Introduction
This is the Privacy Policy of Vale Innovations Pty Ltd (ACN 670 912 893) (in this policy referred to as we, us or our) that conducts its business in Australia.
We operate an online platform that allows law firms who subscribe to use the platform (Subscribers), to manage the administration of deceased estates electronically (Services).
We are committed to ensuring the privacy of Personal Information entrusted to us by those who access and use our website or the Services available through the platform available at https://www.vale.so/ (Platform).
Our Platform will be accessed by persons authorised by our Subscribers.
Through the operation of our Platform, we may collect information about the following people:
· authorised representatives of our Subscribers;
· representatives of estates being managed with the aid of our Platform;
· beneficiaries of those estates; and
· our suppliers and business partners.
We may also collect information about persons who visit our website or subscribe to our newsletter or attend our events.
This Privacy Policy takes into account the requirements of the Privacy Act 1998 (Cth) and the Australian Privacy Principles as amended from time to time, collectively referred to as Australian Privacy Laws.
In this Privacy Policy we describe:
the types of Personal Information we collect and the purposes for which we collect that information;
the use and disclosure of Personal Information collected;
the security of Personal Information collected;
your ability to gain access to the Personal Information we hold about you;
what you can do if you believe the information that we hold about you is inaccurate; and
how to contact us.
We may collect information in relation to persons under the age of 18 years but only in their capacity as a beneficiary of deceased estate.
Personal Information
Personal Information is information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Information we collect may include the following:
About a Subscriber.
Information about the organisation such as the organisation’s:
name;
postal address;
email address; and
telephone number.
Trust account details.
Relevant banking details to facilitate the direct debiting of our fees.
About an authorised representative of a Subscriber.
Details about the authorised representative such as their:
position at an organisation;
professional certificate;
qualifications;
relevant licences; or
memberships.
Verification of Identity (VOI) information, such as the following details about the authorised representative such as their:
name
date of birth;
Passport details; or
driver’s licence details.
About an estate representative, or beneficiary of an estate.
Identifying information, such as your:
name;
residential or postal address;
email address; and
date of birth.
Copies of identifying documents such as:
driver licences;
Passports;
birth certificates;
marriage certificates; and
Medicare card details
Financial information such as:
Bank account details;
other payment details; and
Holder Identification Numbers and Securityholder Reference Numbers relating to listed public securities.
About our Suppliers and Business Partners.
We also collect information about people who are our contractors, suppliers and business partners, or who are employed by our contractors, suppliers and business partners.
We collect information needed to conduct business with that individual or party.
About Persons who visit our website, or subscribe to our newsletter, or attend our events.
Your name and email address;
Details of any Vale products or services that we provide to you;
Information about how you use the products and services we provide;
Records of our communications with you, including any messages you send us; and
Where you attend our events, we may collect and hold Personal Information about you such as your name and contact information (if you provide this information to us) and the events you attend.
We rely on those persons, who provide us with Personal Information, having the right at law to share that Personal Information with us.
Except as noted below, we will not collect any sensitive Personal Information revealing:
Racial or ethnic origin;
Political opinions or political associations or memberships;
Religious or philosophical beliefs;
Professional or trade union memberships;
Details of health;
Disability information;
Genetic or biometric information; or
Sexual activity or orientation.
Exceptions to the collection of any sensitive Personal Information may include where:
you have given us express consent to do so;
there is a reasonable need to for us to collect this information for the provision of Services;
the use is authorised by law or reasonably necessary to enforce the law; or
you have provided any information that may be considered sensitive Personal Information under the Australian Privacy Laws.
Collection of Personal Information
We collect Personal Information which is reasonably necessary for the provision of our Services. You have a right not to provide information that can identify you or any person you do business with. If we are not provided with the information we request, we may be unable to provide you with our Services.
We collect information when you provide us with information. For example, this might happen when you’re setting up an account with us via our website, or where we ask you to provide certain Personal Information on our Platform.
We may collect types of Personal Information throughout our relationship and where appropriate, we will advise you of this (and other matters about the collection of Personal Information) before, at or as soon as possible after the time of collection.
We collect information when you or your organisation’s authorised representative use the Platform. We may collect information about the deceased on your behalf from the following third party sources:
the registry of births, deaths and marriages in the State or Territory in which the deceased’s death is registered;
the Supreme Court in the State or Territory in which any grant of representation is sought;
service providers to government authorities (such as land registry operators);
financial institutions, aged care facilities, share registries and securities brokers with which the deceased may or may not have had a relationship,
your representative, for example, a lawyer;
the representatives of other parties involved in the estate administration;
other providers of software to law firms, aged care facilities, share registries, securities brokers and financial institutions; or
your organisation, where your organisation is a Subscriber, and you are an authorised signatory or the Subscriber Manager for your organisation.
If you provide us with Personal Information about someone else, you must only do so if that person consents to you doing so (or has previously consented through nominating you as their representative) to us collecting, holding, using and disclosing their Personal Information in accordance with our Privacy Policy
If we receive Personal Information which we did not solicit, we will determine as quickly as possible whether that Personal Information could have been lawfully and fairly collected by us in accordance with the Australian Privacy Laws and this Privacy Policy. If so, we will only use the unsolicited Personal Information as if it had been solicited by us in accordance with Australian Privacy Laws and this Privacy Policy. If not, we will take reasonable steps to de-identify or destroy the information.
Our Platform may contain links to the websites of third parties. If you access those third-party websites, they may collect information about you. We do not collect information about you from those third parties. Personal Information you provide to those third parties will be governed by their privacy policies for which we are not responsible.
When someone visits our Platform, our system back-end collects the following types of information for statistical purposes only:
IP address;
the domain name;
the number of users who visit the Platform;
the date and time of each visit;
the pages accessed and the documents downloaded; or
the type of browser used.
We will not make any attempt to identify users according to their browsing activity. In the unlikely event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect our business records or server logs. It is also possible that your server is logging your activity while you visit our site. This is beyond our control.
Cookies
A cookie is a small text file placed on your computer hard drive by a web page server.
Cookies may be accessed later by our system back-end. Cookies store information about your use of our Platform. Cookies also allow us to provide you with more personalised service when using our Platform.
We use cookies to:
determine whether you have previously used our Platform;
identify the pages you have accessed; or
facilitate administration of the site and for security purposes.
Most web browsers are set to accept cookies, but you may configure your browser not to accept cookies. If you set your browser to reject cookies, you may not be able to make full use of our Platform.
To administer and improve our Platform, we may use a third party to track and analyse usage and statistical volume information, including page requests, form requests, and click paths. The third party may use cookies to track behaviour and may set cookies on behalf of us. These cookies do not contain any personally identifiable information.
Contact Details
We will only use contact details of persons for the purpose for which those details were provided to us.
If you use our Services and provide your e-mail address to us so that we may communicate with you through e-mail, we may use your e-mail address to advise you of upgrades and changes to those Services.
Use And Disclosure of Personal Information
We will only use and disclose Personal Information for the purpose for which it was given to us or collected by us in accordance with this Privacy Policy and/or any terms and conditions you agree to when accessing our Services.
We may use Personal Information that we collect to:
operate the Platform;
facilitate the Services, including to:
send you notifications, status updates and reports regarding the administration of deceased estates;
provide and verify information about the administration of deceased estates;
provide support services in relation to the Platform;
send you surveys and questionnaires about your experience using the Platform or related products and services;
assist law firms to communicate with aged care facilities, share registries, securities brokers and financial institutions in the course of an estate administration; and
notify aged care facilities, share registries, securities brokers and financial institutions of a death.
verify your identity when you are dealing with us;
provide reports to and /or communicate with stakeholders, including Courts, aged care facilities, share registries, securities brokers and financial institutions;
assess, maintain, upgrade and improve our products and services;
create new or enhanced products or services, and to notify you about those products or services;
carry out planning and forecasting activities, market analysis and research, and other internal business processes;
invite you to events;
answer your queries and requests;
comply with our legal and regulatory obligations;
manage and resolve any legal or commercial complaints or issues; and
enable us to meet our obligations under law.
We may disclose Personal Information that we collect with:
other participants involved in the estate administration, including Courts, aged care facilities, share registries, securities brokers, financial institutions, and their representatives;
your representative (e.g. lawyer);
service providers to government authorities (such as land registry operators);
service providers of Subscribers (upon request of the Subscriber);
our staff who need the information to discharge their duties;
our business partners, agents and service providers, including information brokers, VOI contractors, payment system operators and information technology service provides;
in connection with a change of ownership or control of all or part of our business (such as a merger, acquisition, reorganisation, or bankruptcy);
to our agents, contractors or third-party service providers to enable them to provide administrative and other support services to us;
to help us improve our Services, we may engage another business to help us to carry out certain internal functions such as account processing, customer service;
Subscriber satisfaction surveys or other data collection activities relevant to our Platform;
professional advisers who we engage to provide advice on our business;
if we have a good-faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to detect or protect against fraud or security issues;
if required or permitted by applicable law or regulation, including laws and regulations of Australia, or in the good faith belief that such action is necessary to:
comply with a legal obligation or in response to a request from law enforcement or other public authorities wherever we may do business;
protect and defend our rights or property;
act in urgent circumstances to protect the personal safety of our, customers, and contractors/employees;
enforce our legal terms or otherwise protect against any legal liability,
with your consent or at your direction (as described on the Platform).
We also reserve the right to use aggregated de-identified data derived from Personal Information, for lawful purposes in our discretion.
We may also use and disclose your information for other purposes if you ask or tell us to do so.
We will not divulge Personal Information to a third party unless it is associated with or integral to the purpose for which you gave us the information or where required by law. We may also provide a third party with customer information from our database to help us to analyse and identify customer needs and notify customers of product and service offerings.
We require any party, that has access to Personal Information collected by us, to handle that Personal Information in a manner consistent with Australian Privacy Laws and this Privacy Policy. Ultimately, however, it remains the third party’s responsibility to ensure that it is complying with it, both ours and its own privacy policies when dealing with us. For more detail on this, also see our policy (below) on “Outside Australia Hosting of Personal Information”.
We may from time to time use your Personal Information to send you marketing materials about products or services that we think you may be interested in (including in some cases products and services that are provided by a third party). You can opt-out of receiving marketing communications from us by contacting us at privacy@vale.so or following the “unsubscribe” link in the communication.
Quality of Personal Information
We take all reasonable steps to ensure the Personal Information held is accurate, up-to-date and complete.
Please notify us promptly if you change your contact details (or if any of your details need to be corrected or updated.
If you wish to update the Personal Information we hold about you, please email us at: privacy@vale.so
Access to Personal Information
Subject to certain conditions (as outlined below) we will permit you to access the Personal Information we hold about you.
We will correct Personal Information where that information is inaccurate or incomplete. We will not charge you a fee for your access request but may charge you the reasonable cost of processing your request.
If you wish to access the Personal Information we hold about you, or correct it, please email us at: privacy@vale.so.
We will seek to provide such information within a reasonable period of time, and in the manner so requested (where reasonable to do so).
We may not always be able to give you access to all the Personal Information we hold about you. If this is the case, we will provide a written explanation of the reasons for our refusal.
We may not be able to give you access to information where such request:
is reasonably considered to pose a serious threat to the life, health of safety of any individual or to public health/safety;
may unreasonably impact the privacy of another individual;
is reasonably considered to be frivolous or vexatious;
is reasonably considered to relate to existing or anticipated legal proceedings which would otherwise not be accessible in the discovery process relating to such proceedings;
is reasonably considered to be unlawful or prohibited by law or an order of a court/tribunal;
is reasonably considered to relate to unlawful activity or serious misconduct, where access would likely prejudice the taking of appropriate action in relation thereto; or
is reasonably considered to relate to activities conducted by or on behalf of an enforcement body may be prejudiced.
Retention of Personal Information
Retention periods for Personal Information vary based on the type of Personal Information and how it is used.
Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, contractual requirements, operational directives or needs, the expected period use of our Services.
When there is no need for us to keep personal data to provide the Services, comply with our legal or regulatory obligations, resolve disputes, and enforce our agreements, we will remove it from our systems or de-identify it so that you cannot be identified.
Deletion of Personal Information
You may request us to delete Personal Information that we hold about you.
If you wish to delete Personal Information that we hold about you, please email us at: privacy@vale.so.
We will take all reasonable steps to delete such information in compliance with legal requirements and in a reasonable time frame unless we are required to retain such information.
If we are unable to comply with your request to delete, we will notify you in writing of our reasons for such inability.
Data Breaches
If we suffer a data breach, we will promptly notify the Subscriber affected and the Australian Information Commissioner if the unauthorised access or disclosure of Personal Information is likely to result in serious harm to those affected and we have been unable to prevent the likely risk of serious harm with remedial action.
Security of Personal Information
We take reasonable steps and precautions, including technical and organisation measures, to keep Personal Information secure from loss, misuse, and interference, and from unauthorised access, modification or disclosure.
If you use the internet to communicate with us, you should be aware that there are inherent risks in transmitting information over the internet. We do not have control over information while in transit over the internet and we cannot guarantee its security.
Outside Australia Hosting of Personal Information
We store all Personal Information on computer infrastructure located within Australia. However, we do engage certain infrastructure providers who are located outside Australia to provide cloud based features of our Platform. These providers may from time-to-time have access to Personal Information held by us.
Also, your Personal Information may be available for access by other service providers with whom we engage who may be located outside Australia (for example, to financial institutions with overseas processing arrangements).
It is not practicable for us to specify in advance all of the service providers we use who may be located outside Australia and who may have access to Personal Information held by us.
We will take all reasonable steps to ensure that all Personal Information we collect, use or disclose is stored electronically in a secure environment accessed only by authorised persons.
It is possible that we, or our subcontractors, will use cloud technology in connection with the storage of other Personal Information, and it is possible that this may result in offshore storage. It is not practicable for us to specify in advance which country will have jurisdiction over such offshore activities.
We will take reasonable steps to protect an individual’s privacy if this disclosure occurs.
Service providers, who are located outside Australia may not be obliged to comply with the Australian Privacy Laws.
Thus:
an individual, whose Personal Information is part of that data, may not be able to seek redress under the Australian Privacy Laws or in the overseas location even if there is a breach by that service provider of the Australian Privacy Laws; and
the service provider may be subject to a law of the jurisdiction, in which it operates, compelling the disclosure of Personal Information to a third party, such as a government authority in that jurisdiction.
Policy Changes
We reserve the right to change this Privacy Policy at any time.
Changes to this Privacy Policy will be notified by us posting a new privacy policy to this page, and/or by sending notice to the primary email address specified in your account.
We recommend that you review this Privacy Policy periodically for any changes.
Changes to this Privacy Policy are effective when they are posted on this page.
Continued use of our Services after we post or send a notice about our changes to this Privacy Policy means that the collection, use and sharing of Personal Information is subject to the updated Privacy Policy.
Privacy Complaints
If you have a complaint relating to our compliance with Australian Privacy Laws or our treatment of Personal Information, please contact our Privacy Officer at the contact details below.
Address: Incubate Hub, University of Sydney, Level 4, Wentworth Building, 2 Butlin Avenue, Darlington NSW 2008.
Email: privacy@vale.so