Our most important priority is your security, and we go to extreme lengths to protect it. We use the same SSL encryption that the banks use and have a world class service protecting us and you. We have in place both technical and procedural QA, and we are committed to maintaining this high level of security.
QPay is proud to be GDPR Compliant internationally. Handling personally identifying information is a privilege we do not take lightly, and the privacy of our users and societies is of vital importance to us.
All encrypted communications are encrypted with high security SSL certificates. Sensitive data is stored in a cryptographically strong manner.
Your credit card details are stored in an encrypted way and no one ever sees these details – not even us. Card data is stored on a PCI Compliant, Level 1 DSS certified payment system, and we use equivalent or stronger encryption than the banks do in many cases. If for any reason you would like to remove your data from QPay, just email us and we’ll be happy to help.
QPay is committed to maintaining the confidentiality, integrity and security of all personal information of our users. This Privacy & Security Policy outlines how we protect personal information provided through QPay and its Service (the “Service”)
1. Acceptance of Terms
1.1. This website, app, platform and any service offered under the name “QPay” (“Service”) is operated and owned by MySmock Pty Ltd (ACN 163 916 603) and its subsidiaries (“us”, “we” and “our”).
1.4. We may amend or modify the Service and/or the Terms at our sole discretion and at any time. Any amendments are effective immediately upon publication on the Service. Your continued use of the Service indicates your continued acceptance of the Terms as modified.
1.5. These Terms will prevail over any other terms or agreement between you and us, and constitute the entire agreement between us and you unless another agreement issued by us explicitly states that its terms supplement these Terms.
2. Warrant of Authority
2.1. Your use of the Service is conditional on you being:
2.1.a. over 18, or if under 18 then you represent that you have reviewed these Terms with your parent or legal guardian to make sure that you and your parent or legal guardian understand these Terms. If you are a parent or guardian permitting a person under the age of 18 (a “Minor”) to create an account, you agree to exercise supervision over the Minor's use of our website and account and assume all risks associated with the Minor's use of our website and their account, including the transmission of content or information to and from third parties via the Internet.
2.1.b. a resident of a country or region in Australia, United Kingdom, and the United States (“Permitted Region”), using the Service in the Permitted Region and only with credit, debit or prepaid cards issued by financial institutions in your Permitted Region.
Accordingly, by using the Service, you warrant this to us. If the above conditions are not satisfied, please cease using the Service immediately.
3.1. You may be required to be a registered member to access certain features of our website.
3.3. We will provide you with a user name and password. You are responsible for keeping this user name and password secure and are responsible for all use and activity carried out under this user name. You must not to share your account credentials with any third party. We do not authorise anyone to use the service on your behalf, and we will not be liable for any loss or damage arising from any kind of unauthorised activity that takes place under your account.
3.4. You must not impersonate any other person and you must not use the Service using anyone else’s credentials. In case you try to present yourself as another person or entity, your account may be terminated, suspended and legal action may be taken against you.
4. Critical Information
4.1. Some of the Services constitute a tool (“Tool”) that you may use to login to third parties’ portals such as (but not limited to) university student portals (“University Portal”). To do this, the Tool may ask you to provide your login credentials for your relevant university student portal and/or enter credit card details of any other login credential of that nature (together, “Critical Information”).
4.2. Your Critical Information:
4.2.a. is stored on your device only;
4.2.b. does not form a part of the Personal Information;
4.2.c. is not disclosed, visible or accessible to us or any third-party as a result of being stored on your device.
4.3. You agree that you will use the Tool to retrieve personal information about you from a University Portal (for example, your student timetable) and any such information will be treated as, and be considered, Personal Information. For clarity, the Tool is not able to delete, edit or modify any information on a University Portal.
4.4. At all times, you are able to remove or delete any data including the Critical Information. If you are having difficulty doing so, please contact our support (firstname.lastname@example.org) immediately.
4.5. You agree to the manner the Critical Information is stored and may be used in accordance with this clause 4. You hereby waive, forever release, and indemnify us from any claim, loss or liability howsoever arising in relation to this clause or the Critical Information (unless we breach the terms of this clause). These Terms may be pleaded as a bar to proceedings.
5. Your Content
5.1. Where the Service allows you to upload any content whatsoever to the Service (with the exception of Critical Information) (“Your Content”), you:
5.1.b. to the full extent permitted by law, grant us a perpetual, non-exclusive, royalty-free, irrevocable, worldwide and transferable right and licence to use the Your Content in any way (including, without limitation, by reproducing, modifying, and communicating the Your Content to the public) and permit us to authorise any other person to do the same thing;
5.1.c. to the full extent permitted by law, consent to any act or omission by us which would otherwise constitute an infringement of your moral rights under the Copyright Act 1968 (Cth) (“Copyright Act”) in relation to the Your Content; and
5.1.d. acknowledge and agree that we may delete, modify, or otherwise exploit in any manner contemplated by the Copyright Act any Your Content submitted to or via the Service by you.
5.2. In each instance when you upload Your Content to or via the Service, you:
5.2.a. represent and warrant to us that you have all right, title, interest and authority in the Your Content which is necessary to grant the licences and consents set out in clauses 2.1(a) and 2.1(b);
5.2.b. represent and warrant to us that you have the permission to use the name and likeness of each person whose image appears in any Your Content in the manner contemplated by these Terms;
5.2.c. represent and warrant to us that the use or exploitation of Your Content by us or any other user of the Service will not infringe the rights of any third party (including, but are not limited to, intellectual property rights and privacy rights); and
5.2.d. agree and undertake to us to pay all amounts which become owing to any person (whether by way of royalty or otherwise) as a result of or in connection with your submission of the Your Content to or via the Service.
5.3. This clause 2 will survive termination of these Terms.
6. Your conduct
6.1. In using the Service, you must:
6.1.a. strictly comply with these Terms (including any policy);
6.1.b. obey any reasonable direction issued by us;
6.1.c. obey all laws whatsoever (including international law) which may apply in respect of your use of the Service.
6.1.d. not take any action that is likely to impose upon the Service or our (or its third party service providers) a disproportionately large load;
6.1.e. not interfere with the proper working of the Service or any activities conducted via the Service, including by using any automated or manual software or process to "crawl", "spider" or engage in similar conduct in relation to the Service;
6.1.f. except to the extent the Copyright Act allows you to do so, not reverse engineer or otherwise seek to obtain any source code forming part of the Service;
6.1.g. not add any Your Content:
6.1.g.i. unless you hold all necessary rights, licences and consents to do so;
6.1.g.ii. that may result in you or us breaching any law, regulation, rule, code or other legal obligation;
6.1.g.iii. that is or could reasonably be considered to be obscene, inappropriate, defamatory, disparaging, indecent, seditious, offensive, pornographic, threatening, abusive, liable to incite racial hatred, discriminatory, profane, in breach of confidence, in breach of privacy or harassing;
6.1.g.iv. that would bring us or the Service into disrepute;
6.1.g.vi. that you know (or ought reasonably suspect) is false, misleading, untruthful or inaccurate;
6.1.g.vii. that contains unsolicited or unauthorised advertising (including junk mail or spam); or
6.1.g.viii. that contains computer or software viruses, files or programs that are designed to interfere with the ordinary functionality of the Service, or obtain unauthorised access to any system, information, security device belonging to us or any third party.
7.1. The Service allows you to visit and transact with various merchants (“Merchants”).
7.2. Merchants may impose their fees for goods or services offered through the Service. When you transact with a Merchant or deal with a Merchant in any way, you are entering into a transaction with the Merchant and not with us. We merely offer the Service to facilitate payments. We are not responsible or liable for the fees or the goods or services being quoted.
7.3. We make no warranties, conditions, terms, representations, statements and promises of whatever nature, whether express or implied (“Warranties”) as to any Merchant or anything offered or quoted by the Merchant whatsoever.
7.4. We make no Warranties as to maintaining any Merchant within the Service for any period of time and we reserve the right to change Merchants at any time in our sole discretion.
7.6. In the event that a Merchant elects to cease participation in the Platform, we will not continue to process your data for such Merchant. However, usage of data, if any, that you have already provided through the Platform to such Merchants will be subject to that merchant own privacy policies which you must carefully review before using their services or buying their goods.
7.7.All Merchants must read and agree to our Data Processing Addendum [below], which is incorporated into these Terms.
8.1. You agree to pay all fees disclosed on the Service (“Fees”).
8.2.Unless otherwise stated, all fees and all transactions are in AUD. All fees are exclusive of applicable federal, state, local, or other taxes.
8.3. Merchants may impose fees on their products or services. Such fees are entirely up to the Merchants and we have no liability or control in relation to them.
8.4. You or other users may receive offers from third parties, such as discounts, sponsorships, or other benefits. We are not involved in any dealings or payments between you and third parties, and these Terms do not govern such transactions.
9. Intellectual Property Rights
9.1. Except where otherwise indicated, we are the sole owners or licensee of all intellectual property comprised in the Service (including all intellectual property comprised in the Service content and any branding, logos, names etc), and nothing in these Terms constitutes a transfer of any intellectual property rights in or related to the Service or Service content.
9.2. You acknowledge and agree that the Service and the content contained therein are protected by copyright, trademarks, service marks, patents, design registrations, and other proprietary rights and laws, and you agree to comply with and maintain all copyright notices and other restrictions on content accessed on or via the Service.
9.3. You must not do anything which breaches or otherwise interferes with our intellectual property rights or the intellectual property rights of any of its third-party licensors. You may not distribute, reproduce, publish, alter, modify or create derivative works from the Service content without our prior written permission or the relevant third-party licensor or exploit such contents for commercial benefit.
9.4. You acknowledge and agree that damages may not be an adequate remedy for a breach of this clause 9 and that equitable or injunctive relief may be necessary.
10. Third party sites
10.1. The Service may contain links to websites that are owned and operated by third parties. We have no control over these external websites, which are governed by terms and conditions and privacy policies independent of us.
10.2.You acknowledge and agree that when you access a third-party website available via a link contained on the Service:
10.2.b. we are not liable for the content, accuracy, lawfulness, appropriateness, or any other aspect of that third-party website; and
10.2.c. you acknowledge and agree that to the full extent permitted by applicable law, we will not be liable for any loss or damage suffered by you or any other person as a result of or in connection with your access or use of any third-party website available via a link on the Service.
11. Third party services
11.1. In order to use the Service, you may also use various other services or devices offered by other third-parties (including but not limited to, carriers, operating systems, mobile devices, software, hardware, applications etc) (“Third-Party Services”).
11.3. We are not liable for anything loss arising in relation to a Third-Party Service, including but not limited to:
11.3.a. any failure of or issue with such Third-Party Service;
11.3.c. your misuse of the Third-Party Service.
12. Disclaimer and limitation of liability
12.1. We exclude all Warranties other than those expressly set out in these Terms.
12.2. We exclude any Warranties in relation to the accuracy, suitability, completeness, fitness for purpose, quality or anything else in relation to the goods or services offered by, through, or on the Service.
12.3. You acknowledge that you must only rely on your own enquiries in relation to such goods and services or any other information or material contained on the Service. You should not rely on any information on the Service to make business decisions.
12.4. We provide the Service on an “as is” and on an “as available” basis without any Warranties as to continuous, uninterrupted or secure access to the Service, that its servers are free of computer viruses, bugs or other harmful components, that defects will be corrected, or that you will not have disruption or other difficulties in using the Service.
12.5. We are not responsible for any action of any third-party, user, or Participating Merchant. Any dealings you have with such parties are exclusively entered into between you and them.
12.6.In the event that we terminate the Service or your access to the Service pursuant these Terms, you release us from all liability, loss or claims suffered by you as result of or arising out of such termination.
12.7.To the extent that legislation or other law restricts our right to exclude Warranties under these Terms, these Terms must be read subject to those provisions and nothing in these Terms is intended to alter or restrict the operation of such provisions. If those statutory provisions apply, notwithstanding any other provision of these Terms, to the extent that we are entitled to do so, we limit our liability pursuant to such provisions:
12.7.a. in the case of goods:
12.7.a.i. the replacement of the goods or the supply of equivalent goods;
12.7.a.ii. the payment of the cost of replacing the goods or of acquiring equivalent goods; and
12.7.b. in the case of services:
12.7.b.i. the supply of the services again; or
12.7.b.ii. the payment of the cost of having the services supplied again.
12.8. Our liability arising in connection with these Terms or the Service is limited as follows:
12.8.a. we are not liable for any consequential, special, indirect or remote loss;
12.8.b. our total maximum total liability arising in connection with these Terms is capped to the total price of any goods or services subject of the liability;
12.8.c. our liability is limited to the extent that you contributed to the liability;
12.8.d. we will not be liable to any claim commenced later than 6 months after you had become aware of the facts giving rise to it; and
12.8.c. our liability is subject to your duty to mitigate your loss.
12.9. All of the above subclauses are cumulative to one another.
13.1.You agree to release us and our officers, directors, shareholders, agents, employees, consultants, affiliates, subsidiaries, sponsors, and other third-party partners (“Released Parties”) from any loss, liability, damage, costs, expenses, claims, demands, and damages (direct and consequential) of every kind and nature, known and unknown, now and in the future (“Loss”), arising in connection with any transaction with any third-party or your interactions with other members. You further waive any and all rights and benefits otherwise conferred by any statutory or non-statutory law of any jurisdiction that would purport to limit the scope of a release or waive
14.1. You agree to indemnify, defend and hold all the Released Parties harmless from any Claims, made by any third-party due to or arising out of:
14.1.a. your breach of these terms; and
14.1.b your negligence or your violation of any law, statute, ordinance or regulation or the rights of a third party (including intellectual property infringement).
14.2. You agree to promptly notify us of any such third-party claims, cooperate with all Released Parties in defending such claims and pay all fees, costs and expenses associated with defending such claims (including, but not limited to, legal fees). You agree not to settle any claim without our prior written consent.
15.1. These Terms terminate automatically if we cease to operate the Service for any reason (although any clauses which are reasonably intended to survive termination survive).
15.2. You acknowledge and agree that:
15.2.b. we may terminate your access to the Service at any time without giving any explanation without any further liability to you.
15.2.c. Termination of these Terms or your access to the Service does not release you from any of your obligations and liabilities that may have arisen or been incurred prior to the date of such termination.
16.1. If you are a registered user of our Platform we will use “cookies” or similar technologies in order to ensure that you are able to stay logged into our Platform. Cookies help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web server. Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a Web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize pages on the Bench Platform, a cookie helps us to recall your specific information on subsequent visits. When you return to the same page of the Bench Platform, the information you previously provided can be retrieved, so you can easily use the customized features.
16.2. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Platform.
17.1. You must not assign, sublicense or otherwise deal in any other way with any of your rights under these Terms.
17.2. If a provision of these Terms is invalid or unenforceable it is to be read down or severed to the extent necessary without affecting the validity or enforceability of the remaining provisions.
17.3. These Terms are governed by the laws of NSW, Australia & the United Kingdom and each party submits to the jurisdiction of the courts of that State and all courts of appeal therefrom.
17.4. Any waiver of any term on these Terms by us can only be done in express writing. Any failure on our part to enforce a term does not constitute a waiver and we reserve the right in relation to all breaches unless expressly stated otherwise.
18.1. All sponsorship offers provided by QPay are bound by Terms set out in section 18
18.2. UK College Ball sponsorship offers require individual agreements issued by QPay, tailored to specific colleges
18.3. All UK society cash sponsorship is limited to £50 per society, unless a specific agreement is agreed upon by QPay and the society
Consumers means users on the Platform who purchase goods or services on the Platform.
Critical Information means login credentials for your relevant university student portal and/or enter credit card details of any other login credential of that nature.
Merchants means users of the Platform who offer goods or services on the Platform.
Non-personal Information means information which does not relate to a person and/or cannot be used to identify a person.
Personal Information means any information which can be used to identify an individual, and described in detail in clause 3.
Platform means this website, app, platform and any service offered under the name “QPay”.
Tool means a feature used by Users on the Platform to interact or log in to third parties’ portals such as (but not limited to) university student portals.
Users means any registered user of the Platform, whether Merchants or Consumers.
2. Use of this Platform and Application of the Policy
2.1.This Platform operates as a venue or marketplace which allows Merchants to offer goods and/or services, including memberships to organisations and societies, and for Consumers to purchase the said items on offer.
2.4.We process Merchant Collected Information as the Merchants direct and in accordance with our agreements with the Merchant (as their agent and on their behalf), and we store it on our service providers' servers, but we do not have control over its collection or management.
2.6.We acknowledge that you have the right to access your Personal Information. In relation to Merchant Collected Information, the relevant Merchant is responsible for correcting, deleting or updating information they have collected from you using the Platform. However, we will assist in this process as the agent of the Merchant only. If requested to remove data we will respond within a reasonable timeframe. We may work with the Merchant to help them provide notice to their Consumers about their data collection, processing and usage. We are not responsible for the Merchants' use of information they collect on the Platform. If you are a Consumer of a Merchant and you have an issue relating to any Merchant Collected Information, please contact the Merchant that you interact with directly. If you are unable to do so or if you are not receiving a response, please contact us using the contact us feature below and we will attempt to resolve the issue.
3. What personal information do we collect?
3.1.We may collect Personal Information about you when you use the Platform or interact with us in anyway.
3.2.Information you provide to us: we collect all information which Users voluntarily provide to us through using the Platform or Interacting with us. This includes information provided:
(a) during registration;
(b) during correspondence, enquiries, support tickets or phonecalls, or customer surveys; or
(c) uploaded onto the Service in any way;
The Personal Information we may collect includes without limitation your name, address, age, email address, university-related information such as your university, the courses or subjects your studying, other information obtained by your use of the Tool (but not Critical Information), and other information that enables Users to be personally identified.
3.5.Critical Information: We do not collect, store, hold, or use Critical Information in any way.
3.6.Information we obtain from others: We may also collect or receive Personal Information from third party sources, such as Merchants, other Consumers, social media or other third-party integrations.
4. Why do we collect, use and disclose personal information?
4.1.We may collect, hold, use and disclose your personal information for the following purposes:
(a) to enable you to access and use our Platform, including allowing you to interact with Merchants whom you wish to purchase goods and services from;
(b) to operate, protect, improve and optimise our Platform, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
(c) to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
(d) to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
(e) to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
(f) to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
(g) to consider your employment application.
4.2.We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive
4.3.All promotional material and prizes have a 45 day lock-out period
4.3.1.The 'GOOGLE-HME MINI PROMOTION' requires valid employer deposits. All deposits must be validated to be from an Australian Employer and must total or exceed a sum of 500.00 AUD over a period of 3 MONTHS or LESS.
5. Do we use your personal information for direct marketing?
5.1.We and/or our carefully selected business partners may send you direct marketing communications and information about our services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us through the contact us feature below, or by using the opt-out facilities provided (eg an unsubscribe link).
5.2.Merchants may send you direct marketing communications and information about their goods or services. It is possible that we will help facilitate these communications on behalf of the Merchants. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from them by contacting them directly, or by using the opt-out facilities provided (eg an unsubscribe link). The Merchant, and not us, is responsible for sending these communications.
6. To whom do we disclose your personal information?
(a) to relevant Merchants when you wish to purchase goods and services from them;
(b) our employees and related bodies corporate;
(c) third-party suppliers and service providers (including providers for the operation of our Platform and/or our business or in connection with providing our products and services to you);
(d) professional advisers, dealers and agents;
(e) payment systems operators (eg merchants receiving card payments);
(f) our existing or potential agents, business partners or partners;
(g) our sponsors or promoters of any competition that we conduct via our services;
(h) anyone to whom our assets or businesses (or any part of them) are transferred;
(i) specific third-parties authorised by you to receive information held by us; and/or
(j) other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
7.1.We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. However, we cannot guarantee the security of your personal information.
8.1.We may retain your Personal Information as long as you are registered to the Platform as a User. You may close your account by contacting us. However, we may retain Personal Information for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Information it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes.
10. Accessing or correcting your personal information
10.1.You can access the personal information we hold about you by contacting us using the contact us feature below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
10.2.If you think that any personal information we hold about you is inaccurate, please contact us using the contact us feature below and we will take reasonable steps to ensure that it is corrected.
10.3.We will consider and respond to all requests in accordance with all applicable laws.
11. Making a complaint
11.1.If you think we have breached the Privacy Act or any other relevant privacy law, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the contact us feature below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
12. The EU General Data Protection Regulation (GDPR)
12.1.To the extent that the EU General Data Protection Regulation (GDPR) applies to us and your Personal Information, this clause applies.
12.2.Our legal grounds for us processing your Personal Information for the purposes set out in clause 4 above will typically be because:
(a) you provided your consent;
(b) it is necessary for our contractual relationship;
(c) the processing is necessary for us to comply with our legal or regulatory obligations; and/or
(d) the processing is in our legitimate interest as an event organising and ticketing platform (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.).
12.3.Transfers of Personal Information: As we are a global company, we may need to transfer your Personal Information outside of the country from which it was originally provided. This may be intra-group or to third parties that we work with who may be located in jurisdictions outside the European Economic Area (EEA), Switzerland and the UK which have no data protection laws or laws that are less strict compared with those in Europe.
12.4.Whenever we transfer Personal Information outside of the EEA, Switzerland or the UK, we take legally required steps to make sure that appropriate safeguards are in place to protect your Personal Information. Feel free to contact us for more information about the safeguards we have put in place to protect your Personal Information and privacy rights in these circumstances.
12.5.Personal Information retention : We retain your Personal Information for as long as necessary to provide you with our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.
12.6.If you have an account with us, we will typically retain your Personal Information for a period of 90 days after you have requested that your account is closed or if it's been inactive for 7 years.
12.7.Your rights: 12.7 Data protection law provides you with rights in respect of Personal Information that we hold about you, including the right to request a copy of the Personal Information, request that we rectify, restrict or delete your Personal Information, object to profiling and unsubscribe from marketing communications.
12.8.To exercise any of your rights, please contact us using the contact us feature below. Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.
12.9.If you have a complaint about how we handle your Personal Information, please contact us using the contact us feature below. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.
12.10.Data controller and a data processor: EU data protection law makes a distinction between organisations that process Personal Information for their own purposes (known as "data controllers") and organisations that process Personal Information on behalf of other organisations (known as "data processors"). If you have a question or complaint about how your Personal Information is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Information.
12.11.We may act as either a data controller or a data processor in respect of your Personal Information, depending on the circumstances.
12.12.For example, if you create an account with us to organise your offers (as a Merchant) or purchases (as a Consumer) of goods and services, we will be a data controller in respect of the Personal Information that you provide as part of your account. We use this to conduct research and analysis to help better understand and serve Users as well as to improve our Platform and provide you with more targeted recommendations about events we think may be of interest to you.
12.13.However, after account creation, you may also enter or volunteer additional information as a Consumer when you are in the process of purchasing goods and services from a Merchant. In those scenarios, we will collect Personal Information strictly on behalf of the Merchant (for example, sending confirmation, promotional and feedback emails, processing payments, etc.) and to help the Merchant target, and understand the success of, their event and event planning (for example, providing event reports, using analytics to gain insights into the effectiveness of various sales channels, etc.). In these circumstances, we merely provide the "tools" for Merchant; we do not decide what Personal Information to request on registration, application or order forms, nor is it responsible for the continued accuracy any Personal Information provided. Any questions that you may have relating to your Personal Information and your rights under data protection law should therefore be directed to the Merchant as the data controller, not to us.
13. Contact Us
Effective: 24th of May, 2018
Data Processing Addendum
1.1. In this DPA, the following capitalised terms have the following meanings:
(a) Applicable Data Protection Laws means the GDPR or equivalent legislation, including any amending or replacement legislation from time to time.
(b) Applicable Merchant means
(c) Data Controller, Data Processor, Data Subject, Processing and Personal Data shall have the meanings ascribed to them in Applicable Data Protection Laws;
(d) DPA means this Data Processing Addendum
(e) GDPR means EU General Data Protection Regulation (2016/EC/679)
(f) Platform means this website, app, platform and any service offered under the name “QPay”
(h) we, us or our means MySmock Pty Ltd (ACN 163 916 603) and all subsidiaries
(i) You means a Merchant who is subject to Applicable Data Protection Laws and who requires us to Process Personal Information on their behalf as part of Merchant's use of the Platform.
2. Applicability of DPA and scope of data Processing activities
2.1.In using our Platform, for the purposes of Applicable Data Protection Laws, you are a Data Controller of the Personal Data associated with an individual using the Platform to register for or purchase goods or services from you ("Consumer"). You agree to Process such Personal Data in accordance with your obligations under Applicable Data Protection Laws.
2.2.Where we Processes the Personal Data of Consumers on your behalf as part of the Platform, we are a Data Processor in performing such Processing and you are the Data Controller. This includes circumstances where we obtain Personal Data as a result of the provision of our sale services (for example, where we facilitate the transmission of emails to Consumers at your request, Processes payments, or provide you with reports about sales).
2.3.In respect of some Processing of Consumers' Personal Data, we may act as a Data Controller, for example, where Consumers create their accounts, where they hhave engaged with aspects of our Platform beyond those relating to your goods or services, or where Consumers' Personal Data is Processed by us to conduct research and analysis to enable us to improve our features and provide targeted recommendations.
2.4.Clause 3 of this DPA only applies to the extent that we Process Personal Data as a Data Processor your behalf. When we act as a Data Controller of Consumers' Personal Data, our Processing is not subject to this DPA.
3. Data Processing clauses.
3.1.We and any person acting under your or our authority shall Process the personal data only on documented instructions from you. You hereby instruct us, and we hereby agree, to Process Personal Data as necessary to perform our obligations under the Terms and for no other purpose.
3.2.The only exception to the requirement to Process Personal Data only on documented instructions from you is if we are required to do otherwise by any applicable law to which we are subject. If this applies we shall inform you of any such legal requirement before Processing the Personal Data, unless any such applicable law prohibits such information on important grounds of public interest.
3.3.We will ensure that persons authorised to Process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.4.We shall, insofar as possible and taking into account the nature of the Processing, assist you by taking appropriate technical and organisational measures for the fulfilment of your obligations, including, but not limited to your obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR.
3.5.We shall, taking into account the nature of the Processing and the information available to us, assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 (inclusive) of the GDPR
3.6.To the extent that it is applicable to us, we shall take all measures required by or pursuant to Article 32 of the GDPR.
220.127.116.11 To the extent that it is applicable to us and without limiting the generality of clauses 3.5 and 3.6, we shall, taking into account:
(a) the state of the art;
(b) the costs of implementation;
(c) the nature, scope, context and purposes of Processing; and
(d) the risk of varying likelihood and severity for the rights and freedoms of natural persons;
implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, inter alia and as appropriate:
(e) the pseudonymisation and encryption of Personal Data;
(f) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
(g) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
a Process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing.
3.8.Without limiting the application and/or generality of any other clause, in and when assessing the appropriate level of security, account shall be taken, amongst other things and in particular, of the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
3.9.We shall notify you without undue delay and as soon as possible after becoming aware of a Personal Data breach (“Data Breach Notice”).
3.10.The Data Breach shall, at the very minimum, include:
(a) the description of the nature of the Personal Data breach, including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
(b) the name and contact details of the data protection officer or other contact person/s and/or point where more information can be obtained;
(c) description of the likely consequences of the Personal Data breach;
(d) description of the measures taken or proposed to be taken by us to address the Personal Data breach, including, where appropriate, measures to mitigate its possible adverse effects; and
(e) any other relevant information.
3.11.In the event and to the extent that it is not possible for us to provide all the required and relevant information at the same time, the information may be provided in phases without undue further delay and as soon as possible.
3.12.We shall document any Personal Data breaches, including the facts and circumstances relating to the Personal Data breach, its effects and the remedial action taken.
3.13.We shall provide any documentation and/or records referred to in a Data Breach Notice to you at the time of, or as soon as possible after, providing you with the Data Breach Notice.
3.14.We shall, at your choice, delete or return to you all the Personal Data after the end of the provision of services relating to Processing and shall delete all existing copies of such data, unless European Union or a member state law requires storage of any such Personal Data.
3.15.You agree that we may engage sub-Processors to Process Personal Data on your behalf. The Sub-Processors currently engaged by us and authorized by you are listed in Annex A (“Sub-Processors”).
3.16.In the case of general written authorisation, we shall inform you of any intended changes concerning the addition or replacement of other Sub-Processors, thereby giving you the opportunity to object to any such changes.
3.17.Where we engage a Sub-Processor for carrying out specific Processing activities on your behalf, the same data protection obligations that apply to us shall be imposed on any such other Processor by way of a contract, including, but not limited to, providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of the GDPR. You acknowledge and agree that it is your obligation to ensure that protections and contractual terms and conditions in relation to any such Sub-Processors are sufficient and compliant with the GDPR and any other applicable laws and regulations.
3.18.In the event that any such Sub-Processors fails to fulfil its data protection obligations, we shall not be liable to you for the performance of any such Sub-Processor’s obligations, but will endeavour to assist you in relation to any such failure to the extent that we reasonably can.
3.19.If we or the industry in which we operate are subject to a code or standard of conduct and/or practice, we shall, and hereby warrant that we do, comply with any such code and/or standard.
3.20.If we infringe the GDPR by determining the purposes and means of Processing of the Personal Data, we shall be considered to be a controller in respect of any such Processing. You hereby authorise and instruct us to Process the data for any purpose and by any means consistent with the purposes of this DPA, the Terms, or anything contemplated by the use of the Platform.
3.21.We warrant that we and our operations comply with the GDPR to the extent that it applies to us and that we perform regular audits and/or assessments to ensure ongoing compliance with the GDPR.
3.22.We further warrant that, should we become aware of any potential or actual non-compliance with the GDPR, we will take steps to effect and ensure such compliance.
3.23.Subject to any other clause of this DPA and to the extent that it is necessary and reasonable, we shall make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR or the GDPR and allow for, and contribute to, audits, including inspections, conducted by you or another auditor mandated or appointed by you.
3.24.You indemnify us against any damage, loss and/or harm sustained and/or suffered by us as a result of, or in relation to, your breach of, and/or your non-compliance with, the GDPR.
Annex A - List of Sub-Processors: Available upon request