PRIVACY POLICY

Introduction

CJ Global Tech Pty Ltd (630 848 574) (trading as Yacht Pilot) and their related entities are committed to protecting the privacy of your Personal Information.

This Privacy Policy tells you how we will handle your Personal Information in accordance with the Privacy Act 1988 (Cth) ("Privacy Act"), the Australian Privacy Principles ("APPs") and the EU General Data Protection Regulation (EU) 2016/679 ("GDPR") (if the GDPR applies to us).

1. Does this Privacy Policy apply to me

This Privacy Policy applies when you use any of our Services. By visiting the Web Site or using any of our Services or Apps, you agree to the terms of this Privacy Policy. You should not access the cloud or app and use any of our Services if you do not agree with this Policy.

2. What information do we collect 

We collect and use Personal Information from Users of our services. The specific type of Personal Information that we collect will depend on the reasons for and information supplied by you or the circumstances of its collection and may include, but is not limited to, the following:

• User information: name, telephone and mobile number, email address, and address;
• Device information: your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
• Payment and transactional information: banking, credit card or debit card details, billing information, Device Information and Technical Usage Data; billing information, Device information and Technical Usage Data;
• Account Information: any additional information relating to you that you provide to us directly through the Cloud or the Site or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
• Enquiries, communications and social media: information contained in any enquiry you submit to us regarding our Portal or any of our Services, communication content, metadata associated with communications and information about you shared by social media Portals (if you communicate with us by way of a social media Portal that we use); and a social media Portal that we use); and
• Other information: any other personal information that may be required to facilitate your services with us.any other personal information that may be required in order to facilitate your services with us.

If you do not allow us to collect all the Personal Information we reasonably request, we may not be able to deliver any of our Services to you.

3. How we collect Personal Information

We may collect your Personal Information directly from you or while providing our services to you. For example, we collect Personal Information from you or about you when: from you or about you from:

• you access and use the Cloud;
• you use any of our Services and Apps;
• In correspondence between you and us;
• visits to, and submissions you make on our Cloud;
• you interact with our electronic direct mail and emails from our marketing campaigns (such as clicks on links included in these emails). these emails).

Sometimes, we may receive Personal Information about you from third parties, including our related entities, government agencies and regulatory authorities.

4. Why we collect, hold and use Personal Information

We collect, hold and use your Personal Information to provide you with request services and access to our web Cloud, which includes (without limitation):

(GDPR lawful basis: consent)

• providing you with use of our Cloud and any of our Services;
• offering, promoting, advertising, marketing, and selling relevant and suitable Services to you;
• sending you relevant notifications, electronic direct mail, email marketing campaigns, and/or newsletters;
• any other purposes identified at the time of collecting your Personal Information;
• developing and improving our business, the Cloud, and any of our Services;
• for monitoring, research, and analysis concerning our business, the Portal, and any of our Services;
• involving you in market research, gauging customer satisfaction, and seeking feedback;
• performing and supplying any of our Services to you;
• managing our relationship with you (maintaining a User profile), communications with you, user identification, and responding to your enquiries and keeping records;
• processing payments you have authorized or requested;
• complying with our legal obligations to you and to third parties (including, without limitation, any governmental authority);
• ensuring the security of our Cloud and our Services and maintaining backups of our database(s);
• where we reasonably suspect that unlawful activity has been, is being, or may be engaged in, and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;

Where we wish to use or disclose your Personal Information for other purposes, we will obtain your consent.

5. Third Party disclosure of your information.

By using our Cloud and any of our Services and providing us with your Personal Information (or allowing another person to do so), you acknowledge and consent to us disclosing some or all of your information to third parties. This includes disclosure of your information and details of the following:

• to our related entities as necessary for the provision of any of our Services or to enable them to provide any of the service offerings that you have requested or delivered through our network;
• to our third-party provider of verification of identity services (in which case you will be asked to agree to the third-party provider's applicable privacy policy and other policies);
• to a person who uses the Cloud or any of our services on your behalf and/or a person you have authorized;
• if you enable third-party applications to be used in conjunction with the Portal and/or any of our Services to those third-party applications;
• to our partners, contractors, suppliers, subcontractors, and service providers, including without limitation our suppliers of IT-based solutions that assist us in providing any of our services, distributors of direct marketing communications, marketing agencies, insurers, and external business advisors;
• per requirements or authorizations under applicable laws or to comply with our legal obligations; and
• to any other persons or services to which we are legally required to provide information or service we are legally required to provide information to.

We take reasonable steps to ensure that third party recipients are obliged to protect the privacy and security of your Personal Information and use it only for the purpose for which it is disclosed. These measures include using industry-standard, physical and technical security measures and encryption where appropriate. However, regardless of any security measures used, we cannot guarantee the absolute protection and security of any Personal Information stored with us or with any third parties. Personal Information stored with us or with any third parties.

Occasionally, we may be required to disclose your Personal Information to third parties outside of Australia. In this instance, we will take all reasonable steps to ensure that those third parties, in whichever jurisdiction, adhere to the terms of this Privacy Policy.

At all times, the third parties that we disclose your Personal Information to:

• are required to provide GDPR-compliant services (if they are subject to the GDPR); are required to provide GDPR compliant services (if they are subject to the GDPR);
• must take reasonable steps, to our satisfaction, to ensure that Personal Information disclosed by us is protected against misuse, interference, loss and unauthorised access, modification and disclosure;
• must, if they become aware of any misuse, interference, loss, or unauthorised access, modification or disclosure of Personal Information disclosed by us, immediately notify us.

We will not disclose your Personal Information to any third party (except as described above) without your consent unless such disclosure is required by local Data protection laws or the GDPR and/or where we reasonably believe that it is necessary to lessen or prevent a threat to life, health or safety or for action to be undertaken by an enforcement body, or where allowed to do so following the local Data protection laws.

To the maximum extent provided by applicable law, we are not responsible or liable for the protection and privacy of any Personal Information provided to third parties. You accept and agree that the disclosed Personal Information will be held by third parties and may be used by them per the Privacy Act and any privacy policy they may have, and in such circumstances, the third party recipient will be solely responsible for their use of this Personal Information.

6. How we store Personal Information

Personal Information is held and stored electronically (including through a third party client relationship, management product, or system) or a combination. We have physical, electronic and procedural safeguards in place for Personal Information. We take reasonable steps to ensure that your Personal Information is protected from misuse, interference, loss, unauthorised access, modification, and disclosure. Our cloud-based servers are in Australia, the United States of America and Singapore, in Data centres that have represented that they are GDPR compliant (including by incorporating the Standard Contractual Clauses that the European Commission adopted in June 2021).

When developing and designing products and services that involve processing Personal Information, we consider Data protection to ensure we can fulfil our Data protection obligations.

Internal and external firewalls protect Data that is held and stored electronically. We encrypt and/or pseudonymise Data wherever possible. All access to electronic Data, including databases, requires password access that meets industry complexity standards.

Access to Personal Information is restricted to staff and contractors whose job description requires access. Our employees and contractors are contractually obliged to maintain the confidentiality of any Personal Information we hold. We also implement multi-factor authentication ("MFA") safeguards wherever possible.) safeguards wherever possible.

We undertake regular Data backups, with the Data copied and backed up to multiple locations for redundancy purposes.

Our staff receive regular training on privacy procedures.

7. How long will my Personal Information be retained

We will retain your Personal Information only for as long it is required for any of the purposes set out in this Privacy Policy or for any other lawful purpose.

We will retain your Personal Information only for the time periods required by law.

We use secure methods to destroy, desensitise or de-identify your Personal Information when it is no longer needed or legally required to be retained. Electronic records may be archived to alternative storage and are subject to the procedural safeguards described above.

Please refer to the details below for the deletion of your Personal Information.

8. Access to my Personal Information

You have a right to request access to, or correct your Personal Information held by us. If you are in the European Union, you also have a right (with a few exceptions) to request that your Personal Information be deleted.

If you wish to access, correct or update any Personal Information we hold about you, please contact us via the details below.

We will respond to your request within thirty (30) business days of you making the request and give you access in the manner you requested unless it is unreasonable or impracticable for us to do so. Before accepting your request, we must use reasonable methods to verify your identity. There may be reasons why we cannot give you access to the information that you have requested or we refuse to correct your personal information. In these instances, we will let you know these reasons in writing. To assist us in keeping our records up to date, please notify us of any changes to your Personal Information.

9. Withdraw my consent to hold my Personal Information?

You can withdraw your consent from us using your Personal Information at any time.

Please contact us using the details below if you want to make such a request. Please note that by withdrawing your consent, we may no longer be able to provide you with access to our Cloud or Services.

10. Where Personal information is located and when it is transferred internationally

When we share Personal Information, it may be transferred to and processed in countries other than your country, where our Data hosting provider's servers are located. These countries may have laws different to what you're used to. Rest assured, where we disclose Personal Information to a third party in another country, we put safeguards in place to ensure your personal Data remains protected.

For individuals in the European Economic Area ("EEA"), your Personal Information may be transferred outside the EEA. Where your Personal Information is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA Data or to a third party where we have approved transfer mechanisms in place to protect your Personal Information, for example, by entering into the European Commission's Standard Contractual Clauses. For further information, please contact us using the details in the Contact Us section below.

11. What happens if there is a Data breach

We will take seriously and deal promptly with any accidental or unauthorised loss, use or disclosure of Personal Information ("Data Breach").

We are subject to the Notifiable Data Breaches Scheme ("NDB Scheme") under the Privacy Act. In assessing and responding to suspected notifiable Data breaches, we will act in accordance with:

• our applicable policies, which incorporate the requirements of the NDB Scheme, and;
• the guidance of the Office of the Australian Information Commissioner ("OAIC").

Where a breach of your Personal Information occurs that is likely to cause harm (e.g. releasing unencrypted Personal Information), we will notify you and recommend the steps you should take in response to the breach. Where required by law, the OAIC will also be notified.

If a Data Breach releases the Personal Information of a European Union-based user, we will notify the European Data Protection Supervisor within seventy-two (72) hours of becoming aware of the Data Breach.

12. Cookie Data

A cookie is a small Data file placed on your computer or mobile Device when you visit our cloud portal. Services widely use cookies to make the Cloud work, to work more efficiently, and to provide reporting information.

Using our Portal and Services, you agree to be bound by the cookie policy.

13. Will this Privacy Policy change?

We may update our Privacy Policy from time to time by either notifying you of a change to our Privacy Policy and providing you with the updated Privacy Policy or publishing a new version on our Portal. By continuing to use our website or otherwise continuing to deal with us, you accept this Privacy Policy as it applies from time to time.

14. Who do I contact if I have a complaint?

We have procedures for dealing with complaints and concerns about our practices concerning the Privacy Act, the APPs, and any alleged breach of this Privacy Policy. We will respond to your complaint per the relevant provisions of the APPs. For further information, please contact us.

You can contact us by post or email to:

Privacy Officer

4 Friendship Ave, Marcoola, QLD, 4564 Australia

privacy@yachtpilot.co

15. Schedule - Definitions

"Data" means any data inputted by you or with your authority through the use of the Services and includes, without limitation, data owned or supplied by you or data that may otherwise be generated, compiled, arranged or developed by you in using the Services according to these Terms of Use.

"Device" means any device, including a computer, mobile phone, tablet or console, that meets the minimum specifications required to access the Portal and/or use any of our Services.

"Device Information" means Data that can be automatically collected from any device used to access the Portal and/or any of our Services, including your Device type, your Device's network connections, your Device's name, your Device's IP address, information about your Device's web browser and the internet connection used to access the Portal or any of our Services, Geolocation Information, information about apps downloaded to your Device and biometric Data (such as Touch ID/Fingerprint).

"Geolocation Information" means information that identifies your location using longitude and latitude coordinates obtained through GPS, Wi-Fi or cell Portal triangulation.

"Portal" means the cloud-based software and site we own and operate.

"Personal Information" means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained, from the information or opinion;

"Services" means all services provided by us through the Portal and any other website, mobile site or Portal operated by us from time to time.

"Site" means the website operating from the domain at yachtpilot.co or other domains used by us from time to time for access to this site or any other sites or provision of any of our Services.

"Technical Usage Data" means information we collect from the Device that you use to access the Portal or any of our Services, such as what you have searched for and viewed on the Portal, the length of your visit and the way you use any of our Services, including your IP address, statistics regarding how pages are loaded or viewed, the website you viewed before coming to the Portal and other usage and browsing information collected through cookies.

"User" means a user of the Cloud, Web Portal, App and/or any of our Services, as the context requires.