Drip Invest | Australian Privacy Policy (Version 2022)
1.        About us

1.1.      BetterLabs Pty Ltd ABN 26 620 505 615, Trading as Drip Invest is an authorised representative of Cache Investment Management Ltd ACN 624 306 430, AFSL 514 360, Authorised Representative number 001302032, (Drip Invest or we or us).

1.2.      Drip Invest provides an educational investing app for parents who want to upskill and engage their teenagers (under 18 years old) in investment decisions.

2.        About this policy

2.1.      Drip Invest respects your privacy and wants you to understand how we collect, hold, use, and share your personal information.

2.2.      The Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles, Privacy Regulation 2013 (Regulations) and registered privacy codes govern the way in which we must manage your personal information (Privacy Laws). 

2.3.      This Privacy Policy (Privacy Policy) covers our data collection practices and describes your rights to access, correct, or restrict our use of your personal information as defined in the Privacy Act (Data).

2.4.      This Privacy Policy applies when you visit or use our website, mobile applications, APIs or when we are providing relevant services to you via the Drip Invest application including any personalised offers suggested to you (the Services). Drip Invest may also tell you about products or promotions from our connected network of product providers.

2.5.     We are committed to safeguarding the privacy ofour website visitors and service users.

2.6.      By using our Services, you agree to the terms of this Privacy Policy. You should not use our Services if you do not agree with this Privacy Policy or any other agreement that governs your use of the Services. 

3.        Collection of personal information

3.1.     The Privacy Act defines personal information as any information or opinion about an individual that can be identified from that information. As part of providing any of our Services we may collect, hold, process, and share your personal information which can include: 

(a) Identification Information - This includes your name, address, contact details, and date of birth, your identity documents needed to identify you to provide the Services to you and protect you against fraud and unlawful activity.

(b) Financial information - This includes your occupation and financial information that may include your personal finances, bank account, credit card details, transaction information, financial solvency, and other financial related information for us to provide the Services to you and to give you access to the products and services provided by our platform partners.

(c) Sensitive Information - We will not collect and use any of your sensitive personal information unless it is necessary for us to provide our Services to you and with your prior consent or where a permitted general situation exists. Sensitive personal information includes information relating to your health, sexual orientation, biometric data, criminal history, racial or ethnic origin as well as membership of any trade or professional associations.

4. How we collect personal information

4.1. We collect your personal information in several ways, such as:

(a) Directly From you – Most information will be collected from you personally; we can take this: If you call or email us. When we provide our Services to you. If you provide us with feedback or make a complaint. If we provide you with our Services. If you apply for an account with us. When CCTV footage is recorded at our offices or premises. Your information that is in the public domain. If you subscribe to our newsletters and marketing lists. Other information that may be collected include details provided on a resume sent to us relating to an employment opportunity.

(b) Electronically – We collect your personal information via our electronic records created when you use our website, tablet, or mobile applications. For example, information about your location or activity including the date of and time of visits, which pages you viewed, how you as the user navigate through the website and interact with the webpages (including fields completed in form and applications), IP address, telephone number, information about the device used to visit our website and whether you've accessed third party sites.

(c) Information from other platforms – We may also collect information about you that is available from a social media or other platform providers where you use your social media account to register for Drip Invest (for example, if you register for Drip Invest via your Facebook account) or if your social media account is linked to the email address you use to access our Services.(d) Third-party services providers – We may also receive your personal information from third parties that we deal with on your behalf and from our service providers. We may also receive your personal information from another party by any other means. If we do, we will apply the Privacy Laws in deciding whether it is lawful to keep the information received.

(e) Employment – In addition, if you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history, and relevant records checks) from any recruitment consultant, your previous employers, and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract.

(f) Exemptions – The Privacy Act contains certain exemptions in relation to certain acts undertaken in relation to employee records and related bodies corporate. Where appropriate, we may make use of relevant exemptions in the Privacy Act. Any information we receive that we are not lawfully required to hold will be deleted or destroyed.(g) Consent – Acceptance of any of our Services via an application in writing, orally or electronic means will be deemed as giving consent to the disclosures detailed herein.

(g) Consent – Acceptance of any of our Services via an application in writing, orally or electronic means will be deemed as giving consent to the disclosures detailed herein.

5.        How we hold personal information

5.1. We will keep your personal information securely and much of the information we hold about you will be stored electronically in cloud-based, or other types of networked or electronic storage centres that comply with Australian Privacy Laws whether the data is kept within Australia or overseas. Some information that we hold about you may be stored in physical form. The security of your personal information is important to us.

5.2.     We will take appropriate technical and organisational precautions to secure your personal information and to prevent the loss, misuse, unauthorised access, disclosure, or alteration of your personal information.

5.3.     Much of the information we hold about you will be stored electronically. We store some of your information in secure data centres that are located in Australia. We also store information in data centres of our contracted service providers (including cloud storage providers), and some of these data centres may be located outside of Australia. 

5.4. We use a range of physical, electronic, and other security measures to protect the security, confidentiality, and integrity of the personal information we hold both in Australia and overseas. For example:

(a) access to our information systems is controlled through identity and access management controls;

(b) employees and our contracted service providers are bound by internal information security policies and are required to keep the information secure;

(c) all employees are required to complete training about privacy and information security; and

(d) we regularly monitor and review our security measures and compliance with internal policies and industry best practices.

5.5. You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet and you do so at your own risk. Also, our website may have links to external websites, and we take no responsibility for the privacy practices or the content of those other sites.

6.        Use and disclosure of information

6.1.      We will use or disclose personal information held about you as permitted by law and for the business purposes for which it is collected (e.g. provision of our Services, including administration of our Services, notifications about changes to our Services, record-keeping purposes, technical maintenance, obtaining or maintaining insurance coverage, managing risks or obtaining professional advice) - that is, to carry on our business activities and provide our Services to you. 

6.2.      We may use your personal information to comply with legislative or regulatory requirements in any jurisdiction, for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure, to prevent fraud, crime or other activity that may cause harm in relation to our Services and help us run our business and maintain integrity. 

6.3.      We may also use your personal information to tell you about our Services we think may interest you or for a purpose related to the primary purpose of collection or where you would expect that we would use the information in such a way, subject to legal restrictions on using your personal information for marketing purposes. 

7.        Our services to you 
Collecting your personal information will assist us in providing our Services to you and this includes but is not limited to:  

(a)        information needed with respect of opening an account with us including your bank account details, debit or credit card numbers when linking accounts with the Drip Invest platform, financial information.

(b)        managing our Services to you which also includes processing payments, share trades, receipts, and invoices;

(c)        establishing your identity to ensure that we are dealing with you;

(d)        responding to enquiries relating to your application, accounts and other Services provided to you;

(e)        detecting and preventing fraud and other risks to you and other individuals;

(f)         understanding your needs, developing, and offering ourServices to you as well as researching and developing new services;

(g)        payment system operators (e.g., transferring payments received and sent by you);

(h)        obtaining products and service from suppliers;

(i)         our existing business partners;

(j)         providing you with direct marketing relating to products that you may be interested in;

(k)        ensuring workplace health and safety of our employees;

(l)         dealing with any complaints made by you;

(m)      specific third parties authorised by you to receive information held by us;

(n)        complying with our legal and regulatory compliance requirements; 

(o)        or enforcing our rights, making legal enquiries, or taking legal action.

8.        Disclosing your personal information to others

8.1.     We may disclose your personal information to other companies we deal with to provide you with our services (this means our subsidiaries, licensee, or third-party companies)insofar as reasonably necessary for the purposes, and on the legal bases allowed under the Privacy Laws and as set out in this Privacy Policy.

8.2.     We may disclose your personal information to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

8.3.     We may disclose your personal information to our suppliers or subcontractors in so far as reasonably necessary to provide the relevant Services to you or providers for the operation of our websites, data analytics and/or our business.

8.4.     In addition to the specific disclosures of personal information set out in this section, we may disclose your personal information where such disclosure is necessary for compliance with a legal or regulatory obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person. 

8.5.     We may also disclose your personal information when you have obtained your consent. 
We may disclose your information to product providers banks in connection with a processing a share trade (for example, when you receive funds into your DripInvest account to complete a share trade or receive direct marketing from us or our product providers).

9.        Third party websites

9.1.     Our website and the DripInvest app may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained.

9.2.     Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites.

9.3.     The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites. 

10.       Do we transfer your information overseas?

10.1.     Sometimes our suppliers, contractors or agents are based overseas, or otherwise have data storage facilities overseas where your personal information will be stored. We may transfer information about you between countries if required for a relevant purpose described above.  We may disclose your personal information to overseas recipients to provide our services and for administrative, data storage, product analysis or improvement purposes or other business management purposes.

10.2.     The regions to which this information may be disclosed include the United States, Europe, Japan, and Singapore.

10.3.     The locations where we handle, store, and process your data may change as our business needs change and we appoint other service providers from time to time.
Prior to disclosing your personal information to an overseas recipient, unless a permitted general situation applies, we will take all reasonable steps to ensure that:

(a)       the overseas recipient does not breach the Privacy Laws;

(b)       the overseas recipient is subject to a law, or binding scheme, which has the effect of protecting the information in a way that, overall, is at least substantially similar to the way the Privacy Laws; or 

(c)        you have consented to us making the disclosure. 

11.        Direct marketing

11.1.     We may use your personal information for direct marketing. This means we may send information to you that relates to promotions from Drip Invest or other third-party companies. We may offer you products and services by various means, including by mail, telephone, email, SMS, or other electronic means, such as through social media or targeted advertising. 

11.2.     You have the right to object to our processing of your personal information for direct marketing purposes. If you make such an objection, we will cease to process your personal information for this purpose. 

11.3.     If you do not wishy our personal information to be used or disclosed for the promotional purposes described above, please contact us via the Drip Invest application, or our website to express your wish to opt out or click the “opt out” at the bottom of any electronic communication from us.  

11.4.     Alternatively, you may reply “Stop” to electronic communications received by us.

11.5.      We will not sell your personal information to other companies or organisations.

12.        Wish to stay anonymous? 

12.1.     You can withhold your personal information whenspeaking with us if you are making a general enquiry. However, if you wish forus to provide you with our Services, we will need to identify you.

13.        Retaining and deleting personal information

13.1.      We will retain your personal information for as long as legally required and when we no longer are legally required or have a legitimate purpose to retain it, we will either delete, destroy, desensitize, or anonymize it.

13.2.      We may retain your personal information where such retention is necessary for compliance with a legal or regulatory obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.

13.3.      We may also de-identify your personal information which we have collected for the purposes described in this Privacy Policy. As a result, this Privacy Policy and Privacy Laws will not apply to our use of de-identified information. However, we will continue to safeguard this de-identified information.

14.        Your privacy law rights

14.1.      In this section, we have summarised the rights that you have under the Privacy Laws. Some of the rights are complex, and not all the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

14.2.      The summary of your principal rights under Privacy Laws are:

(a)        to request, at any time, for us to inform you of the personal information we hold about you;

(b)        the right to access your personal information and we will respond to you within 30 days of making a request;

(c)        the right to correct your personal information;

(d)        the right to erasure (where we have no legitimate right or business requirements to retain your personal information);

(e)        the right to restrict or object to processing (where we have no legitimate right or business requirements to process your personal information)

(f)         the right to complain to a supervisory authority; and

(g)        the right to withdraw your consent (where we have no legitimate right or business requirements to retain or process your personal information).

14.3.      We may refuse to give you access to personal information we hold about you if we reasonably believe that giving access would pose a serious threat to the life, health or safety of an individual, or to the public health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on the privacy of other individuals, if there are legal proceedings, or if we consider the request to be frivolous or vexatious.

14.4.      If we refuse to give you access to or to correct your personal information, we will give you a notice explaining our reasons except where it would be unreasonable to do so. 

15.        About cookies & pop-up

15.1.      For information about how we use cookies and pop-ups, please refer to our Cookies Policy.

16.        Notifiable data breaches

16.1.      From February 2018, the Privacy Act includes anew Notifiable Data Breaches scheme (NDB) which requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change). The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals.

16.2.      There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals. If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as possible and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy. If you believe that any personal information, we hold about you has been impacted by a data breach, you can contact us using the contact details below

17.        Complaints handling

1.1.     Contact us
You may exercise any of your rights in relation to your personal information by contacting us. If you have a question or complaint about how your personal information is being handled by Drip Invest, our affiliates or contracted service providers, please contact us at: 

Attention:           Privacy Officer
Phone:               0450 292 709  
Post:                   Level 6 191 StGeorges Tce, Perth, WA 6000

We will try to have your complaint resolved within 5 businessdays, but it may take longer depending on the complaint. If this is the case,we will aim to resolve your complaint within 30 days. All complaints will behandled in accordance with our Internal Dispute Resolution Policy. 

1.2.     The Office of the Australian Information Commissioner
Under the Privacy Laws you may also complain to the Office of the Australian Information Commissioner (OAIC) about the way we handle your personal information. Please note the OAIC requires that any complaint be first made to the respondent organisation.

The law also allows 30 days for the respondent organisation to deal with the complaint before a person may make a complaint to the OAIC.

The Commissioner can be contacted at:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
Phone:                1300363 992

18.      Amendments

18.1.      We reserve the right to change this Privacy Policy, at any time and when we do, we will post the current version on our website. Please check our website for the current version of this Privacy Policy.

18.2.      The revised Privacy Policy shall apply from the date of publication of the revised Privacy Policy on our Drip Invest website, and you hereby waive any right you may otherwise have to be notified of, or to consent to, revisions of the Privacy Policy.

18.3.      Any subsequent access to, or use by you, of the Drip Invest website or any of our services will constitute acceptance of any varied or modified Privacy Policy.

18.4.      We will not file a copy of the Privacy Policy specifically in relation to each user or customer and, if we update the Privacy Policy, the version to which you originally agreed will no longer be available on our website. We recommend that you consider saving a copy of the Privacy Policy for future reference.

18.5.      This Privacy Policy is Version 1.0 dated 11th October 2023.