Privacy-Policy

NOD PRIVACY NOTICE
Last update: 16 November 2023

This privacy notice informs you about how we collect, use, and disclose your personal data when you use NOD. It also describes the choices that you have with regard to your personal data.
Please read this privacy notice carefully before submitting your personal data to us.

1. ABOUT NOD AND THIS PRIVACY NOTICE
3. WHAT DATA DO WE COLLECT AND HOW DO WE USE IT?
4. HOW LONG DO WE STORE YOUR DATA?
5. HOW DO WE DISCLOSE YOUR DATA?
6. HOW DO WE PROTECT YOUR DATA?
7. HOW CAN YOU CONTROL YOUR PERSONAL DATA?
8. COOKIES
9. CONTACT

1. ABOUT NOD AND THIS PRIVACY NOTICE
Here you can find some general information about NOD and this privacy notice.

1.1 About the Notice. This Privacy Notice (the “Notice”) governs the processing of personal data collected from individual users (“you” and “your”) through the software application NOD and the related services (collectively, “NOD”). This Notice does not cover any third-party websites, applications, software, or ser-vices that integrate with NOD or any other third-party products and services.
1.2 Data controller. NOD is provided by NOD Global Pty Ltd, a company registered in Australia with an address at Unit G10, 50 Eastlake Parade, Kingston ACT, Australia 2604, and ABN 36 667 935 766 (“we,” “us,” and “our”). We act in the capacity of a data controller with regard to the personal data that you pro-vide us with.
1.3 Term and termination. This Notice enters into force on the effective date indicated at the top of the Notice and remains valid until terminated or updated by us.
1.4 Amendments. We may change this Notice from time to time, if necessary to address the changes in our business practices, NOD, or laws, regulations, and standards applicable to us. The amended version of the Notice will be posted on this page and, if we have your email address, we will send you informati-on about all the changes implemented by us. We encourage you to review our Notice regularly to stay informed.

2. CHILDREN
Although NOD can be used by children, we do not collect personal data from children directly. Here, you can find more information about how we process children’s data.
2.1 NOD is not intended to be used by children. Therefore, we do not collect any personal data from children unless their parents or legal guardians decide to voluntarily disclose such data to us, in which case we will use children’s personal data for the intended purpose.
2.2 If you become aware a child’s personal data has been provided to us by a child or without a valid consent from the adult responsible for the child, and you are a parent or a legal guardian of that child, please contact us immediately and we will take all reasonable steps to remove the child’s data from our systems.

3. WHAT DATA DO WE COLLECT AND HOW DO WE USE IT?
Here we provide an overview on what personal data we collect from you, for what purposes we use it, what technical data is collected automatically when you use NOD, and how we communicate with you.

3.1 We comply with data minimisation principles and use personal data for limited purposes, as explained in this Notice. Below, you can find an overview of the types of personal data that we collect, the purposes for which we use it, and the legal bases on which we rely when processing it.
3.2 Sources of personal data. We obtain your personal data from the following categories of sources:
• Directly from you. For example, if you submit your personal data when registering your user ac-count; and
• Directly or indirectly through your activity on NOD. When you use NOD, we automatically collect analytics information about your use of NOD.
3.3 What personal data do we collect directly from you?
• User account. When you complete our user registration form, we collect your profile person-al data, which depends on the type of the user account that you register on NOD. In most cases, it includes your name, surname, profile photo, email address, mobile phone number, and personal description. If you register your user account as a legal entity (charity or busi-ness), we also collect your legal name, primary contact name, mobile phone number, regis-tration and license number, logo, description, and staff member information. Please note that certain personal data may be visible to other NOD users. We use such data to register and maintain your user account, make available your profile to other NOD users, process your orders, provide you with the requested services, contact you if necessary, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our legitimate interests’ (i.e., administer our business). We store such data in our sys-tems until you delete your user account.
• Contact. When you contact us, we collect your first name, last name, email address, and any information that you include in your message. We use such data to respond to your inquiry. The legal basis on which we rely is ‘your consent’. We will store this data until you stop communicating with us and in any case no later than 1 year.
• Payments. When you make a payment, you will be requested by a payment processor to provide your payment details that may differ depending on the chosen payment method (for example, your PayPal account credentials or credit card number). Please note that we do not directly collect or store your payment details, as all payment transactions are handled by our payment processors. Your payment processor may provide us with access to a certain limited amount of your payment data to confirm a transaction. We use such data to process your payment, keep our business records, and comply with the applicable laws. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate business in-terests’ (i.e., administer our business and legal compliance). We keep your personal data for the time period required by our accounting laws.
• User-generated content. Certain user-generated content that you make through NOD (e.g., reviews and descriptions) may contain personal data. We process such data for providing the requested services. The legal bases on which we rely are ‘performing our contractual obliga-tions’. We store this data until you request deletion of your user account or your user account is terminated for any reason.
3.4 What personal data do we automatically collect while you are using NOD?
• Transactions. When you conclude any transactions on NOD, we collect information about those transactions, including: location of transaction, content of transaction, value of transaction, destination of transaction, and time/date of transaction. We use such data for the purpose of facilitating trans-actions, calculating our transaction fees, and maintaining our business records. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate business interests’ (i.e., administer our business and legal compliance). We keep your personal data for the time period re-quired by our accounting laws.
• Analytics data. While you are using NOD, we collect analytics data that allows us to see what kind of users access and use NOD, which parts of NOD you find interesting, improve our content, improve our services and develop new ones, create and implement our marketing campaigns, and investigate and prevent security issues and abuse. When we process your analytics data that is personal data, we rely on the ‘legitimate interest’ (i.e., to analyse, improve, and protect NOD) and ‘your consent’ bases. The analytics data that we collect includes:
• IP address;
• Session statistics;
• Your device type;
• Your operating system;
• Your browser name and version;
• Approximate location; and
• Your other online behaviour.
• Cookies. We collect cookie-related data. We use such information to analyse the technical aspects of your use of NOD, analyse your use of NOD, prevent fraud and abuse, and ensure the security of NOD. For more information on our use of cookies, please refer to section “COOKIES” below. The le-gal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., analyse our content and protect NOD) and ‘your consent’. We will store this data as long as analytics records are necessary for our ac-tivities or you withdraw your consent.
3.5 Sensitive data. We do not collect or have access to any special categories of personal data (“sensitive data”), unless you decide, at your own discretion, to provide such data to us. Sensitive data refers to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.
3.6 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask for it, we may not be able to perform the requested operation and you may not be able to use NOD, receive the requested information, or get our response. Please contact us immediately if you think that any per-sonal data that we collect is excessive or not necessary for the intended purpose.
3.7 Your feedback and de-identified data. If you contact us, we may keep records of any questions, com-plaints, recommendations, or compliments made by you and the response. Where possible, we will re-move all personal data that is not necessary for keeping such records. Also, we may use and share with third parties de-identified data for the purpose of facilitating research. Such data does not allow us to iden-tify you as a natural person and, therefore, is not considered to be personal data.
3.8 Commercial communication. If you opt-in for our commercial notices or make any payments to us, we may send you information about our new services, features of NOD, and special offers. This may be done by email, SMS, or push-notifications. The legal bases on which we rely are ‘your consent’ (if you opt-in) and ‘pursuing our legitimate business interests’ (i.e., promote NOD). You can opt-out from receiving our commercial communication at any time free of charge by adjusting your user account settings or by con-tacting us directly.
3.9 Transactional notices. If we have your email address and it is necessary to do so, we may send you important informational messages, such as payment receipts and other technical or administrative emails. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from our service-related notices.

4. HOW LONG DO WE STORE YOUR DATA?
Here we explain for how long we keep your data in our systems and how we delete it.

4.1 Storage of personal data. We and our data processors store your personal data only for as long as such personal data is required for the purposes described in this Notice or until you request us to update or delete your personal data, whichever comes first. For more details about the period for which each type of personal data is stored, please refer to section 2. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will securely delete it from our systems.
4.2 Storage of non-personal data. We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Notice.
4.3 Storage as required by law. When we are obliged by law to store your personal data for a certain pe-riod of time (e.g., for keeping accounting records), we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period ex-pires.

5. HOW DO WE DISCLOSE YOUR DATA?
Here you can find information about third parties that may have access to your personal data.

5.1 Disclosure to data processors. If necessary for the intended purpose of your personal data, we will dis-close your personal data to entities that provide services on our behalf (our data processors). Your per-sonal data may be shared with entities that provide technical support services to us, such as hosting, payment processing, and email distribution services.
5.2 List of data processors. The data processors that may have access to your personal data are:

• Our cloud storage and analytics service provider Google located in the USA;

• Our payment service provider PayPal located in the USA;
• and
• Our independent contractors and consultants.
5.3 International transfers. Some of our data processors may be based outside the country where you re-side. For example, if you reside in the UK or a country belonging to the European Economic Area (EEA), we may need to transfer your personal data outside the UK or the EEA. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data or we conclude an agreement with it that ensures such protection.
5.4 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose as it does not identify you as a natural person. For example, we may share it for clinical research purposes, for improving the NOD, responding to lawful requests from public authorities or developing new services.
5.5 Legal requests. If requested by a public authority, we will disclose information about the users of the NOD to the extent necessary for pursuing a public interest objective, such as national security or law en-forcement.
5.6 Sale of personal data. We do not sell your personal data without your consent.

6. HOW DO WE PROTECT YOUR DATA?
Here you can find information on how we protect your data against breaches.

6.1 Security measures. We implement up-to-date industry appropriate technical and organisational infor-mation security measures that protect your personal data from loss, misuse, unauthorised access and dis-closure. Our measures include:
a) Maintaining adequate access control mechanisms (e.g., two-factor authentication, password protection, and limited access);
b) Encryption;
c) SSL certificate;
d) Limiting access to personal data;
e) Conducting regular information security audits; and
f) Implementing up-to-date industry-appropriate technical security measures.
6.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communication and information processing technology and the Internet, we cannot and will not be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. Our liability will be limited to the highest extent permitted by the applicable law.

7. HOW CAN YOU CONTROL YOUR PERSONAL DATA?
Here you can find detailed information about the rights that you have with regard to your personal data and how to exercise those rights.

7.1 The list of your rights. You have the right to control how we process your personal data. Subject to any exemptions provided by law, you have the following rights:
• Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
• Right to rectification: you can rectify inaccurate personal data that we hold about you;
• Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
• Right to restriction: you can ask us to restrict the processing of your personal data;
• Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;
• Right to object: you can ask us to stop processing your personal data;
• Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
• Right to complaint: you can submit your complaint regarding our processing of your personal data.
7.2 How to exercise your rights? If you would like to exercise any of your legitimate rights, please contact us by using our contact details available at the end of this Notice and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we can identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days.
7.3 Complaints. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will inves-tigate your complaint and provide you with our response as soon as possible (no later than 30 days). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

8. COOKIES
8.1 About cookies. We use cookies on NOD. A cookie is a small piece of data typically consisting of let-ters and numbers that may be stored on your computer or mobile device for a certain period of time. Cookies are designed to allow the recognition of your device and collection of certain information about your use of software or websites. Thus, over time, cookies allow websites to “remember” your actions and preferences. There are several types of cookies, namely, (i) persistent cookies, which remain valid until deleted by you, (ii) cookies that remain valid until their expiration date, and (iii) session cookies that are stored on a web browser and remain valid until the moment the browser is closed. Cookies may also be (i) first-party cookies (set by the website itself) and (ii) third-party cookies (placed by third-party websites).
8.2 The cookie that we use. We may different types of cookies on NOD, including:
• Essential technical (strictly necessary) cookies that are essential to ensure the correct functioning of NOD and to provide the services requested by you;
• Preference cookies that record information about the choices that you make on NOD;
• Marketing cookies that allow us to create, implement, and examine our marketing campaigns. Such cookies allow us to reach the right customers, analyse the productivity of our marketing campaigns, and offer you personalised advertisement; and
• Statistics cookies that allow us to generate statistical reports about how you use NOD.

8.3 Cookie consent. When you visit NOD for the first time, we will ask you to provide us with your con-sent to our use of all cookies via a cookie consent banner. If you do not provide your consent, we will not serve you our non-essential cookies. Please note that we may not be able to provide you with the best possible user experience if not all cookies are enabled.
8.4 Disabling cookies. When we ask you to provide your consent to our use of non-essential cookies, you have the freedom not to provide such consent. If you would like to refuse our use of non-essential cook-ies later, you can do it at any time by declining cookies in your browser or device. For more infor-mation, you can consult the cookie management instructions of your browser:
• Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Chrome: https://support.google.com/chrome/answer/95647
• Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Opera: https://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/
• Microsoft Edge: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy
8.5 Google Analytics. We use Google Analytics, a web analytics service provided by Google LLC, regis-tered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google generates sta-tistical information by means of cookies and creates reports about your use of NOD. The cookies served by Google are anonymous first-party cookies that do not allow us to identify you in any manner. The information generated by cookies will be transmitted to and stored by Google on servers in the United States. To ensure your privacy, your IP address will be anonymised and Google will not combine your IP address with other information Google holds about you. Thus, Google will not be able to identify you. In certain cases (e.g., when required by law or when third parties conduct services on behalf of Google), Google may transfer the information to third parties. For more information about Google Analytics’ pri-vacy practices, please visit https://support.google.com/analytics/answer/6004245. If you would like to opt out from Google Analytics, you can do so by installing a Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout?hl=en.
8.6 Targeted advertising. You may encounter targeted interest-based advertising based on your use of NOD and other online services. Where necessary, we will seek your consent. You can control how such advertising is shown to you or opt-out from targeted advertising by consulting the guide powered by the Digital Advertising Alliance available at https://youradchoices.com. For more information on opting-out from advertising features on your device, please visit https://www.networkadvertising.org .

9. CONTACT
If you have any questions about this Notice, your rights, or our data protection practices, please contact us by email at contact@thenod.app .
Alternatively, you can send us a letter to the following address: NOD Global Pty Ltd, Unit G10, 50 Eastlake Parade, Kingston ACT , Australia 2604.

[END]