Privacy Policy

2.1 What is “personal information”?

“Personal information” means any information or opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable. In general terms, this includes information or an opinion that personally identifies you either directly (e.g. your name) or indirectly.

Where the GDPR applies, “personal information” will also include “personal data” as defined in GDPR.

2.2 What types of personal information do we collect?

Given the nature of services we provide, we collect different types of information about you depending on the nature of our relationship with you, and what you choose to share with us. We try to minimise the collection of information to only what is reasonably necessary for us to perform one or more of our functions or activities.

We may collect the following personal information from you:

• your name and contact details, such as your physical/mailing address, work address, social media handles, email address and phone number;
• your company name (if applicable) and your job title;
• the products purchased and any delivery instructions (if applicable); and
• your payment information (such as your bank account details and payment card information) and instructions to process payment.

We may also collect, monitor and use certain information about your usage of our website https://www.shippit.com/, shippit.com, our app app.shippit.com and the Shippit platform (Website), including:

• the type of device you use;
• your device’s unique ID;
• the IP address of your device;
• the pages of our Website that you visit, the time and date of your visit, the time spent on those pages; and
• any other diagnostic data related to your device.

For completeness, we note that we do not collect any sensitive information (e.g. health-related or biometric information) or credit-related information. All credit-related information is collected and stored directly by the relevant third party payment providers e.g. PayPal.

3.1 Direct collection

We may collect personal information directly from you:

• when you interact with us online via our Website or social media pages or use any of our services, either as a prospective customer, a merchant or a recipient of a parcel, or as an applicant for an employment opportunity;
• when you interact with us at an event including an industry event, either in person or virtually;
• when you interact with us through verbal and written communication;
• when you download content from our Website;
• through an integration of an online shopping cart; or
• through a direct API connection.

3.2 Indirect collection

We may also collect personal information indirectly through third parties where you would reasonably expect us to do so. For example, we may collect personal information:

• belonging to parcel recipients from merchants. In this case, we will take reasonable steps to ensure that merchants are bound by our terms and conditions. These terms and conditions require each merchant to comply with their obligations under all applicable privacy laws (including, but not limited to the Privacy Act) in relation to the collection and transmission of a consumer’s personal information;
• through joint marketing activities or events or sponsored marketing events;
• using publicly available sources, such as from an information services provider or a publicly maintained record;  
• via tracking and telemetry information; and
• applicant tracking systems and online recruitment software. 

If you wish to understand what personal information we have collected about you from other sources, please contact our Privacy / Data Protection Officer (see section 13 of this Policy).

3.3 Unsolicited information

From time to time, we may receive personal information that is additional to information that we have solicited or information that we have not taken active steps to collect. This is known as ‘unsolicited personal information’ and can include:

• misdirected correspondence received by us;
• information about another individual shared with us in the course of providing our services;
• promotional material containing personal information sent to us by an individual promoting the individual’s business or services; or
• court documents for proceedings to which we are a party or may have an interest.

If we receive unsolicited personal information and we decide that we are not permitted to collect it in accordance with the APPs, we will take reasonable steps to destroy or de-identify the information as soon as practicable, unless it is unlawful or unreasonable to do so.

By creating an account on our Website, submitting forms on our Website or the merchant’s website or continuing to use Shippit’s services, you consent for us to obtain, store, process and handle your information (including personal information), in accordance with this Policy and all applicable privacy laws. You have the right to withdraw your consent at any time by contacting our Privacy / Data Protection Officer (see section 13 of this Policy).

We collect, use, hold and disclose your personal information for a purpose related to the provision of conducting delivery, logistics and transportation services and/or where we have obtained your consent. In particular, we may use your personal information to:

• verify your identity;
• enable you to access and use Shippit’s services and our Website, including order fulfilment, delivery of goods to parcel recipients and the processing of refunds;
• communicate with you with regards to the use of Shippit’s services;
• conduct fraud checks;
• maintain internal records for administrative purposes;
• distribute administrative notices;
• conducting marketing activities e.g. promoting new service offerings or inviting you to events;
• develop, operate and improve our service and organisational processes;
• process and respond to any complaint or general enquiry made by you;
• troubleshoot any issues with the provision of services and improve them;
• collect your feedback or suggestions, including about our services, our Website or organisational processes;
• enabling our other activities and functions; and
• any other reason as required by law or regulatory body.

We may collect certain information from you in relation to your Website visits and online activity. This may in some circumstances constitute ‘profiling’ under the GDPR. Furthermore, Shippit may undertake ‘profiling’ to personalise your Website experience, our communications with you and improve our service offerings to you. For further information, please refer to Sections 9 and 11 of this Policy.

We will only use personal information for a purpose other than for which it was collected or a related purpose if you have consented to such different use or where we may otherwise be reasonably expected to do so. To the extent we will use your personal information for a purpose other than for which it was collected, we will contact you to provide further information.

5.1 Direct marketing

From time to time, we may send you direct marketing communications, opportunities, or new product offerings that we consider may be of interest to you if:

• you have expressly requested or consented to receive such communications; or
• we are otherwise permitted to do so under law.

We may send you messages or advertisements about these communications via your email, our Website, SMS, phone or mail, in compliance with applicable marketing laws (including the Spam Act 2003 (Cth)).

You can choose to not receive these communications from us at any time and you may opt out by following the opt-out instructions that can be found in any of these communications.

If you choose to opt out, please note that you will still receive communications from us which are necessary for facilitating your use of Shippit’s services or Website.

6.1 Who do we disclose your personal information to?

We disclose your personal information for the purpose that we collect it for. That is, generally, we will only disclose your personal information for a purpose related to the provision of conducting delivery, logistics and transportation services. Accordingly, we may disclose your personal information to:

• sub-contracted couriers engaged by us to perform those services;
• our employees, contractors, consultants, and/or related bodies corporate;
• other third-party service providers to assist with providing our services (e.g. Salesforce, Amazon Web Services, and other IT service providers, (e.g. data warehouse / storage, web-hosting and server providers), maintenance or problem-solving providers, professional advisors and payment systems operators);
• third parties to collect and process data, such as Google Analytics (which may include parties located, or that store data, outside of Australia); and
• third parties that we engage to undertake the recruitment of an employment opportunity with us (e.g. video interviewing software)

We will not sell your personal information to other people, and always aim to use your information to provide you with a suitable service. We have strict access management processes in place to ensure information is only shared on a ‘need-to-know’ basis.

To the extent we disclose your personal information to third parties, we will use reasonable commercial efforts to ensure that these third parties only use your personal data as reasonably required, and to protect your personal information in a manner that is consistent with applicable privacy laws.

We generally do not disclose personal information in circumstances other than as outlined above. However, we may disclose personal information with your consent, or if it is required or authorised by law (including in emergency situations relating to the life, health, or safety of any individual or to assist law enforcement), or if we have reason to believe that unlawful activity or misconduct of a serious nature is being engaged in and we should disclose your information in relation to the matter.

6.2 Transfer of personal information outside the country in which it was collected

We endeavour to retain your information and personal information on servers located in your country. However, there may be certain circumstances where we need to disclose or transfer your personal information to overseas based employees, third parties and service providers that are located outside the country in which you live. This includes our service providers that are located overseas (including the Philippines, Indonesia, India, Malaysia, Singapore and the United States).

To the extent that your personal information is disclosed to third parties that are located overseas, we will take reasonable steps to ensure that the third party does not breach the privacy obligations relating to your personal information (e.g. by entering into an enforceable contractual arrangement with the overseas recipient that requires the recipient to handle the personal information in accordance with those privacy laws).

For further information on international transfers and how we safeguard your personal information, please contact our Privacy and Data Protection Officer at privacy@shippit.com.

6.3 How do we hold your personal information

We may hold your personal information in either electronic or hard copy form. If you provide your personal information to us electronically via our Website, we retain this personal information in our computer systems and databases. This includes computer software programs, internet servers and hosted internet solutions provided by third parties.

We take the security of personal information seriously and are committed to implementing and maintaining best practice security practices. All reasonable steps are taken to ensure the security of personal information to protect it against loss, unauthorised access, use, modification or disclosure, and against other misuse. Our technical and organisational security measures include:

• restricting user permissions and reducing access to data and systems containing personal information;
• restricting access to personal information on ‘need to know’ basis i.e. only personnel who need that information to effectively provide services will gain access;
• implementing SSL encryption for any personal information sent via Shippit’s internet booking facility and/or our Website;
• using secure work environments;
• ensuring security of premises accessible only by authorised staff; and
• periodically reviewing and improving security measures.

We also take measures in respect of destroying or de-identifying personal information that is no longer needed for any lawful purpose. We reserve the right to transfer or sell de-identified personal information and data to third parties. We cannot guarantee the security of any personal information that is transmitted to or by us over the internet, and we note that the transmission and exchange of personal information is carried out at your own risk. But we do take measures to safeguard against unauthorised disclosures of personal information that is within our control.

You have legal rights in relation to your personal information, including the right to withdraw your consent for us to hold, use or disclose your personal information at any time. Please be aware that some of your rights are subject to exemptions and may not always apply.

8.1 Accessing your personal information

If at any time you would like to access the personal information that we hold about you, please contact our Privacy / Data Protection Officer (see section 13 of this Policy). We will provide this access to you once we have verified your identity. We will also take steps reasonable in the circumstance to provide you with access in a manner that meets your needs as well as ours. Please allow at least 30 days for processing of a request. For the provision of access, we may charge you a reasonable administration fee, which reflects and will not exceed the cost to us for providing access in accordance with your request. If we refuse your request, we will provide you with written reasons for the refusal and details of complaint mechanisms.  

8.2 Correcting and updating your personal information

To the extent you believe the personal information we hold about you is incorrect, incomplete or inaccurate, then you can ask us to amend it by contacting our Privacy / Data Protection Officer (see section 13 of this Policy). Requests will be responded to within a reasonable period of time after verifying your identity unless it is unreasonable or impracticable to do so. Please allow at least 30 days for processing of a request. Where an update to your personal information is made, you may also request us to take reasonable steps to distribute the corrected information to other recipients who had access to the initial data.

All reasonable steps to comply with a correction request will be made, unless it is inappropriate to make the changes you request or there is a need to keep information for legal, auditing or internal risk management reasons. In that case, we will contact you to explain why.

8.3 Additional GDPR rights

To the extent that the GDPR applies to the collection of your personal information, you have (in some circumstances) the right to request:

• the deletion of your personal information. We may need to retain some of your personal information in certain circumstances (for example, we may retain some of your details in our “Do Not Contact” section of our CRM to ensure that we do not contact you again);
• that further processing of your personal information is restricted in certain circumstances or to object to its processing; and
• have your personal information transferred to you or a third party in a portable format.

If we refuse any of these requests, we will provide you with written reasons for the refusal and details of complaint mechanisms.

Our Website uses “cookies”. A cookie is a small file of letters and numbers a website puts on your device if you allow it. These cookies recognise when your device has visited our Website before, so we can distinguish you from other users of our Website. This improves your experience and our Website.

If you do not wish to use the cookies, you can amend the settings on your internet browser so it will not automatically download cookies. However, if you remove or block cookies on your computer, please be aware that your browsing experience and our Website’s functionality may be affected.

‍

We use social networking services such as Instagram, Facebook (Meta), X, Youtube and LinkedIn to communicate with the public about our services. When you communicate with us using these social networking services, we may collect your personal information, but we only use it to help us to communicate with you.

The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies – you can access the privacy policies for these companies on their websites.

Our website uses analytics platforms, tools, and first-party tracking, to help us better understand visitor traffic so we can improve our services. Although this data is mostly anonymous and will not identify an individual, it is possible that we may connect it to you in some circumstances.

Our Website may contain links and banners to websites operated by third parties. If you access a third-party website through our Website, personal information may be collected by that third party website. We make no representations or warranties in relation to the privacy practices of any third party provider or website and we are not responsible for the privacy policies or the content of any third party provider or website. Third party providers / websites are responsible for informing you about their own privacy practices and we encourage you to read their privacy policies.

If you have any questions, comments, or complaints about our collecting, storing, or handling of personal information, or if you believe that we have not complied with this Policy, please contact our Privacy / Data Protection Officer at privacy@shippit.com.

In the case of lodging a complaint, you will be asked to provide proof of your identity and full details of your request in writing before we can process your complaint. Please allow up to 30 days for us to respond to your complaint.

At all times, privacy complaints:

• will be treated seriously;
• will be dealt with promptly;
• will be dealt with in a confidential manner; and
• will not affect your existing obligations or affect the commercial arrangements between you and Shippit.

To the extent we are unable to satisfactorily resolve your complaint, you have the right to contact the relevant local data protection authority to lodge a complaint. In Australia, the local authority is the Office of the Australian Information Commissioner (at www.oaic.gov.au/).

We regularly review our practices and procedures in relation to the handling of personal information. As a result, we reserve the right to periodically change or update this Policy from time to time.  Updated versions of this Policy will be posted on our Website. Please ensure that you review our Website regularly to be advised of updates.

If at any point we decide to use personal information in a manner materially different from that stated at the time it was collected, we will notify individuals by email or via a prominent notice on our Website, and where necessary we will seek the prior consent of individuals.