The processing of Personal Data shall always be in line with the US Privacy Principles contained in the Privacy Act 1998 (“Privacy Act”), the General Data Protection Regulation (“GDPR”), and in accordance with country-specific data protection regulations applicable to MacchiatoUSA.
We have implemented a number of technical and organizational measures to ensure the most complete protection of Personal Data processed through the Site.
For the purpose of the GDPR:
For the purpose of the Privacy Act, when we act a data processor no “disclosure” of Personal Data has been made to us.
For all areas of the Site where consent is given it is just as easily able to be withdrawn through the appropriate account settings on the Site.
Our service is not offered to persons under the age of 13. We do not knowingly collect Personal Data from such visitors without parental or guardian consent and require our clients to fully comply with applicable law in the data collected from children under the age of 13.
If you become aware that a child has provided us with information please contact us. Any information that is in breach of this provision will be deleted.
“Personal Data” means any information that allows someone to identify you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.
“Anonymous Data” means data that is not associated with or linked to your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons. We collect Personal Data and Anonymous Data, as described below.
You do not need to create an account with us to use some of our services.
By creating an account on the Site you may enter your details on the input form.
We may collect this Personal Data from you, such as your name, e-mail and mailing addresses, phone number, and password when you create an account with us.
The legal basis for this processing is based on:
The registration of the account and voluntary provision of Personal Data is intended to enable us to offer you services that may only be available to registered users.
When you make a purchase, we (or our third party service provider) will collect all information necessary to complete the transaction, including your name, credit card information, debit card information, billing information and/or PayPal information.
The Personal Data we collect will be the data that you input in any payment area on the website.
The legal basis for this processing is based on:
This Personal Data is needed to enable us to process your payment for the goods or services. We retain information on your behalf, such as domain names, URLs, time zone preferences, Invoice Service invoices, transactional history, messages and any other information that you store using your Account.
If you provide us feedback or contact us via e-mail, or other means including by phone call or by contracting with us, we will collect your name and e-mail address, as well as any other content included in the e-mail or conversation, in order to send you a reply. We will store and process your communications and information as needed. When you participate in one of our surveys, we may collect additional profile information.
The legal basis for this processing is based on: - either through your consent through your voluntary submission of the form and agreeing to these terms or by your voluntary submission of data to us in other means; - the Personal Data being necessary for the performance of a contract to which you are a party; - for carrying out pre-contractual measures; and/or - any other legitimate interests as detailed below.
By submitting the form or making contact with us such Personal Data is transmitted on a voluntary basis and you consent to its collection.
On the Site you may have the ability to subscribe to various newsletters or other forms. We may collect the data when you input your details for subscription purposes.
The Personal Data is processed for the purpose of informing you regularly by means of a newsletter or other offer form. The personal information collected during the subscription will only be used for marketing materials or for reasons made known on the form.
The legal basis for this processing is based on:
By submitting the form and voluntarily providing us with your data, you are providing consent to the use of such data by us. For the purpose of revocation of consent there is a corresponding unsubscribe link found in each subscription email.
We may also collect Personal Data at other points in our Site that state that Personal Data is being collected. In some circumstances, Personal Data is provided to us by third parties such as our related entities, service providers or other organisations conducting activities on your behalf. With your expressed consent, your Personal Data may be used and disclosed to us this way. The purposes as outlined above may include the processing of such Personal Data to the extent necessary for us to comply with a law, regulation or legal request or to protect the safety of any person or to prevent fraud.
To make our Site and Services more useful to you, our servers (which may be hosted by a third party service provider) collect information from you, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
This data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
The legal basis for this processing is based on:
We currently use Google Analytics as well as Google Analytics for Display Advertising. Google Analytics collects information anonymously and reports website trends without identifying individual visitors. Google Analytics uses its own cookie to track visitor interactions. Site owners can view a variety of reports about how visitors interact with their website so they can improve their website and how people find it. Please see the following links for more information about Google Analytics:
You can also opt-out of Google Analytics for Display Advertising by going to the Google Ads Preferences Manager.
log on to the Service with your login credentials from a social networking site(such as Facebook, Twitter, or LinkedIn) (“Social Networking Site”) or
To make our Site and Services more useful to you, we may collect Personal Data about your staff (including your employees, contractors, subcontractors, agents and officers) by extracting this information from your Zendesk (or similar) account.
This data may be processed for the purposes of monitoring how many responses to support tickets each staff member sends. We may then use that data in aggregate (i.e. anonymised) in order to determine metrics associated with our services.
The legal basis for this processing is based on the legitimate interests of carrying out our business, providing personalised Services to you and any other legitimate interests as detailed below.
We may collect Personal Data about you that our clients have chosen to share with us, that is collected by their services or applications, such as your email address, name, birthdate and any other information included in a support ticket.
Our clients may have integrated Macchiato applications into their systems or vice versa. This means we may collect Personal Data that our clients may send to us either manually or automatically (or permit us to access) through API that is integrated with our system.
In general, Personal Data you submit to us is used either to respond to requests that you make, or to aid us in provide the Services in a personalized, safe and efficient manner. We collect, use, store and share your Personal Data in the following ways:
If you access the Site from a shared device or a device of a third party (such as in an internet café), your personal information may also be available to other persons who access that device.
We may create Anonymous Data records from Personal Data by excluding information (such as your name) that make the data personally identifiable to you. We use this Anonymous Data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site navigation. Macchiato reserves the right to use Anonymous Data for any purpose and disclose Anonymous Data to third parties in its sole discretion.
We may share your Personal Data with service providers to:
The service providers (and if necessary data processors) include:
These third party service providers are required not to use your Personal Data other than to provide the services requested by Macchiato .
We may disclose your Personal Data to third parties to whom you expressly ask to us to send the Personal Data to or to third parties you consent to us sending your personal information to.
We may also, with your consent or at your direction, disclose your personal information to your authorized representatives.
We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the APPs the GDPR or equivalent privacy laws.
Where we act as a data processor the client may also provide us with instructions with regards to disclosure.
If you do not provide us with the personal information described above, some or all of the following may happen:
Subject to the Privacy Act and the GDPR you may request to access the personal information we hold about you by contacting us. All requests for access will be processed within a reasonable time.
If required by law and if reasonably practicable, we may provide you with tools and account settings to access, correct, delete, or modify the Personal Data you provided to us. You can download and access certain information you provide to us by emailing us. In the event that you are unable to access your account to access or rectify your Personal Data, you may submit a request to us to correct, delete or modify your Personal Data and download the data for you.
We keep data for as long as it is needed for our operations. If you deactivate and delete your account your data will no longer be visible on your account.
If you wish to have us delete your data please contact us.
If you have an account on the website you will be able to view and manage your privacy settings. Alternatively, if you do not have an account, you may manually submit a request to us if you object to any Personal Data being stored, or if you wish to restrict or withdraw any consent given for the collection of your Personal Data.
You may withdraw your consent to the processing of all your Personal Data at any time. If you wish to exercise this right you may do so by contacting us.
You may withdraw your consent or manage your opt-ins by either viewing your account on the Site or clicking the unsubscribe link at the bottom of any marketing materials we send you.
We may provide you with the means to download the information you have shared through our services. If you require such information, please email us.
We may retain your information for fraud prevention or similar purposes. In certain instances we may not be required or able to provide you with access to your personal information. If this occurs we will give you reasons for our decision not to provide you with such access to your personal information in accordance with the Privacy Act and the GDPR.
There is no application fee for making a request to access your personal information. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for information or where the information is held by a third party provider.
Where we act as a data processor, we do so on behalf of our client and in accordance with their instructions. This means that should you wish to access, review, correct, transfer, modify or delete any Personal Data we process on behalf of a client you should contact the client with your request.
Macchiato is committed to protecting the security of your Personal Data. We (and our third party service providers) use a variety of industry-standard security technologies and procedures to help protect your Personal Data from unauthorized access, use, or disclosure. We also require you to enter a password to access your Account information. Please do not disclose your Account password to unauthorized people. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while Macchiato uses reasonable efforts to protect your Personal Data, Macchiato cannot guarantee its absolute security.
Where we transfer Personal Data outside of the European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.
We may disclose personal information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of America, including the following: - our related bodies corporate; - our data hosting and other IT service providers, located in various countries; and - other third parties located in various foreign countries, such as our contractors in Africa, Asia and other foreign jurisdictions.
We may disclose your personal information to entities who may store or process your data overseas.
Where we act as a data processor Macchiato complies with our client’s requests in respect of how we deal with end customer data.
We take data breaches very seriously. Depending on where you reside our policy is:
In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act 1988 (Cth) or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.
We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.
If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.
Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.
We will endeavor to meet the 72 hour deadline as imposed by the GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you.
Further, where there is likely to be a high risk to your rights we will endeavor to contact you without undue delay.
We will review every incident and take action to prevent future breaches.
If you reside in the European Union or EFTA States, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between us, or is not authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent. If you wish to exercise your rights please contact us.
We keep personal information from active accounts as long as it is reasonably needed for our operations and to fulfill the purposes set out herein. We will also keep personal information from accounts that have been deactivated where we are legally required to and also where it is necessary to stop fraud, collect outstanding fees, troubleshoot problems, or otherwise enforce our other policies accessible on the Site.