Last updated: 31 May 2021

Privacy Policy

Your privacy is important to us at Commission Factory. We respect your privacy regarding any information we may collect from you across our website and platform.

Who are you and what do you want to know?

Commission Factory Pty Ltd (ACN 149 765 631) ("Commission Factory", "Us", "We", "Our", "Company") is a provider of performance marketing software that gives online retailers, agencies and affiliates real-time visibility of an affiliate marketing campaign performance.

We want to get you to the information that is relevant to you as easily as possible. For this purpose, please scroll to the relevant section below or click the relevant category here:

Questions?

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the details set out below:

Privacy Officer

by e-mail at privacy@commissionfactory.com

Please note that this is a summary and the actual privacy policy may include more detailed information. Commission Factory recommends reading the full policy for more specific information.

  • Data Collection: Commission Factory gathers personal data when users register for its services. This includes their name, address, phone number, and email. Commission Factory also collects data from the device users utilise to access its services, such as their IP address, operating system, and browser.
  • Data Usage: Commission Factory utilises this data to provide services, engage in marketing activities, enhance the usability of its platform, and for business administration purposes. Commission Factory also ensures the use of its services is lawful and non-fraudulent, and complies with legal obligations. If Commission Factory believes a user may be in breach of any laws, the user's data may be shared with relevant third parties like law enforcement agencies.
  • Data Sharing: Commission Factory may share user information with group members, personnel, suppliers, subcontractors, and overseas service providers. Commission Factory ensures these parties do not misuse the data and have agreed to protect it. User data may also be shared in the event of a merger or acquisition, or if required by law.
  • Data Security: Commission Factory strives to keep user data secure through technical and organisational precautions, but acknowledges that no security system can completely prevent potential breaches.
  • Data Retention: Commission Factory retains user data as long as necessary to fulfil the purposes it was collected for, including legal, accounting, or reporting requirements.
  • User Rights: Users have the right to request access to their information, request corrections or deletion of their information, restrict Commission Factory's use of their information, and withdraw consent at any time. If a user is unhappy with how Commission Factory is processing their data, they can submit a complaint to a Data Protection Supervisory Authority.
  • AI Interaction: Our use of Artificial Intelligence (AI) enhances service efficiency and personalisation by collecting and using data from interactions for AI training, strictly adhering to privacy and security measures, with user rights to access, correct, or delete their data fully supported; updates to practices will be communicated as necessary.

Who are you and what do you want to know?

Commission Factory Pty Ltd (ACN 149 765 631) ("Commission Factory", "Us", "We", "Our", "Company") is a provider of performance marketing software that gives online retailers, agencies and affiliates real-time visibility of an affiliate marketing campaign performance.

We want to get you to the information that is relevant to you as easily as possible. For this purpose, please scroll to the relevant section below or click the relevant category here:

Questions?

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the details set out below:

Privacy Officer

by e-mail at privacy@commissionfactory.com

Advertisers and Affiliates

How we use data from Advertisers and Affiliates?

Providing our services

We provide our Affiliates and Advertisers with an account in our network interface to access our services. You will need to register there in order to obtain access to our technologies. We will collect all data which has been provided by you (both via the interface or otherwise), this will likely include your name, (company) address, telephone number or email address.

We may collect information on the device you are using to enter our interface pages such as your IP address, operating system and browser of your device.

We will use such information for providing and/or making our services available under the terms of use of our services or in the pursuit of our legitimate interest of the proper administration of our business.

Marketing to you or your company

We use various forms of marketing to provide you with promotional materials about our services or those of advertisers and affiliates operating on the network. We may process contact information that you provide to us (either via our website, through business cards, or through use of our services) for the purposes of marketing in accordance with our legitimate interests to promote our business. You can always request to be removed from the mailing lists by unsubscribing at the bottom of any marketing email or by contacting us.

Improving and optimising usability for you and others

Our network interface uses cookies and other mechanisms, to collect analytical information to help analyse how the interface is used. We process this information to improve our understanding and to compile statistical reports regarding that activity. This information is not used by us to develop a personal profile of you.

How do we use data to administer our business?

We process personal information for the legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.

Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.

With whom do we share your information?

Group members, personnel, service providers: We keep your information confidential, but disclose it to our group members, our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the information and have agreed to safeguard it. Activities that are carried out by third party service providers include: website hosting, website analytics, customer relationship management, email marketing, and IT support.

Third parties: We may disclose your personal information to third parties and service providers located overseas in connection with any purpose, including to overseas cloud computing hosts. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We are not responsible for the privacy or security practices of any third party, including third parties that we are permitted to disclose an individual's personal information to in accordance with this Privacy Policy or any applicable laws. The collection and use of an individual's information by such third parties may be subject to separate privacy and security policies. Such third parties include YouTube API Services (for further information on this tool we direct you to their Terms of Service and Privacy Policy; you can visit the Google security settings page to revoke the access to your data).

Merger or acquisition: If we are involved in a merger, acquisition or sale of all or a portion of our assets.

Required by law: In addition, we disclose your information to the extent that we are required to do so by law (e.g. to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

Enforcement: We disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Commission Factory, our customers or others.

How do we keep your data safe?

We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.

Please be aware that, although we endeavour to provide security for information we process and maintain, no security system can prevent all potential security breaches.

For how long do we keep your data?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

What rights do you have in respect of your data?

We will honour your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. You may:

  1. request access to your information and information related to our use and processing of your information;
  2. request the correction or deletion of your information;
  3. request that we restrict our use of your information;
  4. request a machine-readable copy of your information or that your information be transferred to other IT systems;
  5. object to the processing of your information for certain; and
  6. withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information.

Please send your requests to privacy@commissionfactory.com.

If you are unhappy with the way we are processing your personal data, please let us know by contacting us. If you do not agree with the way we have processed your data or responded to your concerns, you can submit a complaint to a Data Protection Supervisory Authority.

How do we apply external laws?

If you are:

  1. a resident of the European Union accessing our online platforms or receiving our services in Australia; or
  2. accessing our online platforms or receiving our services from within the European Union,

then in addition to our obligations under the privacy laws, we are required to comply with the General Data Protection Regulation (EU) 2016.679 ("GDPR") with respect to your Personal Information.

If you are a resident of California USA, the California Consumer Privacy Act provides California consumers with the right to obtain information about the personal information that we collect, use, and disclose. You can exercise your by contacting us. If you choose to exercise your privacy rights, you have the right to not to receive discriminatory treatment or a lesser degree of service.

We take the security and privacy of your personal information seriously and have prepared this Privacy Policy and taken measures to collect, process and hold all personal information in compliance with United States privacy laws and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.

What happens when we make changes to this Privacy Policy?

This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here and, where feasible, by letting you know by email.

Commission Factory Website Visitors

How we use data from visitors of our website?

To address your enquiries

If you contact us about our services, the forms you complete or the emails you send may include information about you, such as your name, your email address and your enquiry.

In line with the legitimate interest we have in promoting and operating our business, we will process your enquiries to reply and provide you with information about the services we offer.

To send you news and updates

If you ask to be added to our mailing list, we will keep you updated with information on news by email unless you would like to be removed from that list (in which case please let us know by clicking unsubscribe at the bottom of any marketing email that you receive or by contacting us).

Social plugins

Commission Factory participates in and markets via social networks and has implemented certain social plugins on our websites. All social media plugins are used in the pursuit of our legitimate interest of marketing our business and communicating with our business partners and the public.

When you enter a page on our website that contains a social network plugin, your browser or app will establish a direct connection to the social network's servers. The information that your browser has visited the Commission Factory page will be transmitted to the social network, even if you do not have an account with that social network or are not logged into your account. If you are logged in to your account at the same time, a page impression may be assigned to your profile there.

How do we use data to administer our business?

We process personal information for the legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.

Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.

With whom do we share your information?

Group members, personnel, service providers: We keep your information confidential, but disclose it to our group members, our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the information and have agreed to safeguard it. Activities that are carried out by third party service providers include: website hosting, website analytics, customer relationship management, email marketing, and IT support.

Third parties: We may disclose your personal information to third parties and service providers located overseas in connection with any purpose, including to overseas cloud computing hosts. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We are not responsible for the privacy or security practices of any third party, including third parties that we are permitted to disclose an individual's personal information to in accordance with this Privacy Policy or any applicable laws. The collection and use of an individual's information by such third parties may be subject to separate privacy and security policies. Such third parties include YouTube API Services (for further information on this tool we direct you to their Terms of Service and Privacy Policy; you can visit the Google security settings page to revoke the access to your data).

Merger or acquisition: If we are involved in a merger, acquisition or sale of all or a portion of our assets.

Required by law: In addition, we disclose your information to the extent that we are required to do so by law (e.g. to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

Enforcement: We disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Commission Factory, our customers or others.

How do we keep your data safe?

We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.

Please be aware that, although we endeavour to provide security for information we process and maintain, no security system can prevent all potential security breaches.

For how long do we keep your data?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

What rights do you have in respect of your data?

We will honour your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. You may:

  1. request access to your information and information related to our use and processing of your information;
  2. request the correction or deletion of your information;
  3. request that we restrict our use of your information;
  4. request a machine-readable copy of your information or that your information be transferred to other IT systems;
  5. object to the processing of your information for certain; and
  6. withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information.

Please send your requests to privacy@commissionfactory.com.

If you are unhappy with the way we are processing your personal data, please let us know by contacting us.

If we have a dispute regarding an individual's personal information, we both must first attempt to resolve the issue directly between us. If we become aware of any unauthorised access to an individual's personal information, we will inform them and any supervisory authority as required, at the earliest practical opportunity once we have established what was accessed and how it was accessed.

How do we apply external laws?

If you are:

  1. a resident of the European Union accessing our online platforms or receiving our services in Australia; or
  2. accessing our online platforms or receiving our services from within the European Union,

then in addition to our obligations under the privacy laws, we are required to comply with the General Data Protection Regulation (EU) 2016.679 ("GDPR") with respect to your Personal Information.

If you are a resident of California USA, the California Consumer Privacy Act provides California consumers with the right to obtain information about the personal information that we collect, use, and disclose. You can exercise your by contacting us. If you choose to exercise your privacy rights, you have the right to not to receive discriminatory treatment or a lesser degree of service.

We take the security and privacy of your personal information seriously and have prepared this Privacy Policy and taken measures to collect, process and hold all personal information in compliance with United States privacy laws and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.

What happens when we make changes to this Privacy Policy?

This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here.

Job Applicants

How do we use data from job applicants?

As part of any recruitment process, we collect and process personal data relating to job applicants. Such information includes:

  1. your name, address and contact details, including email address and telephone number;
  2. details of your qualifications, skills, experience and employment history;
  3. information about your current level of remuneration, including benefit entitlements

We may collect this information in a variety of ways. For example, it might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including online tests.

We need to process this information to take steps at your request prior to entering into an employment contract with you. We also have a legitimate interest in processing personal information during the recruitment process and for keeping records of the process.

Processing data from job applicants allows us to manage the recruitment process, assess and confirm an applicant's suitability for employment and decide to whom to offer a job.

How do we use data to administer our business?

We process personal information for the legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.

Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.

With whom do we share your data?

Group members, personnel, service providers: We keep your information confidential, but disclose it to our group members, our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the information and have agreed to safeguard it. Activities that are carried out by third party service providers include: website hosting, website analytics, customer relationship management, email marketing, and IT support.

Third parties: We may disclose your personal information to third parties and service providers located overseas in connection with any purpose, including to overseas cloud computing hosts. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We are not responsible for the privacy or security practices of any third party, including third parties that we are permitted to disclose an individual's personal information to in accordance with this Privacy Policy or any applicable laws. The collection and use of an individual's information by such third parties may be subject to separate privacy and security policies.

Merger or acquisition: If we are involved in a merger, acquisition or sale of all or a portion of our assets.

Required by law: In addition, we disclose your information to the extent that we are required to do so by law (e.g. to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

Enforcement: We disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Commission Factory, our customers or others.

How do we keep your data safe?

We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.

Please be aware that, although we endeavour to provide security for information we process and maintain, no security system can prevent all potential security breaches.

For how long do we keep your data?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

As a general rule, your personal information collected as part of your recruitment process will be retained for [6 months] following the notification on an unsuccessful application. In case of a successful application, your personal information will be retained as part of your personnel records and subsequent employee data retention periods will apply.

What rights do you have in respect of your data?

We will honour your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. You may:

  1. request access to your information and information related to our use and processing of your information;
  2. request the correction or deletion of your information;
  3. request that we restrict our use of your information;
  4. request a machine-readable copy of your information or that your information be transferred to other IT systems;
  5. object to the processing of your information for certain; and
  6. withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information.

Please send your requests to privacy@commissionfactory.com.

If you are unhappy with the way we are processing your personal data, please let us know by contacting us. If we have a dispute regarding an individual's personal information, we both must first attempt to resolve the issue directly between us. If we become aware of any unauthorised access to an individual's personal information, we will inform them and any supervisory authority as required, at the earliest practical opportunity once we have established what was accessed and how it was accessed.

How do we apply external laws?

If you are:

  1. a resident of the European Union accessing our online platforms or receiving our services in Australia; or
  2. accessing our online platforms or receiving our services from within the European Union,

then in addition to our obligations under the privacy laws, we are required to comply with the General Data Protection Regulation (EU) 2016.679 ("GDPR") with respect to your Personal Information.

If you are a resident of California USA, the California Consumer Privacy Act provides California consumers with the right to obtain information about the personal information that we collect, use, and disclose. You can exercise your privacy rights by contacting us. If you choose to exercise your privacy rights, you have the right to not to receive discriminatory treatment or a lesser degree of service.

We take the security and privacy of your personal information seriously and have prepared this Privacy Policy and taken measures to collect, process and hold all personal information in compliance with United States privacy laws and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.

What happens when we make changes to this Privacy Policy?

This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here and, where feasible, by letting you know by email.

Commission Factory Consumers

How do we use data from end users?

Commission Factory primarily uses end user data for the purpose of tracking an end user from an Affiliate to an Advertiser. Tracking enables us to see that an end user has visited an Affiliate's service, found a product, and clicked the link to be taken to the Advertiser's service to review or purchase the product.

The purpose of tracking is to attribute sales and marketing effort by an Affiliate to a particular transaction, to enable Advertisers to reward Affiliates on a per transaction basis. Tracking also allows Commission Factory to provide Affiliates and Advertisers with related reports. The majority of these reports contain only aggregated statistical data.

Commission Factory doesn't know who the end user is, simply that the same end user started their journey with the Affiliate and completed it with the Advertiser and that the affiliate marketing campaign was therefore successful in respect of that end user.

By maintaining a limited user profile which does not reveal an end user's name or identity, Commission Factory can also understand an end user journey when it starts on one device and ends on a different device. Through this functionality, Commission Factory can understand whether a referral is commenced on one device and completed on another device. The profile is only used to attribute sales and marketing effort to an Affiliate, even if the end user has changed devices before completing a transaction.

Commission Factory permits Affiliates to enquire as to whether an action by a user ought to have generated a commission for that Affiliate. This necessitates the sharing of information, between Affiliates and Advertisers. Advertisers use the information provided by Affiliates to verify against their own records. Commission Factory enables this data sharing and the payment of any commission due to the Affiliate as a result.

How do we collect data from end users?

The main technologies used for Commission Factory's tracking are Tracking Domain Cookies, Journey Tags and Device Fingerprinting.

Commission Factory Tracking Domain Cookies: These are cookies served by Commission Factory's own domain when an end user clicks on an advertisement displayed by an Affiliate. We use this information to understand which end users are referred by which Affiliates to which Advertiser. Please find some general information on cookies here.

Advertiser Journey Tag: This is JavaScript code integrated into the Advertiser's service to enable Commission Factory to receive transactional information from Advertisers. Commission Factory uses this information to record, validate and report the completion of transactions, for the purposes of apportioning commissions to Affiliates.

Fingerprinting: This is a method by which Commission Factory can uniquely identify a device by considering certain attributes of the browser or the device (incl. screen size/resolution and user configurations).

What data do we collect from end users?

We take care not to collect data that we don't need. The majority of the data Commission Factory uses is machine generated. It lets us single out a person, but it does not reveal who that person is. We do not use this data to make predictions or evaluations of users' interest or personalities.

Commission Factory is one part of the affiliate marketing ecosystem (see our Agreement with Advertisers and Affiliates below) and does not always have absolute control over the personal data that it receives from users, Affiliates or Advertisers.

Commission Factory stores an individual sequence of figures in respect of a transaction that does not reveal the name of a particular end user and contains information on the Advertiser's campaign, the Affiliate, the end user action (i.e. a click or a view and in which country it occurred), and the device that is used.

Commission Factory also receives limited transactional information via the Journey Tag, to confirm that a transaction has occurred and carry out accurate commission allocating, billing and reporting. Such information includes the order value, whether a voucher has been used, product type, and sales channel.

Commission Factory's data processing activities relating to end user data, do not require the direct identification of an individual and therefore Commission Factory mostly holds what is known as "pseudonymous" data in this respect. Pseudonymisation is privacy-enhancing. It is the separation of data from direct identifiers so that data can no longer be attributed to a specific individual without the use of additional information.

Pseudonymisation, therefore, reduces the risks associated with data processing, while also maintaining the data's utility.

Does Commission Factory have legitimate interest in using data?

We have carried out a balancing exercise and have identified legitimate interests as a basis for processing user data for the purposes set out in this section of the Privacy Policy.

When assessing Commission Factory's legitimate interest, the interests of the full affiliate ecosystem were considered. A balancing test was carried out and it was confirmed that tracking carries no risk or a very low risk of undue negative impact on the end user's interests or fundamental rights and freedoms. Legitimate interests are not limited to the interests of Commission Factory but can be legitimate interests of a third party or to society as a whole. In the context of our service, we consider that:

  1. Advertisers have an interest in carrying on an online advertising campaign, paid for on a performance basis, whereby third-party referrers of customers or potential customers of the Advertiser are compensated for referrals which generate revenue for the Advertiser, or which undertake another act desired by the Advertiser.
  2. Affiliates have an interest in monetising their content, services or other aspects of the Affiliate website by generating advertising revenue which is paid on a performance basis.
  3. Advertisers and affiliates have an interest in obtaining reports relevant to their respective business revenue generation.
  4. Commission Factory has an interest in operating an affiliate marketing network, and to provide technology, services and reporting, in return for payment from Advertisers.
  5. Commission Factory, Advertisers, Affiliates and society at large have an interest in preventing fraud, misuse of services, or money laundering.

What is our arrangement with Affiliates and Advertisers on our network?

Commission Factory's affiliate marketing network connects Advertisers and Affiliates, so that they can work together to run affiliate marketing campaigns.

In running the campaign each party plays their part in pursuing the common purposes and each party can make certain decisions about the way data is used.

Commission Factory contractually requires that its whole network is compliant with data protection law and that they each fulfil their obligations to respond to requests to exercise data subject rights. You can approach each party, if you intend to exercise your rights in respect of the data which that party controls.

Commission Factory works with these Advertisers. For guidance on how to make a request to an Affiliate or an Advertiser, please check their respective privacy notices. For more information of how to make a request to Commission Factory, "What rights do you have in respect of user data" below.

For how long do we keep end user data?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

As a general rule, Commission Factory retains tracking data for 5 years after collection.

What rights do you have in respect of user data?

We will honour your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. If you wish to make a request in respect of your user data, as described in this section of the Privacy Policy, please contact privacy@commissionfactory.com you may:

  1. request access to your information and information related to our use and processing of your information;
  2. request the correction or deletion of your information;
  3. request that we restrict our use of your information;
  4. request a machine-readable copy of your information or that your information be transferred to other IT systems;
  5. object to the processing of your information for certain; and
  6. withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information.

Please note that, as described under "What data do we collect from users?", Commission Factory mostly holds what is known as "pseudonymous" data in respect of users. Pseudonymisation means that we may not be in a position to identify the individual behind the data we hold and that we therefore cannot provide them with access, rectification, erasure or data portability without the provision of additional information (for example your IP address, or Device ID).

How do we use data to administer our business?

We process personal information for the legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.

Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.

With whom do we share your information?

Group members, personnel, service providers: We keep your information confidential, but disclose it to our group members, our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the information and have agreed to safeguard it. Activities that are carried out by third party service providers include: website hosting, website analytics, customer relationship management, email marketing, and IT support.

Third parties: We may disclose your personal information to third parties and service providers located overseas in connection with any purpose, including to overseas cloud computing hosts. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We are not responsible for the privacy or security practices of any third party, including third parties that we are permitted to disclose an individual's personal information to in accordance with this Privacy Policy or any applicable laws. The collection and use of an individual's information by such third parties may be subject to separate privacy and security policies.

Merger or acquisition: If we are involved in a merger, acquisition or sale of all or a portion of our assets.

Required by law: In addition, we disclose your information to the extent that we are required to do so by law (e.g. to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

Enforcement: We disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Commission Factory, our customers or others.

How do we keep your data safe?

We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.

Please be aware that, although we endeavour to provide security for information we process and maintain, no security system can prevent all potential security breaches.

How do we apply external laws?

If you are:

  1. a resident of the European Union accessing our online platforms or receiving our services in Australia; or
  2. accessing our online platforms or receiving our services from within the European Union,

then in addition to our obligations under the privacy laws, we are required to comply with the General Data Protection Regulation (EU) 2016.679 ("GDPR") with respect to your Personal Information.

If you are a resident of California USA, the California Consumer Privacy Act provides California consumers with the right to obtain information about the personal information that we collect, use, and disclose. You can exercise your by contacting us. If you choose to exercise your privacy rights, you have the right to not to receive discriminatory treatment or a lesser degree of service.

We take the security and privacy of your personal information seriously and have prepared this Privacy Policy and taken measures to collect, process and hold all personal information in compliance with United States privacy laws and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.

What happens when we make changes to this Privacy Policy?

This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here.

Artificial Intelligence (AI) Interaction

We employ Artificial Intelligence (AI) technologies to enhance the efficiency and responsiveness of our services, including but not limited to customer support functionalities. This section outlines how we collect, use, share, and protect information in the context of your interactions with our AI systems.

  • Data Collection through AI Interactions

    1. When you interact with our AI-driven services, we may collect personal information that you voluntarily provide, such as your name, email address, and the content of your inquiries.
    2. Our AI systems may also gather data regarding your usage patterns, preferences, and feedback to improve our services.

  • Use of Information

    1. The information collected through AI interactions is used to provide personalized responses, improve the accuracy and efficiency of our AI systems, and enhance the overall user experience.
    2. Aggregated and anonymised data from AI interactions may be used for analytical purposes to identify trends, usage patterns, and to inform new features or services.

  • Information Sharing

    1. Information collected through AI interactions is not shared with third parties without your explicit consent, except as necessary to provide the services requested or when required by law.
    2. We may share anonymised or aggregated data that cannot be used to identify you with partners or for research purposes, adhering to applicable laws and regulations.

  • Data Protection

    1. We implement robust security measures to protect the data collected through AI interactions against unauthorised access, alteration, disclosure, or destruction.
    2. Your personal information is only retained for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

  • User Rights and Choices

    1. You have the right to access, correct, or delete your personal information collected through AI interactions. You may also object to or restrict the processing of your data.
    2. If you wish to exercise these rights or have concerns about your data's privacy and security, please contact us at privacy@commissionfactory.com.

  • Changes to the AI Interaction Clause

    1. We reserves the right to update or modify this AI Interaction Clause at any time. We will notify you of any significant changes through our website or through direct communication.

By using our AI-driven services, you acknowledge and agree to the terms outlined in this AI Interaction Clause. We are committed to ensuring the privacy and security of your data and enhancing your experience with our innovative AI technologies.

go to top