Current as of 1 Jul 2024
Privacy Policy
Your privacy is important to us at Overlay. We respect your privacy regarding any information we may collect from you across our product.
1 We comply with the Privacy Act
Overlay AI Pty Ltd (ABN 86 668 655 249) and its related bodies corporate (we, us or our) are organisations and "APP Entities" for the purposes of the Privacy Act 1988 (Act), and are bound by the Australian Privacy Principles contained in the Act.
This Privacy Policy describes generally how we manage this personal information and protect privacy, including how we comply with the Act and the Australian Privacy Principles.
This Privacy Policy is intended to provide a general overview of our policies in respect of the handling of your personal information. "Personal information" is essentially information or an opinion about an identified or reasonably identifiable individual.
This Privacy Policy is intended to cover most personal information we handle but is not exhaustive. Other policies may override or supplement this Privacy Policy in certain circumstances. For example, when we collect personal information from you, we may advise a specific purpose for collecting that personal information, in which case we will handle your personal information in accordance with that purpose. If you have any queries about our handling of your personal information, please contact us (see section 19 below) for further information.
2 Notification of collection
When we collect your personal information, we take reasonable steps to ensure you are aware of certain details. This Privacy Policy provides those details as they typically apply in many situations. Specifically:
the purposes for which we collect personal information are described in section 3;
the organisations to which we would usually disclose it are described in section 6;
whether we are likely to disclose it to overseas recipients, and where practicable the countries in which they are located, are described in section 9;
whether there are laws or court/tribunal orders which require or authorise us to collect it is described in section 10; and
the main consequences for you if you fail to provide it are described in section 11.
However, depending on our specific interaction with you, different details may apply. If we do not notify you of such other details, the details in this Privacy Policy apply.
3 Why we handle personal information
Generally speaking, we collect, hold, use and disclose personal information so that we may provide our products and services, and effectively communicate and interact with you.
The purposes for which we handle personal information depend on your dealings with us, but generally they may include enabling us to:
provide customers with access to the Overlay AI platform and manage user accounts;
to improve the customer experience on the Overlay AI platform
communicate with our customers, suppliers and other business contacts (including providing information you request, responding to your enquiries, managing complaints or otherwise facilitating the purpose for which you have contacted us);
handle payments;
verify your identity if required;
inform our current and potential customers and other business contacts about the Overlay AI platform and provide marketing and promotional material regarding the Overlay AI platform, products or services (including newsletters or other materials);
manage our employees and contractors;
seek feedback from you and perform market research, so that we can gauge your satisfaction with the Overlay AI platform;
generally carry on our business (including maintaining our business records and ensuring compliance with our legal and insurance obligations); and
to engage in other activities where required or permitted by law or where you have given your consent.
4 What personal information we collect and hold
The kinds of personal information we may collect and hold about you depend on your dealings with us, but generally it may include:
your name, address, email address and telephone number;
information about your occupation, employer or business;
information about your relationships with others, such as our business contacts or customers;
credit card and payment details if you purchase products and services from us or through the Overlay AI platform;
business details including those of your business operations;
details of products or services you purchase; and
other personal information that we require or that you volunteer to us (such as details of your qualifications, skills, education provider, work history, resume and residency status if you apply for employment with us).
We aim to limit personal information we collect to that which is reasonably necessary for our functions or activities.
5 How we collect and hold personal information
We may collect personal information from various sources, including our customers, suppliers, business contacts and prospective employees.
The ways in which we collect and hold personal information depend on your dealings with us, but generally it may include if you:
create an account on the Overlay AI platform, or update or upload content through that platform;
meet with us (when you might inform us of your personal details or hand over a business card);
communicate with us (eg, if you submit an enquiry), including by letter, telephone or email); or
engage with our online marketing; or
submit information through our websites, blogs or other social media accounts (e.g. LinkedIn).
In some circumstances, we may collect personal information about you from third parties such as (as applicable):
our customers, potential customers and their business contacts;
your employees, representatives or personal referees;
your employer; or
publicly-available resources.
We receive all personal information that you provide to us about third parties on the understanding that you have obtained the relevant individual's consent for us to collect and handle that personal information in accordance with this Privacy Policy.
We may hold personal information in electronic or hard-copy formats. More information about how we store personal information is set out in section 13.
6 Use and disclosure of personal information
We will generally only use or disclose your personal information for the purpose for which we collected it, and for related purposes we consider would be within your reasonable expectations.
Where we propose to use or disclose your personal information for a purpose other than as described in this Privacy Policy, we will seek your permission (unless we are required or permitted by law to use or disclose personal information without obtaining consent).
By providing us with your personal information, you consent to us using and disclosing your personal information as described in this Privacy Policy.
7 Who we disclose personal information to
We generally disclose personal information to (as applicable in the circumstances):
certain suppliers who provide services or products to or for us (for example, develop and maintain our computer systems, electronic records, websites and social media accounts, or provide payment processing services or other services);
other persons in connection with the provision of our services and products (such as our customers, suppliers and their contractors and other business contacts);
our auditors, insurers and legal and other professional advisers;
members of our corporate group; or
any person to whom you authorise us to disclose the information.
We endeavour to ensure third parties only receive the personal information necessary to undertake their work for us, and that they are bound by appropriate confidentiality obligations to ensure the information we disclose is only used for the limited purposes for which we provide it.
We generally ensure such organisations are contractually required to ensure that information we disclose is used only for the limited purposes for which we provide it.
8 Direct marketing
We may send you marketing or promotional communications by post or by electronic means if you are on our mailing list (via email, SMS or on LinkedIn). You may ask not to receive such material from us by contacting us (see section 19 below) or by using the opt-out function included in those communications.
There are no consequences of opting-out of receiving our marketing and promotional communications except that you will no longer receive them, and you may elect to re-join our marketing list at a later time if you wish.
9 Overseas recipients
We may disclose personal information to users of the Overlay AI platform who in some cases may be overseas recipients.
We are not otherwise likely to disclose personal information to overseas recipients, except with your consent or where we required to or authorised to do so by law.
We may disclose personal information so that it may be stored or processed on servers located overseas. Parties to whom we disclose personal information for storage or processing purposes may be in countries such as Australia. However, generally we retain effective control over such data.
We may disclose personal information to overseas recipients where required in order to provide specific products or services our customers require (limiting the disclosure to the extent required for such purposes).
10 Legal requirements for collection
There will not usually be Australian laws or court/tribunal orders which require or authorise us to collect your personal information.
11 Consequences of failure to collect personal information
If you fail to provide personal information requested by us, or if the personal information you supply is incorrect or incomplete, there may be a range of consequences, for example we may be unable to process or respond to your request or provide products or services to you. You may be unable to establish an account on the Overlay AI platform if you do not provide the personal information we request.
You have the option of not identifying yourself, or of using a pseudonym, when dealing with us, unless it is legally necessary or impracticable for us to deal with individuals who are not identified. If we request your personal information but you would prefer to remain anonymous, please let us know. We will notify you if we require you to be correctly identified for a particular interaction.
12 Sensitive information
We do not generally collect sensitive information (which may include, for example, information about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, professional association or trade union membership, sexual orientation, criminal record, or health or disability).
If we do collect sensitive information, we only do so with your consent and if the information is reasonably necessary for one of our functions or activities. We will assume you have consented to us collecting, using and disclosing (in accordance with this Privacy Policy) all information that you provide to us, including any sensitive information, unless you tell us otherwise at the time of collection. If we request your sensitive information but you have any concerns providing it to us, please let us know.
13 Storage and security
We take reasonable steps to protect your personal information we hold from misuse, interference and loss as well as unauthorised access, modification or disclosure.
For example, information stored on our information technology systems is protected by security features and procedures. We undertake regular monitoring of our practices and systems to ensure the effectiveness our security policies and identify and implement improvements where appropriate.
However, we cannot and do not guarantee that personal information we hold will be protected against unauthorised access or misuse. Unfortunately, no system or methodology for holding personal information can be guaranteed as entirely secure.
Generally, we will take reasonable steps to destroy or permanently de-identify your personal information as soon as it is no longer required or permitted to be used by us. We may retain your personal information where we are required or permitted to do so by law, such as for insurance, legal or corporate governance purposes or for the prevention of fraud. Your personal information may also be retained in our archival records.
14 Access to and correction of personal information
You may contact us to request access to or correction of the personal information we hold about you.
We may refuse to allow access or to amend your personal information if we are legally required or permitted to do so. In that case, we will (unless it is unreasonable to do so) provide you with written reasons for the refusal together with information about the options available to complain about the refusal.
We will respond to your request for access within a reasonable period after the request is made and we will give access to the information in the manner requested if it is reasonable and practicable to do so. We may require you to comply with certain procedures before we allow access to or amendment of your personal information (eg, providing satisfactory identification), in order to ensure the integrity and security of information that we hold. Please understand that our requirements to identify individuals requesting access to personal information are designed to protect you and other individuals from unauthorised access.
We may require you to pay certain costs in order to access your personal information held by us. We will advise the amount payable (if any) once we have assessed your application for access. We will not however charge a fee for you to lodge a request for access to or correction of your personal information.
We will take reasonable steps to ensure that the personal information we collect is accurate, up-to-date and complete, and the personal information we use and disclose is accurate, up-to-date, complete and relevant. If we are satisfied that any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly.
Please let us know if your personal information changes, so that we may ensure our records are current.
15 Online privacy
This section of our Privacy Policy describes how we handle your personal information in connection with online services we provide (which includes services provided by us via the Internet such as our website, email and social media accounts). This section applies to personal information handled in connection with online services in addition to the remainder of the Privacy Policy.
15.1 Automatic server logs
Our servers automatically collect various details when you use our website, including:
your IP (Internet Protocol) address (generally, an identifier assigned to your device when it is connected to the Internet);
the operating system and Internet browser software you are currently using; and
the data you access (such as web pages or other document files or software), and the time that you access it.
We do not attempt to identify individuals using this information, and only use it for statistical analysis, system administration, and similar related purposes. This information is not disclosed to any other party.
15.2 Cookies
Our website uses "cookies", which identify your device to our servers when you visit our website. Our website may request to store cookies on your device in order to improve and customise your future visits. Through the use of cookies our site can deliver customised content to you. If you do not want information collected through the use of cookies, you may be able to configure your Internet browser to disable them.
We do not attempt to specifically identify and track individuals using cookies.
15.3 Email and messages
We may collect personal information from you (such as your name and email address, and any other personal information you volunteer) if you send us email. We will use this to contact you to respond to your message, to send you information that you request, and for other related purposes we consider are within your reasonable expectations.
15.4 Storage and transmission of personal information online
If you provide any personal information to us via our online services (including email) or if we provide such information to you by such means, the privacy, security and integrity of this information cannot be guaranteed during its transmission unless we have indicated beforehand that a particular transaction or transmission of information will be protected (for example, by encryption).
15.5 Other online services
If any of our online services (including any email messages we send to you) contain links to other online services that are not maintained by us, or if other services link to our online services, we are not responsible for the privacy practices of the organisations that operate those other services, and by providing such links we do not endorse or approve the other services. This Privacy Policy applies only in respect of our online services.
15.6 No data extraction
You are not permitted to extract, harvest or "scrape" personal information or other data from our website using any automated or non-automated process (whether directly or indirectly).
16 Data breach
If we suspect or there is unauthorised access to or disclosure of, or loss of, personal information we hold, we will undertake a prompt investigation, which will include an assessment of whether the incident is likely to result in serious harm to an individual. If that is the case, we will comply with the requirements of the Act which may require notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals.
Please contact us if you have reason to believe or suspect that a data breach may have occurred, so that we may investigate and, if necessary, undertake appropriate containment, risk mitigation and notification activities as required.
17 Complaints
If you have a complaint about our handling of your personal information, or you believe that a breach of your privacy has occurred, please contact us using the details below.
Your complaint will be considered and dealt with by our nominated representative, who may escalate the complaint internally within our organisation if the matter is serious or if necessary to resolve it.
Please allow us a reasonable time to respond to a compliant. If you are not satisfied with our response, you may make a complaint to the OAIC (whose contact details can be found at: http://www.oaic.gov.au/).
18 Changes to our Privacy Policy
We may amend this Privacy Policy at any time. We publish our current Privacy Policy on our website, and you may obtain a copy of our Privacy Policy from our website or by contacting us.
19 Contact details
Please contact us at the email address hello@overlay.ai if you have an enquiry about our privacy practices or handling of your personal information.