Privacy Policy
Welcome to Black Book.
We are committed to respecting and protecting your privacy. This privacy notice sets out how we collect and use the personal data that you provide to us via this website, www.blackbookapp.co (our “Site“), and our mobile app, Black Book (our “App“, and together with Site, and any other services we provide to you, our “Services“). It also tells you about your privacy rights and how certain laws may apply to you.
If you have any queries about this notice or how we use your personal information, please contact us at privacy@blackbookapp.co
Contents
- About us
- What personal data do we collect via the site?
- How we collect personal data
- How and why we use personal data
- Children
- How we share personal data
- International transfers
- Data security
- How long we keep personal data
- Third party links
- Your rights
- Changes to this notice or your data
1. About us
Our Services are operated by Black Book Holdings Pty Ltd (“Black Book“, “us“, “we“, or “our“).
Black Book is a company registered in Australia ACN 646 293 316 and with its registered office at Common House, 101 Moray Street, South Melbourne, Victoria, Australia, 3205. You can contact us about any queries you have regarding this privacy notice at either our postal address above, or at privacy@blackbookapp.co
2. What personal data do we collect via the Services?
‘Personal data’ means any data which can be associated with you as an individual, either directly or indirectly. We collect different information depending on how you use the Services and how you interact with us.
The personal data we collect via the Services may include:
- Identity information, such as your name, organisation name and position, and your driving licence and passport information (please see section 4a below for information on how and why we collect this information).
- Contact data, such as your address and email and telephone details.
- Usage data, which includes information about how you use the Services (including any bookings, reservations or other services we have provided to you, and our conversations with you), and your location.
- Log-in information, such as your username and password. Alternatively, if you create an account using a social network (such as Facebook, Twitter or Google+), we will obtain information such as your name, Facebook ID, twitter handle, profile picture, network, gender, username, user ID, age range, language, country, friends list, followers and any other information you have agreed that the relevant platform can share.
- Payment and transaction information, including your booking history, and certain other information associated with your payments. This does not include your payment card details, which you provide direct to our payment processors. We do not collect or store payment card details.
- Technical data, such as the device you are using to access our Services, your unique device ID, your internet protocol (IP), browser type and version, time zone and location, display settings, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.
- Marketing and communications data, including any communications we may receive from you, and your preferences in receiving notifications, marketing and other communications from us.
We do not ask you for ‘special categories’ of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or health information. However, if you choose to provide us with this information, and provide us with your explicit consent, we may retain it. We do not collect data about actual or alleged criminal offences.
3. How we collect personal data
Different personal data is collected in different ways.
- Personal data you provide to us
When you create an account to use our Services, you will provide us with your identity, contact, and log-in information, and your marketing and communications preferences.
When you enter your payment card details via our Services, they are provided direct to our payment processor. We use Stripe. We do not collect or store payment card details. You will also provide us with personal data when you correspond with us.
- Personal data we collect as you use our Services
As you use the Services, we will collect your technical, usage and transaction data as described above.
Some of this data is collected using cookies, beacons and similar technologies. Cookies are files with small amount of data which are sent to your browser (or device) from our Services and stored on your device.
We use the following cookies:
Cookie name | What it is used for |
skipReferrerState, preapproved, allowedState, applied | This is used on the Site to identify what part of the application a user is on and to persist across page refreshes and browser openings. This prevents multiple applications on the same device. |
Localization | This is used on the Site to temporarily store the estimated latitude and longitude of the user’s IP address in order to indicate the user’s default city. This cookie is stored in session storage and deleted when the browser tab is closed. |
user token | This authenticates requests with our server, which includes refresh and access tokens. |
session | This is used on Android devices to display a member’s name (including their first name, surname, phone, email, and profile picture URL). |
authToken | This is used to authenticate the member with the server. |
memberData | This is used on iOS devices to display and welcome the member by name (includes the member’s first name, surname, phone, email, and profile picture URL). |
_ga, __utma, __utmb, __utmc, __utmt, __utmz _gid | This helps us count how many people visit our Site, and tracks repeat visitors via Google Analytics. This cookie expires after 2 years. |
mp_mixpanel | This cookie stores an anonymous, randomly generated ID to detect repeat visits to the Site on the same device, and associates actions to the device. This cookie expires after 3 months. |
You can remove cookies from your computer through the settings on your browser but be aware that this may impact your ability to make use of some features on our and other web sites. Management of cookie settings varies from one browser to another. The “Help” menu of your web browser will provide full instructions.
We also use Google Analytics, a third-party service provided by Google, to help us analyse user habits to help increase the functionality of our Services. The information will be used by Google only for the purpose of evaluating the use of our Services. Google Analytics has its own privacy notice, which can be viewed here.
4. How and why we use personal data
We will only use your information where:
a) We need the information to fulfil our contract with you
If we have entered into a contract to provide you with our Services, we will need your personal data in order to do so. The personal data that we use will depend on the service(s) we have agreed. For example:
- We will use your contact details so that we can communicate with you about the Services we provide, to facilitate providing our Services to you and, and to respond to any requests, queries, issues or concerns you may have.
- If you ask us to book certain forms of travel on your behalf, we will need your driving licence and/or passport details in order to do so.
- We will use your identity and log-in data create a public profile for you on our Services. You will need this profile to use our Services.
- We will use your technical information to ensure that our Services display and function correctly on your device.
- We will use your identity, contact, log-in and usage data to customise our Services to you.
- We (and our service providers) will need your payment information to facilitate any payments you authorise. For further information about this, please see Section 6 (‘How we share your data’ section) below.
- As part of our Services, we will recommend products and services to you. We will use your IP address to determine your approximate location (for example, by city, state, or country), and use this information to ensure that the suggestions or other content we suggest to you is relevant to your location. For the avoidance of doubt, we will never track your exact location unless you have provided us with your express permission to do so.
- To provide you with membership rewards and incentives.
b) We have a legitimate interest (reasonable business purpose) in doing so
We will use your information for our legitimate business reasons where our doing so will not unduly affect your rights.
We will use your identity, log-in, contact and usage information to keep our records up to date.
We will use your technical, location and usage information to:
- provide and make improvements to our Services, system maintenance, support, reporting and hosting of data, and troubleshooting;
- ensure that our Services are secure;
- analyse how users interact with our Services; and
- develop new products and services.
We may also use any or all of the information above to administer and manage our business in general, to detect and prevent misuse of our Services (including fraud and unauthorised payments), and to enforce our Terms and Conditions or any other contract to which we may be a party. If you feel that your interests and fundamental rights outweigh our business purposes, and that we should therefore stop processing your data, please let us know.
c) You have given us your consent
If you sign up to our mailing lists, we will send you updates and marketing information that you have consented to receive. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send, or by emailing us at privacy@blackbookapp.co
If you have chosen to create an account with us using a social media network, we will have access to the information set out in Section 2 (‘What personal data do we collect via the Services?’) above. If you would prefer that we do not have access to this personal data, you can create an account using only your email address. Likewise, we will only share your personal data on any social media platform with your consent. We do not post on your social media accounts without your permission.
We will only ever store any ‘special categories’ of data when you have provided us with your explicit consent to this.
We will only ever use your exact location data if you have given us your express consent to this. Likewise, we may need your contact, identity, technical and/or usage information to respond to a question you have asked us.
d) We need to comply with a legal or regulatory obligation
In certain circumstances, we may need to retain or use your personal data to comply with regulations and/or the law.
5. Children
Our Services are not intended to be used by any child under the age of 18. Please do not provide us with any personal data relating to children under the age of 18 unless you are their legal guardian.
6. How we share personal data
We will share your data:
a) With our trusted third-party service providers
These include:
- When you request Services that will be fulfilled by a third party (such as a restaurant, theatre or gallery, for example), we will share your details with that third party (our “Suppliers“). We will only disclose your information to Suppliers the extent necessary for the Service(s) you have requested. This will typically include your identity and contact information.
- We share certain information with our information technology providers, such as website and mailing list hosts.
- We may also share data with analysts, consultants and other professional advisors whom we retain for advice in respect of our business operations.
We will only disclose your data to third party service providers under terms of confidentiality, and they will only use your personal data for the purposes stated in this notice.
As noted above, we do not share your payment information with our payment processors – instead, you provide it to them direct. We use Stripe. For information about how they use your personal data, please see their privacy notices at https://stripe.com/gb/privacy. The only exception to this is if we suspect that your account is being misused, in which case we may discuss certain aspects of your transaction history and/or identity details with our payment processors.
We will also share your information with other third parties and suppliers, but only if you ask us to do so (for example, if you ask us to make a booking on your behalf).
b) With other members of our Services
Where we provide the functionality, you may choose to share some of your profile information with other members of the Services. We will never make your profile visible to other members without your express consent.
d) If you choose to share it via social media
Where we provide the functionality, you may choose to share some of your information from our Services with your friends, followers or contacts on social media.
Your personal data may be disclosed or transferred to potential or actual buyers of, investors into or lenders to our business or any of our assets, or any of the advisors or representatives of the above. If so, we will ensure that appropriate confidentiality terms are in place.
On rare occasions, we may share personal data when we believe it is necessary to comply with the law, regulation or legal request (including a court order or government inquiry); to enforce or apply our terms of use or other agreements; in the context of a business reorganisation or restructuring exercise; or to protect the rights, property, or safety of our business, our employees, our users, or others.
7. International transfers
Our Services are hosted on servers located worldwide. We also use cloud-hosted software solutions which are located in the US and Australia.
8. Data security
The safety of your personal data is of paramount important to us, and we use various technical and organisational measures to ensure that your data is secure.
However, no transmission of information via the Internet or electronic storage is ever completely secure. Although we take appropriate measures to safeguard against unauthorised disclosures of information, we cannot guarantee the security of your data.
9. How long we keep personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
To obtain further information about how long we retain your personal data, please contact us at privacy@blackbookapp.co
10. Third party links
Our Service may contain links to third party sites whose information practices may be different than ours. Please consult all third-party sites’ privacy notices, as we have no control over information that is submitted to, or collected by, third parties.
11. Your rights
You have the right to:
- require us to rectify the personal data we hold about you, where that data is incorrect;
- require that we restrict the processing of your personal information in certain circumstances;
- request access to the personal data that we hold about you;
- require that, in certain circumstances, we delete the personal information we hold about you;
- require that we provide you with the information that we hold about you in a structured, commonly used and machine-readable format; and/or
- withdraw your consent to our using your data for marketing purposes at any time.
If you wish to exercise any of these rights, please contact us at privacy@blackbookapp.co
To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections.
Changes to this notice or your data
We may amend or modify this privacy notice from time to time. We will post any revised notice on this site and on our app, and if the changes are significant, we will notify you by email.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.