Privacy Policy

MATCHBOX Exchange Pty Ltd (ACN 612 365 796) and MATCHBOXExchange Pte Limited (UEN 201940877K ) and their subsidiaries and affiliates (“MATCHBOX Exchange”) respect your privacy. This Privacy Policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. It applies to us and our related entities located in Australia and Singapore.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act) and will comply with the Privacy Act 1988 (Cth) (Australia), the Personal Data Protection Act 2012 (PDPA) (Singapore), the Data Privacy Act of 2012 (DPA) (Philippines), the Personal Data Protection Act 2010 (PDPA) (Malaysia), and the Personal Data Protection Act B.E. 2562 of Thailand (Thailand PDPA), the Personal Information Protection Act (PIPA) (Republic of Korea), and relevant laws of your home jurisdiction (“Applicable Laws”) (to the extent it is required to do so under such legislation) when we process (meaning the performance of one or some operations of collecting, editing, utilizing, storing, providing, sharing or spreading personal information in cyberspace for commercial purposes) your personal data. The Applicable Laws govern the way in which we collect, process, use, disclose, store, secure, transfer and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au. A copy of the PDPA (Singapore) may be obtained from the website of the Singapore Personal Data Protection Commission at www.pdpc.gov.sg. A copy of the DPA (Philippines) may be obtained from the website of the Philippines? National Privacy Commission at www.privacy.gov.ph. A copy of the PDPA (Malaysia) may be obtained from the website of the Malaysian Personal Data Protection Department at www.pdp.gov.my/jpdpv2/?lang=en. A copy of the PIPA (Republic of Korea) may be obtained from the website of the Korean Personal Information Protection Commission at https://www.pipc.go.kr/cmt/english/news/selectBoardArticle.do. Copies of legal instruments on data protection and privacy of Vietnam may be found on the website of Vietnam’s Authority of Broadcasting and Electronic Information at http://abei.gov.vn/van-ban-qppl/10089.

What is Personal Information and how do we collect it?

Personal Information is information or an opinion about an identifiable individual. Examples of Personal Information we collect include: names, usernames, job titles, usage of the systems we manage, addresses, email addresses and phone numbers.

This Personal Information is obtained in many ways including interviews, correspondence, by telephone and by email, via our website and website application, from media and publications, from other publicly available sources, from cookies and from third parties. We don’t guarantee website links or policy of authorised third parties.

By your clear and explicit consent, you consent to the collection, use and transfer of your Personal Information including transfer to places other than the place of collection in accordance with this Privacy Policy.

For what purposes do we process your Personal Information?

We shall handle personal information for the purposes described below. We shall not use any personal information which we handle for purposes other than those described below. If the purpose of use is changed, we will take adequate measures including obtaining a separate consent pursuant to Article 18 of the PIPA.

  1. Providing of Services
  2. Handling Complaints
  3. Marketing and Promotional Activities
  4. Account Management

How do we process, use and/or disclose Personal Information?

Before we collect and/or process Personal Information we will explain to you which information will be collected, where information will be processed, why we are collecting the information and how we process and/or plan to use it and we will inform you about your rights in relation to our collection, use and disclosure of your Personal Information and the period for us to retain your Personal Information. If you are an employee or representative of one of our current or prospective clients or suppliers, we will usually only collect whatever Personal Information is provided to us by you or your employer in the course of dealing with us, and use it only for the purpose of those dealings.

You are under no obligation to provide your Personal Information to us. However, without receiving certain information from you, we may not be able to provide our services to you or the customer or entity that you represent.

We shall collect the minimum Personal Information necessary to provide various services as follows:

1. General Information of Employees

  • Contents of personal information (essential): name, e-mail.
  • Manner of collection: via registration form, provided by you over the phone, or provided by your employer.

2. General Information of Company

  • Contents of personal information (essential): director name and e-mail, operations team name and e-mail, finance name and email, depot and head office address.
  • Manner of collection: via registration form, provided by you over the phone, or provided by your employer.
  • Contents of personal information (essential): director name and e-mail, operations team name and e-mail, finance name and email, depot and head office address.
  • Manner of collection: via registration form, provided by you over the phone, or provided by your employer.

3. General Information Regarding Campaigns or Event Landing Pages

  • Contents of personal information (essential): name, e-mail, address of the company, mobile phone number
  • Manner of collection: via webpages for the campaigns

4. Other automatically generated information

  • Contents of personal information (essential): access IP information, cookies, service use record, access log.
  • Manner of collection: collected through the use of the MatchBox Exchange platform

Use of our website

When you visit our website, and the platforms and systems accessed through it, we may automatically collect information about you, including details of access, IP addresses, web statistics and other information which is required to ensure that the site and systems are functioning properly.

When you visit our website, the server may attach a “cookie” to your computer’s memory. A “cookie” assists us to store information about how visitors to our website use it and to make assumptions about what information may be of most interest to you. Cookies and the data associated with them do not generally include personal identifiers, but they may be used, stored and analysed in our IT systems and by the hosts for our servers and network. If Personal Information will be captured in those processes, such Personal Information will be processed in accordance with this Privacy Policy. Your computer, server host or IT provider may allow you to configure your web usage and profile to manage what information is captured when using our website.

Collection from Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. If you provide us with the Personal Information of any other individual, you confirm that you have notified that individual of the purposes to which you are providing us with that individual’s Personal Information and that you have obtained that individual’s consent to providing us with that Personal Information.

Consignment of Personal Information

We consign part of its operations to third-party businesses to provide more convenient and improved services.

CONSIGNED COMPANYCONSIGNED OPERATIONSRETENTION AND USAGE PERIOD OF PERSONAL INFORMATION
Microsoft Corporation (USA)Data storage and processing during the provision of our service.Until the consignment agreement term has expired, or the member has requested that their personal information be removed.
Microsoft Corporation (USA)Contacting our Help Team via email, we may also discuss your issue internally. We use Microsoft 365 and Teams for this.Until the consignment agreement term has expired, or the member has requested that their personal information be removed.
Twilio Incorporated (USA)Sending product and marketing emails through SendGrid.30 days.
Zoho Corporation (India)Customer relationship management (CRM) and marketing campaign email lists.Until the consignment agreement term has expired, or the member has requested that their personal information be removed.
Google LLC (USA)Usage analytics of our marketing website (https://www.matchboxexchange.com).26 months or until the consignment agreement term has expired.
Freshworks Incorporated (USA)Management of contact details and support tickets for our platform.Until the consignment agreement term has expired, or the member has requested that their personal information be removed.
Xero Limited (New Zealand)Issuing of invoices and payment reconciliation.Until the consignment agreement term has expired, or the member has requested that their personal information be removed.
Marsh Tincknell Chartered Accountants (Australia)General accountancy services.Until the consignment agreement term has expired, or the member has requested that their personal information be removed.
Zoom Video Communications Incorporated (USA)Used for the hosting of webinars and video conferencing calls.Until the consignment agreement term has expired, or the member has requested that their personal information be removed.
Fuze Incorporated (USA)Telephony used by our Operations Team (help@matchboxexchange.com) when communicating via phone.Until the consignment agreement term has expired, or the member has requested that their personal information be removed.

We consign part of our operations to third-party businesses in order to provide better services and regulates matters, as well as exercises both management and supervision, necessary to ensure that the consigned companies safely process personal information in accordance with the Personal Information Protection Act (PIPA). Unless using services related to affairs that we consigned to consignees, your personal information will not be provided to consignees.

Disclosure (Provision) of Personal Information to third party

1) We strictly prohibit the provision of personal information to any third party without obtaining consent from the user. We do not provide personal information to any third party without obtaining consent from the user. However, personal information may be provided, and limited to, the following instances: where the user has personally agreed to such provision in order to use third party-based services; where we are obliged to provide personal information so as to observe relevant laws and regulations; and/or where it becomes necessary to resolve emergency situations where the user’s life or safety has been confirmed to be at risk.

2) We provide Your Personal Information to third parties as follows.

TRANSFEREEPURPOSE OF USE OF PERSONAL INFORMATION BY TRANSFEREECONTENTS OF PERSONAL INFORMATION TRANSFERREDPERIOD FOR MAINTAINING AND USE OF TRANSFEREE

Your Rights and Obligations of Information Subjects and your Legal Agents, and Performance thereof

You and your legal agent may exercise the following rights related to protection of personal information on behalf of himself/herself or the concerned child under age of 14:

  1. Request to access personal information;
  2. Request to correct personal information (in case of errors, etc.)
  3. Request to remove personal information; and
  4. Request for suspension of handling personal information.

If you or your legal agent requires for removal or correction of any errors in personal information related to himself/herself or the concerned child under age of 14, then we shall not use or provide the relevant personal information until the correction or deletion is completed. We shall immediately rectify any wrongful use or providing of personal information upon detecting the same. You shall not infringe any personal information and privacy of a third party which we are handling, in violation of the applicable laws including the PIPA.

European Union General Data Protection Regulation

If you are a citizen of a European Union (EU) country or we collect personal data about you from a source in the EU, we aim to provide the standards of privacy protection required by the EU’s General Data Protection Regulation (GDPR) from 25 May 2018. Additionally, EU based organisations that share subject data with us may require that we meet GDPR standards. Our commitments in this Policy are generally consistent with the GDPR requirements applying to a Controller of subject data, and where required we will meet GDPR obligations in full. If you have a query about your rights or our obligations for GDPR purposes, please contact us.

Storage and security of Personal Information

Since MATCHBOX Exchange relies on a group-wide data processing system to process personal data relating to its employees, contractors, agents, customers, vendors; your personal information may – in the context of the above-mentioned purposes of data processing – also be stored in and transferred to the MATCHBOX Exchange group’s and its service provider’s locations abroad, if necessary.

We strive to ensure the safe management of user personal information and continues to protect personal information at a level beyond the standards required by the related regulations. We shall take technical, managerial and physical measures necessary in accordance with Article 29 of the PIPA as follows:

  1. Managerial Measures: Implementation and operation of the Personal Information Internal Management Plan, minimisation and training of employees who handle personal information
  2. Technical Measures: Security measures using encrypting technology including encryption of distinctive personal information, measures to prevent fabrication/falsification of records, measures to prevent computer viruses and malware, and measures to protect our network infrastructure.
  3. Physical Measures: Encryption of employee devices that can access personal information, all servers hosted in the public cloud where only authorised Microsoft employees have physical access.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Duration of Storage

We store your data for different lengths of time depending on the required purpose of processing. Your Personal Information will be kept for an appropriate period of time considered by the MATCHBOX Exchange group as suitable for our purposes set forth herein and will be deleted upon expiry of this period, unless otherwise permitted or required by Applicable Laws. When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information (unless we are required or authorised by law to retain it).

Your rights and choices regarding, and access, to your Personal Information

You may access the Personal Information we hold about you and require us to update and/or correct it if it is wrong or out of date, or delete, subject to certain exceptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) or technical reasons. If you wish to access your Personal Information, please contact us on the details below.

We will endeavour to provide a complete list of your Personal Information, correct or delete your Personal Information on receipt of your request. We may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information we may require identification from you before releasing the requested information and will implement your request or let you exercise any of these rights in most cases in a timely manner.

Maintaining the Quality of your Personal Information

It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

You may withdraw your consent for us to retain your Personal Information anytime you like, except only in case your consent withdrawal is restricted by Applicable Laws.

Destruction of Personal Information

Unless there is a justifiable cause under Article 6 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc., Article 41 of the Enforcement Decree of the Protection of Communications Secrets Act, Article 29 of the Enforcement Decree of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., or any other law to retain personal information, we shall destroy the concerned personal information within [7 days] after the expiration of the applicable retention period.

In case where we shall, pursuant to any other law, retain personal information after the expiration of the applicable retention period or satisfaction of the purpose of handling the relevant personal information, we shall transfer the relevant personal information into a separate DB or store the same in a separate storage location.

We shall select personal information which shall be destroyed, and destroy the selected personal information upon approval of the personal information protection manager.

Electronic files containing personal information shall be destroyed in a technical manner that does not allow restoration of the personal information, and print-outs containing personal information shall be shredded or burnt.

Policy Updates

This Policy may change from time to time and is available on our website. Your continued use of the website, website applications, and our services after any such changes are notified to you constitutes your agreement to this Privacy Policy as amended.

Privacy Policy Complaints and Enquiries

We appoint a personal information management/protection manager and working-level officer in order to protect personal information and handle any complaints related to the personal information in accordance with Article 31(1) of the PIPA as follows:

  1. Personal information protection manager
    • Name: Stephen Kennedy
    • Title: Chief Technology Officer
    • Contact information: Tel: +65 3158 2111 / e-mail: privacy@matchboxexchange.com
  2. Personal Information Protection Department
    • Department: Technical Support
    • Name: Technical Support
    • Contact information: Tel: +65 3158 2111 / e-mail: privacy@matchboxexchange.com

help@matchboxexchange.com

If you are not satisfied with how we handle your complaint or enquiry, you may contact one or more of the following bodies:

Australia
Office of the Australian Information Commissioner
www.oaic.gov.au
1300 363 992
enquiries@oaic.gov.au

Singapore
Singapore Personal Data Protection Commission
https://www.pdpc.gov.sg/Individuals/Complaints-and-Reviews/Report-a-Personal-Data-Protection-Concern/Personal-Data-Protection-Complaint
+65 5377 3131

Philippines
Philippine National Privacy Commission
https://www.privacy.gov.ph
+632 8234-2228
info@privacy.gov.ph

Malaysia
Malaysian Personal Data Protection Department
https://www.pdp.gov.my/jpdpv2/?lang=en
+603-8000 8000

Thailand
PDPA Expert Committee at the Office of the Personal Data Protection Committee.

Vietnam
Vietnam Competition and Consumer Protection Agency (amongst others).

Republic of Korea
Contact the organizations shown below to file reports or seek consultation for other privacy infringements.

  • Privacy Infringement Report Center (privacy.kisa.or.kr / Phone no. 118)
  • Cyber Crime Investigation Unit, Supreme Prosecutor’s Office (www.spo.go.kr / Phone no. 1301)
  • Cyber Terror Response Center, National Police Agency (police.go.kr / Phone no. 182)