current user of our services, you can get in touch via our Contact Us page. For everyone else, you can contact us at [email protected].

13. Additional information if you’re in the EEA or UK

If you’re in the European Economic Area (“EEA”) or United Kingdom (“UK”), this section applies to you in relation to the personal data we process under this notice.

Legal basis for processing personal data

Below, we’ve set out the legal basis we rely on to process your personal data for the purposes in this notice (for a description of each purpose, see the ‘How we use your personal data’ section):

Consent. We may ask for your consent (separately from any contract between us) before we process your personal data, in which case you can voluntarily choose to give or deny your consent.

We rely on this legal basis: for security management, for compliance management, for marketing communications, to personalise content, for personalised advertising, and to manage legal claims.

Legitimate interest. We may process your personal data for our or a third party’s legitimate business interests. We’ll only do this when we’re confident that a legitimate interest exists and the processing is needed to achieve it. We’ll also make sure your privacy rights are appropriately protected and don’t override the legitimate interest we’ve identified.

We rely on this legal basis: for security management, for compliance management, for marketing communications, to personalise content, for personalised advertising, and to manage legal claims.

Legal obligation. There may be cases when we must use your personal data to comply with laws or to fulfil certain legal obligations.

We rely on this legal basis: for security management, for compliance management, for legal and regulatory compliance, and to manage legal claims.

International transfers of personal data from the EEA and UK

If you’re in the EEA or UK, we’ll only transfer your personal data to countries that provide adequate protection for EEA and UK personal data (like Australia), or to countries where we have appropriate safeguards in place with the recipient to protect your personal data, for example, by entering into “standard contractual clauses” or equivalent terms approved by the relevant authorities. For more information, please contact us using the details in the ‘How to contact us’ section.