Who we are

Our website address is: http://www.elmma.com.au.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Content stored within our repository may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

 

 

How we use personal information

The information we request, collect, and process is primarily used to provide users with the product or service they have requested. More specifically, we may use your personal information for the following purposes:

to provide the service or product you have requested;
to facilitate the creation of Elmma.com Agreements;
to provide technical or other support to you;
to answer enquiries about our services, or to respond to a complaint;
to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications);
to allow for debugging, testing and otherwise operate our platforms;
to conduct data analysis, research and otherwise build and improve our platforms;
to comply with legal and regulatory obligations;
if otherwise permitted or required by law; or
for other purposes with your consent, unless you withdraw your consent for these purposes.

The ‘lawful processing’ grounds on which we will use personal information about our users are (but are not limited to):

when a user has given consent;
when necessary for the performance of a contract to which the user is party;
processing is necessary for compliance with our legal obligations;
processing is necessary in order to protect the vital interests of our users or of another natural person;
processing is done in pursuing our legitimate interests, where these interests do not infringe on the rights of our users.

We may disclose your personal information to third parties that participate in a transaction with you, including but not limited to:

counter-parties;
brokers;
affiliates involved in origination of the transaction;
Cloud hosting, storage, networking and related providers;
SMS providers;
Payment and Banking providers;
Marketing and analytics providers;
Security providers;
Chat providers;
Email providers

We may also disclose your personal information to third parties for the following purposes if necessary to provide the service or product you have requested or if we receive court orders, subpoenas or other requests for information by law enforcement, or if otherwise permitted or required by law; or
for other purposes with your consent.

Accessing or correcting your personal information

You have the right to request access to the personal information Elmma holds about you. Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period, and without unreasonable expense for no charge. Most personal information can be accessed by logging into your account. If you wish to access information that is not accessible through our applications, or wish to download all personal information we hold on you in a portable data format, please contact our Privacy Officer.

You also have the right to request the correction of the personal information we hold about you. All your personal information can be updated through the user settings pages. If you require assistance please contact our customer support. You have a number of other rights in relation to the personal data Elmma holds about you, however, there may be restrictions on how you may exercise the rights. This is largely due to the nature of the products and services we provide. Much of the data we collect is in order to facilitate contracts between users, facilitate payments, provide protection for the legitimate users, and meet our legal obligations – these data uses are protected against the below rights.

Erasure

Most personal information cannot be deleted as they are used to support contracts between users, document financial transactions, and are used in providing protection for users on the platform. In the case of non-personal data that can be linked with personal data, it will either be erased or otherwise anonymised from the personal data.

 

 

 

What personal data we collect and why we collect it

In order to provide our products, services, and customer support, we collect personal information about our users. Our products, services, and customer support are provided through many platforms including but not limited to: websites, phone apps, email, and telephone. The specific platform and product, service, or support you interact with may affect the personal data we collect.

Not all information requested, collected, and processed by us is “Personal Information” as it does not identify you as a specific natural person. This will include the majority of “User Generated Content” that you enter into our systems during the normal course of going about your day to day business activities, with the intention of sharing this content with other users. Such “Non-Personal Information” is not covered by this privacy policy. However, as non-personal information may be used in aggregate or be linked with existing personal information; when in this form it will be treated as personal information. As such, this privacy policy will list both types of information for the sake of transparency.

In some situation users may provide us with personal information without us asking for it, or through means not intended for the collection of particular types of information. Whilst we may take reasonable steps to protect this data, the user will have bypassed our systems, processes, and control and thus the information provided will not be governed by this privacy policy.

How we collect personal information

While you use our products and services you may be asked to provide certain types of personal information. This might happen through our website, applications, online chat systems, telephone, paper forms, or in-person meetings.

We may request, collect, or process the following information:

Account Details -User Name, User Unique Identifier, password
Contact Details – Email address, Phone number
Location Details – Physical address, Billing address, Timezone
Identity Details – Full name, Proof of identity (e.g. drivers licence, passport), Proof of address (e.g. utility bill)
Financial Information – credit card details, wire transfer details, payment processor details (e.g. skrill, paypal), tax numbers
User Generated Content – transaction descriptions, transaction attachments

Users have the ability to start a transaction with non-users by providing contact details such as email address, physical address, and phone number. In these situations, the information will be collected and stored by us to contact the non-user and to prevent abuse of our systems.

Your payment provider may transmit information about the payment that we may collect or process.

In some situations, personal information of users may be collected from public sources.

We may collect or process the following information:

Contact Details – Email address, Phone number
Location Details – Physical Address, Billing Address, Timezone
Financial Information – transaction details, payment account details (e.g. paypal email address and physical address), wire transfer details
User Generated Content – transaction description, comments, reference numbers

Our partners may create transactions on your behalf, in these situations the information that can be provided is the same as the information we may request, collect and process from individual users. Whilst our partners platforms will be governed by their own privacy policy, any personal information that is transferred to our platform will be treated and protected as though it was submitted by a user.

We maintain records of the interactions we have with our users, including the products, services and customer support we have provided. This includes the interactions our users have with our platform such as when a user has logged in and what application they are using.

When we are contacted we may collect personal information that is intrinsic to the communication. For example, if we are contacted via email, we will collect the email address used.

We may collect or process the following (mostly non PII) information:

Metadata – IP address, computer and connection information, referring web page, standard web log information, language settings, timezone, etc.
Device Information – device identifier, device type, device plugins, hardware capabilities, current location, etc
Actions – pages viewed, buttons clicked, time spent viewing, search keywords, activity start and stop times etc

On our website and within our applications, you may encounter links to third party websites and resources. These links may be from us, or they may appear as content generated by other users. These linked sites are not under our control and thus we are not responsible for their actions. Before providing your personal information via any other website, we advise you to examine the terms and conditions of using that website and its privacy policy.

 

 

Temporary restriction to processing

Under certain circumstances you may exercise this right, in particular if you believe that the personal data we have is not accurate, or you believe that we do not have legitimate grounds for processing your information. In either case you may exercise this right by contacting our privacy officer.

Unless stated above, users may exercise any of the above rights by contacting our Privacy Officer.

To contact our Privacy Officer
If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:

By Email: privacy-officer@elmma.com.au
By Mail:
Attn: Elmma Privacy Officer
PO Box 1931
Buderim, QLD  4556
Australia

For the purposes of the GDPR, our Privacy Officer is also our Data Protection Officer (DPO).

While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as above. We will acknowledge your formal complaint within 10 working days.

If you are in the European Union, you can choose to lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at