Privacy Policy
About this Privacy Policy
- This Privacy Policy describes how Iguana2 Pty Ltd ABN 61 095 300 584 manages personal information.
- We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (APP(s)), the General Data Protection Regulation 2016/679 (EU) (GDPR) and the Privacy Act 2020 (New Zealand). If we decide to change this Privacy Policy, we will post the updated version on this webpage. Our policy is to be open and transparent about our privacy practices. We encourage our customers to familiarise themselves with this Privacy Policy to understand how and when we collect, hold, use, transfer, disclose and otherwise process personal information about them.
- We own, operate and provide the following products and services to our customers:
- a desktop software application known as “Spark” that can be used by financial industry professionals and self-directed private investors to access real time stock market information and related functionality;
- a service known as “YourIR” or “Your Investor Relations” that automates the displaying of share prices, charts and company announcements on our customers’ websites and sends email alerts to our customers’ investors and stakeholders;
- a JavaScript framework and managed market data cloud service known as “QuoteAPI” that enables companies to develop their own market information websites; and
- custom market information services delivered by way of agreed Application Programming Interfaces (APIs) to customers.
The types of personal information we collect and hold about our customer
- We collect the following types of personal information:
Information about our customers: The types of personal information collected from our customers are limited to name, company name, email and postal addresses, phone numbers and other contact information, usage information, details of the type of account and data packs that customers purchase from us, login details, social media account names, credit card details, data entered into Iguana2 products and services by customers (including, but not limited to stocks searched for, stock watchlists and stock alert parameters), billing information and any other information that customers provide to us in order for us to supply them with our products and services. Credit card details are not stored by us (other than the last 4 digits of the credit card) and are held by our payment gateway provider, eWAY.
Information required for the support, maintenance and security of Iguana2 products and/or services: In order to support and maintain Iguana2 products and services, we collect and process user information including, computer and device information, IP addresses, network information, user access logs, usernames, passwords, error messages, statistical data and information included by our customers in technical support tickets, telephone calls, emails and other communications they send to the Iguana2 support team. We also collect the DNS location of any inbound traffic to ensure that inbound traffic from locations that should not be accessing Iguana2 products and/or services are restricted.
- We collect the following types of personal information:
How we collect personal information
- Our policy is to only collect personal information by means that are fair in the circumstances.
- We collect personal information about our customers in one or more of the following ways:
- when our customers sign up to Iguana2 products and services;
- when the information is collected by Iguana2 products and services;
- when it is voluntarily disclosed to us during our provision of technical support or to answer any enquiries whether by telephone call, survey, e-mail, online form, support ticket or otherwise.
How we use personal information
- How we use and process that personal information includes
- As required to provide Iguana2 products and services to our customers.
- In order to store personal information in databases and systems in our hosting environments at third party data centres.
- To support and manage our customers’ use of Iguana2 products and/or services.
- Backing up and restoring data that includes customer personal information.
- When conducting research and development of Iguana2 products and services.
- To communicate with existing and potential customers about the use of Iguana2 products and services and to market new services and products to them (such as by reaching out to customers who are also twitter influencers using their twitter handles).
- To handle customer complaints.
- To send newsletters and other communications to our customers concerning Iguana2 products and services.
- To carry out security audits, investigate security incidents and implement security processes and procedures that require access to personal information.
- To issue invoices to our customers.
- To enforce our customer and end user licence agreements.
- To comply with our obligations under our supplier agreements, including but not limited to by disclosing customer personal information to Market Information Providers confirming the list of locations in which market information that we make available through our products and services is received and to report to Market Information Providers usage of their market information in order to comply with our agreements with them.
- The lawful basis for collecting the personal information includes
- Performance of our contracts with our customers and suppliers.
- Required to identify customers and to identify persons who wish to exercise their rights under privacy law to access or correct their personal information or to exercise their other rights with respect to their personal information.
- Where customers have given consent to the processing of their personal data for one or more specific purposes.
- Necessary for our legitimate interests (in order to operate and grow our business, to allow our customers to operate Iguana2 products and services, to enable us to operate our IT systems and networks, to manage our hosting environments and to ensure the successful delivery of our products and services).
- To comply with our legal and statutory obligations (including our obligations to our Market Information Providers).
- Required in order to determine which privacy law applies to the individual.
- To market Iguana2 products and services.
- Necessary for our internal business purposes such as billing.
- How we use and process that personal information includes
Analytics data and cookies
- We also collect information about our customers through their use of Iguana2 products and services, known as analytics data. Such analytics data includes information about devices accessing Iguana2 products and services, the amount of time our customers spend using Iguana2 products and services and in which parts of them, and the path navigated.
- Except where it is necessary to collect or process such information in order to investigate a security incident or potential breach of our customer agreement by any person:
- all such information is de-identified data and is not collected in a form that could reasonably be expected to identify an individual; and
- we only use analytics data to help us review, enhance, market and improve Iguana2 products and services (for statistical, marketing or research purposes).
- We may collect information using “cookies” and other similar technologies. Cookies are small packets of data that Iguana2 products and services may store on your computer’s or mobile device’s hard drive (or other storage medium that you use to access them). We use both 1st and 3rd-party session cookies and persistent cookies as follows:
- Session Cookies We use session cookies to make it easier for you to navigate the Iguana2 website. A session ID cookie expires when you close the website.
- Persistent Cookies A persistent cookie remains on your device for an extended period of time or until you delete them. You can remove persistent cookies by following directions provided in your web browser’s “help” file or settings. To the extent we provide a log-in portal or related feature on Iguana2 products and services, persistent cookies can be used to store your passwords so that you don’t have to enter them more than once. Persistent cookies also enable us to track and target the interests of our visitors to personalise the experience on the Iguana2 website.
If you do not want us to place a cookie on your electronic device or computer, you may be able to turn that feature off on your electronic device or computer. Please consult your browser’s documentation for information on how to do this and how to delete persistent cookies. If you decide not to accept cookies from us, certain aspects of Iguana2 products and services may not function properly or as intended.
How we hold and secure personal information
- We hold and store personal information that we collect in the following locations:
- our offices, computer systems and third party owned and operated hosting facilities;
- third party owned accounting and compliance cloud-based software providers;
- third party owned cloud-based email providers;
- third party owned cloud-based customer relationship management and email marketing providers; and
- on electronic devices at our offices and at the premises of our personnel.
- We take reasonable steps to protect personal information that we hold using such technical and organisational security measures as are reasonable in the circumstances to take against loss, unauthorised access, modification and disclosure and other misuse. Such measures ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
- We implement the following technical and organisational security measures in our organisation:
- we only use reputable hosting providers to host personal information;
- complex passwords and other access control procedures in our computer systems;
- SSL encryption for data transmitted via Iguana2 products and services both in transit and at rest;
- blocking high level domain IP inbound access to our systems and ensuring that our systems are regularly patched;
- antivirus software;
- secure routers and firewalls to protect company devices and systems from inbound attacks or viruses;
- physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, use of access cards and alarms;
- with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is destroyed or de-identified.
- We also have a data breach response plan in place so that we will know how to respond to any data breaches if and when they occur.
- We hold and store personal information that we collect in the following locations:
Who we disclose personal information to
- We disclose personal information that we collect to the following third parties:
- our payment gateway provider who we need to communicate with in order to provide Iguana2 products and services;
- reputable hosting providers and backup hosting providers who host databases that we use to provide Iguana2 products and services;
- our employees, officers, agents and/or suppliers. We ensure that they are aware of their information security responsibilities and have entered into agreements requiring them to comply with privacy and confidentiality obligations that apply to personal information that we provide to them;
- email marketing companies who send emails on our behalf;
- when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
- to potential acquirers, joint venture partners, business partners and other similar third parties where Iguana2 undergoes a potential or actual merger, corporate restructure or acquisition;
- where a person provides written consent to the disclosure of their personal information;
- where it is brought to our attention that specific personal information needs to be disclosed to protect the safety or vital interests of any person;
- if we are contacted by any person who represents to us that they are our customer, for security purposes, we will discuss the personal information that we hold about them with them but only if they verify their identity;
- to our Market Information Providers in accordance with our contractual obligations to them;
- governmental authorities, bodies and regulators for the enforcement of a law imposing a pecuniary penalty or to avoid prejudice to the maintenance of the law by any public sector agency;
- to any court or tribunal for the conduct of proceedings (being proceedings that have been commenced or are reasonably in contemplation); and/or
- where required by law.
- We disclose personal information that we collect to the following third parties:
Offshore Disclosure
- We transfer personal information to our contractors and service providers who assist us with the supply and provision of Iguana2 products and services, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We transfer personal information to our hosting providers in Australia and our offshore contractors and service providers located outside of Australia. Our offshore contractors and service providers are currently located in the United States and New Zealand.
Third party websites
- Iguana2 products and services and our emails and website (whether delivered by us or our contractors) may include links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection and privacy laws. You should consider the privacy policies of any relevant third party website prior to sending personal information to them.
- You may interact with social media platforms via social media widgets and tools linking to our social media accounts (e.g. our twitter account) that may be installed on our website. These widgets and tools may collect your IP address and other personal information. Your interactions with such widgets and tools, and any single sign-on services, are governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal information.
Interacting with us without disclosing personal information
- If you do not provide us with your personal information, you can only have limited interaction with us. For example, you can browse our website without providing us with personal information, such as the pages that generally describe Iguana2 products and services that we make available, and our Contact Us page. However, when you submit a form on our website or become a customer, we need to collect personal information from you in order to identify who you are so that we can provide you with Iguana2 products and services, and for the other purposes described in this Privacy Policy. It is not practical for us to provide you with access to or use of Iguana2 products and services if you refuse to provide us with personal information.
How to access and correct personal information held by us
- We rely on our customers to ensure that all personal information collected from them and held by us is accurate, up to date, complete, relevant and not misleading. Customers who wish to access, update, modify or correct the personal information held by us about them should contact our Privacy Officer using the details set out below.
- We retain personal information held in Iguana2 products and services for a minimum period of 7 years. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the length of time permitted by applicable law. We may use de-identified data for research and marketing purposes or otherwise commercialise it.
- We will handle all requests for access to personal information in accordance with our statutory obligations. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law.
Our contact details
- Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or to make a privacy complaint, may contact our Privacy Officer using the following details:
Privacy Officer
Iguana2 Pty Ltd
+61 2 8067 8694
privacy@iguana2.com
Three International Towers
Level 24, 300 Barangaroo Ave
Sydney NSW 2000
- We will use our best endeavours to resolve any privacy complaint with the complainant within a reasonable time frame. This may include working with the complainant on a collaborative basis.
- If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the APPs, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
Telephone: 1300 363 992
Online Form: click here
Address: GPO Box 5218, Sydney NSW 2001
New Zealand Customers and Data Subjects
This section of our Privacy Policy applies to personal information of Iguana2 customers that is governed by the Privacy Act 2020 (New Zealand) (Privacy Act (New Zealand)).
- Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or to make a privacy complaint, may contact our Privacy Officer using the following details:
Collection of personal information
- We will only collect personal information for a lawful purpose which is connected to a function or activity of our businesses to the extent that it is necessary for such purpose.
Provision of personal information to third parties
- Where it is necessary for personal information to be given to a third party in connection with the provision of services that they provide to us that we use to provide Iguana2 products and services, we will do everything reasonably within our power to prevent unauthorised use or disclosure of the information by them.
- The specific personal information that we collect, how we collect it, how we use it and who we disclose it to, is set out above in this Privacy Policy.
Requests for access to and correction of personal information
- Individuals whose personal information is governed by the Privacy Act (New Zealand) are entitled to seek access to and correction of it in accordance with that legislation.
- As set out above, any person who wishes to access personal information about them held by us should contact us. You may request urgent access to your personal information in accordance with section 41 of the Privacy Act (New Zealand) and state why the request should be treated as urgent. We will on receipt of such request, consider the request and determine the priority given to it and ensure that we provide reasonable assistance to a person who makes such a request.
- We will also take such steps as are reasonable in the circumstances to ensure that personal information that we hold is accurate, up to date, complete and not misleading.
- In the event that a person wishes to access their personal information and it is readily retrievable by us, they can also request from us either of the following: (a) to obtain confirmation from us as to whether or not we hold such personal information; and (b) to obtain access to the personal information and be advised if they are able to correct such personal information.
- We will as soon as possible and in any event no later than 20 working days from the date on which the request is made, decide to grant or refuse the request and notify the person who made the request of our decision. We may in our discretion charge a reasonable fee for making information available in compliance with the request or for correcting any information in compliance with a request (in whole or in part) or for attaching a statement of any correction sought but not made, subject to our compliance with New Zealand’s Information Privacy Principles.
- If a person submits a request to access their personal information to us, we may refuse their request on one or more of the grounds set out in section 30 of the Privacy Act (New Zealand). If we refuse to comply with a request to access their personal information, we will provide the individual who made the request with our reasons for our denial and an opportunity to file a complaint with the Commissioner or to seek an investigation and a review of the refusal.
- Where we hold personal information governed by the Privacy Act (New Zealand) about an individual, they are entitled to request correction of the information and request that there be attached to the information a statement of the correction sought but not made.
Complaints
- If you are not satisfied with our response to any privacy-related concern you may have, you can contact the Office of the Privacy Commissioner:
Office of the Privacy Commissioner
Telephone: 0800 803 909
Email: enquiries@privacy.org.nz
PO Box 10-094, Wellington 6143, New Zealand
- If you are not satisfied with our response to any privacy-related concern you may have, you can contact the Office of the Privacy Commissioner:
Collection of personal data
- We collect all types of personal data that is voluntarily provided by you and/or collected from third party sources. Please see section 2 above for more information about the categories of personal data that we collect. The provisions of this Privacy Policy that refer to personal information apply equivalently to personal data collected by us that is governed by the GDPR.
Purpose and legal basis for processing customer and data subject personal data
- The table in section 4 above sets out the legal basis under which we process customer and data subject personal data for the purposes of Article 6(1) of the GDPR. We will not carry out any further processing activities of your personal data, other than as set out in this Privacy Policy.
Who will receive customer and data subject personal data
- Information about who we disclose personal information to is set out in section 7 above and applies equally to personal data.
International transfers
- We transfer customer personal information to our contractors and service providers who assist us with the supply and provision of Iguana2 products and/or services, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. Provided that we comply with applicable law, we may transfer personal information to our hosting providers in Australia and our offshore contractors and service providers located outside of Australia. Our offshore contractors and service providers are currently located in the United States and New Zealand. When transferring personal data governed by the GDPR internationally, we will ensure that such transfers are in compliance with the GDPR and that we have legally binding agreements in place to govern the receipt and processing of personal data offshore. Information about other appropriate or suitable safeguards is available from us on request.
Retention of customer and data subject personal data
- It is our policy to retain personal data in a form which permits identification of any person only as long as is necessary for the purposes for which the personal data was collected for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal data (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect any other person's vital interests).
Requirement to provide customer and data subject personal data to us
- Please see section 10 above for information about the requirement to provide personal information to us and the limitations that apply where personal information is not provided. Those requirements and limitations apply equivalently to personal data governed by the GDPR.
Rights under the GDPR
- Under the GDPR, you have a number of rights, including:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
- You also have the right to lodge a complaint with any relevant supervisory authority. You are encouraged to contact us in the first instance, if you wish to exercise any of your applicable rights under the GDPR.
- Under the GDPR, you have a number of rights, including:
European Customers and Data Subjects
This section of our Privacy Policy applies to personal data of our customers and data subjects that may be collected by us that is governed by the GDPR. Article 4(1) of the GDPR defines “personal data” as any information relating to an identified or identifiable natural person.