Privacy Policy
What does Thaces do?
Thaces is a mini-site builder to share your favourite everything; music, podcasts, products, services, tools, politicians, youtubers, and anything else. We connect your audiences with the different things you recommend, and make it easy for your community to discover and for you to manage.
Our Website (located at https://thaces.com/) provides information about us and allows individuals and businesses to sign-up as Thaces Users (to create a personalised, easily-customisable profile), as Subscribers (to subscribe to and follow Thaces Users). The pages that Thaces Users are able to create using the Thaces Services are referred to in this Privacy Notice as “User Profiles“. User Profiles are accessible by the public.
We are headquartered in Sydney, Australia.
How does this Privacy Notice apply to me?
This Privacy Notice only applies to personal information we collect as a controller from:
- visitors to our Platform (“Platform Visitors“);
- individuals, representatives of individuals, or companies that sign up to use our Thaces Services via a paid plan (“Paid Plan Users“) or free plan (“Free Plan Users“), together our “Thaces Users“;
- individuals that sign up to subscribe to and/or follow User Profiles (“Subscribers“);
- individuals that visit and interact with User Profiles (“Profile Visitors“); and
individuals who respond to our surveys, marketing materials or participate in trade promotions or competitions that we may run from time to time.
This Privacy Notice, applies to the processing of personal information by Thaces as a controller. When we talk about Thaces acting as a “controller”, we mean that Thaces determines the purpose and the means of the processing (i.e. we make decisions about how we will handle your personal information). Because of the nature of our services, we can also act as a “processor” on behalf of Thaces Users. This means that, when we are instructed by a Thaces User, we can facilitate processing of Profile Visitors’ and Subscribers’ personal information on behalf of that Thaces User (“Processor Services“). This Privacy Notice does not address Processor Services. If you are a Profile Visitor or Subscriber, and want to know how a Thaces User handles your personal information, please get in touch with the Thaces User directly and/or refer to any privacy notice on the relevant User Profile.
If you provide us with information about another person (if, for example, you are a representative of an individual), you must provide them with a copy of this Privacy Notice and let that other person know that we use their personal information in the ways set out in this Privacy Notice.
What personal information do we collect?
The personal information that we may collect about you broadly falls into the following categories:
Information you provide voluntarily
When you sign up to become a Thaces User, a Subscriber, use or interact with our Thaces Services or staff, visit our Platform, visit a User Profile, respond to a survey or participate in a trade promotion we may ask you to provide personal information voluntarily. For example, if you are a Free Plan User we will ask you to provide your email address, name, username, hashed password, vertical (industry to which your account relates) and marketing preferences. If you are a Paid Plan User we will also ask for your full name, billing email address, billing address and payment method in order to facilitate billing. If you are a Subscriber, we will ask you to provide your email address or SMS number. To opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails or SMS we may send you. You may also provide us with your personal data when you submit queries or make a report to us (such as an Intellectual Property Report or Counter Notice). For example, we may ask you to provide your name and email address so that we can respond to your queries. If you are making an Intellectual Property Report or Counter Notice, we ask you to provide your name, address, email address, phone number and details regarding the intellectual property rights concerned. If you are a Profile Visitor, a User might request that you provide your email address, mobile number, date of birth or age, or other personal information in order to access elements of a User Profile (such as locked content). We may use the results of such access (i.e. successful or unsuccessful access attempts) to produce aggregated statistics for our own internal purposes and to improve the Thaces Services.You may also provide personal information voluntarily if you respond to our surveys, marketing materials, or through your participation in trade promotions and competitions we may run from time to time.
Information that we collect automatically
When you visit our Platform, use our Thaces Services, interact with a User Profile, respond to a survey or participate in a trade promotion we collect certain information automatically from your device. In some countries, including countries in the European Economic Area and UK, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location), time zone, usage data, diagnostic data and other technical information. We may also collect information about how your device has interacted with our Platform, Thaces Service or User Profiles, including the pages accessed and links clicked. Collecting this information enables us to better understand you, where you come from, and what content is of interest to you. We use this information for our internal analytics purposes, to improve the quality and relevance of our Platform and Thaces Services, to provide hints and tips to our Thaces Users and to make recommendations of Thaces Profiles you might be interested in viewing. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “How do we use cookies and similar tracking technology” below. Further, we may undertake automatic scanning of User Profiles and links to determine whether mandatory or default sensitive content warnings should be applied and presented to Profile Visitors who wish to access the relevant User Profile or linked content, and to determine if any content should be removed or any User Profiles should be suspended in line with our Community Standards and/or Terms of Service. Where a User changes their User Profile, we will also notify relevant Subscribers to that User Profile that updates have been made.
Information that we obtain from third party sources
From time to time, we may receive personal information about you from third party sources (including from service providers that help us run marketing campaigns or competitions and our partners who help us provide our Thaces Services). In all cases, we will only receive such data where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
Children’s data
Our services are not intended for use by children under the age of 18 (the “Age Limit”). If you are under the Age Limit, please do not use the Thaces Services and do not provide us with your personal information. If you are a parent or guardian and you are aware that an individual (of whom you are a parent or guardian) under the Age Limit has provided us with personal information, please contact us. We will, upon notice or discovery, take all reasonable efforts to erase or destroy any personal information that may have been collected or stored by us about that individual.
Recruitment
If you applied for a role at Thaces, then the personal information collected will only be collected, used and accessed for recruitment purposes only. The data will be retained for a maximum of two years and will then be anonymised for statistical purposes.
Why do we collect your personal information?
In general, we will use the information we collect for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. These include:
- To provide and deliver the Thaces Services and to assess, maintain and improve the performance and functionality of the Thaces Services.
- To ensure the Thaces Services are relevant to you and your device, to notify you about changes to the Thaces Services, and to deliver targeted and/or localised content based on your user data, location and preferences.
- For consumer research and to allow you to participate in surveys or interactive features of the Thaces Services when you choose to do so.
- To provide customer support and to process and respond to a request, complaint or Intellectual Property Report or Counter Notice that you may have made.
- To monitor the usage of the Thaces Services and to detect, prevent and address technical issues.
- To process payments for Paid Plan Users.
- To conduct business planning, reporting, and forecasting.
- To deliver promotional materials, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted out of receiving such information.
- For the administration of our business including for fulfilling and exercising our obligations and rights, exercising or defending legal claims, to comply with our legal obligations and law enforcement requests, and managing the relationship with you.
- To verify your identity and to detect fraud and potential fraud, including fraudulent payments and fraudulent use of the Thaces Services.
- To include Thaces User content as part of our advertising and marketing campaigns to promote Thaces.
- To inform our algorithms so we can deliver the most relevant recommendations to you, including of User Profiles that you may be interested in.
Legal basis for processing personal information
Our legal basis for collecting and using personal information described above will depend on the personal information concerned and the specific circumstances in which we collect it.
However, we will normally collect personal information from you only where we have your consent, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). As indicated above, we require certain personal information to enter into a contract with you as a Thaces User. Without your personal information, we will be unable to provide you with Thaces Services available to Thaces Users.
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to develop and improve the Thaces Services, to provide additional functionality, to ensure appropriate security or to implement sensitive content warnings and content moderation. We may have other legitimate interests, and if appropriate, we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at info@thaces.com.
Who may we disclose your personal information to?
We may disclose your personal information to the following categories of recipients:
- to our group companies, third party services providers (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Platform or Thaces Services), or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information.
- We also facilitate third party payment providers and this is set out in more detail below;
to the extent we introduce social media log-ins in the future, we may provide personal data to the relevant social media provider to facilitate such log-in; - to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice; and to any other person with your consent to the disclosure.
In order to facilitate paid products and/or services within the Thaces Service, we use third party payment processors. We will not store or collect your payment card details. That information is provided directly to our third party payment processors whose use of your personal information is governed by their privacy policies and their own terms and conditions. These payment processors adhere to the standards set by payment card industry data security standards (“PCI-DSS”) as managed by the Payment Card Industry Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information. The payment processors we work with are:
Stripe (their privacy policy can be viewed at https://stripe.com/us/privacy);
PayPal (their privacy policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full); and
Square (their privacy policy can be viewed at https://squareup.com/au/en/legal/general/privacy).
Disclosure of personal information to other countries
Your personal information may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, Thaces may transfer personal information to the United States and other countries in which we do business. Thaces may also subcontract certain activities and share your personal information with third parties located outside of Australia (which is where we are headquartered).
The countries in which these organisations are located will vary, but, in the course of our business operations, we generally disclose personal information to organisations located in Australia, or the United States. Such transfers are made in order to provide the Thaces Services and carry out the activities specified in this Privacy Notice.
However, we have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Privacy Notice and applicable data protection laws. These include entering into data transfer agreements between our group companies and these can be provided on request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request. No transfer of your personal information will take place to an organisation or another country unless we believe there to be adequate controls in place including the security of your data and other personal information.
How do we use cookies and similar tracking technology?
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you.
How long do we retain your personal information?
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Notice and in each case in accordance with applicable legal and regulatory requirements in respect of permitted or required retention periods and limitation periods relevant to legal action.
How do we secure your personal information?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition we limit access to your personal information to employees, agents, contractors and other third parties who have a business need for access. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Therefore, we have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
What are your rights in relation to personal information?
You have the following data protection rights:
If you wish to access, correct or update your personal information, you can do so at any time by emailing info@thaces.com.
Depending on the country which you live in and the laws that apply to you, you may also have additional data protection rights. If you are resident in the UK or the European Economic Area, these rights include:
- To request deletion of your personal information. You can do so at any time by emailing info@thaces.com.
- To object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by emailing info@thaces.com.
- To opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by emailing info@thaces.com.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- The right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
- We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Complaints
We take your privacy concerns seriously. If you have a complaint regarding our handling of your personal information or concerning our privacy practices, you may file a complaint with us by emailing info@thaces.com. We will confirm receipt of your complaint and, if we believe necessary, we will open an investigation.
We may need to contact you to request further details of your complaint. If an investigation has been opened following a complaint made by you, then we will contact you with the result as soon as possible. In the unlikely circumstances we are unable to resolve your complaint to your satisfaction, you may contact the local privacy and data protection authorities in your jurisdiction.
Changes to This Privacy Notice
We may update our Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
Contact Us
If you have any questions about this Privacy Notice, our privacy practices or if you would like to make a request about any personal information we may hold about you, including correction of personal information, please contact us by emailing info@thaces.com.
Supplemental Information for California Residents
The following section provides supplemental information to California residents, whose personal information we have collected. This section applies to the personal information we collected from California residents during the 12 months prior to the effective date of this Privacy Notice, depending on interactions with us.
1. Collection and Use of Personal Information
(a) Categories of Personal Information We Have Collected:
- Identifiers such as name, alias, postal address, online identifier (e.g. cookies) and other similar identifiers;
- Personal records such as payment information;
- Characteristics such as age, gender and other demographic data;
- Customer Accounts / Commercial information such as the User Profile, records of products or services purchased, obtained, or considered;
- Online usage information such as Internet and other network activity information, such as, but not limited to, browsing history, search history and information on interactions with the Thaces Services;
- Geolocation data such as country and zip code;
- Sensory information such as recordings of customer service calls; and
- Inferences derived from personal information such as purchase preferences, interests and characteristics.There may be additional information that we collect that meets the definition of personal information under California law but is not reflected in a category, in which case we will treat it as personal information as required under California law, but will not include it when we are required to describe our practices by category of personal information.
(b) Categories of Sources of Personal Information that We Collect:
- Directly from you. For example, when you create an account, make a purchase, browse our Platform, or use the Thaces Services.
- Directly and indirectly from activity on the Platform and/or using the Thaces Services.
- Social networks (to the extent we introduce social media log-ins in the future).
- Service Providers who provide services on our behalf such as those used to fulfill orders, process your payments and requests, verify your information, monitor activity on the Platform and/or using the Thaces
- Services, provide analysis and analytics, maintain databases, administer and monitor emails and marketing, administer and send mobile messages, serve ads on this and other services, and provide consulting services.
2. Categories of Personal Information Disclosed
We may disclose the following categories of personal information to service providers for a business purpose, or, at your direction, with third parties such as sponsors of promotions, sweepstakes, or contests. We have disclosed the following:
- Category of Personal Information Disclosed for a Business Purpose
- Identifiers;
- Personal records;
- Characteristics;
- Customer Accounts / Commercial information;
- Online usage information;
- Geolocation data;
- Sensory information; and
- Inferences derived from personal information.
- Categories of Recipients
- Service Providers
- Group companies
- Governmental authorities and agencies
We do not sell personal information and we do not believe that our sharing of information would qualify as a sale under California law.
For the avoidance of doubt, we also do not sell personal information of individuals under 16 years of age.
3. California Privacy Rights
(a) Right to Know
You have the right to request that we disclose to you the following information about personal information we collect from you:
- categories of personal information collected;
- categories of sources of personal information collected;
- the business or commercial purpose for collecting or selling personal information;
- the categories of third parties with whom we share personal information; and
- the specific pieces of personal information we have collected about you over the past 12 months.
(b) Right to Request Deletion of Personal Information
You have the right to request the deletion of your personal information collected or maintained by us, subject to certain exceptions permitted by law.
(c) Right to Opt-Out of Sale of Personal Information
As mentioned above, we do not sell personal information and we do not believe that our sharing of information would qualify as a sale under California law. Nonetheless, if you are a California resident who has purchased products or services from us, you may submit a request to record your preference to opt out by emailing us at info@thaces.com.
(d) Right to Non-Discrimination
You have the right to not be treated in a discriminatory manner for exercising your privacy rights. We do not use the fact that you have exercised or requested to exercise any privacy rights for any purpose other than facilitating a response to your request.
4. Exercising Your California Privacy Rights
To exercise your rights, you can contact us:
By emailing info@thaces.com
If you want to request any information about how we process, store or use your data or anything relating to personal information and privacy laws, please email as at info@thaces.com.
Once we receive your request, we are required to verify that you are the person that is the subject of the request. This verification process consists of matching identifying information provided by you with the information we have about you in our records. Upon making a request, you will be asked to provide your name, email address, and request details. A confirmation email will be sent to the email address you provide to begin the process to verify your identity. If we cannot verify your identity, we will not be able to respond to your request.
You may designate an authorized agent to exercise any of the above privacy rights on your behalf, subject to the agent request requirements under California law.
Please note, for your safety and security, we will require authorized agents to provide proof of consent and designation of the authorized agent for the purpose of making the request, and will require authorized agents to provide information necessary to verify the identity of the individual who is the subject of the request. We may also require that an individual verify his/her own identity directly with us before we respond to an authorized agent’s request.
We reserve the right to deny requests in certain circumstances, such as where we have a reasonable belief that the request is fraudulent.
5. Do Not Track
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry standard for recognizing or honoring DNT signals, we do not respond to them at this time.
6. California’s Shine the Light law
We do not share personal information with third parties for their direct marketing purposes absent your consent as defined by California Civil Code Section 1798.83 (“Shine the Light law”). To opt-out of future sharing with third parties for their direct marking purposes, contact us at info@thaces.com. Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year.
7. Changes
We reserve the right to change this Supplemental Information for California Residents from time to time. Changes shall become effective on the date they are posted.