Effective Date: 8 March 19
Welcome to Bepoz. The Bepoz website is located at: https://www.bepoz.com.au; https://www.bepoz.co.uk; https://ezeguest.io; (collectively “Website”) and is operated by Business Electronics Holdings Pty Ltd (ABN 17 001 305 086) (“Bepoz”).
- Bepoz values transparency and privacy. We are committed to maintaining the security of personal information and data (“Personal Data”) provided to us.
- We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth), the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB), the Privacy Act 1993 (New Zealand), the EU General Data Protection Regulation (GDPR), The California Online Privacy Protection Act (CalOPPA) and where applicable The Malaysian Personal Data Protection Act 2010 (collectively “Privacy Laws”)
2. About Bepoz
- Bepoz is a Software as A Service (SaaS) company providing point-of-sales (POS) software solutions and other products and services including consultation, training, learning resources, installation and maintenance services (collectively ‘Services’).
- Our mission is to provide our customers (‘Customers’) with the leading POS software solutions and Services in the market. When we supply you with our Services, the privacy of your Personal Data will always be important to us.
3. What Personal Data is collected and Purpose
- “Personal Data” is information about an individual whose identity is apparent or can reasonably be ascertained from that information and includes information about an individual consumer collected online and maintained in an accessible form.
- Bepoz may collect Personal Data you provide while interacting with us through the supply of our Services including through subscriptions to our software solutions and our sign in and authentication procedures.
- We receive and store Personal Data you provide to us through our business activities, through your use of our Website, when we answer your queries or when you provide Personal Data to us as an employee or applicant for employment.
- We or our service providers may collect, store and process Personal Data from you when you use our Website, order and register products, subscribe to and register services, and respond to marketing or support materials.
- For any of our Services that require a password, it is your responsibility to keep your password confidential and secure.
- We ask you to provide Personal Data and obtain other information through the use of our Website, such as the following categories of information:
- name, phone number, address, occupation, date of birth and gender
- usernames, passwords, email addresses, photos, work position, subscriptions or registration details
- forms submitted and user preferences
- non-identifiable device information, IP addresses, location data, system logs, browser activity, operating system, length of visit, number of visits and referral sources, user preference settings, unique IDs generate for each Website sign in, product descriptions viewed, videos watched
- Information from authorised third party sources may include name, addresses, email addresses, phone number and demographic data
- information collected through the supply of our Services and employment opportunities.
- We may collect additional data from Customers at other times, including but not limited to, when you provide feedback, change your content or email and SMS notification preferences, respond to surveys and promotions, or communicate with our customer support.
- We also collect Personal Data to improve our Services through marketing communications and data analytics.
- We do not knowingly collect any Personal Data from you that is considered sensitive or a “Special Category” under the GDPR such as Personal Data revealing physical or mental health, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We do not knowingly collect or process Personal Data of persons 13 years or younger. If you are under the age of 16, we request that you obtain and provide verifiable parental consent as required by any of the Privacy Laws.
4. How we collect your Personal Data
- Bepoz collects Personal Data from you in a variety of ways, including when you interact with us electronically or in person, when you access our Website, when we provide our Services to you or for employment purposes.
- Personal Data may be provided by you directly or may be sent to us automatically when you use our Website.
5. How we use your Personal Data
- Bepoz uses your Personal Data and you consent to us using your Personal Data to:
- supply you with our Website in accordance with our Terms;
- provide you with information and updates about our Website and our Services;
- communicate with you by a variety of measures including, but not limited to, by telephone, email, SMS or mail;
- manage, research and develop our Website and our Services including through data analytics;
- administer our business activities and internal record keeping;
- meet legal, regulatory and compliance obligations; and
- investigate any complaints.
If you choose to withhold your Personal Data, it may not be possible for us to provide you with our Services or for you to access certain parts of our Website and for us to respond to your query.
6. Legal basis in the European Union (EU) for the collection and processing of your Personal Data
- “Personal Data” refers to any information relating to an identifiable natural person who can be identified directly or indirectly (“Data Subject”).
- The GDPR applies to the data processing activities of businesses with an establishment in the EU or where the processing activities relate to offering goods or services to individuals in the EU, or monitoring the behaviour of individuals in the EU.
- If you are an individual residing in the EU, we may collect and process Personal Data about you in accordance with the GDPR. A “Controller” says how and why personal data is processed and a “Processor” acts on behalf of the Controller by processing the data. Bepoz operates both as a Controller and a Processor when controlling or processing the Personal Data of customers, employees and resellers.
- When you use our Website, we process Personal Data on your behalf as a Data Processor where you are the Data Controller and otherwise to the extent that we are a Data Controller as defined in the GDPR.
- The legal basis we rely on to collect and process your Personal Data is based on the following:
- Contractual basis. This legal basis applies to the collection or processing of Personal Data in order to fulfil or perform a contract with you, or to which you are a party.
- Consensual basis. This applies where you have provided your consent to the collection or processing of Personal Data for a specific purpose (for example, to provide you with marketing updates). You can withdraw your consent at any time by updating your email preferences, opting-out, or by contacting us directly.
- Legitimate interests. This applies where we have a legitimate interest to collect or process your Personal Data. For example, it may be to respond to an enquiry about our Services.
- Legal obligations. This applies where it is necessary to disclose your Personal Data to comply with a legal obligation.
- When we use third-parties to process your Personal Data on our behalf, we ensure that the processing of this Personal Data is confidential, pursuant to our documented instructions and in accordance with the legal basis for the processing.
- We only employ third-party data processors that are compliant with the GDPR requirements and that have sufficient security measures in place to protect and safeguard your data.
- In the event of a Personal Data breach including any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or process, we will report the breach to you (where we are required to do so under the GDPR) without undue delay after becoming aware of the breach, and not later than 72 hours after the breach giving you a description of the nature of the breach.
7. Data Ownership
- You as a customer own all right, title and interest in the content and personal information that you provide to us (“Subscriber Data”).
- You are solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of your Subscriber Data.
- You grant to Bepoz, or to any third parties used by us to provide the Website or Services and any associated software, a non-exclusive, worldwide and royalty free licence to use, copy, display, perform, distribute, disseminate, transmit, translate, edit, cache and create derivative works of Subscriber Data.
- Bepoz or any related entitiesowns all right, title and interest in any data or information that we create, generate, compile, derive or produce in connection with any supply of our Website or Services, including data and information that is:
- aggregate or raw or statistical relating to usage, analyses and results of the Website;
- for the purpose of optimising delivery, commercialisation and performance of our Website; and
- samples and prototypes, conclusions, techniques, know how, methods, and undocumented findings generated in the usual course of our business.
8. Right of Access
- Under the Privacy Laws, you have certain rights as to how your Personal Data is being controlled and used. We will provide you with reasonable access to your Personal Data in accordance with the relevant Privacy Laws.
- We comply with your rights under the Privacy Laws and the GDPR (subject to the grounds set out in the GDPR) that permit you:
- to be informed as to how your Personal Data is being used;
- to access your Personal Data and to know specifically what information is held about you and how it is processed, where and for what purpose (we will provide you with a copy of your Personal Data in electronic format free of charge if requested);
- to rectify your Personal Data if it is inaccurate or incomplete;
- to erase your Personal Data (also known as ‘the right to be forgotten’) if you wish to delete or remove your Personal Data;
- to restrict processing of your Personal Data;
- to retain and reuse your Personal Data for your own purposes (Personal Data portability);
- to object to your Personal Data being used; and
(h) to object against automated decision making and profiling.
- You can contact us any time to exercise your rights under the GDPR including as to:
- request access to Personal Data that we hold about you;
- to correct any Personal Data that we hold about you;
- delete Personal Data that we hold about you; or
- opt out of emails, marketing, and any other push notifications that you receive from us.
We may ask you to verify your identity before acting on any of your requests.
If you have any questions about Bepoz’s collection and storage of data, please contact us using the contact details provided below.
9. Data Integrity and Retention
- We take reasonable steps to ensure that your Personal Data is accurate, complete and kept up to date. You can request Bepoz to review, correct or update your Personal Data but we will first ensure that your identity is properly verified and any access rights are authenticated.
- We may keep your Personal Data for a period of time that is consistent with the original purpose of us collecting the Personal Data from you. We do not keep your Personal Data for longer than it is necessary for the fulfilment of its purpose.
- Under the GDPR, periods of data retention will apply differently for each specific category of data. If you have any questions about the applicable data retention periods, please contact us by using the contact details provided below.
- If you request, we will delete or anonymise your Personal Data so that it no longer identifies you unless we are legally allowed or required to maintain certain Personal Data. The removal of any of your Personal Data means that we may not be able to supply you with our Services.
10. Disclosure of your Personal Data and Third Parties with access to it
- We may share your Personal Data with third-party service providers to help us provide our Website and Services. Our third-party service providers may be located outside of Australia or outside of the EU.
- We may from time to time need to disclose Personal Data to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.
- If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our databases, together with any Personal Data and non-Personal Data contained in those databases.
11. International Data Transfers
- Subject to and in accordance with the Privacy Laws, your Personal Data may be transferred to affiliates in other countries where we operate. In this event, we will ensure that the recipient of your Personal Data offers an adequate level of privacy protection for your Personal Data.
- As part of our obligations under the GDPR, we only transfer the data of individuals residing in the EU to countries outside of the EU with adequate privacy data laws or to a third party where we have approved transfer mechanisms in place to protect your Personal Data, for example, by entering into the European Commission’s Standard Contractual Clauses for data protection for data that is transferred internationally or ensuring the entity is Privacy Shield Certified for data transfer to third parties based in the United States.
- If the above safeguards do not apply, we will request your explicit consent to any transfers and you will have the right to withdraw this consent at any time.
12. Security of your Personal Data and Data Breach protocol
- We are committed to ensuring that the Personal Data you provide to us is secure. We take practical steps to protect your Personal Data from any loss, misuse, alteration, and unauthorised or accidental access or disclosure or destruction in accordance with our security policy.
- To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, technical and managerial procedures, such as encryption of Personal Data, to safeguard and secure data and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
- These measures include where appropriate or required by law, computer safeguards and secured, Internet firewalls, intrusion detection, anti-virus protection, network monitoring and Transport Layer Security (“TLS”) or similarly encrypted browsers.
- A reportable “Data Breach” is a security incident where the integrity of Personal Data is compromised through being destroyed, lost, altered, corrupted, disclosed or accessed by an unauthorised person where it is likely to result in serious harm to any individual affected.
- We have procedures and systems in place including a data breach incident response plan, specific data breach policies and procedures and personnel to deal with an actual or suspected “Data Breach” and will notify you and the applicable regulator in accordance with our obligations under the Privacy Laws and NDB.
- No method over the transmission or storage system is 100% private and secure. You understand that we do not guarantee or warrant the absolute privacy or security of any information we collect from or about you. If you have any questions about privacy or security, please contact us.
- Please report any actual or suspected breaches in relation to the Services or Website for investigation to Bepoz by using the contact details provided below.
13. Access to and how you can control your Personal Data
- You may request details of Personal Data that we hold about you in accordance with the provisions of the Privacy Laws. We give you access to your Personal Data for the purpose of correcting any Personal Data that is inaccurate, incomplete or not up to date.
- If you would like a copy of your data or believe that your data is inaccurate, out of date, incomplete, irrelevant, please contact us using the contact details provided below.
14. Third-party tools and cookies
- We use technologies and third-party services that use Google Analytics, pixels, tags and web beacons (code snippets) on our Website to compile information about its usage, to improve user experience and the supply of our Services and to analyse how our Website is used.
- The information collected is mostly anonymous traffic data aside from the approximate location (IP address) and may include browser type, device information, and language. The information collection is in aggregate form so that it cannot identify any individual user and provides an overview of how people use our Website. It is not used for any additional purpose.
- We may use persistent and session cookies on our Website. Cookies are very small files which a Website uses to identify you when you come back to the Website and to store details about your use of the Website. In addition, cookies may be used to serve relevant ads to Website visitors through third party services such as Google AdWords.
- You may opt-out from the collection of cookies by editing your browser options, but certain features of our Services will not function if you disable cookies.
15. How we respond to Do Not Track Signals
Our system does not currently recognise Do Not Track (DNT) signals with respect to our Website.
16. Unsubscribing from our Email Database and SMS marketing communications
If we process your Personal Data for emails and short message communications (SMS), you can unsubscribe from our email database though the “unsubscribe link” that is contained in an email from us or texting ‘STOP’ if you receive SMS communications.
17. California Privacy Rights for Minors
17.1 If you are a minor and a resident in California, you may contact us to request removal of any content or information you have posted through the use of our Services on the Website where you are a registered user.
17.2 Only you as the minor may request removal or anonymisation of the content that you posted on our Website.
17.3 The removal of the content may not ensure a complete or comprehensive removal of that content. To request removal of the content or information, you may contact us using the contact details provided below.
19. Complaints about privacy
If you have any complaints about our privacy practices, please contact us. We take privacy seriously and will respond promptly to your notice.
21. Contact Us
Our principal address for enquiries is:
Data Protection Officer
Level 2, Heritage Business Park, 691 Gardeners Road
MASCOT NSW 2020 Australia
- Customers can contact us by:
- by email using the following email address: firstname.lastname@example.org
- by mail using the address provided above
© 2019 Business Electronics Holdings Pty Ltd. All Rights Reserved.
On this page
3.What Personal Data is collected and Purpose
4.How we collect your Personal Data
5.How we use your Personal Data
6.Legal basis in the European Union (EU) for the collection and processing of your Personal Data
8.Right of Access
9.Data Integrity and Retention
10.Disclosure of your Personal Data and Third Parties with access to it
11.International Data Transfers
12.Security of your Personal Data and Data Breach protocol
13.Access to and how you can control your Personal Data
14.Third-party tools and cookies
15.How we respond to Do Not Track Signals
16.Unsubscribing from our Email Database and SMS marketing communications
17.California Privacy Rights for Minors
18.Advertisements and Links
19.Complaints about privacy